diff --git a/salt/kibana/files/saved_objects.ndjson b/salt/kibana/files/saved_objects.ndjson
index 193cac83d..d5267083a 100644
--- a/salt/kibana/files/saved_objects.ndjson
+++ b/salt/kibana/files/saved_objects.ndjson
@@ -1,955 +1,958 @@
-{"attributes":{"fieldFormatMap":"{\"match_body.source_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"match_body.destination_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}}}","fields":"[{\"name\":\"@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"alert_info.slack_username_override\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"alert_info.slack_username_override.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_info.slack_webhook_url\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"alert_info.slack_webhook_url.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_info.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"alert_info.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_sent\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.rule\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.rule.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"endtime\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"exponent\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hits\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.@version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.@version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.signature_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.signature_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body._id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body._id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body._index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body._index.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body._type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body._type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.alert\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.alert.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.category\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.category.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.classification\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.classification.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.connection_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.connection_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.connection_state_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.connection_state_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination_geo.continent_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.country_code2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination_geo.country_code2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.country_code3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination_geo.country_code3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination_geo.country_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination_geo.ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.location.lat\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.location.lon\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination_geo.timezone.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination_ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.duration\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.gid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.history\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.history.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.local_orig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.local_orig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.local_respond\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.local_respond.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.logstash_time\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.missed_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.num_hits\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.num_matches\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.original_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.original_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.original_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.original_ipbytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.original_ipbytes.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.original_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.respond_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.respond_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.respond_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.respond_ipbytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.respond_ipbytes.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.respond_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.rev\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.rev.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.rule\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.rule.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.rule_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.rule_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.sensor_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.sensor_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.service\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.service.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.sid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.source_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.source.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.source_ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.source_ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.source_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-facility.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-host_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-host_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-legacy_msghdr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-legacy_msghdr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-sourceip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-sourceip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-tags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.tags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.total_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.tunnel_parents\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.tunnel_parents.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.uid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"matches\",\"type\":\"number\",\"count\":3,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule_name\",\"type\":\"string\",\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"starttime\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"time_taken\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traceback\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"traceback.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"until\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","notExpandable":true,"timeFieldName":"@timestamp","title":"*:elastalert_status*"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"*:elastalert_status*","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"sort":[1688154054424,4038],"type":"index-pattern","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5MjIsMV0="}
-{"attributes":{"fieldFormatMap":"{\"_id\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/#/hunt?q=_id%3A%22{{value}}%22\",\"labelTemplate\":\"Hunt and optionally pivot to PCAP/Cases\"}},\"uid\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"source_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"destination_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"source_port\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'source_port:\\\"{{value}}\\\" OR destination_port:\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"destination_port\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'source_port:\\\"{{value}}\\\" OR destination_port:\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"fuid\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"resp_fuids\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"orig_fuids\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"sid\":{\"id\":\"number\",\"params\":{\"pattern\":\"0\"}},\"port\":{\"id\":\"number\",\"params\":{\"pattern\":\"0.[000]\"}},\"query\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"query.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"server_name\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"server_name.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"virtual_host\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"virtual_host.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"indicator\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"indicator.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"file_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"file_ip.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"signature_info\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"{{rawValue}}\",\"labelTemplate\":\"{{value}}\"}},\"highest_registered_domain\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"highest_registered_domain.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"domain_name\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"domain_name.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"duration\":{\"id\":\"duration\",\"params\":{\"outputFormat\":\"asSeconds\",\"outputPrecision\":6}},\"missed_bytes\":{\"id\":\"bytes\"},\"missing_bytes\":{\"id\":\"bytes\"},\"original_bytes\":{\"id\":\"bytes\"},\"original_ip_bytes\":{\"id\":\"bytes\"},\"overflow_bytes\":{\"id\":\"bytes\"},\"respond_bytes\":{\"id\":\"bytes\"},\"respond_ip_bytes\":{\"id\":\"bytes\"},\"seen_bytes\":{\"id\":\"bytes\"},\"total_bytes\":{\"id\":\"bytes\"},\"rtt\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0000000]\"}},\"uids\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"osquery.LiveQuery\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/queries/new?host_uuids={{rawValue}}\",\"labelTemplate\":\"LiveQuery\"}},\"TheHive\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"\",\"labelTemplate\":\"Add2Hive\"}}}","fields":"[{\"name\":\"@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"@version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"@version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"aa\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"aa.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ack\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ack.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"action.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"additional_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"additional_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"age\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"age.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"alert.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_level\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_level.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"analyzer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"analyzer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"answers\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"answers.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"assigned_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"assigned_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auth\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"auth.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"authentication_attempts\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"authentication_method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"authentication_method.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"authentication_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"authentication_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"basic_constraints.path_len\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"basic_constraints_ca\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"basic_constraints_ca.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"basic_constraints_path_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"beat.hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"beat.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"beat.version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat_host.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"beat_host.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"bound_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"call_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"call_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"category\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"category.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cc\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cc.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_chain_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_chain_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_chain_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_common_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_common_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_common_name_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_common_name_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_curve\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_curve.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_exponent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_exponent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_issuer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_issuer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_key_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_key_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_key_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_key_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_key_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_locality\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_locality.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_not_valid_after\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_not_valid_before\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_number_days_valid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_organization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_organization.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_organization_unit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_organization_unit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_permanent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_permanent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_serial\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_serial.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_serial_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_serial_number.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_signing_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_signing_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"checksum\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"checksum.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cipher\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cipher.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cipher_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cipher_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"class\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"class.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"classification\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"classification.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_build\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_build.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_certificate_chain_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_certificate_chain_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_certificate_fuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_certificate_fuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_certificate_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_certificate_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_digital_product_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_digital_product_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_fqdn\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_fqdn.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_host_key_algorithms\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_host_key_algorithms.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_issuer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_issuer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_major_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_major_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_minor_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_minor_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"community\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"community.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"company.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"compile_ts\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"compile_ts.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"compression_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"compression_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connect_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connect_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection_state_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection_state_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"content_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"content_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cookie\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cookie.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"creation_date\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"creation_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"current_directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"current_directory.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"curve\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"curve.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.arch\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.arch.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.data.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.dpkg_status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.dpkg_status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.file\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.file.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.cpu_cores\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.cpu_cores.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.cpu_mhz\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.cpu_mhz.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.cpu_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.cpu_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.ram_free\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.ram_free.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.ram_total\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.ram_total.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.ram_usage\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.ram_usage.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.serial\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.serial.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.address.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.broadcast\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.broadcast.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.dhcp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.dhcp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.gateway\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.gateway.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.metric\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.metric.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.netmask\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.netmask.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv6.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.address.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv6.dhcp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.dhcp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv6.netmask\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.netmask.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.mac\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.mac.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.mtu\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.mtu.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.rx_bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_bytes.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.rx_dropped\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_dropped.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.rx_errors\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_errors.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.rx_packets\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_packets.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.tx_bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_bytes.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.tx_dropped\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_dropped.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.tx_errors\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_errors.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.tx_packets\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_packets.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.architecture.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.codename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.codename.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.major\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.major.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.minor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.minor.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.platform\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.platform.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.release\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.release.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.release_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.release_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.sysname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.sysname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.package\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.package.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.inode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.inode.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.local_ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.local_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.local_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.local_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.remote_ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.remote_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.remote_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.remote_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.rx_queue\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.rx_queue.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.tx_queue\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.tx_queue.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.args\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.args.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.cmd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.cmd.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.egroup\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.egroup.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.euser\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.euser.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.fgroup\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.fgroup.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.nice\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.nice.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.nlwp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.nlwp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.pgrp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.pgrp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.pid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.pid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.ppid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.ppid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.processor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.processor.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.resident\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.resident.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.rgroup\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.rgroup.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.ruser\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.ruser.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.session\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.session.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.sgroup\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.sgroup.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.share\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.share.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.start_time\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.start_time.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.stime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.stime.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.suser\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.suser.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.tgid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.tgid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.tty\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.tty.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.utime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.utime.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.vm_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.vm_size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.architecture.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.format\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.format.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.multiarch\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.multiarch.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.section\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.section.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.source\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.source.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.vendor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.vendor.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.pwd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.pwd.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.title\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.title.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.tty\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.tty.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.uid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_destination_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_destination_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_passive\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data_channel_passive.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_source_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"date\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dcc_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dcc_file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dcc_file_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dcc_mime_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dcc_mime_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"decoder.ftscomment\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"decoder.ftscomment.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"decoder.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"decoder.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"decoder.parent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"decoder.parent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"depth\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"desktop_height\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"desktop_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"desktop_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"desktop_width\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dest_is_ipv6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dest_is_ipv6.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_city\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_city.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.city_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.continent_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.continent_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.country_code2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.country_code2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.country_code3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.country_code3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.country_iso_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.country_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.dma_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.longitude.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.postal_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.region_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.region_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.region_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.region_iso_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.region_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.timezone.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_latitude\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_latitude.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_longitude\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_longitude.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_port_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_port_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_region\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_region.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"details\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"details.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dir\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dir.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"direction\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"direction.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"display_string\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"display_string.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"domain_age\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"domain_age.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"domain_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"domain_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dropped\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dropped.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"duration\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"enabled\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"enabled.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"encryption_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"encryption_level.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"encryption_method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"encryption_method.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"endpoint\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"endpoint.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"entry\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"entry.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"entry_location\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"entry_location.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"error_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"error_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"escalated_user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"escalated_user.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"established\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"established.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"exception\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"exception.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"extracted\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"extracted.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"extracted_cutoff\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"extracted_cutoff.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"facility.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fc_reply\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fc_reply.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fc_request\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fc_request.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_mime_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file_mime_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"first_received\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"first_received.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow_label\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"flow_label.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"forwardable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"forwardable.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"framed_addr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"framed_addr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"freq_virtual_host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"freq_virtual_host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"frequency_scores\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"frequency_scores.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp_argument\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp_argument.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp_command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp_command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"full_log\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"full_log.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"function\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"function.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"get_bulk_requests\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"get_bulk_requests.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"get_requests\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"get_requests.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"get_responses\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"get_responses.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"gid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_cert_table\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_cert_table.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_debug_data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_debug_data.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_export_table\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_export_table.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_import_table\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_import_table.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hassh\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hassh.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hassh_algorithms\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hassh_algorithms.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hassh_server\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hassh_server.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hassh_server_algorithms\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hassh_server_algorithms.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hassh_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hassh_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"height\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"helo\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"helo.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"highest_registered_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"highest_registered_domain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"highest_registered_domain_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"history\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"history.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hop_limit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hop_limit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host_key\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host_key.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host_key_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host_key_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"iin\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"iin.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"image_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"image_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"in_reply_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"in_reply_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"indicator\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"indicator.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"indicator_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"indicator_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"info_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"info_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"info_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"initiated\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"initiated.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"input.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"input.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"integrity_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"integrity_level.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"interface\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"interface.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ip_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_ecn\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_ecn.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_flags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_flags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_offset.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_protocol_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_protocol_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_protocol_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_tos\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_tos.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_ttl\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"irc_command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc_command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"irc_username\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc_username.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_64bit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_64bit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_exe\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_exe.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_orig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_orig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_source_ipv6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_source_ipv6.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_webmail\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_webmail.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_common_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_common_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_common_name_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_common_name_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_distinguished_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_distinguished_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_locality\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_locality.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_organization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_organization.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_organization_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_organization_unit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_organization_unit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_serial_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_serial_number.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ja3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ja3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ja3s\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ja3s.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kerberos_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kex_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kex_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"keyboard_layout\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"keyboard_layout.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"last_alert\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"last_alert.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"last_reply\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"last_reply.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"launch_string\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"launch_string.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"lease_time\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"lease_time.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"length\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"length.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"local_orig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"local_orig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"local_respond\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"local_respond.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"location\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"location.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log.file.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.file.path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logged\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logged.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logon_guid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logon_guid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logon_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logon_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash_time\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mac\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mac.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mac_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mac_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"machine\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"machine.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mail_date\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mail_date.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mail_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mail_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"manager.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"manager.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"matched\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"matched.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"md5.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message_types\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message_types.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"method.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mimetype\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mimetype.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"missed_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"missing_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"msg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"msg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql_argument\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql_argument.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql_command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql_command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"n\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"named_pipe\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"named_pipe.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"native_file_system\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"native_file_system.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"next_protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"next_protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nick\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"nick.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"note\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"note.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"notice\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ntlm_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ntlm_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"num_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"object_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"offset\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"operation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"operation.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"options\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"options.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"orig_filenames\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"orig_filenames.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"orig_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"orig_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"orig_mime_types\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"orig_mime_types.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"original_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_ip_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"os\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"os.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.EndpointIP1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.EndpointIP1.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.EndpointIP2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.EndpointIP2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.LiveQuery\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.LiveQuery.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.action.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.calendarTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.calendarTime.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.codename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.codename.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.directory.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.gid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.gid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.gid_signed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.gid_signed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.shell\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.shell.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.uid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.uid_signed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.uid_signed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.username\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.username.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.uuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.uuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.counter\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.epoch\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.hardware_serial\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.hardware_serial.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.hostIdentifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.hostIdentifier.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.unixTime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ossec_agent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ossec_agent_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ossec_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ossec_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"overflow_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"p\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_domain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_domain_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_domain_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_image_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_image_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_process_guid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_process_guid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_process_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_process_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_process_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_process_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"password\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"password.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"peer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"peer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"peer_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"peer_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pesha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"pesha1.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pesha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"pesha256.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"predecoder.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"predecoder.hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"predecoder.timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"predecoder.timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"prev_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"prev_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_arguments\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process_arguments.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_guid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"profile\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"profile.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"program\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"program.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"prospector.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"prospector.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"protocol_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"protocol_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"protocol_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"protocol_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"proxied\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"proxied.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"query.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_class\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_class_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"query_class_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_type\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_type_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"query_type_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ra\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ra.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rcode\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rcode_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rcode_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rd.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reason\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reason.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"recipient_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"recipient_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"referrer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"referrer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rejected\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rejected.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"remote_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"remote_location.country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"renewable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"renewable.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reply_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reply_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reply_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reply_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reply_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reply_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_body_len\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_body_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requested_color_depth\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"requested_color_depth.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requested_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requested_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requested_resource\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"requested_resource.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resp_filenames\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resp_filenames.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resp_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resp_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resp_mime_types\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resp_mime_types.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"respond_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_ip_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_body_len\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_body_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"result\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"result.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resumed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resumed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rev\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rev.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rows\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rows.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rtt\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rtt.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule_number\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule_signature.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"san_dns\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"san_dns.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"second_received\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"second_received.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"section_names\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"section_names.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"security_protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"security_protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seen_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seen_node\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"seen_node.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seen_where\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"seen_where.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sensor_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sensor_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seq\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"seq.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sequence_number\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_certificate_fuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_certificate_fuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_certificate_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_certificate_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_dns_computer_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_dns_computer_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_host_key_algorithms\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_host_key_algorithms.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_major_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_major_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_minor_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_minor_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_name_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_name_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_nb_computer_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_nb_computer_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_tree_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_tree_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"service\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"service.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"set_requests\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"set_requests.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"severity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"severity.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sha1.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sha256.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"share_flag\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"share_flag.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"share_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"share_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"signature_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"signer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"signer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"site\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"site.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"software_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"software_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.city_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.continent_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.country_code2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.country_code2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.country_code3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.country_code3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.country_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.dma_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.postal_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.region_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.region_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.region_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.timezone.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_port_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_port_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sources\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sources.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"status_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status_msg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"status_msg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sub_msg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sub_msg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sub_rule_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sub_rule_number.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subdomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"subdomain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subdomain_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subdomain_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subsystem\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"subsystem.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"suppress_for\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.event\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.event.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.gid_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.gid_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.gname_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.gname_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.inode_after\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.md5_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.md5_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.md5_before\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.md5_before.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.mtime_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.mtime_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.mtime_before\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.mtime_before.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.perm_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.perm_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.sha1_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.sha1_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.sha1_before\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.sha1_before.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.sha256_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.sha256_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.sha256_before\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.sha256_before.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.size_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.size_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.size_before\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.size_before.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.uid_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.uid_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.uname_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.uname_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-facility.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-host_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-host_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-legacy_msghdr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-legacy_msghdr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-pid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-pid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-sourceip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-tags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sysmon_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sysmon_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"target_filename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"target_filename.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tc\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tc.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tcp_flags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tcp_flags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"terminal_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"terminal_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"timed_out\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"timed_out.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_accessed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_accessed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_changed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_changed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_created\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_created.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_modified\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_modified.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tld.subdomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tld.subdomain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tls\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tls.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"top_level_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"top_level_domain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"total_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tracker_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tracker_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"trans_depth\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"transaction_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ttls\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tty\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tty.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tunnel_parents\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tunnel_parents.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tunnel_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tunnel_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"unparsed_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"unparsed_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"up_since\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"up_since.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"urg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"urg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uri\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uri.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uri_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user_agent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"useragent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"useragent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"useragent_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"username\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"username.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_aslr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_aslr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_code_integrity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_code_integrity.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_dep\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_dep.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_seh\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_seh.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"valid_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"valid_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"valid_till\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"valid_till.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"validation_status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"validation_status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"value\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"value.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_additional_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_additional_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_major\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_major.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_minor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_minor.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_minor2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_minor2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_minor3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_minor3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"virtual_host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"virtual_host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"virtual_host_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"virtual_host_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"warning\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"warning.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.firedtimes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.gdpr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"wazuh-rule.gdpr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.gpg13\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"wazuh-rule.gpg13.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.groups\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"wazuh-rule.groups.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"wazuh-rule.id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.mail\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.pci_dss\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"wazuh-rule.pci_dss.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"width\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"width.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"window\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"window.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"x_originating_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"year\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"z\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"z.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"TheHive\",\"type\":\"string\",\"count\":0,\"scripted\":true,\"script\":\"'soctopus/thehive/case/' + doc['_id'].value\",\"lang\":\"painless\",\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false}]","notExpandable":true,"timeFieldName":"@timestamp","title":"*:logstash-*"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"*:logstash-*","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"sort":[1688154054424,4039],"type":"index-pattern","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5MjMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Security Onion - Network Data","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Network Data\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Home](/kibana/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645)     \\n \\n**Datasets**    \\n[Connections](/kibana/app/dashboards#/view/0cc628b0-6e9f-11ea-9266-1fd14ca6af34) |  [DCE/RPC](/kibana/app/dashboards#/view/9e882df0-72c5-11ea-8dd2-9d8795a1200b) |\\n[DHCP](/kibana/app/dashboards#/view/80625c10-96dd-11ea-814e-bb515e873c2c)    \\n[DNP3](/kibana/app/dashboards#/view/b1f52180-755a-11ea-9565-7315f4ee5cac)  |  [DNS](/kibana/app/dashboards#/view/55ac6bf0-6ec4-11ea-9266-1fd14ca6af34) |\\n[FTP](/kibana/app/dashboards#/view/739bfad0-755a-11ea-9565-7315f4ee5cac) |\\n[HTTP](/kibana/app/dashboards#/view/44e9c820-6eb1-11ea-9266-1fd14ca6af34) | [Intel](/kibana/app/dashboards#/view/85b529a0-0e5a-11eb-a255-e1e8e85e3571) | [IRC](/kibana/app/dashboards#/view/38523560-75ba-11ea-9565-7315f4ee5cac)  |\\n[Kerberos](/kibana/app/dashboards#/view/b207ab90-75bc-11ea-9565-7315f4ee5cac)   \\n[Modbus](/kibana/app/dashboards#/view/886a7b90-75bd-11ea-9565-7315f4ee5cac) | \\n[MySQL](/kibana/app/dashboards#/view/c3ced6d0-75be-11ea-9565-7315f4ee5cac)  | \\n[NTLM](/kibana/app/dashboards#/view/558292e0-75c1-11ea-9565-7315f4ee5cac)  | \\n[PE](/kibana/app/dashboards#/view/94b55b90-c761-11ea-bebb-37c5ab5894ea) |\\n[RADIUS](/kibana/app/dashboards#/view/b9769e60-75c4-11ea-9565-7315f4ee5cac) | [RDP](/kibana/app/dashboards#/view/5b743150-75c5-11ea-9565-7315f4ee5cac) | \\n[RFB](/kibana/app/dashboards#/view/c8b3c360-75c6-11ea-9565-7315f4ee5cac) | [SIP](/kibana/app/dashboards#/view/dd98e260-75c6-11ea-9565-7315f4ee5cac)     \\n[SMB](/kibana/app/dashboards#/view/f24d7b80-75c6-11ea-9565-7315f4ee5cac) | [SMTP](/kibana/app/dashboards#/view/00304500-75e7-11ea-9565-7315f4ee5cac) | [SNMP](/kibana/app/dashboards#/view/96522610-75e8-11ea-9565-7315f4ee5cac) | \\n[SSH](/kibana/app/dashboards#/view/9dfd77e0-75eb-11ea-9565-7315f4ee5cac) | [SSL](/kibana/app/dashboards#/view/efae8de0-75eb-11ea-9565-7315f4ee5cac) | [Syslog](/kibana/app/dashboards#/view/66499a20-75ed-11ea-9565-7315f4ee5cac) | [Tunnels](/kibana/app/dashboards#/view/c962dd60-75ed-11ea-9565-7315f4ee5cac) | [X.509](/kibana/app/dashboards#/view/2e0865f0-75ee-11ea-9565-7315f4ee5cac)   \\n\"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[],"sort":[1688154054424,4040],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5MjQsMV0="}
-{"attributes":{"allowNoIndex":true,"fieldFormatMap":"{\"Ransomware.child_processes.pid\":{\"id\":\"string\"},\"Ransomware.pid\":{\"id\":\"string\"},\"Responses.@timestamp\":{\"id\":\"string\"},\"Target.process.parent.pgid\":{\"id\":\"string\"},\"Target.process.parent.pid\":{\"id\":\"string\"},\"Target.process.parent.ppid\":{\"id\":\"string\"},\"Target.process.parent.thread.id\":{\"id\":\"string\"},\"Target.process.pgid\":{\"id\":\"string\"},\"Target.process.pid\":{\"id\":\"string\"},\"Target.process.ppid\":{\"id\":\"string\"},\"Target.process.thread.id\":{\"id\":\"string\"},\"event.sequence\":{\"id\":\"string\"},\"event.severity\":{\"id\":\"string\"},\"process.parent.pgid\":{\"id\":\"string\"},\"process.parent.pid\":{\"id\":\"string\"},\"process.parent.ppid\":{\"id\":\"string\"},\"process.parent.thread.id\":{\"id\":\"string\"},\"process.pgid\":{\"id\":\"string\"},\"process.pid\":{\"id\":\"string\"},\"process.ppid\":{\"id\":\"string\"},\"process.thread.id\":{\"id\":\"string\"},\"threat.enrichments.indicator.file.elf.header.entrypoint\":{\"id\":\"string\"},\"threat.enrichments.indicator.file.elf.sections.chi2\":{\"id\":\"number\"},\"threat.enrichments.indicator.file.elf.sections.entropy\":{\"id\":\"number\"},\"threat.enrichments.indicator.file.elf.sections.physical_size\":{\"id\":\"bytes\"},\"threat.enrichments.indicator.file.elf.sections.virtual_address\":{\"id\":\"string\"},\"threat.enrichments.indicator.file.elf.sections.virtual_size\":{\"id\":\"string\"},\"threat.enrichments.indicator.url.port\":{\"id\":\"string\"},\"threat.indicator.file.elf.header.entrypoint\":{\"id\":\"string\"},\"threat.indicator.file.elf.sections.chi2\":{\"id\":\"number\"},\"threat.indicator.file.elf.sections.entropy\":{\"id\":\"number\"},\"threat.indicator.file.elf.sections.physical_size\":{\"id\":\"bytes\"},\"threat.indicator.file.elf.sections.virtual_address\":{\"id\":\"string\"},\"threat.indicator.file.elf.sections.virtual_size\":{\"id\":\"string\"},\"threat.indicator.url.port\":{\"id\":\"string\"},\"destination.bytes\":{\"id\":\"bytes\"},\"destination.port\":{\"id\":\"string\"},\"http.request.body.bytes\":{\"id\":\"bytes\"},\"http.request.bytes\":{\"id\":\"bytes\"},\"http.response.body.bytes\":{\"id\":\"bytes\"},\"http.response.bytes\":{\"id\":\"bytes\"},\"http.response.status_code\":{\"id\":\"string\"},\"network.bytes\":{\"id\":\"bytes\"},\"source.bytes\":{\"id\":\"bytes\"},\"source.port\":{\"id\":\"string\"}}","fields":"[{\"name\":\"cloud.account.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.availability_zone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.instance.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.instance.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.machine.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.provider\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.region\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.project.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.image.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"container.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"container.image.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"container.labels\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"container.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.mac\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.family\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.kernel\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"host.os.platform\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.containerized\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.build\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.codename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_stream.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_stream.dataset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_stream.namespace\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"elastic_agent.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic_agent.process\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic_agent.snapshot\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic_agent.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.dataset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ecs.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"error.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.category\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.created\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.ingested\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.kind\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.outcome\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.provider\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.sequence\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.full\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"related.hosts\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"related.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"related.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.as.number\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.as.organization.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.region_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.effective.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.dropped_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.event\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.sudo.error\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.sudo.tty\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.sudo.pwd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.sudo.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.sudo.command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.useradd.home\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.useradd.shell\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.original\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.api\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.activity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.computer_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AuthenticationPackageName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Binary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.BitlockerUserInputTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.BootMode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.BootType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.BuildVersion\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.CorruptionActionState\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.CreationUtcTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Detail\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DeviceName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DeviceNameLength\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DeviceTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DeviceVersionMajor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DeviceVersionMinor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DriveName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DriverName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DriverNameLength\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DwordVal\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.EntryCount\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ExtraInfo\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.FailureName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.FailureNameLength\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.FileVersion\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.FinalStatus\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Group\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.IdleImplementation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.IdleStateCount\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ImpersonationLevel\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.IntegrityLevel\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.IpAddress\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.IpPort\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.KeyLength\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.LastBootGood\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.LastShutdownGood\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.LmPackageName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.LogonGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.LogonId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.LogonProcessName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.LogonType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.MajorVersion\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.MaximumPerformancePercent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.MemberName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.MemberSid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.MinimumPerformancePercent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.MinimumThrottlePercent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.MinorVersion\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewProcessId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewProcessName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewSchemeGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NominalFrequency\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.OldSchemeGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.OldTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.OriginalFileName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.PerformanceImplementation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.PreviousCreationUtcTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.PreviousTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.PrivilegeList\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ProcessId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ProcessName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ProcessPath\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ProcessPid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.PuaCount\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.PuaPolicyId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.QfeVersion\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Reason\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SchemaVersion\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ScriptBlockText\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ServiceName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ServiceVersion\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ShutdownActionType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ShutdownEventCode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ShutdownReason\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SignatureStatus\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Signed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.StartTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.State\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.StopTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SubjectDomainName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SubjectLogonId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SubjectUserName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SubjectUserSid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TSId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TargetDomainName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TargetInfo\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TargetLogonGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TargetLogonId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TargetServerName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TargetUserName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TargetUserSid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TerminalSessionId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TokenElevationType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TransmittedServices\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.UserSid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Workstation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.param1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.param2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.param3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.param4\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.param5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.param6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.param7\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.param8\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.keywords\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.channel\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.record_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.related_activity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.opcode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.provider_guid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.process.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.provider_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.task\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.process.thread.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.user_data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.user.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.user.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.user.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.user.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"input.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log.file.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.args\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.args_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.command_line\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.entity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.executable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.executable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.title\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"related.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"service.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"service.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.effective.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.effective.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.group.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.changes.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.logon.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.logon.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.logon.failure.reason\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.logon.failure.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.logon.failure.sub_status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.computerObject.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.computerObject.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.computerObject.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AccessGranted\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AccessList\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AccessListDescription\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AccessMask\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AccessMaskDescription\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AccessRemoved\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AccountDomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AccountExpires\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AccountName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AllowedToDelegateTo\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AuditPolicyChanges\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AuditPolicyChangesDescription\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AuditSourceName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.CallerProcessId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.CallerProcessName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Category\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.CategoryId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ClientAddress\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ClientName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.CommandLine\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.CrashOnAuditFailValue\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DisplayName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DomainBehaviorVersion\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DomainName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DomainPolicyChanged\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DomainSid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Dummy\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.EventSourceId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.FailureReason\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.GroupTypeChange\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.HandleId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.HomeDirectory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.HomePath\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.KerberosPolicyChange\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.LogonHours\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.LogonID\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.MachineAccountQuota\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.MandatoryLabel\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.MixedDomainMode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewSd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewSdDacl0\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewSdDacl1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewSdDacl2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewSdSacl0\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewSdSacl1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewSdSacl2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewTargetUserName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewUACList\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewUacValue\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ObjectName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ObjectServer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ObjectType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.OemInformation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.OldSd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.OldSdDacl0\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.OldSdDacl1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.OldSdDacl2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.OldSdSacl0\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.OldSdSacl1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.OldSdSacl2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.OldTargetUserName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.OldUacValue\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.PackageName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.PasswordLastSet\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.PasswordHistoryLength\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ParentProcessName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.PreAuthType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.PrimaryGroupId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ProfilePath\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ResourceAttributes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SamAccountName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ScriptPath\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SidHistory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Service\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ServiceAccount\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ServiceFileName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ServiceSid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ServiceStartType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ServiceType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SessionName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SidFilteringEnabled\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.StatusDescription\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SubCategory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SubCategoryGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SubcategoryGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SubCategoryId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SubcategoryId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SubStatus\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TargetSid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TdoAttributes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TdoDirection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TdoType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TicketEncryptionType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TicketEncryptionTypeDescription\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TicketOptions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TicketOptionsDescription\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.UserAccountControl\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.UserParameters\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.UserPrincipalName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.UserWorkstations\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.WorkstationName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.outcome\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.time_created\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.trustAttribute\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.trustDirection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.trustType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.user_data.BackupPath\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.user_data.Channel\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.user_data.SubjectDomainName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.user_data.SubjectLogonId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.user_data.SubjectUserName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.user_data.SubjectUserSid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.user_data.xml_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"action_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"completed_at\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.comment\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"started_at\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"EndpointActions.action_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"EndpointActions.completed_at\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"EndpointActions.data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"EndpointActions.data.command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"EndpointActions.data.comment\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"EndpointActions.started_at\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"EndpointActions.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"error.code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"error.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"error.stack_trace\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"error.stack_trace.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"error.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.end\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agents\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"expiration\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"input_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"EndpointActions.expiration\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"EndpointActions.input_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"EndpointActions.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Events\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Endpoint.policy.applied.artifacts.global\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.identifiers\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.identifiers.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.identifiers.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.identifiers\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.identifiers.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.identifiers.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Memory_protection.cross_session\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Memory_protection.feature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Memory_protection.parent_to_child\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Memory_protection.self_injection\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Memory_protection.thread_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Memory_protection.unique_key_v1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.executable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.executable.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.feature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.files\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.files.data\",\"type\":\"binary\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Ransomware.child_processes.files.entropy\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.files.extension\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.files.metrics\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.files.operation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.files.original.extension\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.files.original.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.files.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.files.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.executable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.executable.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Ransomware.feature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files.data\",\"type\":\"binary\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Ransomware.files.entropy\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files.extension\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files.metrics\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files.operation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files.original.extension\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files.original.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Responses.@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Responses.action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Responses.action.action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Responses.action.field\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Responses.action.state\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Responses.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Responses.process\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Responses.process.entity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Responses.process.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Responses.process.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Responses.result\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.compile_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.features\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Target.dll.Ext.malware_classification.features.data.buffer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.features.data.decompressed_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.features.data.encoding\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.threshold\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.upx_packed\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.mapped_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.mapped_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.ancestry\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.authentication_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.compile_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.mapped_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.mapped_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.features\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Target.process.Ext.malware_classification.features.data.buffer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.features.data.decompressed_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.features.data.encoding\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.threshold\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.upx_packed\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.allocation_base\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.allocation_protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.allocation_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.allocation_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.bytes_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.bytes_allocation_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.bytes_compressed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"Target.process.Ext.memory_region.bytes_compressed_present\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.malware_signature.all_names\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.malware_signature.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.malware_signature.primary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.malware_signature.primary.matches\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"Target.process.Ext.memory_region.malware_signature.primary.signature.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.malware_signature.primary.signature.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.malware_signature.primary.signature.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.malware_signature.primary.signature.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.malware_signature.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.mapped_pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.mapped_pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.mapped_pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.mapped_pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.mapped_pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.mapped_pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.mapped_pe_detected\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.memory_pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.memory_pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.memory_pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.memory_pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.memory_pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.memory_pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.memory_pe_detected\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.region_base\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.region_protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.region_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.region_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.strings\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"Target.process.Ext.protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.services\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.session\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.elevation\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.elevation_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.impersonation_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.integrity_level\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.integrity_level_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.is_appcontainer\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.privileges\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.privileges.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.privileges.enabled\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.privileges.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.sid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.args\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.args_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.command_line\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.command_line.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.command_line.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.entity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.executable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.executable.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.executable.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.exit_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.name.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.compile_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.mapped_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.mapped_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.real\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.real.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.elevation\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.elevation_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.impersonation_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.integrity_level\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.integrity_level_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.is_appcontainer\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.privileges\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.privileges.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.privileges.enabled\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.privileges.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.sid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.args\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.args_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.command_line\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.command_line.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.command_line.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.entity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.executable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.executable.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.executable.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.exit_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.name.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.pgid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.ppid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.thread.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.thread.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.title\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.title.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.working_directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.working_directory.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.working_directory.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pgid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.ppid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.instruction_pointer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.memory_section.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.memory_section.protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.memory_section.size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.module_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.rva\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.symbol_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack_final_user_module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack_final_user_module.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack_final_user_module.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack_final_user_module.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack_final_user_module.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack_final_user_module.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack_final_user_module.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack_final_user_module.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack_final_user_module.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack_final_user_module.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack_final_user_module.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack_summary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.parameter\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.parameter_bytes_compressed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"Target.process.thread.Ext.parameter_bytes_compressed_present\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.service\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_allocation_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_bytes_disasm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_bytes_disasm_hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.elevation\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.elevation_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.impersonation_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.integrity_level\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.integrity_level_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.is_appcontainer\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.privileges\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.privileges.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.privileges.enabled\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.privileges.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.sid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.title\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.title.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.working_directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.working_directory.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.working_directory.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"agent.ephemeral_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.region_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.compile_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.features\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dll.Ext.malware_classification.features.data.buffer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.features.data.decompressed_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.features.data.encoding\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.threshold\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.upx_packed\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.mapped_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.mapped_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.code_signature.signing_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.code_signature.team_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.question.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.question.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic.agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic.agent.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.risk_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.severity\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.entry_modified\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.code_page\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.collection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.collection.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.collection.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.collection.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.collection.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.errors\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.errors.count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.errors.error_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.file_extension\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.project_file\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.project_file.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.project_file.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.project_file.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.project_file.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.stream\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.stream.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.stream.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.stream.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.stream.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.stream.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.stream.raw_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.stream.raw_code_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.features\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.Ext.malware_classification.features.data.buffer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.features.data.decompressed_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.features.data.encoding\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.threshold\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.upx_packed\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.gid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.group\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.mode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.owner\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.quarantine_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.quarantine_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.quarantine_result\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.temp_file_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.windows\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.windows.zone_identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.accessed\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.attributes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.code_signature.signing_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.code_signature.team_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.created\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.ctime\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.device\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.drive_letter\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.extension\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.gid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.group\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.inode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.mime_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.mode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.mtime\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.owner\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.path.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.path.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"file.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.target_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.target_path.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.target_path.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"file.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.Ext.real\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.Ext.real.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.Ext.real.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.region_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.Ext.variant\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.full.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.full.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"host.os.name.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.Ext.real\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.Ext.real.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.Ext.real.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.email\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.full_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.full_name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"host.user.group.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.Ext.real\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.Ext.real.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.Ext.real.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.ancestry\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.authentication_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.compile_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.mapped_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.mapped_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.features\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.Ext.malware_classification.features.data.buffer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.features.data.decompressed_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.features.data.encoding\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.threshold\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.upx_packed\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.allocation_base\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.allocation_protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.allocation_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.allocation_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.bytes_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.bytes_allocation_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.bytes_compressed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"process.Ext.memory_region.bytes_compressed_present\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.malware_signature.all_names\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.malware_signature.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.malware_signature.primary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.malware_signature.primary.matches\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"process.Ext.memory_region.malware_signature.primary.signature.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.malware_signature.primary.signature.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.malware_signature.primary.signature.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.malware_signature.primary.signature.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.malware_signature.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.mapped_pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.mapped_pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.mapped_pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.mapped_pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.mapped_pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.mapped_pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.mapped_pe_detected\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.memory_pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.memory_pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.memory_pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.memory_pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.memory_pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.memory_pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.memory_pe_detected\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.region_base\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.region_protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.region_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.region_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.strings\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"process.Ext.protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.services\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.session\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.elevation\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.elevation_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.impersonation_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.integrity_level\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.integrity_level_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.is_appcontainer\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.privileges\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.privileges.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.privileges.enabled\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.privileges.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.sid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.signing_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.team_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.command_line.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.command_line.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.executable.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.executable.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.exit_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.name.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.compile_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.mapped_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.mapped_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.real\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.real.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.elevation\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.elevation_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.impersonation_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.integrity_level\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.integrity_level_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.is_appcontainer\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.privileges\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.privileges.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.privileges.enabled\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.privileges.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.sid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.args\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.args_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.command_line\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.command_line.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.command_line.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.parent.entity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.executable.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.executable.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.parent.exit_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.name.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pgid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.ppid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.thread.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.thread.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.title\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.title.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.parent.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.working_directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.working_directory.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.working_directory.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pgid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.ppid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.instruction_pointer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.memory_section.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.memory_section.protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.memory_section.size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.module_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.rva\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.symbol_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack_final_user_module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack_final_user_module.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack_final_user_module.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack_final_user_module.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack_final_user_module.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack_final_user_module.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack_final_user_module.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack_final_user_module.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack_final_user_module.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack_final_user_module.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack_final_user_module.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack_summary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.parameter\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.parameter_bytes_compressed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"process.thread.Ext.parameter_bytes_compressed_present\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.service\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_allocation_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_bytes_disasm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_bytes_disasm_hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.elevation\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.elevation_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.impersonation_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.integrity_level\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.integrity_level_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.is_appcontainer\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.privileges\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.privileges.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.privileges.enabled\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.privileges.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.sid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.title.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.working_directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.working_directory.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.working_directory.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"registry.data.strings\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"registry.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"registry.value\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.author\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.category\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.license\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.reference\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.ruleset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.uuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.as.number\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.as.organization.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.as.organization.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.confidence\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.email.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.entropy\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.entry_modified\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.header_bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.header_data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_classification.features.data.buffer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_classification.features.data.decompressed_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_classification.features.data.encoding\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_classification.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_classification.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_classification.threshold\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_classification.upx_packed\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_classification.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_signature.all_names\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_signature.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_signature.primary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_signature.primary.matches\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_signature.primary.signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_signature.primary.signature.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_signature.primary.signature.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_signature.primary.signature.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_signature.primary.signature.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_signature.secondary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_signature.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.monotonic_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.original\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.original.gid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.original.group\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.original.mode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.original.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.original.owner\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.original.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.original.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.quarantine_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.quarantine_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.quarantine_result\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.temp_file_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.windows\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.windows.zone_identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.accessed\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.attributes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.code_signature.signing_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.code_signature.team_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.created\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.ctime\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.device\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.drive_letter\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.byte_order\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.cpu_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.creation_date\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.exports\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.header.abi_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.header.class\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.header.data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.header.entrypoint\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.header.object_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.header.os_abi\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.header.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.header.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.imports\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.sections\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.sections.chi2\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.sections.entropy\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.sections.flags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.sections.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.sections.physical_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.sections.physical_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.sections.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.sections.virtual_address\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.sections.virtual_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.segments\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.segments.sections\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.segments.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.shared_libraries\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.telfhash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.extension\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.gid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.group\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.hash.ssdeep\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.inode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.mime_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.mode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.mtime\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.owner\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.path.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.path.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.pe.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.target_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.target_path.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.target_path.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.first_seen\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.geo.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.geo.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.geo.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.geo.region_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.hash.ssdeep\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.last_seen\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.marking.tlp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.modified_at\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.pe.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.provider\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.reference\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.registry.data.bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.registry.data.strings\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.registry.data.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.registry.hive\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.registry.key\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.registry.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.registry.value\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.scanner_stats\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.sightings\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.extension\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.fragment\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.full\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.full.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.original\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.original.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.password\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.query\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.registered_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.scheme\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.subdomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.top_level_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.username\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.alternative_names\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.issuer.common_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.issuer.country\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.issuer.distinguished_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.issuer.locality\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.issuer.organization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.issuer.organizational_unit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.issuer.state_or_province\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.not_after\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.not_before\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.public_key_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.public_key_curve\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.public_key_exponent\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"threat.enrichments.indicator.x509.public_key_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.serial_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.signature_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.subject.common_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.subject.country\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.subject.distinguished_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.subject.locality\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.subject.organization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.subject.organizational_unit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.subject.state_or_province\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.version_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.matched.atomic\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.matched.field\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.matched.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.matched.index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.matched.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.framework\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.group.alias\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.group.reference\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.as.number\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.as.organization.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.as.organization.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.indicator.confidence\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.email.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.entropy\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.entry_modified\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.header_bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.header_data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_classification.features.data.buffer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_classification.features.data.decompressed_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_classification.features.data.encoding\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_classification.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_classification.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_classification.threshold\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_classification.upx_packed\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_classification.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_signature.all_names\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_signature.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_signature.primary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_signature.primary.matches\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_signature.primary.signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_signature.primary.signature.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_signature.primary.signature.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_signature.primary.signature.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_signature.primary.signature.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_signature.secondary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_signature.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.monotonic_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.original\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.original.gid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.original.group\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.original.mode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.original.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.original.owner\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.original.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.original.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.quarantine_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.quarantine_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.quarantine_result\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.temp_file_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.windows\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.windows.zone_identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.accessed\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.attributes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.code_signature.signing_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.code_signature.team_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.created\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.ctime\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.device\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.drive_letter\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.byte_order\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.cpu_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.creation_date\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.exports\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.header.abi_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.header.class\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.header.data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.header.entrypoint\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.header.object_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.header.os_abi\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.header.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.header.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.imports\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.sections\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.sections.chi2\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.sections.entropy\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.sections.flags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.sections.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.sections.physical_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.sections.physical_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.sections.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.sections.virtual_address\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.sections.virtual_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.segments\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.segments.sections\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.segments.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.shared_libraries\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.telfhash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.extension\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.gid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.group\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.hash.ssdeep\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.inode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.mime_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.mode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.mtime\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.owner\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.path.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.path.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.pe.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.target_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.target_path.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.target_path.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.first_seen\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.geo.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.geo.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.geo.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.geo.region_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.hash.ssdeep\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.last_seen\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.marking.tlp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.modified_at\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.pe.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.provider\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.reference\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.registry.data.bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.registry.data.strings\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.registry.data.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.registry.hive\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.registry.key\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.registry.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.registry.value\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.scanner_stats\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.sightings\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.extension\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.fragment\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.full\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.full.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.original\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.original.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.password\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.query\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.registered_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.scheme\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.subdomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.top_level_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.username\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.alternative_names\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.issuer.common_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.issuer.country\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.issuer.distinguished_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.issuer.locality\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.issuer.organization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.issuer.organizational_unit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.issuer.state_or_province\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.not_after\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.not_before\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.public_key_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.public_key_curve\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.public_key_exponent\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"threat.indicator.x509.public_key_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.serial_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.signature_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.subject.common_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.subject.country\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.subject.distinguished_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.subject.locality\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.subject.organization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.subject.organizational_unit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.subject.state_or_province\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.version_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.software.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.software.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.software.platforms\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.software.reference\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.software.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.tactic.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.tactic.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.tactic.reference\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.technique.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.technique.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.technique.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.technique.reference\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.technique.subtechnique.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.technique.subtechnique.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.technique.subtechnique.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.technique.subtechnique.reference\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.Ext.real\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.Ext.real.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.Ext.real.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.email\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.full_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.full_name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"user.group.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.Ext.real\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.Ext.real.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.Ext.real.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"event.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.Ext.correlation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.Ext.correlation.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.entropy\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.header_bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.header_data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_signature.all_names\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_signature.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_signature.primary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_signature.primary.matches\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_signature.primary.signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_signature.primary.signature.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_signature.primary.signature.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_signature.primary.signature.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_signature.primary.signature.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_signature.secondary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_signature.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.monotonic_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.defense_evasions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.load_index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.registered_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.top_level_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.Ext.options\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.Ext.status\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.question.registered_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.question.subdomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.question.top_level_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.resolved_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.request.body.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.request.body.content\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.request.body.content.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"http.request.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.Ext.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.body.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.body.content\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.body.content.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"http.response.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.status_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.community_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.direction\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.iana_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.transport\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.registered_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.top_level_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"package.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.defense_evasions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.elevation_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.security_attributes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.signing_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.team_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"registry.data.bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"registry.data.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"registry.hive\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"registry.key\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","timeFieldName":"@timestamp","title":"logs-*"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"logs-*","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"sort":[1688154054424,4041],"type":"index-pattern","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5MjUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - All Logs","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - All Logs\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":29}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4043],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5MjYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Logs Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Logs Over Time\",\"type\":\"line\",\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"linear\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4045],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5MjcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Source IPs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Source IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4047],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5MjgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Destination IPs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Destination IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4049],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5MjksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SMTP - Sender","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SMTP - Sender\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"smtp.from.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"From\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"7a789740-75e7-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4051],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5MzAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SMTP - Recipient","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SMTP - Recipient\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"To\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"smtp.to.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Recipient\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"a5742950-75e7-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4053],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5MzEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SMTP - TLS","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - SMTP - TLS\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"boolean\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"smtp.tls: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"smtp.tls\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"TLS\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"e77a2b60-75e7-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4055],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5MzIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SMTP - Subject","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SMTP - Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"smtp.subject.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"smtp.subject.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Subject\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"0713ebf0-75e8-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4057],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5MzMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SMTP - User Agent","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SMTP - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"smtp.useragent.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"User Agent\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"4178ce00-75e8-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4059],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5MzQsMV0="}
-{"attributes":{"columns":["source.ip","source.port","destination.ip","destination.port","log.id.uid","network.community_id","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[],"title":"Security Onion - All Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4061],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5MzUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:smtp\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":9,\"i\":\"a603d9db-ab4e-40b0-aeb8-0f1c1f84bd85\"},\"panelIndex\":\"a603d9db-ab4e-40b0-aeb8-0f1c1f84bd85\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a603d9db-ab4e-40b0-aeb8-0f1c1f84bd85\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":14,\"y\":0,\"w\":16,\"h\":9,\"i\":\"6fd30865-1d5d-4f8f-9173-77220bb23395\"},\"panelIndex\":\"6fd30865-1d5d-4f8f-9173-77220bb23395\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6fd30865-1d5d-4f8f-9173-77220bb23395\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":9,\"i\":\"1b0acf7a-2a47-4eb4-9cb2-34cd6c499472\"},\"panelIndex\":\"1b0acf7a-2a47-4eb4-9cb2-34cd6c499472\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1b0acf7a-2a47-4eb4-9cb2-34cd6c499472\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":9,\"h\":18,\"i\":\"d31027fb-a090-474f-9863-712ef30c0b3e\"},\"panelIndex\":\"d31027fb-a090-474f-9863-712ef30c0b3e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_d31027fb-a090-474f-9863-712ef30c0b3e\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":9,\"w\":9,\"h\":18,\"i\":\"fb5452b7-cb91-4415-ad6b-37f2c05955fa\"},\"panelIndex\":\"fb5452b7-cb91-4415-ad6b-37f2c05955fa\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_fb5452b7-cb91-4415-ad6b-37f2c05955fa\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":18,\"y\":9,\"w\":15,\"h\":18,\"i\":\"9aaa1369-1a61-4bb0-bb30-6bbb476fbb8a\"},\"panelIndex\":\"9aaa1369-1a61-4bb0-bb30-6bbb476fbb8a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9aaa1369-1a61-4bb0-bb30-6bbb476fbb8a\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":33,\"y\":9,\"w\":15,\"h\":18,\"i\":\"4bf1751e-8da2-4f5a-b66d-2f09338b2053\"},\"panelIndex\":\"4bf1751e-8da2-4f5a-b66d-2f09338b2053\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4bf1751e-8da2-4f5a-b66d-2f09338b2053\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":27,\"w\":18,\"h\":18,\"i\":\"9365d9e9-478f-499d-aa41-d8f42081ff1c\"},\"panelIndex\":\"9365d9e9-478f-499d-aa41-d8f42081ff1c\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9365d9e9-478f-499d-aa41-d8f42081ff1c\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":18,\"y\":27,\"w\":15,\"h\":18,\"i\":\"18ad4f7a-1a1e-4dcb-8810-bb74d247c9fa\"},\"panelIndex\":\"18ad4f7a-1a1e-4dcb-8810-bb74d247c9fa\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_18ad4f7a-1a1e-4dcb-8810-bb74d247c9fa\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":33,\"y\":27,\"w\":15,\"h\":18,\"i\":\"44a5b84f-2636-45f4-bb5e-9f8ab11f4107\"},\"panelIndex\":\"44a5b84f-2636-45f4-bb5e-9f8ab11f4107\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_44a5b84f-2636-45f4-bb5e-9f8ab11f4107\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":45,\"w\":48,\"h\":29,\"i\":\"4053cc7e-9771-46d9-8e03-e430ab096805\"},\"panelIndex\":\"4053cc7e-9771-46d9-8e03-e430ab096805\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4053cc7e-9771-46d9-8e03-e430ab096805\"}]","timeRestore":false,"title":"Security Onion - SMTP","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"00304500-75e7-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"a603d9db-ab4e-40b0-aeb8-0f1c1f84bd85:panel_a603d9db-ab4e-40b0-aeb8-0f1c1f84bd85","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"6fd30865-1d5d-4f8f-9173-77220bb23395:panel_6fd30865-1d5d-4f8f-9173-77220bb23395","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"1b0acf7a-2a47-4eb4-9cb2-34cd6c499472:panel_1b0acf7a-2a47-4eb4-9cb2-34cd6c499472","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"d31027fb-a090-474f-9863-712ef30c0b3e:panel_d31027fb-a090-474f-9863-712ef30c0b3e","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"fb5452b7-cb91-4415-ad6b-37f2c05955fa:panel_fb5452b7-cb91-4415-ad6b-37f2c05955fa","type":"visualization"},{"id":"7a789740-75e7-11ea-9565-7315f4ee5cac","name":"9aaa1369-1a61-4bb0-bb30-6bbb476fbb8a:panel_9aaa1369-1a61-4bb0-bb30-6bbb476fbb8a","type":"visualization"},{"id":"a5742950-75e7-11ea-9565-7315f4ee5cac","name":"4bf1751e-8da2-4f5a-b66d-2f09338b2053:panel_4bf1751e-8da2-4f5a-b66d-2f09338b2053","type":"visualization"},{"id":"e77a2b60-75e7-11ea-9565-7315f4ee5cac","name":"9365d9e9-478f-499d-aa41-d8f42081ff1c:panel_9365d9e9-478f-499d-aa41-d8f42081ff1c","type":"visualization"},{"id":"0713ebf0-75e8-11ea-9565-7315f4ee5cac","name":"18ad4f7a-1a1e-4dcb-8810-bb74d247c9fa:panel_18ad4f7a-1a1e-4dcb-8810-bb74d247c9fa","type":"visualization"},{"id":"4178ce00-75e8-11ea-9565-7315f4ee5cac","name":"44a5b84f-2636-45f4-bb5e-9f8ab11f4107:panel_44a5b84f-2636-45f4-bb5e-9f8ab11f4107","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"4053cc7e-9771-46d9-8e03-e430ab096805:panel_4053cc7e-9771-46d9-8e03-e430ab096805","type":"search"}],"sort":[1688154054424,4073],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5MzYsMV0="}
-{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.category:network\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Security Onion - Network Data","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"387f44c0-6ea7-11ea-9266-1fd14ca6af34","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4075],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5MzcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Network - Source IPs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Network - Source IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"source.ip: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"0242ab70-6eae-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"387f44c0-6ea7-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1688154054424,4077],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5MzgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Security Onion  - Files","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion  - Files\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Home](/kibana/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645)     \\n \\n**Modules**    \\n[Strelka](/kibana/app/dashboards#/view/ff689c50-75f3-11ea-9565-7315f4ee5cac)    \\n[Zeek](/kibana/app/dashboards#/view/ad4d5d60-75f4-11ea-9565-7315f4ee5cac)\"},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"9a5058f0-6e99-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[],"sort":[1688154054424,4078],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5MzksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Log Count Over Time\",\"type\":\"line\",\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":false,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm\"}},\"params\":{\"date\":true,\"interval\":\"PT30M\",\"intervalESValue\":30,\"intervalESUnit\":\"m\",\"format\":\"HH:mm\",\"bounds\":{\"min\":\"2020-03-29T18:17:18.800Z\",\"max\":\"2020-03-30T18:17:18.800Z\"}},\"label\":\"@timestamp per 30 minutes\",\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"linear\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-24h\",\"to\":\"now\",\"mode\":\"quick\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"c879ad60-72a1-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4080],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5NDAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.module:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Modules","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Modules\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.module\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Module\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"event.module.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"8b065a80-6eca-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4082],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5NDEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Dataset","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Dataset\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Count\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Dataset\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Dataset\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"event.dataset.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"ad398b70-6e9a-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4084],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5NDIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - File - Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - File - Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"file.name.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"bcf25e30-75f1-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4086],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5NDMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - FIle - Total Bytes","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"Security Onion - FIle - Total Bytes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"file.bytes.total: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.bytes.total\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Total Bytes\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"efc25540-75f1-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4088],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5NDQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - File - MIME Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - File - MIME Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"file.mime_type.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.mime_type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MIMEType\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"e8d35c50-75f3-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4090],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5NDUsMV0="}
-{"attributes":{"columns":["event.module","source.ip","destination.ip","file.mime_type","log.id.fuid","hash.sha1","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"tags:file\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[],"title":"Security Onion - File Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"b0dc2460-0e4d-11eb-a255-e1e8e85e3571","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4092],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5NDYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:file\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":7,\"h\":7,\"i\":\"6948ea4a-398f-4ab1-a269-e1e6ecd29e12\"},\"panelIndex\":\"6948ea4a-398f-4ab1-a269-e1e6ecd29e12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6948ea4a-398f-4ab1-a269-e1e6ecd29e12\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":7,\"y\":0,\"w\":15,\"h\":7,\"i\":\"d09eef70-f2b5-4085-b619-11cae812be58\"},\"panelIndex\":\"d09eef70-f2b5-4085-b619-11cae812be58\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_d09eef70-f2b5-4085-b619-11cae812be58\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":22,\"y\":0,\"w\":26,\"h\":7,\"i\":\"0dd18bd2-6631-4772-b3d0-4a92ff713e3a\"},\"panelIndex\":\"0dd18bd2-6631-4772-b3d0-4a92ff713e3a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0dd18bd2-6631-4772-b3d0-4a92ff713e3a\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":7,\"w\":8,\"h\":20,\"i\":\"86d343d4-c030-46a3-9f3e-083ccbf28b04\"},\"panelIndex\":\"86d343d4-c030-46a3-9f3e-083ccbf28b04\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_86d343d4-c030-46a3-9f3e-083ccbf28b04\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":8,\"y\":7,\"w\":8,\"h\":20,\"i\":\"2fb5d1e8-4ac6-42c4-852e-9046c2970086\"},\"panelIndex\":\"2fb5d1e8-4ac6-42c4-852e-9046c2970086\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2fb5d1e8-4ac6-42c4-852e-9046c2970086\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":16,\"y\":7,\"w\":10,\"h\":20,\"i\":\"7875de58-924b-4b27-bd51-159b5657659f\"},\"panelIndex\":\"7875de58-924b-4b27-bd51-159b5657659f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7875de58-924b-4b27-bd51-159b5657659f\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":26,\"y\":7,\"w\":10,\"h\":20,\"i\":\"f1f8a5c7-9e9f-460d-a2b8-eaca8d834c6b\"},\"panelIndex\":\"f1f8a5c7-9e9f-460d-a2b8-eaca8d834c6b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f1f8a5c7-9e9f-460d-a2b8-eaca8d834c6b\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":7,\"w\":12,\"h\":20,\"i\":\"06055634-ec80-478d-93d5-67e1cc46e1ab\"},\"panelIndex\":\"06055634-ec80-478d-93d5-67e1cc46e1ab\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_06055634-ec80-478d-93d5-67e1cc46e1ab\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":20,\"i\":\"cfa99d8f-e7d6-46d5-9e7f-5dc5c3371275\"},\"panelIndex\":\"cfa99d8f-e7d6-46d5-9e7f-5dc5c3371275\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_cfa99d8f-e7d6-46d5-9e7f-5dc5c3371275\"}]","timeRestore":false,"title":"Security Onion - Files","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T20:20:50.102Z","id":"0245be10-6ec1-11ea-9266-1fd14ca6af34","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"9a5058f0-6e99-11ea-9266-1fd14ca6af34","name":"6948ea4a-398f-4ab1-a269-e1e6ecd29e12:panel_6948ea4a-398f-4ab1-a269-e1e6ecd29e12","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"d09eef70-f2b5-4085-b619-11cae812be58:panel_d09eef70-f2b5-4085-b619-11cae812be58","type":"visualization"},{"id":"c879ad60-72a1-11ea-8dd2-9d8795a1200b","name":"0dd18bd2-6631-4772-b3d0-4a92ff713e3a:panel_0dd18bd2-6631-4772-b3d0-4a92ff713e3a","type":"visualization"},{"id":"8b065a80-6eca-11ea-9266-1fd14ca6af34","name":"86d343d4-c030-46a3-9f3e-083ccbf28b04:panel_86d343d4-c030-46a3-9f3e-083ccbf28b04","type":"visualization"},{"id":"ad398b70-6e9a-11ea-9266-1fd14ca6af34","name":"2fb5d1e8-4ac6-42c4-852e-9046c2970086:panel_2fb5d1e8-4ac6-42c4-852e-9046c2970086","type":"visualization"},{"id":"bcf25e30-75f1-11ea-9565-7315f4ee5cac","name":"7875de58-924b-4b27-bd51-159b5657659f:panel_7875de58-924b-4b27-bd51-159b5657659f","type":"visualization"},{"id":"efc25540-75f1-11ea-9565-7315f4ee5cac","name":"f1f8a5c7-9e9f-460d-a2b8-eaca8d834c6b:panel_f1f8a5c7-9e9f-460d-a2b8-eaca8d834c6b","type":"visualization"},{"id":"e8d35c50-75f3-11ea-9565-7315f4ee5cac","name":"06055634-ec80-478d-93d5-67e1cc46e1ab:panel_06055634-ec80-478d-93d5-67e1cc46e1ab","type":"visualization"},{"id":"b0dc2460-0e4d-11eb-a255-e1e8e85e3571","name":"cfa99d8f-e7d6-46d5-9e7f-5dc5c3371275:panel_cfa99d8f-e7d6-46d5-9e7f-5dc5c3371275","type":"search"}],"sort":[1688156450102,8663],"type":"dashboard","updated_at":"2023-06-30T20:20:50.102Z","version":"WzUzMDQsMV0="}
-{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_ssl\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"SSL - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4104],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5NDgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SSL - Version (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SSL - Version (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":false,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"version.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"02699580-365a-11e7-bf60-314364dd1cde","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4106],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5NDksMV0="}
-{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_sip\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"SIP - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"9e131480-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4108],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5NTAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SIP - Status","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SIP - Status\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"status_code\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Code\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"status_msg.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Message\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"0291dba0-4c78-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4110],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5NTEsMV0="}
-{"attributes":{"fieldAttrs":"{\"event.action\":{\"count\":8},\"host.user.name\":{\"count\":2},\"endgame.event_type_full\":{\"count\":5},\"host.name\":{\"count\":7},\"host.os.name\":{\"count\":3},\"host.os.name.text\":{\"count\":1},\"endgame.event_subtype_full\":{\"count\":3},\"event.category\":{\"count\":5},\"process.name\":{\"count\":6},\"process.parent.name\":{\"count\":1},\"agent.id\":{\"count\":2},\"process.executable\":{\"count\":3},\"type\":{\"count\":3},\"host.name.keyword\":{\"count\":2},\"event.sequence\":{\"count\":3},\"host.os.family\":{\"count\":1},\"host.os.platform\":{\"count\":1},\"event.type\":{\"count\":8},\"metadata.action\":{\"count\":2},\"user.name\":{\"count\":1},\"@version\":{\"count\":2},\"@timestamp\":{\"count\":1},\"registry.path\":{\"count\":1},\"related.user\":{\"count\":1},\"event.kind\":{\"count\":1},\"event.severity\":{\"count\":1},\"file.name\":{\"count\":4},\"host.domain\":{\"count\":1},\"process.command_line\":{\"count\":1},\"_id\":{\"count\":1},\"client.bytes\":{\"count\":2},\"destination.bytes\":{\"count\":2},\"network.bytes\":{\"count\":2},\"server.bytes\":{\"count\":2},\"source.bytes\":{\"count\":2},\"client.ip\":{\"count\":1},\"destination.ip\":{\"count\":1},\"source.ip\":{\"count\":1},\"file.attributes\":{\"count\":6},\"file.directory\":{\"count\":3},\"file.extension\":{\"count\":2},\"file.gid\":{\"count\":2},\"file.group\":{\"count\":2},\"host.hostname\":{\"count\":1},\"host.ip\":{\"count\":1},\"related.ip\":{\"count\":2},\"user.domain\":{\"count\":2}}","fieldFormatMap":"{\"process.name\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/kibana/app/dashboards#/view/790991a0-6287-11ec-864c-8b5450f97635?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'endgame-*',key:process.name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(process.name:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"user.name\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/kibana/app/dashboards#/view/6063a9e0-61b2-11ec-864c-8b5450f97635?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'endgame-*',key:user.name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(user.name:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"file.name\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/kibana/app/dashboards#/view/4923ad00-6349-11ec-864c-8b5450f97635?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'endgame-*',key:file.name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(file.name:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"file.type\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/kibana/app/dashboards#/view/4923ad00-6349-11ec-864c-8b5450f97635?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'endgame-*',key:file.name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(file.name:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"event.module\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/kibana/app/dashboards#/view/6063a9e0-61b2-11ec-864c-8b5450f97635?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'endgame-*',key:event.module,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(event.module:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"network.transport\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/kibana/app/dashboards#/view/49d34770-53b2-11ec-b3ef-6bcc33056a36?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'endgame-*',key:network.transport,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(network.transport:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"source.ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/kibana/app/dashboards#/view/49d34770-53b2-11ec-b3ef-6bcc33056a36?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'endgame-*',key:source.ip,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(source.ip:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"host.name\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/kibana/app/dashboards#/view/6063a9e0-61b2-11ec-864c-8b5450f97635?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'endgame-*',key:host.name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(host.name:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"registry.key\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/kibana/app/dashboards#/view/a6c6c880-63f7-11ec-864c-8b5450f97635?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'endgame-*',key:registry.key,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(registry.key:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"host.ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/kibana/app/dashboards#/view/6063a9e0-61b2-11ec-864c-8b5450f97635?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'endgame-*',key:host.ip,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(host.ip:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"destination.ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/kibana/app/dashboards#/view/49d34770-53b2-11ec-b3ef-6bcc33056a36?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'endgame-*',key:destination.ip,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(destination.ip:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"event.category.dashboard\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"{{ rawValue }}\",\"labelTemplate\":\"{{ value }}\"}}}","fields":"[]","runtimeFieldMap":"{\"event.category.dashboard\":{\"type\":\"keyword\",\"script\":{\"source\":\"def source = doc['event.category'].value;\\nMap urls = new HashMap();\\nurls.put(\\\"authentication\\\", \\\"dashboards#/view/6c5aaff0-63f6-11ec-864c-8b5450f97635\\\");\\nurls.put(\\\"file\\\", \\\"dashboards#/view/4923ad00-6349-11ec-864c-8b5450f97635\\\");\\nurls.put(\\\"network\\\", \\\"dashboards#/view/49d34770-53b2-11ec-b3ef-6bcc33056a36\\\");\\nurls.put(\\\"process\\\", \\\"dashboards#/view/790991a0-6287-11ec-864c-8b5450f97635\\\");\\nurls.put(\\\"registry\\\", \\\"dashboards#/view/a6c6c880-63f7-11ec-864c-8b5450f97635\\\");\\nurls.put(\\\"driver\\\", \\\"dashboards#/view/6063a9e0-61b2-11ec-864c-8b5450f97635\\\");\\nif (source != null) {\\n\\tdef url = urls.get(source);\\n\\tif (url != null) {\\n\\t\\temit(url);\\n        return;\\n\\t}\\n}\\nemit(\\\"None\\\");\"}}}","timeFieldName":"@timestamp","title":"endgame-*","typeMeta":"{}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"endgame-*","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"sort":[1688154054424,4111],"type":"index-pattern","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5NTIsMV0="}
-{"attributes":{"columns":["host.name","registry.path","related.user"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.category : \\\"registry\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Endgame - Registry Events","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"0359b740-64cc-11ec-864c-8b5450f97635","migrationVersion":{"search":"8.0.0"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4113],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5NTMsMV0="}
-{"attributes":{"columns":["osquery.columns.permissions","osquery.columns.name"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event_type: osquery AND osquery.name:*chrome* AND osquery.columns.permissions:('all_urls','privacy')\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"osquery - Chrome Extensions - Sensitive Permissions","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"040dda10-18d8-11e9-932c-d12d2cf4ee95","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4115],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5NTQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SIP - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SIP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"04e1aea0-3750-11e7-b74a-f5057991ccd2","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4117],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5NTUsMV0="}
-{"attributes":{"columns":["osquery.hostname","osquery.columns.username","osquery.LiveQuery","osquery.columns.name"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event_type: osquery AND osquery.name:*chrome*\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"osquery - Chrome Extensions","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"0eee4360-18d4-11e9-932c-d12d2cf4ee95","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4119],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5NTYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"osquery - Chrome Extensions - Changes by Hostname","uiStateJSON":"{\n  \"vis\": {\n    \"params\": {\n      \"sort\": {\n        \"columnIndex\": null,\n        \"direction\": null\n      }\n    }\n  }\n}","version":1,"visState":"{\"title\":\"osquery - Chrome Extensions - Changes by Hostname\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Changes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"osquery.hostname.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Hostname\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"04f86530-1a59-11e9-ac0b-cb0ba10141ab","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0eee4360-18d4-11e9-932c-d12d2cf4ee95","name":"search_0","type":"search"}],"sort":[1688154054424,4121],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5NTcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"network.protocol:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Top Network Protocols","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Top Network Protocols\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":18,\"maxFontSize\":72,\"showLabel\":false,\"metric\":{\"type\":\"vis_dimension\",\"accessor\":1,\"format\":{\"id\":\"string\",\"params\":{}}},\"bucket\":{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.protocol.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"d9eb5b30-6ea9-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4123],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5NTgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Network - Transport","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Network - Transport\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":false,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"network.transport: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.transport.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"79cc9670-6ead-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"387f44c0-6ea7-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1688154054424,4125],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5NTksMV0="}
-{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.category: network\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.2\",\"gridData\":{\"h\":9,\"i\":\"b18f064d-2fba-45d8-a3c3-700ecec939a3\",\"w\":13,\"x\":0,\"y\":0},\"panelIndex\":\"b18f064d-2fba-45d8-a3c3-700ecec939a3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.2\",\"gridData\":{\"h\":9,\"i\":\"3bf59d17-132e-47bc-b548-e1e073491ec5\",\"w\":14,\"x\":13,\"y\":0},\"panelIndex\":\"3bf59d17-132e-47bc-b548-e1e073491ec5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.2\",\"gridData\":{\"h\":9,\"i\":\"49c9ae10-3f16-4cec-b044-c5cf2db199ae\",\"w\":21,\"x\":27,\"y\":0},\"panelIndex\":\"49c9ae10-3f16-4cec-b044-c5cf2db199ae\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.2\",\"gridData\":{\"h\":19,\"i\":\"87427ca5-e0b9-4ec8-bb5f-3452803befe1\",\"w\":13,\"x\":0,\"y\":9},\"panelIndex\":\"87427ca5-e0b9-4ec8-bb5f-3452803befe1\",\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true},\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.2\",\"gridData\":{\"h\":19,\"i\":\"3d3199e1-d839-4738-bc99-e030365b7070\",\"w\":11,\"x\":13,\"y\":9},\"panelIndex\":\"3d3199e1-d839-4738-bc99-e030365b7070\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.2\",\"gridData\":{\"h\":19,\"i\":\"a7745b0f-1c69-4837-9f7e-3d79b5a2ac60\",\"w\":12,\"x\":24,\"y\":9},\"panelIndex\":\"a7745b0f-1c69-4837-9f7e-3d79b5a2ac60\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.2\",\"gridData\":{\"h\":19,\"i\":\"221a543a-98d4-46dd-8e7c-bf97bb292021\",\"w\":12,\"x\":36,\"y\":9},\"panelIndex\":\"221a543a-98d4-46dd-8e7c-bf97bb292021\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.2\",\"gridData\":{\"h\":29,\"i\":\"55902091-6959-4127-a969-4015fbf124d3\",\"w\":48,\"x\":0,\"y\":28},\"panelIndex\":\"55902091-6959-4127-a969-4015fbf124d3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"Security Onion - Network","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"04ff3ef0-6ea4-11ea-9266-1fd14ca6af34","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"d9eb5b30-6ea9-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"79cc9670-6ead-11ea-9266-1fd14ca6af34","name":"panel_3","type":"visualization"},{"id":"ad398b70-6e9a-11ea-9266-1fd14ca6af34","name":"panel_4","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_5","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_6","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_7","type":"search"}],"sort":[1688154054424,4134],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5NjAsMV0="}
-{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"size\":10,\"query\":{\"query_string\":{\"query\":\"event_type:bro_conn\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Connections - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"9bf42190-342d-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4136],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5NjEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Missed Bytes","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Connections - Missed Bytes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"missed_bytes\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Missed Bytes\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"05088150-3670-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4138],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5NjIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SMB - Path","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SMB - Path\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"smb.path.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"smb.path.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Path\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"052df440-75f0-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4140],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5NjMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Rule - GID/SID","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Rule - GID/SID\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"GID\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"SID\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rule.rev: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.gid\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"GID\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.signature_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"SID\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.rev\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Revision\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"053f7130-7734-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4142],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5NjQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Source - Originator Bytes ( Tile Map)","uiStateJSON":"{\"mapZoom\":3,\"mapCenter\":[39.70718665682654,-44.912109375]}","version":1,"visState":"{\"title\":\"Connections - Source - Originator Bytes ( Tile Map)\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":0,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"original_bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"source_geo.location\",\"autoPrecision\":true,\"useGeocentroid\":true,\"precision\":2}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"05809df0-46cb-11e7-946f-1bfb1be7c36b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4144],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5NjUsMV0="}
-{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event_type: osquery\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"osquery - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"84116380-14e1-11e9-82f7-0da02d93a48b","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4146],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5NjYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"osquery - Changes by Hostname","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"osquery - Changes by Hostname\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Changes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"osquery.hostname.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Hostname\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"05a5ed10-14e4-11e9-82f7-0da02d93a48b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"84116380-14e1-11e9-82f7-0da02d93a48b","name":"search_0","type":"search"}],"sort":[1688154054424,4148],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5NjcsMV0="}
-{"attributes":{"columns":["source_ip","destination_ip","destination_port","uid","fuid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_ftp\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"FTP - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4150],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5NjgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FTP - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"FTP - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"06f21d60-35b6-11e7-a994-c528746bc6e8","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4152],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5NjksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DNS - Query","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DNS - Query\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"dns.query.name.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dns.query.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Query\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"07065340-72ba-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4154],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5NzAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - PE - Section","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.section_names.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Section\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"Security Onion - PE - Section\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"07419650-c763-11ea-bebb-37c5ab5894ea","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4156],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5NzEsMV0="}
-{"attributes":{"columns":["source_ip","destination_ip","destination_port","uid","fuid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_intel\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Intel - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4158],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5NzIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Intel - Indicator Type (Vertical Bar Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Intel - Indicator Type (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0,\"filter\":true},\"title\":{\"text\":\"Indicator Type\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"indicator_type.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Indicator Type\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"07622d60-6e16-11e7-8624-1fb07dd76c6a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4160],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5NzMsMV0="}
-{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_mysql\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"MySQL - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"5d624230-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4162],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5NzQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"MySQL - Command/Argument","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"MySQL - Command/Argument\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mysql_command.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Command\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mysql_argument.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Argument\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"07e25650-3812-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"5d624230-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4164],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5NzUsMV0="}
-{"attributes":{"columns":["note","source_ip","destination_ip","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event_type:bro_notice\",\"default_field\":\"*\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Notices - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4166],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5NzYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Notices - Notice Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Notices - Notice Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"note.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"07fdf9e0-39ad-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4168],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5NzcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - HTTP - Method","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - HTTP - Method\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"http.method.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"http.method.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Method\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"088aad70-7377-11ea-a3da-cbdb4f8a90c0","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4170],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5NzgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Hash - SHA256","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Hash - SHA256\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"file.hash.sha256.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"hash.sha256.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"08c0b770-772e-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4172],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5NzksMV0="}
-{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_ssh\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"SSH - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"c33e7600-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4174],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5ODAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSH - Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SSH - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"09457310-3641-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c33e7600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4176],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5ODEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Hash - MD5","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Hash - MD5\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"hash.md5.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MD5\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"09fc6ef0-7732-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4178],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5ODIsMV0="}
-{"attributes":{"columns":["source_ip","syslog-host_from","syslog-priority"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"tags:syslog\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Syslog (All) - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"5a86ffe0-76e3-11e7-ab14-e1a4c1bc11e0","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4180],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5ODMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Syslog - Host From","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Syslog - Host From\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"syslog-host_from.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Host (From)\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"0a2ce700-76e6-11e7-ab14-e1a4c1bc11e0","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"5a86ffe0-76e3-11e7-ab14-e1a4c1bc11e0","name":"search_0","type":"search"}],"sort":[1688154054424,4182],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5ODQsMV0="}
-{"attributes":{"columns":["host","certificate_subject","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_x509\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"X.509 - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"f5038cc0-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4184],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5ODUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"X.509 - Certificate Issuer","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"X.509 - Certificate Issuer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"certificate_issuer.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Issuer\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"0a5f7b30-37d9-11e7-9efb-91e89505091f","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"f5038cc0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4186],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5ODYsMV0="}
-{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_rdp\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"RDP - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"823dd600-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4188],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5ODcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RDP - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RDP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"0b9dea80-371c-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4190],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5ODgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RDP - Certificate Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - RDP - Certificate Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rdp.certificate_type.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rdp.certificate_type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Type\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"0c006bb0-75c6-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4192],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5ODksMV0="}
-{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_dns\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"DNS - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"d46522e0-342d-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4194],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5OTAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DNS - Query Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNS - Query Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"query_type_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query Type\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"0c338e50-4a4e-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4196],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5OTEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"title":"Endgame - Navigation","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Endgame - Navigation\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"openLinksInNewTab\":true,\"markdown\":\"**Kibana**  \\n[Admin](/kibana/app/dashboards#/view/6063a9e0-61b2-11ec-864c-8b5450f97635) \\n \\n[Alerts](https://PLACEHOLDER/kibana/app/dashboards#/view/0c8e61c0-67fc-11ec-864c-8b5450f97635) |  [Authentication](/kibana/app/dashboards#/view/6c5aaff0-63f6-11ec-864c-8b5450f97635) |\\n[File](/kibana/app/dashboards#/view/4923ad00-6349-11ec-864c-8b5450f97635) | [Network](/kibana/app/dashboards#/view/49d34770-53b2-11ec-b3ef-6bcc33056a36) | [Process](/kibana/app/dashboards#/view/790991a0-6287-11ec-864c-8b5450f97635) | [Registry](/kibana/app/dashboards#/view/a6c6c880-63f7-11ec-864c-8b5450f97635)\\n\\n**Endgame Console**  \\n [Dashboard](https:///dashboard) | [Alerts](https:///alerts/dashboard)\"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"754f7380-6d82-11ec-864c-8b5450f97635","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"},{"id":"0b963f20-6f9c-11ec-864c-8b5450f97635","name":"tag-0b963f20-6f9c-11ec-864c-8b5450f97635","type":"tag"}],"sort":[1688154054424,4199],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5OTIsMV0="}
-{"attributes":{"columns":[],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.kind\",\"params\":{\"query\":\"alert\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"event.kind\":\"alert\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Endgame - Alert Search","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"3ab5c280-6f06-11ec-864c-8b5450f97635","migrationVersion":{"search":"8.0.0"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1688154054424,4202],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5OTMsMV0="}
-{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":10,\"h\":11,\"i\":\"3aa898cc-eaa4-47ea-962f-fd5be8255144\"},\"panelIndex\":\"3aa898cc-eaa4-47ea-962f-fd5be8255144\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"Endgame - Navigation\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Admin](/kibana/app/dashboards#/view/6063a9e0-61b2-11ec-864c-8b5450f97635)     \\n \\n**Event Category**    \\n[Alert](https://PLACEHOLDER/kibana/app/dashboards#/view/0c8e61c0-67fc-11ec-864c-8b5450f97635) | \\n[File](/kibana/app/dashboards#/view/4923ad00-6349-11ec-864c-8b5450f97635) | [Network](/kibana/app/dashboards#/view/49d34770-53b2-11ec-b3ef-6bcc33056a36) | [Process](/kibana/app/dashboards#/view/790991a0-6287-11ec-864c-8b5450f97635) | [Authentication](/kibana/app/dashboards#/view/6c5aaff0-63f6-11ec-864c-8b5450f97635) | [Registry](/kibana/app/dashboards#/view/a6c6c880-63f7-11ec-864c-8b5450f97635)\\n\\n**Endgame**  \\n[Endgame Alerts](https:///alerts/dashboard)\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{},\"type\":\"visualization\"},\"panelRefName\":\"panel_3aa898cc-eaa4-47ea-962f-fd5be8255144\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"x\":10,\"y\":0,\"w\":9,\"h\":11,\"i\":\"1ab268d3-b117-4d65-b568-d53af35bebb4\"},\"panelIndex\":\"1ab268d3-b117-4d65-b568-d53af35bebb4\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_1ab268d3-b117-4d65-b568-d53af35bebb4\",\"type\":\"lens\",\"id\":\"914d4890-6e46-11ec-864c-8b5450f97635\"},{\"name\":\"panel_1ab268d3-b117-4d65-b568-d53af35bebb4\",\"type\":\"lens\",\"id\":\"914d4890-6e46-11ec-864c-8b5450f97635\"},{\"name\":\"panel_1ab268d3-b117-4d65-b568-d53af35bebb4\",\"type\":\"lens\",\"id\":\"914d4890-6e46-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-842f61f9-afc4-44dc-a6bd-e3cc66a8827b\"}],\"state\":{\"visualization\":{\"layerId\":\"842f61f9-afc4-44dc-a6bd-e3cc66a8827b\",\"accessor\":\"2834ba67-2809-442b-b80b-4b17d3a67d43\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"},\"query\":{\"query\":\"event.kind : \\\"alert\\\" \",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"842f61f9-afc4-44dc-a6bd-e3cc66a8827b\":{\"columns\":{\"2834ba67-2809-442b-b80b-4b17d3a67d43\":{\"label\":\" \",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"customLabel\":true}},\"columnOrder\":[\"2834ba67-2809-442b-b80b-4b17d3a67d43\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{},\"type\":\"lens\"},\"panelRefName\":\"panel_1ab268d3-b117-4d65-b568-d53af35bebb4\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"x\":19,\"y\":0,\"w\":29,\"h\":11,\"i\":\"41131702-4832-4ca2-a24c-2418181fa4bb\"},\"panelIndex\":\"41131702-4832-4ca2-a24c-2418181fa4bb\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_41131702-4832-4ca2-a24c-2418181fa4bb\",\"type\":\"lens\",\"id\":\"d94cae10-6e46-11ec-864c-8b5450f97635\"},{\"name\":\"panel_41131702-4832-4ca2-a24c-2418181fa4bb\",\"type\":\"lens\",\"id\":\"d94cae10-6e46-11ec-864c-8b5450f97635\"},{\"name\":\"panel_41131702-4832-4ca2-a24c-2418181fa4bb\",\"type\":\"lens\",\"id\":\"d94cae10-6e46-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-0600494b-6f03-450b-8dab-981005aedf32\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar\",\"layers\":[{\"layerId\":\"0600494b-6f03-450b-8dab-981005aedf32\",\"accessors\":[\"34e0e2cc-aab4-4581-9bc4-aba527024007\"],\"position\":\"top\",\"seriesType\":\"bar\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"0f00561d-d6d7-46b2-af59-4ea225a9893a\"}]},\"query\":{\"query\":\"event.kind : \\\"alert\\\" \",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"0600494b-6f03-450b-8dab-981005aedf32\":{\"columns\":{\"0f00561d-d6d7-46b2-af59-4ea225a9893a\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true}},\"34e0e2cc-aab4-4581-9bc4-aba527024007\":{\"label\":\"Count\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}}},\"customLabel\":true}},\"columnOrder\":[\"0f00561d-d6d7-46b2-af59-4ea225a9893a\",\"34e0e2cc-aab4-4581-9bc4-aba527024007\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Endgame - Alerts Log Count Over Time\",\"panelRefName\":\"panel_41131702-4832-4ca2-a24c-2418181fa4bb\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":11,\"w\":8,\"h\":15,\"i\":\"126f7572-997b-441a-a124-a342a75325d5\"},\"panelIndex\":\"126f7572-997b-441a-a124-a342a75325d5\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_126f7572-997b-441a-a124-a342a75325d5\",\"type\":\"lens\",\"id\":\"f376b820-6e47-11ec-864c-8b5450f97635\"},{\"name\":\"panel_126f7572-997b-441a-a124-a342a75325d5\",\"type\":\"lens\",\"id\":\"f376b820-6e47-11ec-864c-8b5450f97635\"},{\"name\":\"panel_126f7572-997b-441a-a124-a342a75325d5\",\"type\":\"lens\",\"id\":\"f376b820-6e47-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-3b6026b4-9c36-4fbc-9f90-bd5580303bea\"}],\"state\":{\"visualization\":{\"layerId\":\"3b6026b4-9c36-4fbc-9f90-bd5580303bea\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"d3b0fc48-6659-4b1a-b57d-a8b2ee3e8721\"},{\"columnId\":\"ff0a89b4-427d-4739-bb83-86794a1f4289\"}],\"rowHeight\":\"single\",\"rowHeightLines\":1},\"query\":{\"query\":\"event.kind : \\\"alert\\\" \",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"3b6026b4-9c36-4fbc-9f90-bd5580303bea\":{\"columns\":{\"d3b0fc48-6659-4b1a-b57d-a8b2ee3e8721\":{\"label\":\"user.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user.name\",\"isBucketed\":true,\"params\":{\"size\":20,\"orderBy\":{\"type\":\"column\",\"columnId\":\"ff0a89b4-427d-4739-bb83-86794a1f4289\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"ff0a89b4-427d-4739-bb83-86794a1f4289\":{\"label\":\"Count\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"customLabel\":true}},\"columnOrder\":[\"d3b0fc48-6659-4b1a-b57d-a8b2ee3e8721\",\"ff0a89b4-427d-4739-bb83-86794a1f4289\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Endgame - Alerts Users\",\"panelRefName\":\"panel_126f7572-997b-441a-a124-a342a75325d5\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"x\":8,\"y\":11,\"w\":16,\"h\":15,\"i\":\"146912f3-f4f8-4cc3-9226-6f516dd3c3da\"},\"panelIndex\":\"146912f3-f4f8-4cc3-9226-6f516dd3c3da\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_146912f3-f4f8-4cc3-9226-6f516dd3c3da\",\"type\":\"lens\",\"id\":\"0406add0-6e48-11ec-864c-8b5450f97635\"},{\"name\":\"panel_146912f3-f4f8-4cc3-9226-6f516dd3c3da\",\"type\":\"lens\",\"id\":\"0406add0-6e48-11ec-864c-8b5450f97635\"},{\"name\":\"panel_146912f3-f4f8-4cc3-9226-6f516dd3c3da\",\"type\":\"lens\",\"id\":\"0406add0-6e48-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-9643f560-7a46-408c-b61d-ed2a87fc6103\"}],\"state\":{\"visualization\":{\"shape\":\"treemap\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"layers\":[{\"layerId\":\"9643f560-7a46-408c-b61d-ed2a87fc6103\",\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"layerType\":\"data\",\"legendSize\":\"auto\",\"primaryGroups\":[\"305b2f21-9981-40d5-a79b-f7a78eea89b4\"],\"metrics\":[\"3520723b-f0f3-4845-975c-e97380d8124b\"]}]},\"query\":{\"query\":\"event.kind : \\\"alert\\\" \",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9643f560-7a46-408c-b61d-ed2a87fc6103\":{\"columns\":{\"305b2f21-9981-40d5-a79b-f7a78eea89b4\":{\"label\":\"process.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"process.name\",\"isBucketed\":true,\"params\":{\"size\":20,\"orderBy\":{\"type\":\"column\",\"columnId\":\"3520723b-f0f3-4845-975c-e97380d8124b\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"3520723b-f0f3-4845-975c-e97380d8124b\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"columnOrder\":[\"305b2f21-9981-40d5-a79b-f7a78eea89b4\",\"3520723b-f0f3-4845-975c-e97380d8124b\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{\"dynamicActions\":{\"events\":[]}},\"type\":\"lens\"},\"title\":\"Endgame - Alerts Processes\",\"panelRefName\":\"panel_146912f3-f4f8-4cc3-9226-6f516dd3c3da\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":11,\"w\":24,\"h\":15,\"i\":\"7a533f92-16c8-4f34-b31b-8055cce33284\"},\"panelIndex\":\"7a533f92-16c8-4f34-b31b-8055cce33284\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"panelRefName\":\"panel_7a533f92-16c8-4f34-b31b-8055cce33284\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":26,\"w\":48,\"h\":13,\"i\":\"37330ea4-1070-465d-8356-97f438a273f9\"},\"panelIndex\":\"37330ea4-1070-465d-8356-97f438a273f9\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_37330ea4-1070-465d-8356-97f438a273f9\",\"type\":\"lens\",\"id\":\"ca0f3e20-6e48-11ec-864c-8b5450f97635\"},{\"name\":\"panel_37330ea4-1070-465d-8356-97f438a273f9\",\"type\":\"lens\",\"id\":\"ca0f3e20-6e48-11ec-864c-8b5450f97635\"},{\"name\":\"panel_37330ea4-1070-465d-8356-97f438a273f9\",\"type\":\"lens\",\"id\":\"ca0f3e20-6e48-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-46832f84-f86b-4914-a3ac-aaeda9f09cf7\"}],\"state\":{\"visualization\":{\"layerId\":\"46832f84-f86b-4914-a3ac-aaeda9f09cf7\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"77069155-4e9a-4727-b888-648fed60258e\",\"isTransposed\":false},{\"columnId\":\"e7878efe-2181-449d-afd3-771296665829\",\"isTransposed\":false,\"alignment\":\"center\"},{\"isTransposed\":false,\"columnId\":\"738c056c-c4eb-4855-a690-90fa5b9e23f8\"},{\"isTransposed\":false,\"columnId\":\"02c8c47e-9b96-4384-b467-1fd9cff2b78b\"},{\"isTransposed\":false,\"columnId\":\"d61f74aa-1899-4881-a2cc-d0dc7cbf28df\"},{\"isTransposed\":false,\"columnId\":\"6de07e81-5ee7-4885-af47-26b401667757\"},{\"isTransposed\":false,\"columnId\":\"895abdf3-8c99-4473-a904-b379d478aae1\"},{\"columnId\":\"e30b3573-c58d-4b82-853d-70c1d090d641\",\"isTransposed\":false,\"hidden\":true}],\"rowHeight\":\"single\",\"rowHeightLines\":1},\"query\":{\"query\":\"event.kind : \\\"alert\\\" \",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"46832f84-f86b-4914-a3ac-aaeda9f09cf7\":{\"columns\":{\"77069155-4e9a-4727-b888-648fed60258e\":{\"label\":\"event.id (click on + to go to Endgame)\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"event.id\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e30b3573-c58d-4b82-853d-70c1d090d641\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"e7878efe-2181-449d-afd3-771296665829\":{\"label\":\"Severity\",\"dataType\":\"number\",\"operationType\":\"range\",\"sourceField\":\"event.severity\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"type\":\"histogram\",\"ranges\":[{\"from\":0,\"to\":1000,\"label\":\"\"}],\"maxBars\":\"auto\"},\"customLabel\":true},\"738c056c-c4eb-4855-a690-90fa5b9e23f8\":{\"label\":\"Category\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"event.category\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e30b3573-c58d-4b82-853d-70c1d090d641\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"02c8c47e-9b96-4384-b467-1fd9cff2b78b\":{\"label\":\"process.command_line\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"process.command_line\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e30b3573-c58d-4b82-853d-70c1d090d641\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"d61f74aa-1899-4881-a2cc-d0dc7cbf28df\":{\"label\":\"process.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"process.name\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e30b3573-c58d-4b82-853d-70c1d090d641\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"6de07e81-5ee7-4885-af47-26b401667757\":{\"label\":\"file.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"file.name\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e30b3573-c58d-4b82-853d-70c1d090d641\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"895abdf3-8c99-4473-a904-b379d478aae1\":{\"label\":\"host.domain\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.domain\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e30b3573-c58d-4b82-853d-70c1d090d641\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"e30b3573-c58d-4b82-853d-70c1d090d641\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"columnOrder\":[\"77069155-4e9a-4727-b888-648fed60258e\",\"e7878efe-2181-449d-afd3-771296665829\",\"738c056c-c4eb-4855-a690-90fa5b9e23f8\",\"02c8c47e-9b96-4384-b467-1fd9cff2b78b\",\"d61f74aa-1899-4881-a2cc-d0dc7cbf28df\",\"6de07e81-5ee7-4885-af47-26b401667757\",\"895abdf3-8c99-4473-a904-b379d478aae1\",\"e30b3573-c58d-4b82-853d-70c1d090d641\"],\"incompleteColumns\":{}}}}}}},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"28bd4c58-580b-4d1c-b65e-3ddef0fee644\",\"triggers\":[\"VALUE_CLICK_TRIGGER\"],\"action\":{\"factoryId\":\"URL_DRILLDOWN\",\"name\":\"Open event in Endgame\",\"config\":{\"url\":{\"template\":\"https:///alerts/{{event.value}}\"},\"openInNewTab\":true,\"encodeUrl\":false}}}]}},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Endgame - Alerts Event\",\"panelRefName\":\"panel_37330ea4-1070-465d-8356-97f438a273f9\"},{\"version\":\"7.15.2\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":39,\"w\":48,\"h\":18,\"i\":\"b3f00dae-22f1-4455-a672-087870874671\"},\"panelIndex\":\"b3f00dae-22f1-4455-a672-087870874671\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b3f00dae-22f1-4455-a672-087870874671\"}]","timeRestore":false,"title":"Endgame - Alerts","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"0c8e61c0-67fc-11ec-864c-8b5450f97635","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"754f7380-6d82-11ec-864c-8b5450f97635","name":"3aa898cc-eaa4-47ea-962f-fd5be8255144:panel_3aa898cc-eaa4-47ea-962f-fd5be8255144","type":"visualization"},{"id":"914d4890-6e46-11ec-864c-8b5450f97635","name":"1ab268d3-b117-4d65-b568-d53af35bebb4:panel_1ab268d3-b117-4d65-b568-d53af35bebb4","type":"lens"},{"id":"914d4890-6e46-11ec-864c-8b5450f97635","name":"1ab268d3-b117-4d65-b568-d53af35bebb4:panel_1ab268d3-b117-4d65-b568-d53af35bebb4","type":"lens"},{"id":"914d4890-6e46-11ec-864c-8b5450f97635","name":"1ab268d3-b117-4d65-b568-d53af35bebb4:panel_1ab268d3-b117-4d65-b568-d53af35bebb4","type":"lens"},{"id":"914d4890-6e46-11ec-864c-8b5450f97635","name":"1ab268d3-b117-4d65-b568-d53af35bebb4:panel_1ab268d3-b117-4d65-b568-d53af35bebb4","type":"lens"},{"id":"endgame-*","name":"1ab268d3-b117-4d65-b568-d53af35bebb4:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"1ab268d3-b117-4d65-b568-d53af35bebb4:indexpattern-datasource-layer-842f61f9-afc4-44dc-a6bd-e3cc66a8827b","type":"index-pattern"},{"id":"d94cae10-6e46-11ec-864c-8b5450f97635","name":"41131702-4832-4ca2-a24c-2418181fa4bb:panel_41131702-4832-4ca2-a24c-2418181fa4bb","type":"lens"},{"id":"d94cae10-6e46-11ec-864c-8b5450f97635","name":"41131702-4832-4ca2-a24c-2418181fa4bb:panel_41131702-4832-4ca2-a24c-2418181fa4bb","type":"lens"},{"id":"d94cae10-6e46-11ec-864c-8b5450f97635","name":"41131702-4832-4ca2-a24c-2418181fa4bb:panel_41131702-4832-4ca2-a24c-2418181fa4bb","type":"lens"},{"id":"d94cae10-6e46-11ec-864c-8b5450f97635","name":"41131702-4832-4ca2-a24c-2418181fa4bb:panel_41131702-4832-4ca2-a24c-2418181fa4bb","type":"lens"},{"id":"endgame-*","name":"41131702-4832-4ca2-a24c-2418181fa4bb:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"41131702-4832-4ca2-a24c-2418181fa4bb:indexpattern-datasource-layer-0600494b-6f03-450b-8dab-981005aedf32","type":"index-pattern"},{"id":"f376b820-6e47-11ec-864c-8b5450f97635","name":"126f7572-997b-441a-a124-a342a75325d5:panel_126f7572-997b-441a-a124-a342a75325d5","type":"lens"},{"id":"f376b820-6e47-11ec-864c-8b5450f97635","name":"126f7572-997b-441a-a124-a342a75325d5:panel_126f7572-997b-441a-a124-a342a75325d5","type":"lens"},{"id":"f376b820-6e47-11ec-864c-8b5450f97635","name":"126f7572-997b-441a-a124-a342a75325d5:panel_126f7572-997b-441a-a124-a342a75325d5","type":"lens"},{"id":"f376b820-6e47-11ec-864c-8b5450f97635","name":"126f7572-997b-441a-a124-a342a75325d5:panel_126f7572-997b-441a-a124-a342a75325d5","type":"lens"},{"id":"endgame-*","name":"126f7572-997b-441a-a124-a342a75325d5:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"126f7572-997b-441a-a124-a342a75325d5:indexpattern-datasource-layer-3b6026b4-9c36-4fbc-9f90-bd5580303bea","type":"index-pattern"},{"id":"0406add0-6e48-11ec-864c-8b5450f97635","name":"146912f3-f4f8-4cc3-9226-6f516dd3c3da:panel_146912f3-f4f8-4cc3-9226-6f516dd3c3da","type":"lens"},{"id":"0406add0-6e48-11ec-864c-8b5450f97635","name":"146912f3-f4f8-4cc3-9226-6f516dd3c3da:panel_146912f3-f4f8-4cc3-9226-6f516dd3c3da","type":"lens"},{"id":"0406add0-6e48-11ec-864c-8b5450f97635","name":"146912f3-f4f8-4cc3-9226-6f516dd3c3da:panel_146912f3-f4f8-4cc3-9226-6f516dd3c3da","type":"lens"},{"id":"0406add0-6e48-11ec-864c-8b5450f97635","name":"146912f3-f4f8-4cc3-9226-6f516dd3c3da:panel_146912f3-f4f8-4cc3-9226-6f516dd3c3da","type":"lens"},{"id":"endgame-*","name":"146912f3-f4f8-4cc3-9226-6f516dd3c3da:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"146912f3-f4f8-4cc3-9226-6f516dd3c3da:indexpattern-datasource-layer-9643f560-7a46-408c-b61d-ed2a87fc6103","type":"index-pattern"},{"id":"1fd82420-6e3a-11ec-864c-8b5450f97635","name":"7a533f92-16c8-4f34-b31b-8055cce33284:panel_7a533f92-16c8-4f34-b31b-8055cce33284","type":"lens"},{"id":"ca0f3e20-6e48-11ec-864c-8b5450f97635","name":"37330ea4-1070-465d-8356-97f438a273f9:panel_37330ea4-1070-465d-8356-97f438a273f9","type":"lens"},{"id":"ca0f3e20-6e48-11ec-864c-8b5450f97635","name":"37330ea4-1070-465d-8356-97f438a273f9:panel_37330ea4-1070-465d-8356-97f438a273f9","type":"lens"},{"id":"ca0f3e20-6e48-11ec-864c-8b5450f97635","name":"37330ea4-1070-465d-8356-97f438a273f9:panel_37330ea4-1070-465d-8356-97f438a273f9","type":"lens"},{"id":"ca0f3e20-6e48-11ec-864c-8b5450f97635","name":"37330ea4-1070-465d-8356-97f438a273f9:panel_37330ea4-1070-465d-8356-97f438a273f9","type":"lens"},{"id":"endgame-*","name":"37330ea4-1070-465d-8356-97f438a273f9:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"37330ea4-1070-465d-8356-97f438a273f9:indexpattern-datasource-layer-46832f84-f86b-4914-a3ac-aaeda9f09cf7","type":"index-pattern"},{"id":"3ab5c280-6f06-11ec-864c-8b5450f97635","name":"b3f00dae-22f1-4455-a672-087870874671:panel_b3f00dae-22f1-4455-a672-087870874671","type":"search"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1688154054424,4237],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5OTQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RADIUS - Reply","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - RADIUS - Reply\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"radius.reply_message.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"radius.reply_message.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Reply\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"0ca071b0-75c5-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4239],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5OTUsMV0="}
-{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.module:sysmon\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Security Onion - Sysmon","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"6281da80-c780-11ea-bebb-37c5ab5894ea","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4241],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5OTYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security Onion - Sysmon Datasets","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.dataset.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dataset\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Hostname\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"Security Onion - Sysmon Datasets\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"0caa7df0-c781-11ea-bebb-37c5ab5894ea","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"6281da80-c780-11ea-bebb-37c5ab5894ea","name":"search_0","type":"search"}],"sort":[1688154054424,4243],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5OTcsMV0="}
-{"attributes":{"columns":[],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"tags:conn\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Security Onion - Connections","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4245],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5OTgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Connections Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Connections Over Time\",\"type\":\"line\",\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date_range\",\"params\":{\"id\":\"date\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}}},\"params\":{},\"label\":\"@timestamp date ranges\",\"aggType\":\"date_range\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"linear\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"34721460-6ebc-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1688154054424,4247],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzM5OTksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Connections - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Connections - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"c9121690-6ea0-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1688154054424,4249],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwMDAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Connections - State","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Connections - State\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"connection.state.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"connection.state.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"State\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"23b65290-6ea2-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1688154054424,4251],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwMDEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Connections - State (Desc)","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"connection.state_description.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Connection State\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"Security Onion - Connections - State (Desc)\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"dc3f2c10-c6d6-11ea-bebb-37c5ab5894ea","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4253],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwMDIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Connections - Client Bytes","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Connections - Client Bytes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Client Bytes\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client.bytes\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client Bytes\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"98f6e9d0-6ea1-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1688154054424,4255],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwMDMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Connections - Responder Bytes","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Connections - Responder Bytes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Server Bytes\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server.bytes\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server Bytes\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"70565ec0-6ea1-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1688154054424,4257],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwMDQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Connections - History","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Connections - History\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"connection.history.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"History\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"5414ad60-6ea2-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1688154054424,4259],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwMDUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:conn\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":9,\"i\":\"a05b7540-74b1-40db-b1d6-0e151f5bbaba\"},\"panelIndex\":\"a05b7540-74b1-40db-b1d6-0e151f5bbaba\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a05b7540-74b1-40db-b1d6-0e151f5bbaba\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":13,\"y\":0,\"w\":13,\"h\":9,\"i\":\"78f096e9-6e6b-4144-a63f-3767deab6c8c\"},\"panelIndex\":\"78f096e9-6e6b-4144-a63f-3767deab6c8c\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_78f096e9-6e6b-4144-a63f-3767deab6c8c\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":26,\"y\":0,\"w\":22,\"h\":9,\"i\":\"f24faa4b-0270-44e6-af45-639e2d39c2c3\"},\"panelIndex\":\"f24faa4b-0270-44e6-af45-639e2d39c2c3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f24faa4b-0270-44e6-af45-639e2d39c2c3\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":11,\"h\":18,\"i\":\"8cc3f2ee-fcc8-4ddb-8f44-ec0b08da4756\"},\"panelIndex\":\"8cc3f2ee-fcc8-4ddb-8f44-ec0b08da4756\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8cc3f2ee-fcc8-4ddb-8f44-ec0b08da4756\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":11,\"y\":9,\"w\":12,\"h\":18,\"i\":\"5558d00d-f3fd-4051-96a4-384134149228\"},\"panelIndex\":\"5558d00d-f3fd-4051-96a4-384134149228\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5558d00d-f3fd-4051-96a4-384134149228\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":23,\"y\":9,\"w\":13,\"h\":18,\"i\":\"ccdbd90c-299e-4e60-a139-1505f1329071\"},\"panelIndex\":\"ccdbd90c-299e-4e60-a139-1505f1329071\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_ccdbd90c-299e-4e60-a139-1505f1329071\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":9,\"w\":12,\"h\":18,\"i\":\"d678bf2f-f183-4981-9142-976880029daa\"},\"panelIndex\":\"d678bf2f-f183-4981-9142-976880029daa\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_d678bf2f-f183-4981-9142-976880029daa\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":27,\"w\":19,\"h\":18,\"i\":\"97f0546b-01c5-41c1-9316-099f2b3c8d91\"},\"panelIndex\":\"97f0546b-01c5-41c1-9316-099f2b3c8d91\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_97f0546b-01c5-41c1-9316-099f2b3c8d91\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":19,\"y\":27,\"w\":9,\"h\":18,\"i\":\"598bda31-1136-4474-9384-451491a71d23\"},\"panelIndex\":\"598bda31-1136-4474-9384-451491a71d23\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":\"desc\"}}},\"enhancements\":{}},\"panelRefName\":\"panel_598bda31-1136-4474-9384-451491a71d23\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":27,\"w\":9,\"h\":18,\"i\":\"8192def5-399b-4728-8646-edf393b63b7e\"},\"panelIndex\":\"8192def5-399b-4728-8646-edf393b63b7e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8192def5-399b-4728-8646-edf393b63b7e\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":37,\"y\":27,\"w\":11,\"h\":18,\"i\":\"755322ff-13a8-4121-a2db-6322c037e8b3\"},\"panelIndex\":\"755322ff-13a8-4121-a2db-6322c037e8b3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_755322ff-13a8-4121-a2db-6322c037e8b3\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":45,\"w\":48,\"h\":29,\"i\":\"a03bb16a-9d36-4cad-91a3-256b29489fd7\"},\"panelIndex\":\"a03bb16a-9d36-4cad-91a3-256b29489fd7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a03bb16a-9d36-4cad-91a3-256b29489fd7\"}]","timeRestore":false,"title":"Security Onion - Connections","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"0cc628b0-6e9f-11ea-9266-1fd14ca6af34","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"a05b7540-74b1-40db-b1d6-0e151f5bbaba:panel_a05b7540-74b1-40db-b1d6-0e151f5bbaba","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"78f096e9-6e6b-4144-a63f-3767deab6c8c:panel_78f096e9-6e6b-4144-a63f-3767deab6c8c","type":"visualization"},{"id":"34721460-6ebc-11ea-9266-1fd14ca6af34","name":"f24faa4b-0270-44e6-af45-639e2d39c2c3:panel_f24faa4b-0270-44e6-af45-639e2d39c2c3","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"8cc3f2ee-fcc8-4ddb-8f44-ec0b08da4756:panel_8cc3f2ee-fcc8-4ddb-8f44-ec0b08da4756","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"5558d00d-f3fd-4051-96a4-384134149228:panel_5558d00d-f3fd-4051-96a4-384134149228","type":"visualization"},{"id":"c9121690-6ea0-11ea-9266-1fd14ca6af34","name":"ccdbd90c-299e-4e60-a139-1505f1329071:panel_ccdbd90c-299e-4e60-a139-1505f1329071","type":"visualization"},{"id":"23b65290-6ea2-11ea-9266-1fd14ca6af34","name":"d678bf2f-f183-4981-9142-976880029daa:panel_d678bf2f-f183-4981-9142-976880029daa","type":"visualization"},{"id":"dc3f2c10-c6d6-11ea-bebb-37c5ab5894ea","name":"97f0546b-01c5-41c1-9316-099f2b3c8d91:panel_97f0546b-01c5-41c1-9316-099f2b3c8d91","type":"visualization"},{"id":"98f6e9d0-6ea1-11ea-9266-1fd14ca6af34","name":"598bda31-1136-4474-9384-451491a71d23:panel_598bda31-1136-4474-9384-451491a71d23","type":"visualization"},{"id":"70565ec0-6ea1-11ea-9266-1fd14ca6af34","name":"8192def5-399b-4728-8646-edf393b63b7e:panel_8192def5-399b-4728-8646-edf393b63b7e","type":"visualization"},{"id":"5414ad60-6ea2-11ea-9266-1fd14ca6af34","name":"755322ff-13a8-4121-a2db-6322c037e8b3:panel_755322ff-13a8-4121-a2db-6322c037e8b3","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"a03bb16a-9d36-4cad-91a3-256b29489fd7:panel_a03bb16a-9d36-4cad-91a3-256b29489fd7","type":"search"}],"sort":[1688154054424,4272],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwMDYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.category.keyword : \\\"process\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Endgame - All Event.Cat:Process Logs","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Endgame - All Event.Cat:Process Logs\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":42}}}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"0d0c0750-6348-11ec-864c-8b5450f97635","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1688154054424,4275],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwMDcsMV0="}
-{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_modbus\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Modbus - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"52dc9fe0-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4277],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwMDgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Modbus - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Modbus - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"0d168a30-363f-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"52dc9fe0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4279],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwMDksMV0="}
-{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_weird\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Weird - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"e32d0d50-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4281],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwMTAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Weird - Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1},\"schema\":\"segment\",\"type\":\"date_histogram\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"@timestamp per 12 hours\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"legendSize\":\"auto\"},\"title\":\"Weird - Log Count Over TIme\",\"type\":\"line\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"0dbcade0-3642-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"e32d0d50-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4283],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwMTEsMV0="}
-{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_snmp\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"SNMP - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"b12150a0-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4285],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwMTIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SNMP - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SNMP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"0defabb0-36b9-11e7-9786-41a1d72e15ad","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"b12150a0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4287],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwMTMsMV0="}
-{"attributes":{"fieldFormatMap":"{\"network.community_id\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:network.community_id,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(network.community_id:'{{ value }}')))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"source.ip\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(('$state':(store:globalState),bool:(should:!((term:(source.ip:'{{ value }}')),(term:(destination.ip:'{{ value }}')))),meta:(alias:'source.ip:%20!'{{ value }}!'%20OR%20destination.ip:%20!'{{ value }}!'',disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:bool,negate:!f,type:custom,value:'%7B%22should%22:%5B%7B%22term%22:%7B%22source.ip%22:%2210.200.1.153%22%7D%7D,%7B%22term%22:%7B%22destination.ip%22:%2210.200.1.153%22%7D%7D%5D%7D'))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"destination.ip\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(('$state':(store:globalState),bool:(should:!((term:(source.ip:'{{ value }}')),(term:(destination.ip:'{{ value }}')))),meta:(alias:'source.ip:%20!'{{ value }}!'%20OR%20destination.ip:%20!'{{ value }}!'',disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:bool,negate:!f,type:custom,value:'%7B%22should%22:%5B%7B%22term%22:%7B%22source.ip%22:%2210.200.1.153%22%7D%7D,%7B%22term%22:%7B%22destination.ip%22:%2210.200.1.153%22%7D%7D%5D%7D'))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"source.port\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(('$state':(store:globalState),bool:(should:!((term:(source.port:'{{ value }}')),(term:(destination.port:'{{ value }}')))),meta:(alias:'source.port:%20!'{{ value }}!'%20OR%20destination.port:%20!'{{ value }}!'',disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:bool,negate:!f,type:custom,value:'%7B%22should%22:%5B%7B%22term%22:%7B%22source.port%22:%2210.200.1.153%22%7D%7D,%7B%22term%22:%7B%22destination.port%22:%2210.200.1.153%22%7D%7D%5D%7D'))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"destination.port\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(('$state':(store:globalState),bool:(should:!((term:(source.port:'{{ value }}')),(term:(destination.port:'{{ value }}')))),meta:(alias:'source.port:%20!'{{ value }}!'%20OR%20destination.port:%20!'{{ value }}!'',disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:bool,negate:!f,type:custom,value:'%7B%22should%22:%5B%7B%22term%22:%7B%22source.port%22:%2210.200.1.153%22%7D%7D,%7B%22term%22:%7B%22destination.port%22:%2210.200.1.153%22%7D%7D%5D%7D'))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"log.id.fuid\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:log.id.fuid,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(log.id.fuid:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"log.id.fuid.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:log.id.fuid,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(log.id.fuid:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"log.id.uid\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:log.id.uid,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(log.id.uid:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"log.id.uid.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:log.id.uid,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(log.id.uid:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"_id\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"https://PLACEHOLDER/#/hunt?q=_id%3A%22{{value}}%22\",\"labelTemplate\":\"Hunt and optionally pivot to PCAP/Cases\"}},\"client.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"server.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"event.dataset\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:event.dataset.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(event.dataset.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"event.dataset.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:event.dataset.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(event.dataset.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"event.module\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:event.module.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(event.module.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now%2Fw,to:now%2Fw))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"event.module.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:event.module.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(event.module.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now%2Fw,to:now%2Fw))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"agent.name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:agent.name.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(agent.name.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now%2Fw,to:now%2Fw))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"agent.name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:agent.name.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(agent.name.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now%2Fw,to:now%2Fw))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"rule.name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:rule.name,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(rule.name:'{{ value }}')))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:''),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"rule.name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:rule.name,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(rule.name:'{{ value }}')))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:''),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"osquery.result.live_query\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"https://PLACEHOLDER/fleet/queries/new?host_uuids={{rawValue}}\",\"labelTemplate\":\"Live Query\"}},\"osquery.result.live_query.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"https://PLACEHOLDER/fleet/queries/new?host_uuids={{rawValue}}\",\"labelTemplate\":\"Live Query\"}},\"connection.state_description\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:connection.state_description,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(connection.state_description:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"connection.state_description.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:connection.state_description,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(connection.state_description:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"rule.category.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:rule.category,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(rule.category:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"rule.category\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:rule.category,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(rule.category:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"rule.uuid\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:rule.uuid,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(rule.uuid:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"connection.history\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:connection.history,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(connection.history:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"connection.history.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:connection.history,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(connection.history:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.message_types\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.message_types,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(dhcp.message_types:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.message_types.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.message_types,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(dhcp.message_types:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.requested_address\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.requested_address,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dhcp.requested_address:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.requested_address.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.requested_address,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dhcp.requested_address:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.assigned_ip\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.assigned_ip,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dhcp.assigned_ip:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.assigned_ip.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.assigned_ip,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dhcp.assigned_ip:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"host.mac\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:host.mac,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(host.mac:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"host.mac.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:host.mac,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(host.mac:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.lease_time\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.lease_time,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dhcp.lease_time:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dns.query.name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dns.query.name,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dns.query.name:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dns.query.name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dns.query.name,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dns.query.name:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dns.answers.name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dns.answers.name,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dns.answers.name:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dns.answers.name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dns.answers.name,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dns.answers.name:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dns.response.code_name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dns.response.code_name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(dns.response.code_name:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dns.response.code_name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dns.response.code_name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(dns.response.code_name:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"file.name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:file.name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(file.name:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"file.mime_type\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:file.mime_type,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(file.mime_type:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"file.mime_type.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:file.mime_type,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(file.mime_type:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"file.name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:file.name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(file.name:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ftp.argument\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ftp.argument,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(ftp.argument:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ftp.argument.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ftp.argument,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(ftp.argument:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ftp.user\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ftp.user,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(ftp.user:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ftp.user.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ftp.user,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(ftp.user:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ftp.password\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ftp.password,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(ftp.password:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ftp.password.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ftp.password,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(ftp.password:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.useragent\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.useragent,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(http.useragent:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.useragent.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.useragent,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(http.useragent:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.method\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.method,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(http.method:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.method.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.method,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(http.method:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.virtual_host\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.virtual_host,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(http.virtual_host:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.virtual_host.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.virtual_host,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(http.virtual_host:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.uri.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.uri.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(http.uri.keyword:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.uri\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.uri.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(http.uri.keyword:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"notice.note.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:notice.note,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(notice.note:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"notice.message.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:notice.message,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(notice.message:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"notice.note\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:notice.note,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(notice.note:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"notice.message\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:notice.message,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(notice.message:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ssl.server_name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ssl.server_name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(ssl.server_name:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ssl.server_name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ssl.server_name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(ssl.server_name:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ssl.certificate.subject\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ssl.certificate.subject,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(ssl.certificate.subject:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ssl.certificate.subject.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ssl.certificate.subject,negate:!f,params:(query:'O%3DDefault%20Company%20Ltd,L%3DDefault%20City,C%3DXX'),type:phrase),query:(match_phrase:(ssl.certificate.subject:'O%3DDefault%20Company%20Ltd,L%3DDefault%20City,C%3DXX')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ssl.certificate.issuer\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ssl.certificate.issuer,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(ssl.certificate.issuer:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ssl.certificate.issuer.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ssl.certificate.issuer,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(ssl.certificate.issuer:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"syslog.facility_label\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:syslog.facility_label,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(syslog.facility_label:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"syslog.facility_label\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:syslog.facility_label,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(syslog.facility_label:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"syslog.severity_label\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:syslog.severity_label,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(syslog.severity_label:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"syslog.severity_label\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:syslog.severity_label,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(syslog.severity_label:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.certificate.subject\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.certificate.subject,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(x509.certificate.subject:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.certificate.subject.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.certificate.subject,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(x509.certificate.subject:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.certificate.issuer\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.certificate.issuer,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(x509.certificate.issuer:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.certificate.issuer.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.certificate.issuer,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(x509.certificate.issuer:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.san_dns\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.san_dns,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(x509.san_dns:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.san_dns.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.san_dns,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(x509.san_dns:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.certificate.key.type\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.certificate.key.type,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(x509.certificate.key.type:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:edit)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.certificate.key.type.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.certificate.key.type,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(x509.certificate.key.type:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:edit)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}}}","fields":"[{\"name\":\"@timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"@version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"agent.ephemeral_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.ephemeral_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.ephemeral_id\"}}},{\"name\":\"agent.ephemeral_id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"agent.ephemeral_id\"}}},{\"name\":\"agent.hostname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.hostname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.hostname\"}}},{\"name\":\"agent.hostname.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"agent.hostname\"}}},{\"name\":\"agent.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.id\"}}},{\"name\":\"agent.id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"agent.id\"}}},{\"name\":\"agent.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.name\"}}},{\"name\":\"agent.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"agent.name\"}}},{\"name\":\"agent.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.type\"}}},{\"name\":\"agent.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"agent.type\"}}},{\"name\":\"agent.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.version\"}}},{\"name\":\"agent.version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"agent.version\"}}},{\"name\":\"client.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"client.address\"}}},{\"name\":\"client.address.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"client.address\"}}},{\"name\":\"client.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.id.product\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.id.product.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"client.id.product\"}}},{\"name\":\"client.id.product.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"client.id.product\"}}},{\"name\":\"client.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.ip_bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"client.name\"}}},{\"name\":\"client.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"client.name\"}}},{\"name\":\"client.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.port\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.user_agent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.user_agent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"client.user_agent\"}}},{\"name\":\"client.user_agent.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"client.user_agent\"}}},{\"name\":\"connection.bytes.missed\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection.history\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection.history.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"connection.history\"}}},{\"name\":\"connection.history.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"connection.history\"}}},{\"name\":\"connection.local.originator\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection.local.responder\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"connection.state\"}}},{\"name\":\"connection.state.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"connection.state\"}}},{\"name\":\"connection.state_description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection.state_description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"connection.state_description\"}}},{\"name\":\"connection.state_description.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"connection.state_description\"}}},{\"name\":\"data.euid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.euid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.euid\"}}},{\"name\":\"data.euid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.euid\"}}},{\"name\":\"data.file\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.file.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.file\"}}},{\"name\":\"data.file.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.file\"}}},{\"name\":\"data.hardware.cpu_cores\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.cpu_cores.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.hardware.cpu_cores\"}}},{\"name\":\"data.hardware.cpu_cores.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.hardware.cpu_cores\"}}},{\"name\":\"data.hardware.cpu_mhz\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.cpu_mhz.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.hardware.cpu_mhz\"}}},{\"name\":\"data.hardware.cpu_mhz.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.hardware.cpu_mhz\"}}},{\"name\":\"data.hardware.cpu_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.cpu_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.hardware.cpu_name\"}}},{\"name\":\"data.hardware.cpu_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.hardware.cpu_name\"}}},{\"name\":\"data.hardware.ram_free\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.ram_free.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.hardware.ram_free\"}}},{\"name\":\"data.hardware.ram_free.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.hardware.ram_free\"}}},{\"name\":\"data.hardware.ram_total\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.ram_total.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.hardware.ram_total\"}}},{\"name\":\"data.hardware.ram_total.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.hardware.ram_total\"}}},{\"name\":\"data.hardware.ram_usage\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.ram_usage.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.hardware.ram_usage\"}}},{\"name\":\"data.hardware.ram_usage.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.hardware.ram_usage\"}}},{\"name\":\"data.hardware.serial\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.serial.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.hardware.serial\"}}},{\"name\":\"data.hardware.serial.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.hardware.serial\"}}},{\"name\":\"data.hotfix\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hotfix.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.hotfix\"}}},{\"name\":\"data.hotfix.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.hotfix\"}}},{\"name\":\"data.logname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.logname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.logname\"}}},{\"name\":\"data.logname.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.logname\"}}},{\"name\":\"data.netinfo.iface.adapter\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.adapter.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.adapter\"}}},{\"name\":\"data.netinfo.iface.adapter.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.adapter\"}}},{\"name\":\"data.netinfo.iface.ipv4.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.address\"}}},{\"name\":\"data.netinfo.iface.ipv4.address.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.address\"}}},{\"name\":\"data.netinfo.iface.ipv4.broadcast\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.broadcast.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.broadcast\"}}},{\"name\":\"data.netinfo.iface.ipv4.broadcast.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.broadcast\"}}},{\"name\":\"data.netinfo.iface.ipv4.dhcp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.dhcp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.dhcp\"}}},{\"name\":\"data.netinfo.iface.ipv4.dhcp.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.dhcp\"}}},{\"name\":\"data.netinfo.iface.ipv4.gateway\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.gateway.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.gateway\"}}},{\"name\":\"data.netinfo.iface.ipv4.gateway.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.gateway\"}}},{\"name\":\"data.netinfo.iface.ipv4.metric\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.metric.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.metric\"}}},{\"name\":\"data.netinfo.iface.ipv4.metric.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.metric\"}}},{\"name\":\"data.netinfo.iface.ipv4.netmask\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.netmask.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.netmask\"}}},{\"name\":\"data.netinfo.iface.ipv4.netmask.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.netmask\"}}},{\"name\":\"data.netinfo.iface.ipv6.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv6.address\"}}},{\"name\":\"data.netinfo.iface.ipv6.address.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv6.address\"}}},{\"name\":\"data.netinfo.iface.ipv6.dhcp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.dhcp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv6.dhcp\"}}},{\"name\":\"data.netinfo.iface.ipv6.dhcp.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv6.dhcp\"}}},{\"name\":\"data.netinfo.iface.ipv6.gateway\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.gateway.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv6.gateway\"}}},{\"name\":\"data.netinfo.iface.ipv6.gateway.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv6.gateway\"}}},{\"name\":\"data.netinfo.iface.ipv6.metric\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.metric.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv6.metric\"}}},{\"name\":\"data.netinfo.iface.ipv6.metric.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv6.metric\"}}},{\"name\":\"data.netinfo.iface.ipv6.netmask\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.netmask.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv6.netmask\"}}},{\"name\":\"data.netinfo.iface.ipv6.netmask.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv6.netmask\"}}},{\"name\":\"data.netinfo.iface.mac\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.mac.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.mac\"}}},{\"name\":\"data.netinfo.iface.mac.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.mac\"}}},{\"name\":\"data.netinfo.iface.mtu\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.mtu.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.mtu\"}}},{\"name\":\"data.netinfo.iface.mtu.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.mtu\"}}},{\"name\":\"data.netinfo.iface.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.name\"}}},{\"name\":\"data.netinfo.iface.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.name\"}}},{\"name\":\"data.netinfo.iface.rx_bytes\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_bytes.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.rx_bytes\"}}},{\"name\":\"data.netinfo.iface.rx_bytes.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.rx_bytes\"}}},{\"name\":\"data.netinfo.iface.rx_dropped\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_dropped.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.rx_dropped\"}}},{\"name\":\"data.netinfo.iface.rx_dropped.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.rx_dropped\"}}},{\"name\":\"data.netinfo.iface.rx_errors\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_errors.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.rx_errors\"}}},{\"name\":\"data.netinfo.iface.rx_errors.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.rx_errors\"}}},{\"name\":\"data.netinfo.iface.rx_packets\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_packets.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.rx_packets\"}}},{\"name\":\"data.netinfo.iface.rx_packets.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.rx_packets\"}}},{\"name\":\"data.netinfo.iface.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.state\"}}},{\"name\":\"data.netinfo.iface.state.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.state\"}}},{\"name\":\"data.netinfo.iface.tx_bytes\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_bytes.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.tx_bytes\"}}},{\"name\":\"data.netinfo.iface.tx_bytes.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.tx_bytes\"}}},{\"name\":\"data.netinfo.iface.tx_dropped\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_dropped.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.tx_dropped\"}}},{\"name\":\"data.netinfo.iface.tx_dropped.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.tx_dropped\"}}},{\"name\":\"data.netinfo.iface.tx_errors\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_errors.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.tx_errors\"}}},{\"name\":\"data.netinfo.iface.tx_errors.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.tx_errors\"}}},{\"name\":\"data.netinfo.iface.tx_packets\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_packets.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.tx_packets\"}}},{\"name\":\"data.netinfo.iface.tx_packets.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.tx_packets\"}}},{\"name\":\"data.netinfo.iface.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.type\"}}},{\"name\":\"data.netinfo.iface.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.type\"}}},{\"name\":\"data.os.architecture\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.architecture.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.architecture\"}}},{\"name\":\"data.os.architecture.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.architecture\"}}},{\"name\":\"data.os.build\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.build.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.build\"}}},{\"name\":\"data.os.build.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.build\"}}},{\"name\":\"data.os.hostname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.hostname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.hostname\"}}},{\"name\":\"data.os.hostname.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.hostname\"}}},{\"name\":\"data.os.major\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.major.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.major\"}}},{\"name\":\"data.os.major.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.major\"}}},{\"name\":\"data.os.minor\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.minor.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.minor\"}}},{\"name\":\"data.os.minor.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.minor\"}}},{\"name\":\"data.os.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.name\"}}},{\"name\":\"data.os.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.name\"}}},{\"name\":\"data.os.os_release\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.os_release.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.os_release\"}}},{\"name\":\"data.os.os_release.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.os_release\"}}},{\"name\":\"data.os.platform\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.platform.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.platform\"}}},{\"name\":\"data.os.platform.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.platform\"}}},{\"name\":\"data.os.release\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.release.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.release\"}}},{\"name\":\"data.os.release.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.release\"}}},{\"name\":\"data.os.release_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.release_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.release_version\"}}},{\"name\":\"data.os.release_version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.release_version\"}}},{\"name\":\"data.os.sysname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.sysname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.sysname\"}}},{\"name\":\"data.os.sysname.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.sysname\"}}},{\"name\":\"data.os.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.version\"}}},{\"name\":\"data.os.version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.version\"}}},{\"name\":\"data.port.inode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.inode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.inode\"}}},{\"name\":\"data.port.inode.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.inode\"}}},{\"name\":\"data.port.local_ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.local_ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.local_ip\"}}},{\"name\":\"data.port.local_ip.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.local_ip\"}}},{\"name\":\"data.port.local_port\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.local_port.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.local_port\"}}},{\"name\":\"data.port.local_port.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.local_port\"}}},{\"name\":\"data.port.pid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.pid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.pid\"}}},{\"name\":\"data.port.pid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.pid\"}}},{\"name\":\"data.port.process\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.process.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.process\"}}},{\"name\":\"data.port.process.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.process\"}}},{\"name\":\"data.port.protocol\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.protocol.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.protocol\"}}},{\"name\":\"data.port.protocol.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.protocol\"}}},{\"name\":\"data.port.remote_ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.remote_ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.remote_ip\"}}},{\"name\":\"data.port.remote_ip.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.remote_ip\"}}},{\"name\":\"data.port.remote_port\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.remote_port.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.remote_port\"}}},{\"name\":\"data.port.remote_port.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.remote_port\"}}},{\"name\":\"data.port.rx_queue\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.rx_queue.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.rx_queue\"}}},{\"name\":\"data.port.rx_queue.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.rx_queue\"}}},{\"name\":\"data.port.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.state\"}}},{\"name\":\"data.port.state.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.state\"}}},{\"name\":\"data.port.tx_queue\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.tx_queue.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.tx_queue\"}}},{\"name\":\"data.port.tx_queue.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.tx_queue\"}}},{\"name\":\"data.pwd\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.pwd.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.pwd\"}}},{\"name\":\"data.pwd.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.pwd\"}}},{\"name\":\"data.srcuser\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.srcuser.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.srcuser\"}}},{\"name\":\"data.srcuser.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.srcuser\"}}},{\"name\":\"data.title\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.title.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.title\"}}},{\"name\":\"data.title.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.title\"}}},{\"name\":\"data.tty\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.tty.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.tty\"}}},{\"name\":\"data.tty.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.tty\"}}},{\"name\":\"data.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.type\"}}},{\"name\":\"data.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.type\"}}},{\"name\":\"data.uid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.uid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.uid\"}}},{\"name\":\"data.uid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.uid\"}}},{\"name\":\"dce_rpc.endpoint\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dce_rpc.endpoint.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dce_rpc.endpoint\"}}},{\"name\":\"dce_rpc.endpoint.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dce_rpc.endpoint\"}}},{\"name\":\"dce_rpc.named_pipe\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dce_rpc.named_pipe.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dce_rpc.named_pipe\"}}},{\"name\":\"dce_rpc.named_pipe.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dce_rpc.named_pipe\"}}},{\"name\":\"dce_rpc.operation\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dce_rpc.operation.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dce_rpc.operation\"}}},{\"name\":\"dce_rpc.operation.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dce_rpc.operation\"}}},{\"name\":\"destination.geo.city_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.city_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.city_name\"}}},{\"name\":\"destination.geo.city_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"destination.geo.city_name\"}}},{\"name\":\"destination.geo.continent_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.continent_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.continent_name\"}}},{\"name\":\"destination.geo.continent_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"destination.geo.continent_name\"}}},{\"name\":\"destination.geo.country_iso_code\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.country_iso_code.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.country_iso_code\"}}},{\"name\":\"destination.geo.country_iso_code.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"destination.geo.country_iso_code\"}}},{\"name\":\"destination.geo.country_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.country_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.country_name\"}}},{\"name\":\"destination.geo.country_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"destination.geo.country_name\"}}},{\"name\":\"destination.geo.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.location.lat\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.location.lon\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.region_iso_code\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.region_iso_code.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.region_iso_code\"}}},{\"name\":\"destination.geo.region_iso_code.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"destination.geo.region_iso_code\"}}},{\"name\":\"destination.geo.region_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.region_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.region_name\"}}},{\"name\":\"destination.geo.region_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"destination.geo.region_name\"}}},{\"name\":\"destination.geo.timezone\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.timezone.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.timezone\"}}},{\"name\":\"destination.geo.timezone.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"destination.geo.timezone\"}}},{\"name\":\"destination.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.latitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.location\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.longitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dhcp.assigned_ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dhcp.assigned_ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dhcp.assigned_ip\"}}},{\"name\":\"dhcp.assigned_ip.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dhcp.assigned_ip\"}}},{\"name\":\"dhcp.lease_time\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dhcp.message_types\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dhcp.message_types.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dhcp.message_types\"}}},{\"name\":\"dhcp.message_types.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dhcp.message_types\"}}},{\"name\":\"dhcp.requested_address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dhcp.requested_address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dhcp.requested_address\"}}},{\"name\":\"dhcp.requested_address.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dhcp.requested_address\"}}},{\"name\":\"dnp3.fc_reply\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dnp3.fc_reply.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dnp3.fc_reply\"}}},{\"name\":\"dnp3.fc_reply.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dnp3.fc_reply\"}}},{\"name\":\"dnp3.fc_request\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dnp3.fc_request.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dnp3.fc_request\"}}},{\"name\":\"dnp3.fc_request.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dnp3.fc_request\"}}},{\"name\":\"dnp3.iin\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.answers.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.answers.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.answers.name\"}}},{\"name\":\"dns.answers.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dns.answers.name\"}}},{\"name\":\"dns.authoritative\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.highest_registered_domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.highest_registered_domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.highest_registered_domain\"}}},{\"name\":\"dns.highest_registered_domain.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dns.highest_registered_domain\"}}},{\"name\":\"dns.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.parent_domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.parent_domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.parent_domain\"}}},{\"name\":\"dns.parent_domain.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dns.parent_domain\"}}},{\"name\":\"dns.parent_domain_length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.query.class\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.query.class_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.query.class_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.query.class_name\"}}},{\"name\":\"dns.query.class_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dns.query.class_name\"}}},{\"name\":\"dns.query.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.query.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.query.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.query.name\"}}},{\"name\":\"dns.query.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dns.query.name\"}}},{\"name\":\"dns.query.rejected\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.query.type\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.query.type_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.query.type_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.query.type_name\"}}},{\"name\":\"dns.query.type_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dns.query.type_name\"}}},{\"name\":\"dns.recursion.available\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.recursion.desired\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.reserved\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.response.code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.response.code_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.response.code_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.response.code_name\"}}},{\"name\":\"dns.response.code_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dns.response.code_name\"}}},{\"name\":\"dns.subdomain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.subdomain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.subdomain\"}}},{\"name\":\"dns.subdomain.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dns.subdomain\"}}},{\"name\":\"dns.subdomain_length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.top_level_domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.top_level_domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.top_level_domain\"}}},{\"name\":\"dns.top_level_domain.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dns.top_level_domain\"}}},{\"name\":\"dns.truncated\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.ttls\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ecs.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ecs.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ecs.version\"}}},{\"name\":\"ecs.version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ecs.version\"}}},{\"name\":\"error.reason\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"error.reason.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"error.reason\"}}},{\"name\":\"error.reason.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"error.reason\"}}},{\"name\":\"event.acknowledged\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.action\"}}},{\"name\":\"event.action.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"event.action\"}}},{\"name\":\"event.category\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.category.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.category\"}}},{\"name\":\"event.category.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"event.category\"}}},{\"name\":\"event.code\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.code.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.code\"}}},{\"name\":\"event.code.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"event.code\"}}},{\"name\":\"event.created\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.created.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.created\"}}},{\"name\":\"event.created.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"event.created\"}}},{\"name\":\"event.dataset\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.dataset.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.dataset\"}}},{\"name\":\"event.dataset.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"event.dataset\"}}},{\"name\":\"event.duration\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.escalated\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.kind\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.kind.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.kind\"}}},{\"name\":\"event.kind.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"event.kind\"}}},{\"name\":\"event.module\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.module.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.module\"}}},{\"name\":\"event.module.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"event.module\"}}},{\"name\":\"event.provider\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.provider.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.provider\"}}},{\"name\":\"event.provider.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"event.provider\"}}},{\"name\":\"event.severity\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.severity_label\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.severity_label.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.severity_label\"}}},{\"name\":\"event.severity_label.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"event.severity_label\"}}},{\"name\":\"event.timestamp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.timestamp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.timestamp\"}}},{\"name\":\"event.timestamp.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"event.timestamp\"}}},{\"name\":\"file.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.action\"}}},{\"name\":\"file.action.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.action\"}}},{\"name\":\"file.analyzer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.analyzer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.analyzer\"}}},{\"name\":\"file.analyzer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.analyzer\"}}},{\"name\":\"file.aslr\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.bytes.missing\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.bytes.overflow\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.bytes.seen\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.bytes.total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.code_integrity\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.compile_timestamp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.compile_timestamp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.compile_timestamp\"}}},{\"name\":\"file.compile_timestamp.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.compile_timestamp\"}}},{\"name\":\"file.debug_data\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.dep\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.depth\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.description\"}}},{\"name\":\"file.description.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.description\"}}},{\"name\":\"file.extracted.cutoff\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.extracted.filename\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.extracted.filename.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.extracted.filename\"}}},{\"name\":\"file.extracted.filename.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.extracted.filename\"}}},{\"name\":\"file.flavors.mime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.flavors.mime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.flavors.mime\"}}},{\"name\":\"file.flavors.mime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.flavors.mime\"}}},{\"name\":\"file.flavors.yara\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.flavors.yara.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.flavors.yara\"}}},{\"name\":\"file.flavors.yara.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.flavors.yara\"}}},{\"name\":\"file.is_64bit\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.is_exe\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.is_orig\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.local_orig\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.machine\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.machine.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.machine\"}}},{\"name\":\"file.machine.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.machine\"}}},{\"name\":\"file.mime_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.mime_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.mime_type\"}}},{\"name\":\"file.mime_type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.mime_type\"}}},{\"name\":\"file.mimetype\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.mimetype.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.mimetype\"}}},{\"name\":\"file.mimetype.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.mimetype\"}}},{\"name\":\"file.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.name\"}}},{\"name\":\"file.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.name\"}}},{\"name\":\"file.orig_filenames\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.orig_filenames.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.orig_filenames\"}}},{\"name\":\"file.orig_filenames.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.orig_filenames\"}}},{\"name\":\"file.orig_mime_types\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.orig_mime_types.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.orig_mime_types\"}}},{\"name\":\"file.orig_mime_types.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.orig_mime_types\"}}},{\"name\":\"file.os\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.os.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.os\"}}},{\"name\":\"file.os.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.os\"}}},{\"name\":\"file.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.path\"}}},{\"name\":\"file.path.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.path\"}}},{\"name\":\"file.resp_filenames\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.resp_filenames.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.resp_filenames\"}}},{\"name\":\"file.resp_filenames.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.resp_filenames\"}}},{\"name\":\"file.resp_mime_types\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.resp_mime_types.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.resp_mime_types\"}}},{\"name\":\"file.resp_mime_types.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.resp_mime_types\"}}},{\"name\":\"file.scanners\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.scanners.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.scanners\"}}},{\"name\":\"file.scanners.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.scanners\"}}},{\"name\":\"file.section_names\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.section_names.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.section_names\"}}},{\"name\":\"file.section_names.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.section_names\"}}},{\"name\":\"file.seh\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.source\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.source.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.source\"}}},{\"name\":\"file.source.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.source\"}}},{\"name\":\"file.subsystem\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.subsystem.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.subsystem\"}}},{\"name\":\"file.subsystem.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.subsystem\"}}},{\"name\":\"file.table.cert\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.table.export\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.table.import\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.target\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.target.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.target\"}}},{\"name\":\"file.target.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.target\"}}},{\"name\":\"file.timed_out\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.times_accessed\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.times_accessed.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.times_accessed\"}}},{\"name\":\"file.times_accessed.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.times_accessed\"}}},{\"name\":\"file.times_changed\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.times_changed.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.times_changed\"}}},{\"name\":\"file.times_changed.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.times_changed\"}}},{\"name\":\"file.times_created\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.times_created.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.times_created\"}}},{\"name\":\"file.times_created.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.times_created\"}}},{\"name\":\"file.times_modified\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.times_modified.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.times_modified\"}}},{\"name\":\"file.times_modified.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.times_modified\"}}},{\"name\":\"file.tree.node\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.tree.node.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.tree.node\"}}},{\"name\":\"file.tree.node.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.tree.node\"}}},{\"name\":\"file.tree.parent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.tree.parent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.tree.parent\"}}},{\"name\":\"file.tree.parent.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.tree.parent\"}}},{\"name\":\"file.tree.root\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.tree.root.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.tree.root\"}}},{\"name\":\"file.tree.root.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.tree.root\"}}},{\"name\":\"ftp.argument\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp.argument.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ftp.argument\"}}},{\"name\":\"ftp.argument.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ftp.argument\"}}},{\"name\":\"ftp.command\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp.command.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ftp.command\"}}},{\"name\":\"ftp.command.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ftp.command\"}}},{\"name\":\"ftp.data_channel_destination.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp.data_channel_destination.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp.data_channel_passive\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp.data_channel_source.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp.password\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp.password.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ftp.password\"}}},{\"name\":\"ftp.password.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ftp.password\"}}},{\"name\":\"ftp.user\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp.user.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ftp.user\"}}},{\"name\":\"ftp.user.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ftp.user\"}}},{\"name\":\"geoip.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.latitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.location\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.longitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hash.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hash.hassh\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.hassh.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.hassh\"}}},{\"name\":\"hash.hassh.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"hash.hassh\"}}},{\"name\":\"hash.ja3\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.ja3.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.ja3\"}}},{\"name\":\"hash.ja3.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"hash.ja3\"}}},{\"name\":\"hash.ja3s\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.ja3s.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.ja3s\"}}},{\"name\":\"hash.ja3s.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"hash.ja3s\"}}},{\"name\":\"hash.md5\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.md5.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.md5\"}}},{\"name\":\"hash.md5.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"hash.md5\"}}},{\"name\":\"hash.sha1\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.sha1.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.sha1\"}}},{\"name\":\"hash.sha1.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"hash.sha1\"}}},{\"name\":\"hash.sha256\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.sha256.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.sha256\"}}},{\"name\":\"hash.sha256.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"hash.sha256\"}}},{\"name\":\"hash.ssdeep\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.ssdeep.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.ssdeep\"}}},{\"name\":\"hash.ssdeep.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"hash.ssdeep\"}}},{\"name\":\"host.architecture\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.architecture.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.architecture\"}}},{\"name\":\"host.architecture.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.architecture\"}}},{\"name\":\"host.domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.domain\"}}},{\"name\":\"host.domain.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.domain\"}}},{\"name\":\"host.hostname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.hostname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.hostname\"}}},{\"name\":\"host.hostname.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.hostname\"}}},{\"name\":\"host.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.id\"}}},{\"name\":\"host.id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.id\"}}},{\"name\":\"host.mac\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.mac.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.mac\"}}},{\"name\":\"host.mac.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.mac\"}}},{\"name\":\"host.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.name\"}}},{\"name\":\"host.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.name\"}}},{\"name\":\"host.os.build\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.build.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.build\"}}},{\"name\":\"host.os.build.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.os.build\"}}},{\"name\":\"host.os.family\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.family.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.family\"}}},{\"name\":\"host.os.family.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.os.family\"}}},{\"name\":\"host.os.kernel\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.kernel.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.kernel\"}}},{\"name\":\"host.os.kernel.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.os.kernel\"}}},{\"name\":\"host.os.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.name\"}}},{\"name\":\"host.os.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.os.name\"}}},{\"name\":\"host.os.platform\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.platform.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.platform\"}}},{\"name\":\"host.os.platform.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.os.platform\"}}},{\"name\":\"host.os.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.version\"}}},{\"name\":\"host.os.version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.os.version\"}}},{\"name\":\"host.syscheck.changed_attributes\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.changed_attributes.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.changed_attributes\"}}},{\"name\":\"host.syscheck.changed_attributes.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.changed_attributes\"}}},{\"name\":\"host.syscheck.event\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.event.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.event\"}}},{\"name\":\"host.syscheck.event.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.event\"}}},{\"name\":\"host.syscheck.gid_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.gid_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.gid_after\"}}},{\"name\":\"host.syscheck.gid_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.gid_after\"}}},{\"name\":\"host.syscheck.gname_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.gname_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.gname_after\"}}},{\"name\":\"host.syscheck.gname_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.gname_after\"}}},{\"name\":\"host.syscheck.inode_after\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.syscheck.md5_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.md5_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.md5_after\"}}},{\"name\":\"host.syscheck.md5_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.md5_after\"}}},{\"name\":\"host.syscheck.md5_before\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.md5_before.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.md5_before\"}}},{\"name\":\"host.syscheck.md5_before.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.md5_before\"}}},{\"name\":\"host.syscheck.mode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.mode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.mode\"}}},{\"name\":\"host.syscheck.mode.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.mode\"}}},{\"name\":\"host.syscheck.mtime_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.mtime_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.mtime_after\"}}},{\"name\":\"host.syscheck.mtime_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.mtime_after\"}}},{\"name\":\"host.syscheck.mtime_before\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.mtime_before.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.mtime_before\"}}},{\"name\":\"host.syscheck.mtime_before.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.mtime_before\"}}},{\"name\":\"host.syscheck.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.path\"}}},{\"name\":\"host.syscheck.path.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.path\"}}},{\"name\":\"host.syscheck.perm_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.perm_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.perm_after\"}}},{\"name\":\"host.syscheck.perm_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.perm_after\"}}},{\"name\":\"host.syscheck.sha1_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.sha1_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha1_after\"}}},{\"name\":\"host.syscheck.sha1_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha1_after\"}}},{\"name\":\"host.syscheck.sha1_before\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.sha1_before.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha1_before\"}}},{\"name\":\"host.syscheck.sha1_before.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha1_before\"}}},{\"name\":\"host.syscheck.sha256_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.sha256_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha256_after\"}}},{\"name\":\"host.syscheck.sha256_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha256_after\"}}},{\"name\":\"host.syscheck.sha256_before\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.sha256_before.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha256_before\"}}},{\"name\":\"host.syscheck.sha256_before.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha256_before\"}}},{\"name\":\"host.syscheck.size_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.size_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.size_after\"}}},{\"name\":\"host.syscheck.size_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.size_after\"}}},{\"name\":\"host.syscheck.size_before\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.size_before.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.size_before\"}}},{\"name\":\"host.syscheck.size_before.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.size_before\"}}},{\"name\":\"host.syscheck.uid_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.uid_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.uid_after\"}}},{\"name\":\"host.syscheck.uid_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.uid_after\"}}},{\"name\":\"host.syscheck.uname_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.uname_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.uname_after\"}}},{\"name\":\"host.syscheck.uname_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.uname_after\"}}},{\"name\":\"http.info_code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.info_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.info_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.info_message\"}}},{\"name\":\"http.info_message.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"http.info_message\"}}},{\"name\":\"http.method\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.method.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.method\"}}},{\"name\":\"http.method.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"http.method\"}}},{\"name\":\"http.proxied\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.proxied.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.proxied\"}}},{\"name\":\"http.proxied.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"http.proxied\"}}},{\"name\":\"http.referrer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.referrer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.referrer\"}}},{\"name\":\"http.referrer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"http.referrer\"}}},{\"name\":\"http.request.body.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.body.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.status_code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.status_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.status_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.status_message\"}}},{\"name\":\"http.status_message.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"http.status_message\"}}},{\"name\":\"http.trans_depth\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.uri\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.uri.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.uri\"}}},{\"name\":\"http.uri.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"http.uri\"}}},{\"name\":\"http.useragent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.useragent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.useragent\"}}},{\"name\":\"http.useragent.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"http.useragent\"}}},{\"name\":\"http.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.version\"}}},{\"name\":\"http.version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"http.version\"}}},{\"name\":\"http.virtual_host\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.virtual_host.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.virtual_host\"}}},{\"name\":\"http.virtual_host.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"http.virtual_host\"}}},{\"name\":\"ingest.timestamp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ingest.timestamp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ingest.timestamp\"}}},{\"name\":\"ingest.timestamp.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ingest.timestamp\"}}},{\"name\":\"intel.indicator\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"intel.indicator.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"intel.indicator\"}}},{\"name\":\"intel.indicator_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"intel.indicator_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"intel.indicator_type\"}}},{\"name\":\"intel.indicator_type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"intel.indicator_type\"}}},{\"name\":\"intel.matched\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"intel.matched.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"intel.matched\"}}},{\"name\":\"intel.matched.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"intel.matched\"}}},{\"name\":\"intel.seen_node\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"intel.seen_node.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"intel.seen_node\"}}},{\"name\":\"intel.seen_node.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"intel.seen_node\"}}},{\"name\":\"intel.seen_where\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"intel.seen_where.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"intel.seen_where\"}}},{\"name\":\"intel.seen_where.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"intel.seen_where\"}}},{\"name\":\"intel.sources\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"intel.sources.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"intel.sources\"}}},{\"name\":\"intel.sources.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"intel.sources\"}}},{\"name\":\"irc.command.info\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc.command.info.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"irc.command.info\"}}},{\"name\":\"irc.command.info.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"irc.command.info\"}}},{\"name\":\"irc.command.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc.command.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"irc.command.type\"}}},{\"name\":\"irc.command.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"irc.command.type\"}}},{\"name\":\"irc.command.value\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc.command.value.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"irc.command.value\"}}},{\"name\":\"irc.command.value.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"irc.command.value\"}}},{\"name\":\"irc.nickname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc.nickname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"irc.nickname\"}}},{\"name\":\"irc.nickname.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"irc.nickname\"}}},{\"name\":\"irc.username\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc.username.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"irc.username\"}}},{\"name\":\"irc.username.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"irc.username\"}}},{\"name\":\"kerberos.client\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.client.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.client\"}}},{\"name\":\"kerberos.client.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"kerberos.client\"}}},{\"name\":\"kerberos.client_certificate_subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.client_certificate_subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.client_certificate_subject\"}}},{\"name\":\"kerberos.client_certificate_subject.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"kerberos.client_certificate_subject\"}}},{\"name\":\"kerberos.error_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.error_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.error_message\"}}},{\"name\":\"kerberos.error_message.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"kerberos.error_message\"}}},{\"name\":\"kerberos.request_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.request_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.request_type\"}}},{\"name\":\"kerberos.request_type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"kerberos.request_type\"}}},{\"name\":\"kerberos.server_certificate_subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.server_certificate_subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.server_certificate_subject\"}}},{\"name\":\"kerberos.server_certificate_subject.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"kerberos.server_certificate_subject\"}}},{\"name\":\"kerberos.service\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.service.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.service\"}}},{\"name\":\"kerberos.service.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"kerberos.service\"}}},{\"name\":\"kerberos.success\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kerberos.ticket.cipher\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.ticket.cipher.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.ticket.cipher\"}}},{\"name\":\"kerberos.ticket.cipher.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"kerberos.ticket.cipher\"}}},{\"name\":\"kerberos.ticket.forwardable\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kerberos.ticket.renewable\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kerberos.ticket.valid.from\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.ticket.valid.from.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.ticket.valid.from\"}}},{\"name\":\"kerberos.ticket.valid.from.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"kerberos.ticket.valid.from\"}}},{\"name\":\"kerberos.ticket.valid.until\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.ticket.valid.until.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.ticket.valid.until\"}}},{\"name\":\"kerberos.ticket.valid.until.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"kerberos.ticket.valid.until\"}}},{\"name\":\"log.file.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.file.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.file.path\"}}},{\"name\":\"log.file.path.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.file.path\"}}},{\"name\":\"log.full\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.full.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.full\"}}},{\"name\":\"log.full.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.full\"}}},{\"name\":\"log.id.client_certificate_fuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.client_certificate_fuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.client_certificate_fuid\"}}},{\"name\":\"log.id.client_certificate_fuid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.id.client_certificate_fuid\"}}},{\"name\":\"log.id.fuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.fuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.fuid\"}}},{\"name\":\"log.id.fuid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.id.fuid\"}}},{\"name\":\"log.id.fuids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.fuids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.fuids\"}}},{\"name\":\"log.id.fuids.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.id.fuids\"}}},{\"name\":\"log.id.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.id\"}}},{\"name\":\"log.id.id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.id.id\"}}},{\"name\":\"log.id.orig_fuids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.orig_fuids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.orig_fuids\"}}},{\"name\":\"log.id.orig_fuids.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.id.orig_fuids\"}}},{\"name\":\"log.id.resp_fuids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.resp_fuids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.resp_fuids\"}}},{\"name\":\"log.id.resp_fuids.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.id.resp_fuids\"}}},{\"name\":\"log.id.server_certificate_fuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.server_certificate_fuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.server_certificate_fuid\"}}},{\"name\":\"log.id.server_certificate_fuid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.id.server_certificate_fuid\"}}},{\"name\":\"log.id.tunnel_parents\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.tunnel_parents.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.tunnel_parents\"}}},{\"name\":\"log.id.tunnel_parents.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.id.tunnel_parents\"}}},{\"name\":\"log.id.uid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.uid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.uid\"}}},{\"name\":\"log.id.uid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.id.uid\"}}},{\"name\":\"log.id.uids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.uids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.uids\"}}},{\"name\":\"log.id.uids.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.id.uids\"}}},{\"name\":\"log.level\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.level.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.level\"}}},{\"name\":\"log.level.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.level\"}}},{\"name\":\"log.location\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.location.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.location\"}}},{\"name\":\"log.location.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.location\"}}},{\"name\":\"log.offset\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log.previous_log\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.previous_log.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.previous_log\"}}},{\"name\":\"log.previous_log.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.previous_log\"}}},{\"name\":\"log.previous_output\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.previous_output.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.previous_output\"}}},{\"name\":\"log.previous_output.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.previous_output\"}}},{\"name\":\"manager.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"manager.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"manager.name\"}}},{\"name\":\"manager.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"manager.name\"}}},{\"name\":\"message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"message\"}}},{\"name\":\"modbus.function\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"modbus.function.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"modbus.function\"}}},{\"name\":\"modbus.function.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"modbus.function\"}}},{\"name\":\"mysql.argument\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql.argument.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"mysql.argument\"}}},{\"name\":\"mysql.argument.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"mysql.argument\"}}},{\"name\":\"mysql.command\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql.command.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"mysql.command\"}}},{\"name\":\"mysql.command.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"mysql.command\"}}},{\"name\":\"mysql.response\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql.response.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"mysql.response\"}}},{\"name\":\"mysql.response.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"mysql.response\"}}},{\"name\":\"mysql.rows\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.success\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.community_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"network.community_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"network.community_id\"}}},{\"name\":\"network.community_id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"network.community_id\"}}},{\"name\":\"network.data.decoded\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"network.data.decoded.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"network.data.decoded\"}}},{\"name\":\"network.data.decoded.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"network.data.decoded\"}}},{\"name\":\"network.protocol\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"network.protocol.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"network.protocol\"}}},{\"name\":\"network.protocol.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"network.protocol\"}}},{\"name\":\"network.transport\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"network.transport.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"network.transport\"}}},{\"name\":\"network.transport.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"network.transport\"}}},{\"name\":\"notice.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"notice.action\"}}},{\"name\":\"notice.action.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"notice.action\"}}},{\"name\":\"notice.message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"notice.message\"}}},{\"name\":\"notice.message.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"notice.message\"}}},{\"name\":\"notice.note\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.note.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"notice.note\"}}},{\"name\":\"notice.note.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"notice.note\"}}},{\"name\":\"notice.p\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"notice.peer_description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.peer_description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"notice.peer_description\"}}},{\"name\":\"notice.peer_description.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"notice.peer_description\"}}},{\"name\":\"notice.sub_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.sub_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"notice.sub_message\"}}},{\"name\":\"notice.sub_message.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"notice.sub_message\"}}},{\"name\":\"notice.suppress_for\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ntlm.server.dns.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ntlm.server.dns.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ntlm.server.dns.name\"}}},{\"name\":\"ntlm.server.dns.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ntlm.server.dns.name\"}}},{\"name\":\"ntlm.server.nb.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ntlm.server.nb.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ntlm.server.nb.name\"}}},{\"name\":\"ntlm.server.nb.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ntlm.server.nb.name\"}}},{\"name\":\"ntlm.server.tree.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ntlm.server.tree.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ntlm.server.tree.name\"}}},{\"name\":\"ntlm.server.tree.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ntlm.server.tree.name\"}}},{\"name\":\"ntlm.success\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"observer.analyzer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"observer.analyzer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"observer.analyzer\"}}},{\"name\":\"observer.analyzer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"observer.analyzer\"}}},{\"name\":\"observer.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"observer.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"observer.name\"}}},{\"name\":\"observer.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"observer.name\"}}},{\"name\":\"osquery.result.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.action\"}}},{\"name\":\"osquery.result.action.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.action\"}}},{\"name\":\"osquery.result.calendarTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.calendarTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.calendarTime\"}}},{\"name\":\"osquery.result.calendarTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.calendarTime\"}}},{\"name\":\"osquery.result.codename\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.codename.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.codename\"}}},{\"name\":\"osquery.result.codename.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.codename\"}}},{\"name\":\"osquery.result.columns.command\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.command.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.command\"}}},{\"name\":\"osquery.result.columns.command.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.command\"}}},{\"name\":\"osquery.result.columns.day_of_month\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.day_of_month.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.day_of_month\"}}},{\"name\":\"osquery.result.columns.day_of_month.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.day_of_month\"}}},{\"name\":\"osquery.result.columns.day_of_week\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.day_of_week.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.day_of_week\"}}},{\"name\":\"osquery.result.columns.day_of_week.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.day_of_week\"}}},{\"name\":\"osquery.result.columns.days\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.days.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.days\"}}},{\"name\":\"osquery.result.columns.days.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.days\"}}},{\"name\":\"osquery.result.columns.event\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.event.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.event\"}}},{\"name\":\"osquery.result.columns.event.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.event\"}}},{\"name\":\"osquery.result.columns.hour\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.hour.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.hour\"}}},{\"name\":\"osquery.result.columns.hour.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.hour\"}}},{\"name\":\"osquery.result.columns.hours\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.hours.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.hours\"}}},{\"name\":\"osquery.result.columns.hours.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.hours\"}}},{\"name\":\"osquery.result.columns.minute\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.minute.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.minute\"}}},{\"name\":\"osquery.result.columns.minute.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.minute\"}}},{\"name\":\"osquery.result.columns.minutes\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.minutes.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.minutes\"}}},{\"name\":\"osquery.result.columns.minutes.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.minutes\"}}},{\"name\":\"osquery.result.columns.month\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.month.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.month\"}}},{\"name\":\"osquery.result.columns.month.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.month\"}}},{\"name\":\"osquery.result.columns.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.path\"}}},{\"name\":\"osquery.result.columns.path.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.path\"}}},{\"name\":\"osquery.result.columns.seconds\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.seconds.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.seconds\"}}},{\"name\":\"osquery.result.columns.seconds.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.seconds\"}}},{\"name\":\"osquery.result.columns.total_seconds\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.total_seconds.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.total_seconds\"}}},{\"name\":\"osquery.result.columns.total_seconds.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.total_seconds\"}}},{\"name\":\"osquery.result.counter\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.result.endpoint_ip1\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.endpoint_ip1.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.endpoint_ip1\"}}},{\"name\":\"osquery.result.endpoint_ip1.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.endpoint_ip1\"}}},{\"name\":\"osquery.result.endpoint_ip2\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.endpoint_ip2.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.endpoint_ip2\"}}},{\"name\":\"osquery.result.endpoint_ip2.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.endpoint_ip2\"}}},{\"name\":\"osquery.result.epoch\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.result.hardware_serial\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.hardware_serial.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.hardware_serial\"}}},{\"name\":\"osquery.result.hardware_serial.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.hardware_serial\"}}},{\"name\":\"osquery.result.hostIdentifier\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.hostIdentifier.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.hostIdentifier\"}}},{\"name\":\"osquery.result.hostIdentifier.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.hostIdentifier\"}}},{\"name\":\"osquery.result.hostname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.hostname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.hostname\"}}},{\"name\":\"osquery.result.hostname.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.hostname\"}}},{\"name\":\"osquery.result.live_query\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.live_query.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.live_query\"}}},{\"name\":\"osquery.result.live_query.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.live_query\"}}},{\"name\":\"osquery.result.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.name\"}}},{\"name\":\"osquery.result.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.name\"}}},{\"name\":\"osquery.result.numerics\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.result.unixTime\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.args\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.args.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.args\"}}},{\"name\":\"process.args.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.args\"}}},{\"name\":\"process.cmd\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.cmd.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.cmd\"}}},{\"name\":\"process.cmd.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.cmd\"}}},{\"name\":\"process.command_line\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.command_line.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.command_line\"}}},{\"name\":\"process.command_line.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.command_line\"}}},{\"name\":\"process.egroup\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.egroup.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.egroup\"}}},{\"name\":\"process.egroup.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.egroup\"}}},{\"name\":\"process.entity_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.entity_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.entity_id\"}}},{\"name\":\"process.entity_id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.entity_id\"}}},{\"name\":\"process.euser\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.euser.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.euser\"}}},{\"name\":\"process.euser.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.euser\"}}},{\"name\":\"process.executable\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.executable.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.executable\"}}},{\"name\":\"process.executable.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.executable\"}}},{\"name\":\"process.fgroup\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.fgroup.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.fgroup\"}}},{\"name\":\"process.fgroup.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.fgroup\"}}},{\"name\":\"process.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.name\"}}},{\"name\":\"process.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.name\"}}},{\"name\":\"process.nice\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.nice.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.nice\"}}},{\"name\":\"process.nice.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.nice\"}}},{\"name\":\"process.nlwp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.nlwp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.nlwp\"}}},{\"name\":\"process.nlwp.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.nlwp\"}}},{\"name\":\"process.parent.command_line\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.parent.command_line.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.parent.command_line\"}}},{\"name\":\"process.parent.command_line.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.parent.command_line\"}}},{\"name\":\"process.parent.entity_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.parent.entity_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.parent.entity_id\"}}},{\"name\":\"process.parent.entity_id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.parent.entity_id\"}}},{\"name\":\"process.parent.executable\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.parent.executable.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.parent.executable\"}}},{\"name\":\"process.parent.executable.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.parent.executable\"}}},{\"name\":\"process.pe.company\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pe.company.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pe.company\"}}},{\"name\":\"process.pe.company.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.pe.company\"}}},{\"name\":\"process.pe.description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pe.description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pe.description\"}}},{\"name\":\"process.pe.description.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.pe.description\"}}},{\"name\":\"process.pe.file_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pe.file_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pe.file_version\"}}},{\"name\":\"process.pe.file_version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.pe.file_version\"}}},{\"name\":\"process.pe.original_file_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pe.original_file_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pe.original_file_name\"}}},{\"name\":\"process.pe.original_file_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.pe.original_file_name\"}}},{\"name\":\"process.pe.product\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pe.product.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pe.product\"}}},{\"name\":\"process.pe.product.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.pe.product\"}}},{\"name\":\"process.pgrp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pgrp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pgrp\"}}},{\"name\":\"process.pgrp.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.pgrp\"}}},{\"name\":\"process.pid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pid\"}}},{\"name\":\"process.pid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.pid\"}}},{\"name\":\"process.ppid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.ppid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.ppid\"}}},{\"name\":\"process.ppid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.ppid\"}}},{\"name\":\"process.priority\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.priority.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.priority\"}}},{\"name\":\"process.priority.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.priority\"}}},{\"name\":\"process.processor\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.processor.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.processor\"}}},{\"name\":\"process.processor.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.processor\"}}},{\"name\":\"process.resident\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.resident.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.resident\"}}},{\"name\":\"process.resident.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.resident\"}}},{\"name\":\"process.rgroup\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.rgroup.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.rgroup\"}}},{\"name\":\"process.rgroup.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.rgroup\"}}},{\"name\":\"process.ruser\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.ruser.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.ruser\"}}},{\"name\":\"process.ruser.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.ruser\"}}},{\"name\":\"process.session\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.session.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.session\"}}},{\"name\":\"process.session.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.session\"}}},{\"name\":\"process.sgroup\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.sgroup.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.sgroup\"}}},{\"name\":\"process.sgroup.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.sgroup\"}}},{\"name\":\"process.share\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.share.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.share\"}}},{\"name\":\"process.share.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.share\"}}},{\"name\":\"process.size\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.size.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.size\"}}},{\"name\":\"process.size.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.size\"}}},{\"name\":\"process.start_time\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.start_time.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.start_time\"}}},{\"name\":\"process.start_time.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.start_time\"}}},{\"name\":\"process.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.state\"}}},{\"name\":\"process.state.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.state\"}}},{\"name\":\"process.stime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.stime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.stime\"}}},{\"name\":\"process.stime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.stime\"}}},{\"name\":\"process.suser\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.suser.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.suser\"}}},{\"name\":\"process.suser.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.suser\"}}},{\"name\":\"process.tgid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.tgid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.tgid\"}}},{\"name\":\"process.tgid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.tgid\"}}},{\"name\":\"process.tty\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.tty.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.tty\"}}},{\"name\":\"process.tty.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.tty\"}}},{\"name\":\"process.utime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.utime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.utime\"}}},{\"name\":\"process.utime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.utime\"}}},{\"name\":\"process.vm_size\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.vm_size.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.vm_size\"}}},{\"name\":\"process.vm_size.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.vm_size\"}}},{\"name\":\"process.working_directory\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.working_directory.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.working_directory\"}}},{\"name\":\"process.working_directory.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.working_directory\"}}},{\"name\":\"radius.framed_address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"radius.framed_address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"radius.framed_address\"}}},{\"name\":\"radius.framed_address.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"radius.framed_address\"}}},{\"name\":\"radius.reply_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"radius.reply_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"radius.reply_message\"}}},{\"name\":\"radius.reply_message.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"radius.reply_message\"}}},{\"name\":\"radius.result\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"radius.result.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"radius.result\"}}},{\"name\":\"radius.result.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"radius.result\"}}},{\"name\":\"rdp.certificate_count\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rdp.certificate_permanent\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rdp.certificate_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.certificate_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.certificate_type\"}}},{\"name\":\"rdp.certificate_type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rdp.certificate_type\"}}},{\"name\":\"rdp.client_build\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.client_build.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.client_build\"}}},{\"name\":\"rdp.client_build.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rdp.client_build\"}}},{\"name\":\"rdp.cookie\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.cookie.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.cookie\"}}},{\"name\":\"rdp.cookie.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rdp.cookie\"}}},{\"name\":\"rdp.desktop.height\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rdp.desktop.width\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rdp.encryption_level\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.encryption_level.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.encryption_level\"}}},{\"name\":\"rdp.encryption_level.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rdp.encryption_level\"}}},{\"name\":\"rdp.encryption_method\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.encryption_method.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.encryption_method\"}}},{\"name\":\"rdp.encryption_method.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rdp.encryption_method\"}}},{\"name\":\"rdp.keyboard_layout\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.keyboard_layout.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.keyboard_layout\"}}},{\"name\":\"rdp.keyboard_layout.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rdp.keyboard_layout\"}}},{\"name\":\"rdp.requested_color_depth\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.requested_color_depth.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.requested_color_depth\"}}},{\"name\":\"rdp.requested_color_depth.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rdp.requested_color_depth\"}}},{\"name\":\"rdp.result\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.result.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.result\"}}},{\"name\":\"rdp.result.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rdp.result\"}}},{\"name\":\"rdp.security_protocol\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.security_protocol.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.security_protocol\"}}},{\"name\":\"rdp.security_protocol.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rdp.security_protocol\"}}},{\"name\":\"request.attributes.filename\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request.attributes.filename.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request.attributes.filename\"}}},{\"name\":\"request.attributes.filename.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"request.attributes.filename\"}}},{\"name\":\"request.client\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request.client.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request.client\"}}},{\"name\":\"request.client.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"request.client\"}}},{\"name\":\"request.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request.id\"}}},{\"name\":\"request.id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"request.id\"}}},{\"name\":\"request.source\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request.source.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request.source\"}}},{\"name\":\"request.source.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"request.source\"}}},{\"name\":\"request.time\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.action\"}}},{\"name\":\"rule.action.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.action\"}}},{\"name\":\"rule.author\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.author.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.author\"}}},{\"name\":\"rule.author.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.author\"}}},{\"name\":\"rule.category\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.category.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.category\"}}},{\"name\":\"rule.category.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.category\"}}},{\"name\":\"rule.date\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.date.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.date\"}}},{\"name\":\"rule.date.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.date\"}}},{\"name\":\"rule.description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.description\"}}},{\"name\":\"rule.description.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.description\"}}},{\"name\":\"rule.filetype\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.filetype.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.filetype\"}}},{\"name\":\"rule.filetype.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.filetype\"}}},{\"name\":\"rule.firedtimes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.gdpr\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.gdpr.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.gdpr\"}}},{\"name\":\"rule.gdpr.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.gdpr\"}}},{\"name\":\"rule.gid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.gpg13\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.gpg13.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.gpg13\"}}},{\"name\":\"rule.gpg13.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.gpg13\"}}},{\"name\":\"rule.groups\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.groups.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.groups\"}}},{\"name\":\"rule.groups.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.groups\"}}},{\"name\":\"rule.hash1\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.hash1.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.hash1\"}}},{\"name\":\"rule.hash1.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.hash1\"}}},{\"name\":\"rule.hipaa\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.hipaa.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.hipaa\"}}},{\"name\":\"rule.hipaa.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.hipaa\"}}},{\"name\":\"rule.info\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.info.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.info\"}}},{\"name\":\"rule.info.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.info\"}}},{\"name\":\"rule.level\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.mail\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.maltype\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.maltype.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.maltype\"}}},{\"name\":\"rule.maltype.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.maltype\"}}},{\"name\":\"rule.metadata.affected_product\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.affected_product.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.affected_product\"}}},{\"name\":\"rule.metadata.affected_product.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.affected_product\"}}},{\"name\":\"rule.metadata.attack_target\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.attack_target.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.attack_target\"}}},{\"name\":\"rule.metadata.attack_target.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.attack_target\"}}},{\"name\":\"rule.metadata.created_at\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.created_at.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.created_at\"}}},{\"name\":\"rule.metadata.created_at.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.created_at\"}}},{\"name\":\"rule.metadata.deployment\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.deployment.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.deployment\"}}},{\"name\":\"rule.metadata.deployment.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.deployment\"}}},{\"name\":\"rule.metadata.former_category\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.former_category.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.former_category\"}}},{\"name\":\"rule.metadata.former_category.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.former_category\"}}},{\"name\":\"rule.metadata.malware_family\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.malware_family.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.malware_family\"}}},{\"name\":\"rule.metadata.malware_family.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.malware_family\"}}},{\"name\":\"rule.metadata.performance_impact\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.performance_impact.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.performance_impact\"}}},{\"name\":\"rule.metadata.performance_impact.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.performance_impact\"}}},{\"name\":\"rule.metadata.signature_severity\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.signature_severity.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.signature_severity\"}}},{\"name\":\"rule.metadata.signature_severity.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.signature_severity\"}}},{\"name\":\"rule.metadata.tag\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.tag.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.tag\"}}},{\"name\":\"rule.metadata.tag.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.tag\"}}},{\"name\":\"rule.metadata.updated_at\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.updated_at.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.updated_at\"}}},{\"name\":\"rule.metadata.updated_at.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.updated_at\"}}},{\"name\":\"rule.mitre.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.mitre.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.mitre.id\"}}},{\"name\":\"rule.mitre.id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.mitre.id\"}}},{\"name\":\"rule.mitre.tactic\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.mitre.tactic.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.mitre.tactic\"}}},{\"name\":\"rule.mitre.tactic.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.mitre.tactic\"}}},{\"name\":\"rule.mitre.technique\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.mitre.technique.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.mitre.technique\"}}},{\"name\":\"rule.mitre.technique.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.mitre.technique\"}}},{\"name\":\"rule.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.name\"}}},{\"name\":\"rule.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.name\"}}},{\"name\":\"rule.nist_800_53\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.nist_800_53.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.nist_800_53\"}}},{\"name\":\"rule.nist_800_53.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.nist_800_53\"}}},{\"name\":\"rule.pci_dss\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.pci_dss.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.pci_dss\"}}},{\"name\":\"rule.pci_dss.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.pci_dss\"}}},{\"name\":\"rule.reference\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.reference.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.reference\"}}},{\"name\":\"rule.reference.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.reference\"}}},{\"name\":\"rule.rev\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.rule\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.rule.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.rule\"}}},{\"name\":\"rule.rule.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.rule\"}}},{\"name\":\"rule.ruleset\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.ruleset.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.ruleset\"}}},{\"name\":\"rule.ruleset.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.ruleset\"}}},{\"name\":\"rule.score\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.severity\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.tsc\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.tsc.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.tsc\"}}},{\"name\":\"rule.tsc.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.tsc\"}}},{\"name\":\"rule.uuid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.entropy.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.entropy.entropy\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.exiftool.About\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.About.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.About\"}}},{\"name\":\"scan.exiftool.About.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.About\"}}},{\"name\":\"scan.exiftool.AppVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.AppVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.AppVersion\"}}},{\"name\":\"scan.exiftool.AppVersion.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.AppVersion\"}}},{\"name\":\"scan.exiftool.Author\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Author.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Author\"}}},{\"name\":\"scan.exiftool.Author.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Author\"}}},{\"name\":\"scan.exiftool.BitDepth\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.BitDepth.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.BitDepth\"}}},{\"name\":\"scan.exiftool.BitDepth.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.BitDepth\"}}},{\"name\":\"scan.exiftool.BuildID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.BuildID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.BuildID\"}}},{\"name\":\"scan.exiftool.BuildID.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.BuildID\"}}},{\"name\":\"scan.exiftool.CharCountWithSpaces\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CharCountWithSpaces.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CharCountWithSpaces\"}}},{\"name\":\"scan.exiftool.CharCountWithSpaces.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CharCountWithSpaces\"}}},{\"name\":\"scan.exiftool.CharacterSet\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CharacterSet.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CharacterSet\"}}},{\"name\":\"scan.exiftool.CharacterSet.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CharacterSet\"}}},{\"name\":\"scan.exiftool.Characters\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Characters.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Characters\"}}},{\"name\":\"scan.exiftool.Characters.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Characters\"}}},{\"name\":\"scan.exiftool.CodePage\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CodePage.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CodePage\"}}},{\"name\":\"scan.exiftool.CodePage.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CodePage\"}}},{\"name\":\"scan.exiftool.CodeSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CodeSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CodeSize\"}}},{\"name\":\"scan.exiftool.CodeSize.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CodeSize\"}}},{\"name\":\"scan.exiftool.ColorType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ColorType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ColorType\"}}},{\"name\":\"scan.exiftool.ColorType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ColorType\"}}},{\"name\":\"scan.exiftool.Comments\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Comments.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Comments\"}}},{\"name\":\"scan.exiftool.Comments.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Comments\"}}},{\"name\":\"scan.exiftool.CompObjUserType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CompObjUserType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CompObjUserType\"}}},{\"name\":\"scan.exiftool.CompObjUserType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CompObjUserType\"}}},{\"name\":\"scan.exiftool.CompObjUserTypeLen\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CompObjUserTypeLen.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CompObjUserTypeLen\"}}},{\"name\":\"scan.exiftool.CompObjUserTypeLen.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CompObjUserTypeLen\"}}},{\"name\":\"scan.exiftool.Company\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Company.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Company\"}}},{\"name\":\"scan.exiftool.Company.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Company\"}}},{\"name\":\"scan.exiftool.CompanyName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CompanyName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CompanyName\"}}},{\"name\":\"scan.exiftool.CompanyName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CompanyName\"}}},{\"name\":\"scan.exiftool.Compression\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Compression.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Compression\"}}},{\"name\":\"scan.exiftool.Compression.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Compression\"}}},{\"name\":\"scan.exiftool.CreateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CreateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CreateDate\"}}},{\"name\":\"scan.exiftool.CreateDate.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CreateDate\"}}},{\"name\":\"scan.exiftool.Creator\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Creator.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Creator\"}}},{\"name\":\"scan.exiftool.Creator.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Creator\"}}},{\"name\":\"scan.exiftool.CreatorTool\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CreatorTool.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CreatorTool\"}}},{\"name\":\"scan.exiftool.CreatorTool.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CreatorTool\"}}},{\"name\":\"scan.exiftool.DerivedFromDocumentID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.DerivedFromDocumentID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.DerivedFromDocumentID\"}}},{\"name\":\"scan.exiftool.DerivedFromDocumentID.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.DerivedFromDocumentID\"}}},{\"name\":\"scan.exiftool.DerivedFromInstanceID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.DerivedFromInstanceID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.DerivedFromInstanceID\"}}},{\"name\":\"scan.exiftool.DerivedFromInstanceID.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.DerivedFromInstanceID\"}}},{\"name\":\"scan.exiftool.Directory\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Directory.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Directory\"}}},{\"name\":\"scan.exiftool.Directory.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Directory\"}}},{\"name\":\"scan.exiftool.DocumentID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.DocumentID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.DocumentID\"}}},{\"name\":\"scan.exiftool.DocumentID.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.DocumentID\"}}},{\"name\":\"scan.exiftool.EntryPoint\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.EntryPoint.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.EntryPoint\"}}},{\"name\":\"scan.exiftool.EntryPoint.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.EntryPoint\"}}},{\"name\":\"scan.exiftool.Error\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Error.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Error\"}}},{\"name\":\"scan.exiftool.Error.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Error\"}}},{\"name\":\"scan.exiftool.ExifToolVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ExifToolVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ExifToolVersion\"}}},{\"name\":\"scan.exiftool.ExifToolVersion.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ExifToolVersion\"}}},{\"name\":\"scan.exiftool.FileAccessDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileAccessDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileAccessDate\"}}},{\"name\":\"scan.exiftool.FileAccessDate.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileAccessDate\"}}},{\"name\":\"scan.exiftool.FileDescription\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileDescription.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileDescription\"}}},{\"name\":\"scan.exiftool.FileDescription.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileDescription\"}}},{\"name\":\"scan.exiftool.FileFlags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileFlags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileFlags\"}}},{\"name\":\"scan.exiftool.FileFlags.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileFlags\"}}},{\"name\":\"scan.exiftool.FileFlagsMask\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileFlagsMask.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileFlagsMask\"}}},{\"name\":\"scan.exiftool.FileFlagsMask.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileFlagsMask\"}}},{\"name\":\"scan.exiftool.FileInodeChangeDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileInodeChangeDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileInodeChangeDate\"}}},{\"name\":\"scan.exiftool.FileInodeChangeDate.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileInodeChangeDate\"}}},{\"name\":\"scan.exiftool.FileModifyDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileModifyDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileModifyDate\"}}},{\"name\":\"scan.exiftool.FileModifyDate.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileModifyDate\"}}},{\"name\":\"scan.exiftool.FileName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileName\"}}},{\"name\":\"scan.exiftool.FileName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileName\"}}},{\"name\":\"scan.exiftool.FileOS\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileOS.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileOS\"}}},{\"name\":\"scan.exiftool.FileOS.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileOS\"}}},{\"name\":\"scan.exiftool.FilePermissions\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FilePermissions.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FilePermissions\"}}},{\"name\":\"scan.exiftool.FilePermissions.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FilePermissions\"}}},{\"name\":\"scan.exiftool.FileSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileSize\"}}},{\"name\":\"scan.exiftool.FileSize.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileSize\"}}},{\"name\":\"scan.exiftool.FileSubtype\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileSubtype.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileSubtype\"}}},{\"name\":\"scan.exiftool.FileSubtype.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileSubtype\"}}},{\"name\":\"scan.exiftool.FileType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileType\"}}},{\"name\":\"scan.exiftool.FileType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileType\"}}},{\"name\":\"scan.exiftool.FileTypeExtension\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileTypeExtension.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileTypeExtension\"}}},{\"name\":\"scan.exiftool.FileTypeExtension.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileTypeExtension\"}}},{\"name\":\"scan.exiftool.FileVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileVersion\"}}},{\"name\":\"scan.exiftool.FileVersion.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileVersion\"}}},{\"name\":\"scan.exiftool.FileVersionNumber\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileVersionNumber.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileVersionNumber\"}}},{\"name\":\"scan.exiftool.FileVersionNumber.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileVersionNumber\"}}},{\"name\":\"scan.exiftool.Filter\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Filter.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Filter\"}}},{\"name\":\"scan.exiftool.Filter.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Filter\"}}},{\"name\":\"scan.exiftool.Format\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Format.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Format\"}}},{\"name\":\"scan.exiftool.Format.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Format\"}}},{\"name\":\"scan.exiftool.HasXFA\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.HasXFA.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.HasXFA\"}}},{\"name\":\"scan.exiftool.HasXFA.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.HasXFA\"}}},{\"name\":\"scan.exiftool.HeadingPairs\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.HeadingPairs.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.HeadingPairs\"}}},{\"name\":\"scan.exiftool.HeadingPairs.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.HeadingPairs\"}}},{\"name\":\"scan.exiftool.HyperlinksChanged\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.HyperlinksChanged.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.HyperlinksChanged\"}}},{\"name\":\"scan.exiftool.HyperlinksChanged.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.HyperlinksChanged\"}}},{\"name\":\"scan.exiftool.ImageHeight\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ImageHeight.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ImageHeight\"}}},{\"name\":\"scan.exiftool.ImageHeight.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ImageHeight\"}}},{\"name\":\"scan.exiftool.ImageSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ImageSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ImageSize\"}}},{\"name\":\"scan.exiftool.ImageSize.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ImageSize\"}}},{\"name\":\"scan.exiftool.ImageVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ImageVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ImageVersion\"}}},{\"name\":\"scan.exiftool.ImageVersion.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ImageVersion\"}}},{\"name\":\"scan.exiftool.ImageWidth\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ImageWidth.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ImageWidth\"}}},{\"name\":\"scan.exiftool.ImageWidth.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ImageWidth\"}}},{\"name\":\"scan.exiftool.InitializedDataSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.InitializedDataSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.InitializedDataSize\"}}},{\"name\":\"scan.exiftool.InitializedDataSize.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.InitializedDataSize\"}}},{\"name\":\"scan.exiftool.InstanceID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.InstanceID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.InstanceID\"}}},{\"name\":\"scan.exiftool.InstanceID.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.InstanceID\"}}},{\"name\":\"scan.exiftool.Interlace\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Interlace.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Interlace\"}}},{\"name\":\"scan.exiftool.Interlace.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Interlace\"}}},{\"name\":\"scan.exiftool.InternalName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.InternalName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.InternalName\"}}},{\"name\":\"scan.exiftool.InternalName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.InternalName\"}}},{\"name\":\"scan.exiftool.Keywords\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Keywords.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Keywords\"}}},{\"name\":\"scan.exiftool.Keywords.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Keywords\"}}},{\"name\":\"scan.exiftool.Language\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Language.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Language\"}}},{\"name\":\"scan.exiftool.Language.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Language\"}}},{\"name\":\"scan.exiftool.LanguageCode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.LanguageCode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LanguageCode\"}}},{\"name\":\"scan.exiftool.LanguageCode.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LanguageCode\"}}},{\"name\":\"scan.exiftool.LastModifiedBy\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.LastModifiedBy.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LastModifiedBy\"}}},{\"name\":\"scan.exiftool.LastModifiedBy.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LastModifiedBy\"}}},{\"name\":\"scan.exiftool.LegalCopyright\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.LegalCopyright.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LegalCopyright\"}}},{\"name\":\"scan.exiftool.LegalCopyright.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LegalCopyright\"}}},{\"name\":\"scan.exiftool.LegalTrademarks\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.LegalTrademarks.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LegalTrademarks\"}}},{\"name\":\"scan.exiftool.LegalTrademarks.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LegalTrademarks\"}}},{\"name\":\"scan.exiftool.Linearized\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Linearized.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Linearized\"}}},{\"name\":\"scan.exiftool.Linearized.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Linearized\"}}},{\"name\":\"scan.exiftool.Lines\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Lines.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Lines\"}}},{\"name\":\"scan.exiftool.Lines.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Lines\"}}},{\"name\":\"scan.exiftool.LinkerVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.LinkerVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LinkerVersion\"}}},{\"name\":\"scan.exiftool.LinkerVersion.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LinkerVersion\"}}},{\"name\":\"scan.exiftool.LinksUpToDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.LinksUpToDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LinksUpToDate\"}}},{\"name\":\"scan.exiftool.LinksUpToDate.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LinksUpToDate\"}}},{\"name\":\"scan.exiftool.MIMEType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.MIMEType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.MIMEType\"}}},{\"name\":\"scan.exiftool.MIMEType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.MIMEType\"}}},{\"name\":\"scan.exiftool.MachineType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.MachineType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.MachineType\"}}},{\"name\":\"scan.exiftool.MachineType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.MachineType\"}}},{\"name\":\"scan.exiftool.Megapixels\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Megapixels.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Megapixels\"}}},{\"name\":\"scan.exiftool.Megapixels.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Megapixels\"}}},{\"name\":\"scan.exiftool.ModifyDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ModifyDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ModifyDate\"}}},{\"name\":\"scan.exiftool.ModifyDate.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ModifyDate\"}}},{\"name\":\"scan.exiftool.OSVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.OSVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.OSVersion\"}}},{\"name\":\"scan.exiftool.OSVersion.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.OSVersion\"}}},{\"name\":\"scan.exiftool.ObjectFileType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ObjectFileType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ObjectFileType\"}}},{\"name\":\"scan.exiftool.ObjectFileType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ObjectFileType\"}}},{\"name\":\"scan.exiftool.OriginalFileName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.OriginalFileName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.OriginalFileName\"}}},{\"name\":\"scan.exiftool.OriginalFileName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.OriginalFileName\"}}},{\"name\":\"scan.exiftool.PDFVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.PDFVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PDFVersion\"}}},{\"name\":\"scan.exiftool.PDFVersion.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PDFVersion\"}}},{\"name\":\"scan.exiftool.PEType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.PEType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PEType\"}}},{\"name\":\"scan.exiftool.PEType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PEType\"}}},{\"name\":\"scan.exiftool.PTEX_Fullbanner\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.PTEX_Fullbanner.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PTEX_Fullbanner\"}}},{\"name\":\"scan.exiftool.PTEX_Fullbanner.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PTEX_Fullbanner\"}}},{\"name\":\"scan.exiftool.PageCount\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.PageCount.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PageCount\"}}},{\"name\":\"scan.exiftool.PageCount.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PageCount\"}}},{\"name\":\"scan.exiftool.Pages\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Pages.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Pages\"}}},{\"name\":\"scan.exiftool.Pages.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Pages\"}}},{\"name\":\"scan.exiftool.Paragraphs\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Paragraphs.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Paragraphs\"}}},{\"name\":\"scan.exiftool.Paragraphs.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Paragraphs\"}}},{\"name\":\"scan.exiftool.PrivateBuild\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.PrivateBuild.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PrivateBuild\"}}},{\"name\":\"scan.exiftool.PrivateBuild.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PrivateBuild\"}}},{\"name\":\"scan.exiftool.Producer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Producer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Producer\"}}},{\"name\":\"scan.exiftool.Producer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Producer\"}}},{\"name\":\"scan.exiftool.ProductName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ProductName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ProductName\"}}},{\"name\":\"scan.exiftool.ProductName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ProductName\"}}},{\"name\":\"scan.exiftool.ProductVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ProductVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ProductVersion\"}}},{\"name\":\"scan.exiftool.ProductVersion.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ProductVersion\"}}},{\"name\":\"scan.exiftool.ProductVersionNumber\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ProductVersionNumber.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ProductVersionNumber\"}}},{\"name\":\"scan.exiftool.ProductVersionNumber.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ProductVersionNumber\"}}},{\"name\":\"scan.exiftool.RevisionNumber\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.RevisionNumber.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.RevisionNumber\"}}},{\"name\":\"scan.exiftool.RevisionNumber.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.RevisionNumber\"}}},{\"name\":\"scan.exiftool.ScaleCrop\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ScaleCrop.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ScaleCrop\"}}},{\"name\":\"scan.exiftool.ScaleCrop.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ScaleCrop\"}}},{\"name\":\"scan.exiftool.Security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Security.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Security\"}}},{\"name\":\"scan.exiftool.Security.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Security\"}}},{\"name\":\"scan.exiftool.SharedDoc\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.SharedDoc.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SharedDoc\"}}},{\"name\":\"scan.exiftool.SharedDoc.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SharedDoc\"}}},{\"name\":\"scan.exiftool.Software\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Software.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Software\"}}},{\"name\":\"scan.exiftool.Software.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Software\"}}},{\"name\":\"scan.exiftool.SourceFile\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.SourceFile.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SourceFile\"}}},{\"name\":\"scan.exiftool.SourceFile.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SourceFile\"}}},{\"name\":\"scan.exiftool.SpecialBuild\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.SpecialBuild.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SpecialBuild\"}}},{\"name\":\"scan.exiftool.SpecialBuild.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SpecialBuild\"}}},{\"name\":\"scan.exiftool.Subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Subject\"}}},{\"name\":\"scan.exiftool.Subject.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Subject\"}}},{\"name\":\"scan.exiftool.Subsystem\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Subsystem.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Subsystem\"}}},{\"name\":\"scan.exiftool.Subsystem.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Subsystem\"}}},{\"name\":\"scan.exiftool.SubsystemVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.SubsystemVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SubsystemVersion\"}}},{\"name\":\"scan.exiftool.SubsystemVersion.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SubsystemVersion\"}}},{\"name\":\"scan.exiftool.SvnRevision\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.SvnRevision.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SvnRevision\"}}},{\"name\":\"scan.exiftool.SvnRevision.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SvnRevision\"}}},{\"name\":\"scan.exiftool.Template\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Template.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Template\"}}},{\"name\":\"scan.exiftool.Template.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Template\"}}},{\"name\":\"scan.exiftool.TimeStamp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.TimeStamp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.TimeStamp\"}}},{\"name\":\"scan.exiftool.TimeStamp.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.TimeStamp\"}}},{\"name\":\"scan.exiftool.Title\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Title.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Title\"}}},{\"name\":\"scan.exiftool.Title.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Title\"}}},{\"name\":\"scan.exiftool.TitleOfParts\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.TitleOfParts.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.TitleOfParts\"}}},{\"name\":\"scan.exiftool.TitleOfParts.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.TitleOfParts\"}}},{\"name\":\"scan.exiftool.TotalEditTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.TotalEditTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.TotalEditTime\"}}},{\"name\":\"scan.exiftool.TotalEditTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.TotalEditTime\"}}},{\"name\":\"scan.exiftool.Trapped\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Trapped.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Trapped\"}}},{\"name\":\"scan.exiftool.Trapped.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Trapped\"}}},{\"name\":\"scan.exiftool.UninitializedDataSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.UninitializedDataSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.UninitializedDataSize\"}}},{\"name\":\"scan.exiftool.UninitializedDataSize.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.UninitializedDataSize\"}}},{\"name\":\"scan.exiftool.Warning\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Warning.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Warning\"}}},{\"name\":\"scan.exiftool.Warning.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Warning\"}}},{\"name\":\"scan.exiftool.Words\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Words.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Words\"}}},{\"name\":\"scan.exiftool.Words.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Words\"}}},{\"name\":\"scan.exiftool.XMPToolkit\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.XMPToolkit.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.XMPToolkit\"}}},{\"name\":\"scan.exiftool.XMPToolkit.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.XMPToolkit\"}}},{\"name\":\"scan.exiftool.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.header.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.header.header\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.header.header.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.header.header\"}}},{\"name\":\"scan.header.header.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.header.header\"}}},{\"name\":\"scan.ini.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.ini.keys.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.ini.keys.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.ini.keys.name\"}}},{\"name\":\"scan.ini.keys.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.ini.keys.name\"}}},{\"name\":\"scan.ini.keys.section\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.ini.keys.section.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.ini.keys.section\"}}},{\"name\":\"scan.ini.keys.section.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.ini.keys.section\"}}},{\"name\":\"scan.ini.keys.value\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.ini.keys.value.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.ini.keys.value\"}}},{\"name\":\"scan.ini.keys.value.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.ini.keys.value\"}}},{\"name\":\"scan.ini.sections\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.ini.sections.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.ini.sections\"}}},{\"name\":\"scan.ini.sections.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.ini.sections\"}}},{\"name\":\"scan.libarchive.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.libarchive.total.extracted\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.libarchive.total.files\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.mmbot.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.mmbot.flags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.mmbot.flags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.mmbot.flags\"}}},{\"name\":\"scan.mmbot.flags.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.mmbot.flags\"}}},{\"name\":\"scan.ocr.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.ole.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.ole.flags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.ole.flags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.ole.flags\"}}},{\"name\":\"scan.ole.flags.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.ole.flags\"}}},{\"name\":\"scan.ole.total.extracted\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.ole.total.streams\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pdf.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pdf.total.extracted\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pdf.total.objects\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.debug.age\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.debug.guid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.debug.guid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.debug.guid\"}}},{\"name\":\"scan.pe.debug.guid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.debug.guid\"}}},{\"name\":\"scan.pe.debug.pdb\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.debug.pdb.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.debug.pdb\"}}},{\"name\":\"scan.pe.debug.pdb.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.debug.pdb\"}}},{\"name\":\"scan.pe.debug.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.debug.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.debug.type\"}}},{\"name\":\"scan.pe.debug.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.debug.type\"}}},{\"name\":\"scan.pe.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.file_info.fixed.flags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.fixed.flags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.fixed.flags\"}}},{\"name\":\"scan.pe.file_info.fixed.flags.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.fixed.flags\"}}},{\"name\":\"scan.pe.file_info.fixed.operating_systems\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.fixed.operating_systems.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.fixed.operating_systems\"}}},{\"name\":\"scan.pe.file_info.fixed.operating_systems.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.fixed.operating_systems\"}}},{\"name\":\"scan.pe.file_info.fixed.type.primary\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.fixed.type.primary.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.fixed.type.primary\"}}},{\"name\":\"scan.pe.file_info.fixed.type.primary.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.fixed.type.primary\"}}},{\"name\":\"scan.pe.file_info.string.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.string.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.string.name\"}}},{\"name\":\"scan.pe.file_info.string.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.string.name\"}}},{\"name\":\"scan.pe.file_info.string.value\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.string.value.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.string.value\"}}},{\"name\":\"scan.pe.file_info.string.value.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.string.value\"}}},{\"name\":\"scan.pe.file_info.var.character_set\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.var.character_set.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.var.character_set\"}}},{\"name\":\"scan.pe.file_info.var.character_set.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.var.character_set\"}}},{\"name\":\"scan.pe.file_info.var.language\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.var.language.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.var.language\"}}},{\"name\":\"scan.pe.file_info.var.language.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.var.language\"}}},{\"name\":\"scan.pe.flags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.flags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.flags\"}}},{\"name\":\"scan.pe.flags.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.flags\"}}},{\"name\":\"scan.pe.header.address.code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.address.data\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.address.entry_point\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.address.image\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.alignment.file\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.alignment.section\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.characteristics.dll\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.header.characteristics.dll.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.characteristics.dll\"}}},{\"name\":\"scan.pe.header.characteristics.dll.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.characteristics.dll\"}}},{\"name\":\"scan.pe.header.characteristics.image\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.header.characteristics.image.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.characteristics.image\"}}},{\"name\":\"scan.pe.header.characteristics.image.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.characteristics.image\"}}},{\"name\":\"scan.pe.header.checksum\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.machine.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.machine.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.header.machine.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.machine.type\"}}},{\"name\":\"scan.pe.header.machine.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.machine.type\"}}},{\"name\":\"scan.pe.header.magic.dos\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.header.magic.dos.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.magic.dos\"}}},{\"name\":\"scan.pe.header.magic.dos.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.magic.dos\"}}},{\"name\":\"scan.pe.header.magic.image\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.header.magic.image.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.magic.image\"}}},{\"name\":\"scan.pe.header.magic.image.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.magic.image\"}}},{\"name\":\"scan.pe.header.size.code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.data.initialized\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.data.uninitialized\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.headers\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.heap.commit\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.heap.reserve\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.image\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.stack.commit\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.stack.reserve\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.subsystem\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.header.subsystem.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.subsystem\"}}},{\"name\":\"scan.pe.header.subsystem.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.subsystem\"}}},{\"name\":\"scan.pe.header.timestamp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.version.image\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.version.linker\",\"type\":\"number\",\"esTypes\":[\"float\",\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.version.operating_system\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.version.subsystem\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.imphash\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.imphash.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.imphash\"}}},{\"name\":\"scan.pe.imphash.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.imphash\"}}},{\"name\":\"scan.pe.resources.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.resources.language.primary\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.resources.language.primary.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.resources.language.primary\"}}},{\"name\":\"scan.pe.resources.language.primary.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.resources.language.primary\"}}},{\"name\":\"scan.pe.resources.language.sub\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.resources.language.sub.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.resources.language.sub\"}}},{\"name\":\"scan.pe.resources.language.sub.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.resources.language.sub\"}}},{\"name\":\"scan.pe.resources.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.resources.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.resources.name\"}}},{\"name\":\"scan.pe.resources.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.resources.name\"}}},{\"name\":\"scan.pe.resources.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.resources.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.resources.type\"}}},{\"name\":\"scan.pe.resources.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.resources.type\"}}},{\"name\":\"scan.pe.sections.address.physical\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.sections.address.virtual\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.sections.characteristics\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.sections.characteristics.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.sections.characteristics\"}}},{\"name\":\"scan.pe.sections.characteristics.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.sections.characteristics\"}}},{\"name\":\"scan.pe.sections.entropy\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.sections.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.sections.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.sections.name\"}}},{\"name\":\"scan.pe.sections.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.sections.name\"}}},{\"name\":\"scan.pe.sections.size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.symbols.exported\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.exported.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.exported\"}}},{\"name\":\"scan.pe.symbols.exported.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.exported\"}}},{\"name\":\"scan.pe.symbols.imported\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.imported.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.imported\"}}},{\"name\":\"scan.pe.symbols.imported.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.imported\"}}},{\"name\":\"scan.pe.symbols.libraries\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.libraries.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.libraries\"}}},{\"name\":\"scan.pe.symbols.libraries.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.libraries\"}}},{\"name\":\"scan.pe.symbols.table.address\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.symbols.table.library\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.table.library.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.table.library\"}}},{\"name\":\"scan.pe.symbols.table.library.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.table.library\"}}},{\"name\":\"scan.pe.symbols.table.symbol\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.table.symbol.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.table.symbol\"}}},{\"name\":\"scan.pe.symbols.table.symbol.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.table.symbol\"}}},{\"name\":\"scan.pe.symbols.table.symbols\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.table.symbols.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.table.symbols\"}}},{\"name\":\"scan.pe.symbols.table.symbols.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.table.symbols\"}}},{\"name\":\"scan.pe.symbols.table.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.table.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.table.type\"}}},{\"name\":\"scan.pe.symbols.table.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.table.type\"}}},{\"name\":\"scan.pe.total.libraries\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.total.resources\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.total.sections\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.total.symbols\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pkcs7.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pkcs7.total.certificates\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pkcs7.total.extracted\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.upx.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.url.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.url.urls\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.url.urls.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.url.urls\"}}},{\"name\":\"scan.url.urls.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.url.urls\"}}},{\"name\":\"scan.vb.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.vb.functions\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vb.functions.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vb.functions\"}}},{\"name\":\"scan.vb.functions.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.vb.functions\"}}},{\"name\":\"scan.vb.names\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vb.names.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vb.names\"}}},{\"name\":\"scan.vb.names.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.vb.names\"}}},{\"name\":\"scan.vb.operators\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vb.operators.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vb.operators\"}}},{\"name\":\"scan.vb.operators.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.vb.operators\"}}},{\"name\":\"scan.vb.strings\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vb.strings.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vb.strings\"}}},{\"name\":\"scan.vb.strings.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.vb.strings\"}}},{\"name\":\"scan.vb.tokens\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vb.tokens.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vb.tokens\"}}},{\"name\":\"scan.vb.tokens.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.vb.tokens\"}}},{\"name\":\"scan.vba.auto_exec\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vba.auto_exec.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vba.auto_exec\"}}},{\"name\":\"scan.vba.auto_exec.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.vba.auto_exec\"}}},{\"name\":\"scan.vba.base64\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vba.base64.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vba.base64\"}}},{\"name\":\"scan.vba.base64.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.vba.base64\"}}},{\"name\":\"scan.vba.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.vba.ioc\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vba.ioc.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vba.ioc\"}}},{\"name\":\"scan.vba.ioc.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.vba.ioc\"}}},{\"name\":\"scan.vba.suspicious\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vba.suspicious.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vba.suspicious\"}}},{\"name\":\"scan.vba.suspicious.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.vba.suspicious\"}}},{\"name\":\"scan.vba.total.extracted\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.vba.total.files\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.x509.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.x509.expired\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.x509.fingerprint\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.x509.fingerprint.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.x509.fingerprint\"}}},{\"name\":\"scan.x509.fingerprint.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.x509.fingerprint\"}}},{\"name\":\"scan.x509.issuer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.x509.issuer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.x509.issuer\"}}},{\"name\":\"scan.x509.issuer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.x509.issuer\"}}},{\"name\":\"scan.x509.not_after\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.x509.not_before\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.x509.serial_number\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.x509.serial_number.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.x509.serial_number\"}}},{\"name\":\"scan.x509.serial_number.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.x509.serial_number\"}}},{\"name\":\"scan.x509.subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.x509.subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.x509.subject\"}}},{\"name\":\"scan.x509.subject.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.x509.subject\"}}},{\"name\":\"scan.x509.version\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.xml.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.xml.namespaces\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.xml.namespaces.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.xml.namespaces\"}}},{\"name\":\"scan.xml.namespaces.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.xml.namespaces\"}}},{\"name\":\"scan.xml.tags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.xml.tags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.xml.tags\"}}},{\"name\":\"scan.xml.tags.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.xml.tags\"}}},{\"name\":\"scan.xml.total.extracted\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.xml.total.tags\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.xml.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.xml.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.xml.version\"}}},{\"name\":\"scan.xml.version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.xml.version\"}}},{\"name\":\"scan.yara.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.yara.matches\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.yara.matches.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.yara.matches\"}}},{\"name\":\"scan.yara.matches.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.yara.matches\"}}},{\"name\":\"server.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"server.address\"}}},{\"name\":\"server.address.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"server.address\"}}},{\"name\":\"server.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.ip_bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.port\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.reply_code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.reply_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server.reply_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"server.reply_message\"}}},{\"name\":\"server.reply_message.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"server.reply_message\"}}},{\"name\":\"server.status_code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.status_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server.status_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"server.status_message\"}}},{\"name\":\"server.status_message.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"server.status_message\"}}},{\"name\":\"sip.call_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.call_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.call_id\"}}},{\"name\":\"sip.call_id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.call_id\"}}},{\"name\":\"sip.content_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.content_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.content_type\"}}},{\"name\":\"sip.content_type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.content_type\"}}},{\"name\":\"sip.date\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.date.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.date\"}}},{\"name\":\"sip.date.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.date\"}}},{\"name\":\"sip.method\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.method.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.method\"}}},{\"name\":\"sip.method.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.method\"}}},{\"name\":\"sip.request.body.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sip.request.from\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.request.from.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.request.from\"}}},{\"name\":\"sip.request.from.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.request.from\"}}},{\"name\":\"sip.request.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.request.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.request.path\"}}},{\"name\":\"sip.request.path.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.request.path\"}}},{\"name\":\"sip.request.to\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.request.to.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.request.to\"}}},{\"name\":\"sip.request.to.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.request.to\"}}},{\"name\":\"sip.response.body.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sip.response.from\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.response.from.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.response.from\"}}},{\"name\":\"sip.response.from.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.response.from\"}}},{\"name\":\"sip.response.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.response.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.response.path\"}}},{\"name\":\"sip.response.path.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.response.path\"}}},{\"name\":\"sip.response.to\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.response.to.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.response.to\"}}},{\"name\":\"sip.response.to.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.response.to\"}}},{\"name\":\"sip.seq\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.seq.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.seq\"}}},{\"name\":\"sip.seq.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.seq\"}}},{\"name\":\"sip.transaction.depth\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sip.uri\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.uri.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.uri\"}}},{\"name\":\"sip.uri.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.uri\"}}},{\"name\":\"sip.warning\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.warning.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.warning\"}}},{\"name\":\"sip.warning.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.warning\"}}},{\"name\":\"smb.file_system\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smb.file_system.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smb.file_system\"}}},{\"name\":\"smb.file_system.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smb.file_system\"}}},{\"name\":\"smb.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smb.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smb.path\"}}},{\"name\":\"smb.path.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smb.path\"}}},{\"name\":\"smb.service\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smb.service.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smb.service\"}}},{\"name\":\"smb.service.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smb.service\"}}},{\"name\":\"smb.share_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smb.share_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smb.share_type\"}}},{\"name\":\"smb.share_type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smb.share_type\"}}},{\"name\":\"smtp.cc\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.cc.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.cc\"}}},{\"name\":\"smtp.cc.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.cc\"}}},{\"name\":\"smtp.first_received\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.first_received.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.first_received\"}}},{\"name\":\"smtp.first_received.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.first_received\"}}},{\"name\":\"smtp.from\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.from.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.from\"}}},{\"name\":\"smtp.from.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.from\"}}},{\"name\":\"smtp.helo\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.helo.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.helo\"}}},{\"name\":\"smtp.helo.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.helo\"}}},{\"name\":\"smtp.in_reply_to\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.in_reply_to.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.in_reply_to\"}}},{\"name\":\"smtp.in_reply_to.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.in_reply_to\"}}},{\"name\":\"smtp.is_webmail\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smtp.last_reply\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.last_reply.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.last_reply\"}}},{\"name\":\"smtp.last_reply.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.last_reply\"}}},{\"name\":\"smtp.mail_date\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.mail_date.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.mail_date\"}}},{\"name\":\"smtp.mail_date.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.mail_date\"}}},{\"name\":\"smtp.mail_from\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.mail_from.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.mail_from\"}}},{\"name\":\"smtp.mail_from.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.mail_from\"}}},{\"name\":\"smtp.message_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.message_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.message_id\"}}},{\"name\":\"smtp.message_id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.message_id\"}}},{\"name\":\"smtp.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.path\"}}},{\"name\":\"smtp.path.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.path\"}}},{\"name\":\"smtp.recipient_to\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.recipient_to.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.recipient_to\"}}},{\"name\":\"smtp.recipient_to.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.recipient_to\"}}},{\"name\":\"smtp.second_received\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.second_received.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.second_received\"}}},{\"name\":\"smtp.second_received.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.second_received\"}}},{\"name\":\"smtp.subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.subject\"}}},{\"name\":\"smtp.subject.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.subject\"}}},{\"name\":\"smtp.tls\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smtp.to\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.to.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.to\"}}},{\"name\":\"smtp.to.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.to\"}}},{\"name\":\"smtp.transaction_depth\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smtp.useragent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.useragent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.useragent\"}}},{\"name\":\"smtp.useragent.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.useragent\"}}},{\"name\":\"snmp.community\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"snmp.community.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"snmp.community\"}}},{\"name\":\"snmp.community.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"snmp.community\"}}},{\"name\":\"snmp.display_string\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"snmp.display_string.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"snmp.display_string\"}}},{\"name\":\"snmp.display_string.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"snmp.display_string\"}}},{\"name\":\"snmp.get.bulk_requests\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"snmp.get.requests\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"snmp.get.responses\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"snmp.set.requests\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"snmp.up_since\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"snmp.up_since.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"snmp.up_since\"}}},{\"name\":\"snmp.up_since.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"snmp.up_since\"}}},{\"name\":\"snmp.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"snmp.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"snmp.version\"}}},{\"name\":\"snmp.version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"snmp.version\"}}},{\"name\":\"socks.bound.host\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"socks.bound.host.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"socks.bound.host\"}}},{\"name\":\"socks.bound.host.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"socks.bound.host\"}}},{\"name\":\"socks.bound.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"socks.request.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"socks.request.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"socks.request.name\"}}},{\"name\":\"socks.request.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"socks.request.name\"}}},{\"name\":\"socks.request.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"socks.status\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"socks.status.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"socks.status\"}}},{\"name\":\"socks.status.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"socks.status\"}}},{\"name\":\"socks.user\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"socks.user.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"socks.user\"}}},{\"name\":\"socks.user.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"socks.user\"}}},{\"name\":\"socks.version\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"software.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"software.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"software.name\"}}},{\"name\":\"software.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"software.name\"}}},{\"name\":\"software.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"software.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"software.type\"}}},{\"name\":\"software.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"software.type\"}}},{\"name\":\"software.version.additional_info\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"software.version.additional_info.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"software.version.additional_info\"}}},{\"name\":\"software.version.additional_info.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"software.version.additional_info\"}}},{\"name\":\"software.version.major\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"software.version.minor\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"software.version.minor2\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"software.version.unparsed\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"software.version.unparsed.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"software.version.unparsed\"}}},{\"name\":\"software.version.unparsed.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"software.version.unparsed\"}}},{\"name\":\"source.geo.city_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.city_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.city_name\"}}},{\"name\":\"source.geo.city_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"source.geo.city_name\"}}},{\"name\":\"source.geo.continent_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.continent_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.continent_name\"}}},{\"name\":\"source.geo.continent_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"source.geo.continent_name\"}}},{\"name\":\"source.geo.country_iso_code\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.country_iso_code.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.country_iso_code\"}}},{\"name\":\"source.geo.country_iso_code.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"source.geo.country_iso_code\"}}},{\"name\":\"source.geo.country_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.country_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.country_name\"}}},{\"name\":\"source.geo.country_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"source.geo.country_name\"}}},{\"name\":\"source.geo.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.location.lat\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.location.lon\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.region_iso_code\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.region_iso_code.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.region_iso_code\"}}},{\"name\":\"source.geo.region_iso_code.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"source.geo.region_iso_code\"}}},{\"name\":\"source.geo.region_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.region_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.region_name\"}}},{\"name\":\"source.geo.region_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"source.geo.region_name\"}}},{\"name\":\"source.geo.timezone\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.timezone.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.timezone\"}}},{\"name\":\"source.geo.timezone.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"source.geo.timezone\"}}},{\"name\":\"source.hostname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.hostname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.hostname\"}}},{\"name\":\"source.hostname.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"source.hostname\"}}},{\"name\":\"source.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.latitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.location\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.longitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssh.authentication.attempts\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssh.authentication.success\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssh.cipher_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.cipher_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.cipher_algorithm\"}}},{\"name\":\"ssh.cipher_algorithm.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.cipher_algorithm\"}}},{\"name\":\"ssh.client\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.client.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.client\"}}},{\"name\":\"ssh.client.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.client\"}}},{\"name\":\"ssh.client_host_key_algorithms\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.client_host_key_algorithms.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.client_host_key_algorithms\"}}},{\"name\":\"ssh.client_host_key_algorithms.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.client_host_key_algorithms\"}}},{\"name\":\"ssh.compression_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.compression_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.compression_algorithm\"}}},{\"name\":\"ssh.compression_algorithm.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.compression_algorithm\"}}},{\"name\":\"ssh.direction\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.direction.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.direction\"}}},{\"name\":\"ssh.direction.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.direction\"}}},{\"name\":\"ssh.hassh_algorithms\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.hassh_algorithms.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_algorithms\"}}},{\"name\":\"ssh.hassh_algorithms.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_algorithms\"}}},{\"name\":\"ssh.hassh_server\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.hassh_server.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_server\"}}},{\"name\":\"ssh.hassh_server.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_server\"}}},{\"name\":\"ssh.hassh_server_algorithms\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.hassh_server_algorithms.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_server_algorithms\"}}},{\"name\":\"ssh.hassh_server_algorithms.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_server_algorithms\"}}},{\"name\":\"ssh.hassh_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.hassh_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_version\"}}},{\"name\":\"ssh.hassh_version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_version\"}}},{\"name\":\"ssh.host_key\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.host_key.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.host_key\"}}},{\"name\":\"ssh.host_key.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.host_key\"}}},{\"name\":\"ssh.host_key_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.host_key_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.host_key_algorithm\"}}},{\"name\":\"ssh.host_key_algorithm.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.host_key_algorithm\"}}},{\"name\":\"ssh.kex_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.kex_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.kex_algorithm\"}}},{\"name\":\"ssh.kex_algorithm.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.kex_algorithm\"}}},{\"name\":\"ssh.mac_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.mac_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.mac_algorithm\"}}},{\"name\":\"ssh.mac_algorithm.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.mac_algorithm\"}}},{\"name\":\"ssh.server\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.server.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.server\"}}},{\"name\":\"ssh.server.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.server\"}}},{\"name\":\"ssh.server_host_key_algorithms\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.server_host_key_algorithms.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.server_host_key_algorithms\"}}},{\"name\":\"ssh.server_host_key_algorithms.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.server_host_key_algorithms\"}}},{\"name\":\"ssh.version\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssl.certificate.chain_fuids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.certificate.chain_fuids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.certificate.chain_fuids\"}}},{\"name\":\"ssl.certificate.chain_fuids.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.certificate.chain_fuids\"}}},{\"name\":\"ssl.certificate.issuer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.certificate.issuer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.certificate.issuer\"}}},{\"name\":\"ssl.certificate.issuer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.certificate.issuer\"}}},{\"name\":\"ssl.certificate.subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.certificate.subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.certificate.subject\"}}},{\"name\":\"ssl.certificate.subject.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.certificate.subject\"}}},{\"name\":\"ssl.cipher\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.cipher.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.cipher\"}}},{\"name\":\"ssl.cipher.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.cipher\"}}},{\"name\":\"ssl.client.certificate.chain_fuids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.client.certificate.chain_fuids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.client.certificate.chain_fuids\"}}},{\"name\":\"ssl.client.certificate.chain_fuids.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.client.certificate.chain_fuids\"}}},{\"name\":\"ssl.client.issuer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.client.issuer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.client.issuer\"}}},{\"name\":\"ssl.client.issuer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.client.issuer\"}}},{\"name\":\"ssl.client.subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.client.subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.client.subject\"}}},{\"name\":\"ssl.client.subject.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.client.subject\"}}},{\"name\":\"ssl.curve\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.curve.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.curve\"}}},{\"name\":\"ssl.curve.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.curve\"}}},{\"name\":\"ssl.established\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssl.last_alert\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.last_alert.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.last_alert\"}}},{\"name\":\"ssl.last_alert.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.last_alert\"}}},{\"name\":\"ssl.next_protocol\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.next_protocol.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.next_protocol\"}}},{\"name\":\"ssl.next_protocol.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.next_protocol\"}}},{\"name\":\"ssl.resumed\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssl.server_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.server_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.server_name\"}}},{\"name\":\"ssl.server_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.server_name\"}}},{\"name\":\"ssl.validation_status\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.validation_status.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.validation_status\"}}},{\"name\":\"ssl.validation_status.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.validation_status\"}}},{\"name\":\"ssl.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.version\"}}},{\"name\":\"ssl.version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.version\"}}},{\"name\":\"syslog.facility_label\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog.facility_label.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"syslog.facility_label\"}}},{\"name\":\"syslog.facility_label.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"syslog.facility_label\"}}},{\"name\":\"syslog.severity_label\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog.severity_label\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"syslog.severity_label\"}}},{\"name\":\"syslog.severity_label.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"syslog.severity_label\"}}},{\"name\":\"tags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"tags\"}}},{\"name\":\"tunnel.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tunnel.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"tunnel.type\"}}},{\"name\":\"tunnel.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"tunnel.type\"}}},{\"name\":\"user.escalated\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.escalated.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"user.escalated\"}}},{\"name\":\"user.escalated.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"user.escalated\"}}},{\"name\":\"user.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"user.name\"}}},{\"name\":\"user.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"user.name\"}}},{\"name\":\"version.minor3\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"weird.additional_info\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"weird.additional_info.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"weird.additional_info\"}}},{\"name\":\"weird.additional_info.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"weird.additional_info\"}}},{\"name\":\"weird.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"weird.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"weird.name\"}}},{\"name\":\"weird.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"weird.name\"}}},{\"name\":\"weird.notice\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"weird.peer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"weird.peer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"weird.peer\"}}},{\"name\":\"weird.peer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"weird.peer\"}}},{\"name\":\"winlog.activity_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.activity_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.activity_id\"}}},{\"name\":\"winlog.activity_id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.activity_id\"}}},{\"name\":\"winlog.api\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.api.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.api\"}}},{\"name\":\"winlog.api.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.api\"}}},{\"name\":\"winlog.channel\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.channel.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.channel\"}}},{\"name\":\"winlog.channel.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.channel\"}}},{\"name\":\"winlog.computer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.computer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.computer\"}}},{\"name\":\"winlog.computer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.computer\"}}},{\"name\":\"winlog.computer_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.computer_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.computer_name\"}}},{\"name\":\"winlog.computer_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.computer_name\"}}},{\"name\":\"winlog.eventRecordID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.eventRecordID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.eventRecordID\"}}},{\"name\":\"winlog.eventRecordID.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.eventRecordID\"}}},{\"name\":\"winlog.eventSourceName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.eventSourceName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.eventSourceName\"}}},{\"name\":\"winlog.eventSourceName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.eventSourceName\"}}},{\"name\":\"winlog.event_data.AccessList\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.AccessList.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.AccessList\"}}},{\"name\":\"winlog.event_data.AccessList.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.AccessList\"}}},{\"name\":\"winlog.event_data.AccessMask\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.AccessMask.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.AccessMask\"}}},{\"name\":\"winlog.event_data.AccessMask.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.AccessMask\"}}},{\"name\":\"winlog.event_data.Address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Address\"}}},{\"name\":\"winlog.event_data.Address.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Address\"}}},{\"name\":\"winlog.event_data.AddressLength\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.AddressLength.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.AddressLength\"}}},{\"name\":\"winlog.event_data.AddressLength.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.AddressLength\"}}},{\"name\":\"winlog.event_data.Binary\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Binary.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Binary\"}}},{\"name\":\"winlog.event_data.Binary.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Binary\"}}},{\"name\":\"winlog.event_data.CreationUtcTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.CreationUtcTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.CreationUtcTime\"}}},{\"name\":\"winlog.event_data.CreationUtcTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.CreationUtcTime\"}}},{\"name\":\"winlog.event_data.DeviceName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.DeviceName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceName\"}}},{\"name\":\"winlog.event_data.DeviceName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceName\"}}},{\"name\":\"winlog.event_data.DeviceNameLength\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.DeviceNameLength.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceNameLength\"}}},{\"name\":\"winlog.event_data.DeviceNameLength.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceNameLength\"}}},{\"name\":\"winlog.event_data.DeviceTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.DeviceTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceTime\"}}},{\"name\":\"winlog.event_data.DeviceTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceTime\"}}},{\"name\":\"winlog.event_data.DeviceVersionMajor\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.DeviceVersionMajor.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceVersionMajor\"}}},{\"name\":\"winlog.event_data.DeviceVersionMajor.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceVersionMajor\"}}},{\"name\":\"winlog.event_data.DeviceVersionMinor\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.DeviceVersionMinor.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceVersionMinor\"}}},{\"name\":\"winlog.event_data.DeviceVersionMinor.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceVersionMinor\"}}},{\"name\":\"winlog.event_data.DirtyPages\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.DirtyPages.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DirtyPages\"}}},{\"name\":\"winlog.event_data.DirtyPages.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DirtyPages\"}}},{\"name\":\"winlog.event_data.FileName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.FileName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.FileName\"}}},{\"name\":\"winlog.event_data.FileName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.FileName\"}}},{\"name\":\"winlog.event_data.FinalStatus\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.FinalStatus.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.FinalStatus\"}}},{\"name\":\"winlog.event_data.FinalStatus.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.FinalStatus\"}}},{\"name\":\"winlog.event_data.HandleId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.HandleId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.HandleId\"}}},{\"name\":\"winlog.event_data.HandleId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.HandleId\"}}},{\"name\":\"winlog.event_data.Hashes\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Hashes.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Hashes\"}}},{\"name\":\"winlog.event_data.Hashes.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Hashes\"}}},{\"name\":\"winlog.event_data.HiveName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.HiveName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.HiveName\"}}},{\"name\":\"winlog.event_data.HiveName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.HiveName\"}}},{\"name\":\"winlog.event_data.HiveNameLength\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.HiveNameLength.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.HiveNameLength\"}}},{\"name\":\"winlog.event_data.HiveNameLength.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.HiveNameLength\"}}},{\"name\":\"winlog.event_data.ImageLoaded\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ImageLoaded.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ImageLoaded\"}}},{\"name\":\"winlog.event_data.ImageLoaded.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ImageLoaded\"}}},{\"name\":\"winlog.event_data.IntegrityLevel\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.IntegrityLevel.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.IntegrityLevel\"}}},{\"name\":\"winlog.event_data.IntegrityLevel.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.IntegrityLevel\"}}},{\"name\":\"winlog.event_data.KeysUpdated\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.KeysUpdated.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.KeysUpdated\"}}},{\"name\":\"winlog.event_data.KeysUpdated.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.KeysUpdated\"}}},{\"name\":\"winlog.event_data.LinkName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.LinkName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.LinkName\"}}},{\"name\":\"winlog.event_data.LinkName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.LinkName\"}}},{\"name\":\"winlog.event_data.LogonGuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.LogonGuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.LogonGuid\"}}},{\"name\":\"winlog.event_data.LogonGuid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.LogonGuid\"}}},{\"name\":\"winlog.event_data.LogonId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.LogonId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.LogonId\"}}},{\"name\":\"winlog.event_data.LogonId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.LogonId\"}}},{\"name\":\"winlog.event_data.NewSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.NewSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.NewSize\"}}},{\"name\":\"winlog.event_data.NewSize.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.NewSize\"}}},{\"name\":\"winlog.event_data.NewState\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.NewState.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.NewState\"}}},{\"name\":\"winlog.event_data.NewState.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.NewState\"}}},{\"name\":\"winlog.event_data.NewTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.NewTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.NewTime\"}}},{\"name\":\"winlog.event_data.NewTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.NewTime\"}}},{\"name\":\"winlog.event_data.ObjectName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ObjectName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ObjectName\"}}},{\"name\":\"winlog.event_data.ObjectName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ObjectName\"}}},{\"name\":\"winlog.event_data.ObjectServer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ObjectServer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ObjectServer\"}}},{\"name\":\"winlog.event_data.ObjectServer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ObjectServer\"}}},{\"name\":\"winlog.event_data.ObjectType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ObjectType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ObjectType\"}}},{\"name\":\"winlog.event_data.ObjectType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ObjectType\"}}},{\"name\":\"winlog.event_data.OldTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.OldTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.OldTime\"}}},{\"name\":\"winlog.event_data.OldTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.OldTime\"}}},{\"name\":\"winlog.event_data.OriginalSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.OriginalSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.OriginalSize\"}}},{\"name\":\"winlog.event_data.OriginalSize.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.OriginalSize\"}}},{\"name\":\"winlog.event_data.PreviousCreationUtcTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.PreviousCreationUtcTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.PreviousCreationUtcTime\"}}},{\"name\":\"winlog.event_data.PreviousCreationUtcTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.PreviousCreationUtcTime\"}}},{\"name\":\"winlog.event_data.PreviousTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.PreviousTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.PreviousTime\"}}},{\"name\":\"winlog.event_data.PreviousTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.PreviousTime\"}}},{\"name\":\"winlog.event_data.ProcessID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ProcessID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ProcessID\"}}},{\"name\":\"winlog.event_data.ProcessID.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ProcessID\"}}},{\"name\":\"winlog.event_data.ProcessId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ProcessId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ProcessId\"}}},{\"name\":\"winlog.event_data.ProcessId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ProcessId\"}}},{\"name\":\"winlog.event_data.ProcessName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ProcessName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ProcessName\"}}},{\"name\":\"winlog.event_data.ProcessName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ProcessName\"}}},{\"name\":\"winlog.event_data.QueryName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.QueryName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.QueryName\"}}},{\"name\":\"winlog.event_data.QueryName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.QueryName\"}}},{\"name\":\"winlog.event_data.QueryResults\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.QueryResults.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.QueryResults\"}}},{\"name\":\"winlog.event_data.QueryResults.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.QueryResults\"}}},{\"name\":\"winlog.event_data.QueryStatus\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.QueryStatus.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.QueryStatus\"}}},{\"name\":\"winlog.event_data.QueryStatus.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.QueryStatus\"}}},{\"name\":\"winlog.event_data.Reason\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Reason.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Reason\"}}},{\"name\":\"winlog.event_data.Reason.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Reason\"}}},{\"name\":\"winlog.event_data.ResourceAttributes\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ResourceAttributes.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ResourceAttributes\"}}},{\"name\":\"winlog.event_data.ResourceAttributes.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ResourceAttributes\"}}},{\"name\":\"winlog.event_data.ResourceManager\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ResourceManager.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ResourceManager\"}}},{\"name\":\"winlog.event_data.ResourceManager.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ResourceManager\"}}},{\"name\":\"winlog.event_data.RuleName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.RuleName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.RuleName\"}}},{\"name\":\"winlog.event_data.RuleName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.RuleName\"}}},{\"name\":\"winlog.event_data.Signature\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Signature.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Signature\"}}},{\"name\":\"winlog.event_data.Signature.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Signature\"}}},{\"name\":\"winlog.event_data.SignatureStatus\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.SignatureStatus.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SignatureStatus\"}}},{\"name\":\"winlog.event_data.SignatureStatus.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SignatureStatus\"}}},{\"name\":\"winlog.event_data.Signed\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Signed.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Signed\"}}},{\"name\":\"winlog.event_data.Signed.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Signed\"}}},{\"name\":\"winlog.event_data.SubjectDomainName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.SubjectDomainName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SubjectDomainName\"}}},{\"name\":\"winlog.event_data.SubjectDomainName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SubjectDomainName\"}}},{\"name\":\"winlog.event_data.SubjectLogonId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.SubjectLogonId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SubjectLogonId\"}}},{\"name\":\"winlog.event_data.SubjectLogonId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SubjectLogonId\"}}},{\"name\":\"winlog.event_data.SubjectUserSid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.SubjectUserSid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SubjectUserSid\"}}},{\"name\":\"winlog.event_data.SubjectUserSid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SubjectUserSid\"}}},{\"name\":\"winlog.event_data.TerminalSessionId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.TerminalSessionId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.TerminalSessionId\"}}},{\"name\":\"winlog.event_data.TerminalSessionId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.TerminalSessionId\"}}},{\"name\":\"winlog.event_data.TransactionId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.TransactionId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.TransactionId\"}}},{\"name\":\"winlog.event_data.TransactionId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.TransactionId\"}}},{\"name\":\"winlog.event_data.UtcTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.UtcTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.UtcTime\"}}},{\"name\":\"winlog.event_data.UtcTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.UtcTime\"}}},{\"name\":\"winlog.event_data.authenticationPackageName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.authenticationPackageName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.authenticationPackageName\"}}},{\"name\":\"winlog.event_data.authenticationPackageName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.authenticationPackageName\"}}},{\"name\":\"winlog.event_data.callerProcessId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.callerProcessId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.callerProcessId\"}}},{\"name\":\"winlog.event_data.callerProcessId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.callerProcessId\"}}},{\"name\":\"winlog.event_data.callerProcessName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.callerProcessName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.callerProcessName\"}}},{\"name\":\"winlog.event_data.callerProcessName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.callerProcessName\"}}},{\"name\":\"winlog.event_data.clientProcessId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.clientProcessId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.clientProcessId\"}}},{\"name\":\"winlog.event_data.clientProcessId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.clientProcessId\"}}},{\"name\":\"winlog.event_data.countOfCredentialsReturned\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.countOfCredentialsReturned.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.countOfCredentialsReturned\"}}},{\"name\":\"winlog.event_data.countOfCredentialsReturned.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.countOfCredentialsReturned\"}}},{\"name\":\"winlog.event_data.creationUtcTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.creationUtcTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.creationUtcTime\"}}},{\"name\":\"winlog.event_data.creationUtcTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.creationUtcTime\"}}},{\"name\":\"winlog.event_data.data\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.data.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.data\"}}},{\"name\":\"winlog.event_data.data.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.data\"}}},{\"name\":\"winlog.event_data.destinationIsIpv6\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.destinationIsIpv6.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.destinationIsIpv6\"}}},{\"name\":\"winlog.event_data.destinationIsIpv6.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.destinationIsIpv6\"}}},{\"name\":\"winlog.event_data.destinationPortName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.destinationPortName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.destinationPortName\"}}},{\"name\":\"winlog.event_data.destinationPortName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.destinationPortName\"}}},{\"name\":\"winlog.event_data.details\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.details.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.details\"}}},{\"name\":\"winlog.event_data.details.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.details\"}}},{\"name\":\"winlog.event_data.elevatedToken\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.elevatedToken.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.elevatedToken\"}}},{\"name\":\"winlog.event_data.elevatedToken.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.elevatedToken\"}}},{\"name\":\"winlog.event_data.errorCode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.errorCode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.errorCode\"}}},{\"name\":\"winlog.event_data.errorCode.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.errorCode\"}}},{\"name\":\"winlog.event_data.eventType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.eventType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.eventType\"}}},{\"name\":\"winlog.event_data.eventType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.eventType\"}}},{\"name\":\"winlog.event_data.hashes\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.hashes.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.hashes\"}}},{\"name\":\"winlog.event_data.hashes.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.hashes\"}}},{\"name\":\"winlog.event_data.imagePath\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.imagePath.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.imagePath\"}}},{\"name\":\"winlog.event_data.imagePath.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.imagePath\"}}},{\"name\":\"winlog.event_data.impersonationLevel\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.impersonationLevel.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.impersonationLevel\"}}},{\"name\":\"winlog.event_data.impersonationLevel.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.impersonationLevel\"}}},{\"name\":\"winlog.event_data.initiated\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.initiated.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.initiated\"}}},{\"name\":\"winlog.event_data.initiated.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.initiated\"}}},{\"name\":\"winlog.event_data.integrityLevel\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.integrityLevel.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.integrityLevel\"}}},{\"name\":\"winlog.event_data.integrityLevel.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.integrityLevel\"}}},{\"name\":\"winlog.event_data.keyLength\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.keyLength.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.keyLength\"}}},{\"name\":\"winlog.event_data.keyLength.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.keyLength\"}}},{\"name\":\"winlog.event_data.logonGuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.logonGuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.logonGuid\"}}},{\"name\":\"winlog.event_data.logonGuid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.logonGuid\"}}},{\"name\":\"winlog.event_data.logonId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.logonId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.logonId\"}}},{\"name\":\"winlog.event_data.logonId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.logonId\"}}},{\"name\":\"winlog.event_data.logonProcessName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.logonProcessName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.logonProcessName\"}}},{\"name\":\"winlog.event_data.logonProcessName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.logonProcessName\"}}},{\"name\":\"winlog.event_data.logonType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.logonType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.logonType\"}}},{\"name\":\"winlog.event_data.logonType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.logonType\"}}},{\"name\":\"winlog.event_data.param1\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param1.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param1\"}}},{\"name\":\"winlog.event_data.param1.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param1\"}}},{\"name\":\"winlog.event_data.param10\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param10.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param10\"}}},{\"name\":\"winlog.event_data.param10.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param10\"}}},{\"name\":\"winlog.event_data.param11\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param11.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param11\"}}},{\"name\":\"winlog.event_data.param11.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param11\"}}},{\"name\":\"winlog.event_data.param16\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param16.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param16\"}}},{\"name\":\"winlog.event_data.param16.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param16\"}}},{\"name\":\"winlog.event_data.param19\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param19.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param19\"}}},{\"name\":\"winlog.event_data.param19.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param19\"}}},{\"name\":\"winlog.event_data.param2\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param2.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param2\"}}},{\"name\":\"winlog.event_data.param2.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param2\"}}},{\"name\":\"winlog.event_data.param20\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param20.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param20\"}}},{\"name\":\"winlog.event_data.param20.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param20\"}}},{\"name\":\"winlog.event_data.param21\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param21.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param21\"}}},{\"name\":\"winlog.event_data.param21.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param21\"}}},{\"name\":\"winlog.event_data.param22\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param22.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param22\"}}},{\"name\":\"winlog.event_data.param22.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param22\"}}},{\"name\":\"winlog.event_data.param23\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param23.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param23\"}}},{\"name\":\"winlog.event_data.param23.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param23\"}}},{\"name\":\"winlog.event_data.param3\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param3.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param3\"}}},{\"name\":\"winlog.event_data.param3.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param3\"}}},{\"name\":\"winlog.event_data.param4\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param4.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param4\"}}},{\"name\":\"winlog.event_data.param4.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param4\"}}},{\"name\":\"winlog.event_data.param5\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param5.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param5\"}}},{\"name\":\"winlog.event_data.param5.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param5\"}}},{\"name\":\"winlog.event_data.param6\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param6.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param6\"}}},{\"name\":\"winlog.event_data.param6.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param6\"}}},{\"name\":\"winlog.event_data.param7\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param7.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param7\"}}},{\"name\":\"winlog.event_data.param7.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param7\"}}},{\"name\":\"winlog.event_data.param8\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param8.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param8\"}}},{\"name\":\"winlog.event_data.param8.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param8\"}}},{\"name\":\"winlog.event_data.param9\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param9.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param9\"}}},{\"name\":\"winlog.event_data.param9.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param9\"}}},{\"name\":\"winlog.event_data.privilegeList\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.privilegeList.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.privilegeList\"}}},{\"name\":\"winlog.event_data.privilegeList.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.privilegeList\"}}},{\"name\":\"winlog.event_data.processCreationTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.processCreationTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.processCreationTime\"}}},{\"name\":\"winlog.event_data.processCreationTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.processCreationTime\"}}},{\"name\":\"winlog.event_data.processId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.processId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.processId\"}}},{\"name\":\"winlog.event_data.processId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.processId\"}}},{\"name\":\"winlog.event_data.processName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.processName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.processName\"}}},{\"name\":\"winlog.event_data.processName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.processName\"}}},{\"name\":\"winlog.event_data.protocol\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.protocol.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.protocol\"}}},{\"name\":\"winlog.event_data.protocol.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.protocol\"}}},{\"name\":\"winlog.event_data.queryName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.queryName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.queryName\"}}},{\"name\":\"winlog.event_data.queryName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.queryName\"}}},{\"name\":\"winlog.event_data.queryResults\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.queryResults.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.queryResults\"}}},{\"name\":\"winlog.event_data.queryResults.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.queryResults\"}}},{\"name\":\"winlog.event_data.queryStatus\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.queryStatus.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.queryStatus\"}}},{\"name\":\"winlog.event_data.queryStatus.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.queryStatus\"}}},{\"name\":\"winlog.event_data.readOperation\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.readOperation.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.readOperation\"}}},{\"name\":\"winlog.event_data.readOperation.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.readOperation\"}}},{\"name\":\"winlog.event_data.returnCode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.returnCode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.returnCode\"}}},{\"name\":\"winlog.event_data.returnCode.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.returnCode\"}}},{\"name\":\"winlog.event_data.ruleName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ruleName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ruleName\"}}},{\"name\":\"winlog.event_data.ruleName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ruleName\"}}},{\"name\":\"winlog.event_data.serviceGuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.serviceGuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.serviceGuid\"}}},{\"name\":\"winlog.event_data.serviceGuid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.serviceGuid\"}}},{\"name\":\"winlog.event_data.serviceName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.serviceName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.serviceName\"}}},{\"name\":\"winlog.event_data.serviceName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.serviceName\"}}},{\"name\":\"winlog.event_data.serviceType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.serviceType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.serviceType\"}}},{\"name\":\"winlog.event_data.serviceType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.serviceType\"}}},{\"name\":\"winlog.event_data.sourceIsIpv6\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.sourceIsIpv6.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.sourceIsIpv6\"}}},{\"name\":\"winlog.event_data.sourceIsIpv6.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.sourceIsIpv6\"}}},{\"name\":\"winlog.event_data.startType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.startType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.startType\"}}},{\"name\":\"winlog.event_data.startType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.startType\"}}},{\"name\":\"winlog.event_data.subjectDomainName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.subjectDomainName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.subjectDomainName\"}}},{\"name\":\"winlog.event_data.subjectDomainName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.subjectDomainName\"}}},{\"name\":\"winlog.event_data.subjectLogonId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.subjectLogonId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.subjectLogonId\"}}},{\"name\":\"winlog.event_data.subjectLogonId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.subjectLogonId\"}}},{\"name\":\"winlog.event_data.subjectUserName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.subjectUserName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.subjectUserName\"}}},{\"name\":\"winlog.event_data.subjectUserName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.subjectUserName\"}}},{\"name\":\"winlog.event_data.subjectUserSid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.subjectUserSid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.subjectUserSid\"}}},{\"name\":\"winlog.event_data.subjectUserSid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.subjectUserSid\"}}},{\"name\":\"winlog.event_data.targetDomainName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.targetDomainName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetDomainName\"}}},{\"name\":\"winlog.event_data.targetDomainName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetDomainName\"}}},{\"name\":\"winlog.event_data.targetLinkedLogonId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.targetLinkedLogonId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetLinkedLogonId\"}}},{\"name\":\"winlog.event_data.targetLinkedLogonId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetLinkedLogonId\"}}},{\"name\":\"winlog.event_data.targetLogonId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.targetLogonId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetLogonId\"}}},{\"name\":\"winlog.event_data.targetLogonId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetLogonId\"}}},{\"name\":\"winlog.event_data.targetName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.targetName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetName\"}}},{\"name\":\"winlog.event_data.targetName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetName\"}}},{\"name\":\"winlog.event_data.targetObject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.targetObject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetObject\"}}},{\"name\":\"winlog.event_data.targetObject.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetObject\"}}},{\"name\":\"winlog.event_data.targetSid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.targetSid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetSid\"}}},{\"name\":\"winlog.event_data.targetSid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetSid\"}}},{\"name\":\"winlog.event_data.targetUserName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.targetUserName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetUserName\"}}},{\"name\":\"winlog.event_data.targetUserName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetUserName\"}}},{\"name\":\"winlog.event_data.targetUserSid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.targetUserSid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetUserSid\"}}},{\"name\":\"winlog.event_data.targetUserSid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetUserSid\"}}},{\"name\":\"winlog.event_data.terminalSessionId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.terminalSessionId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.terminalSessionId\"}}},{\"name\":\"winlog.event_data.terminalSessionId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.terminalSessionId\"}}},{\"name\":\"winlog.event_data.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.type\"}}},{\"name\":\"winlog.event_data.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.type\"}}},{\"name\":\"winlog.event_data.updateGuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.updateGuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.updateGuid\"}}},{\"name\":\"winlog.event_data.updateGuid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.updateGuid\"}}},{\"name\":\"winlog.event_data.updateRevisionNumber\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.updateRevisionNumber.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.updateRevisionNumber\"}}},{\"name\":\"winlog.event_data.updateRevisionNumber.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.updateRevisionNumber\"}}},{\"name\":\"winlog.event_data.updateTitle\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.updateTitle.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.updateTitle\"}}},{\"name\":\"winlog.event_data.updateTitle.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.updateTitle\"}}},{\"name\":\"winlog.event_data.utcTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.utcTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.utcTime\"}}},{\"name\":\"winlog.event_data.utcTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.utcTime\"}}},{\"name\":\"winlog.event_data.virtualAccount\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.virtualAccount.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.virtualAccount\"}}},{\"name\":\"winlog.event_data.virtualAccount.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.virtualAccount\"}}},{\"name\":\"winlog.event_id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.keywords\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.keywords.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.keywords\"}}},{\"name\":\"winlog.keywords.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.keywords\"}}},{\"name\":\"winlog.level\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.level.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.level\"}}},{\"name\":\"winlog.level.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.level\"}}},{\"name\":\"winlog.message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.message\"}}},{\"name\":\"winlog.message.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.message\"}}},{\"name\":\"winlog.opcode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.opcode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.opcode\"}}},{\"name\":\"winlog.opcode.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.opcode\"}}},{\"name\":\"winlog.process.pid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.process.thread.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.processID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.processID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.processID\"}}},{\"name\":\"winlog.processID.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.processID\"}}},{\"name\":\"winlog.providerGuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.providerGuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.providerGuid\"}}},{\"name\":\"winlog.providerGuid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.providerGuid\"}}},{\"name\":\"winlog.providerName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.providerName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.providerName\"}}},{\"name\":\"winlog.providerName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.providerName\"}}},{\"name\":\"winlog.provider_guid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.provider_guid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.provider_guid\"}}},{\"name\":\"winlog.provider_guid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.provider_guid\"}}},{\"name\":\"winlog.provider_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.provider_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.provider_name\"}}},{\"name\":\"winlog.provider_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.provider_name\"}}},{\"name\":\"winlog.record_id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.severityValue\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.severityValue.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.severityValue\"}}},{\"name\":\"winlog.severityValue.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.severityValue\"}}},{\"name\":\"winlog.systemTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.systemTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.systemTime\"}}},{\"name\":\"winlog.systemTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.systemTime\"}}},{\"name\":\"winlog.task\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.task.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.task\"}}},{\"name\":\"winlog.task.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.task\"}}},{\"name\":\"winlog.threadID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.threadID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.threadID\"}}},{\"name\":\"winlog.threadID.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.threadID\"}}},{\"name\":\"winlog.user.domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user.domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user.domain\"}}},{\"name\":\"winlog.user.domain.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.user.domain\"}}},{\"name\":\"winlog.user.identifier\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user.identifier.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user.identifier\"}}},{\"name\":\"winlog.user.identifier.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.user.identifier\"}}},{\"name\":\"winlog.user.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user.name\"}}},{\"name\":\"winlog.user.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.user.name\"}}},{\"name\":\"winlog.user.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user.type\"}}},{\"name\":\"winlog.user.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.user.type\"}}},{\"name\":\"winlog.user_data.SubjectDomainName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user_data.SubjectDomainName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.SubjectDomainName\"}}},{\"name\":\"winlog.user_data.SubjectDomainName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.SubjectDomainName\"}}},{\"name\":\"winlog.user_data.SubjectLogonId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user_data.SubjectLogonId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.SubjectLogonId\"}}},{\"name\":\"winlog.user_data.SubjectLogonId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.SubjectLogonId\"}}},{\"name\":\"winlog.user_data.SubjectUserName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user_data.SubjectUserName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.SubjectUserName\"}}},{\"name\":\"winlog.user_data.SubjectUserName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.SubjectUserName\"}}},{\"name\":\"winlog.user_data.SubjectUserSid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user_data.SubjectUserSid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.SubjectUserSid\"}}},{\"name\":\"winlog.user_data.SubjectUserSid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.SubjectUserSid\"}}},{\"name\":\"winlog.user_data.xml_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user_data.xml_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.xml_name\"}}},{\"name\":\"winlog.user_data.xml_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.xml_name\"}}},{\"name\":\"winlog.version\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"x509.basic_constraints.ca\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"x509.certificate.curve\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.curve.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.curve\"}}},{\"name\":\"x509.certificate.curve.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.curve\"}}},{\"name\":\"x509.certificate.exponent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.exponent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.exponent\"}}},{\"name\":\"x509.certificate.exponent.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.exponent\"}}},{\"name\":\"x509.certificate.issuer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.issuer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.issuer\"}}},{\"name\":\"x509.certificate.issuer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.issuer\"}}},{\"name\":\"x509.certificate.key.algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.key.algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.key.algorithm\"}}},{\"name\":\"x509.certificate.key.algorithm.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.key.algorithm\"}}},{\"name\":\"x509.certificate.key.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"x509.certificate.key.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.key.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.key.type\"}}},{\"name\":\"x509.certificate.key.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.key.type\"}}},{\"name\":\"x509.certificate.not_valid_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.not_valid_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.not_valid_after\"}}},{\"name\":\"x509.certificate.not_valid_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.not_valid_after\"}}},{\"name\":\"x509.certificate.not_valid_before\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.not_valid_before.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.not_valid_before\"}}},{\"name\":\"x509.certificate.not_valid_before.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.not_valid_before\"}}},{\"name\":\"x509.certificate.serial\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.serial.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.serial\"}}},{\"name\":\"x509.certificate.serial.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.serial\"}}},{\"name\":\"x509.certificate.signing_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.signing_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.signing_algorithm\"}}},{\"name\":\"x509.certificate.signing_algorithm.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.signing_algorithm\"}}},{\"name\":\"x509.certificate.subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.subject\"}}},{\"name\":\"x509.certificate.subject.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.subject\"}}},{\"name\":\"x509.certificate.version\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"x509.san_dns\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.san_dns.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.san_dns\"}}},{\"name\":\"x509.san_dns.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.san_dns\"}}}]","timeFieldName":"@timestamp","title":"*:so-*"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"sort":[1688154054424,4288],"type":"index-pattern","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwMTQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Security Onion - Alert Data","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Home](/kibana/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645)     \\n \\n**Modules**    \\n[Playbook](/kibana/app/dashboards#/view/f449f0a0-c77c-11ea-bebb-37c5ab5894ea)  \\n[Suricata](/kibana/app/dashboards#/view/81057f40-7733-11ea-bee5-af7f7c7b8e05)    \\n\"},\"title\":\"Security Onion - Alert Data\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"30df00e0-7733-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"8.5.0"},"references":[],"sort":[1688154054424,4289],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwMTUsMV0="}
-{"attributes":{"columns":[],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.dataset:*alert\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Security Onion - Alerts","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"5c3effd0-72ae-11ea-8dd2-9d8795a1200b","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4291],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwMTYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Alerts - Count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Alerts - Count\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":40}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"931cb6f0-72ae-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"5c3effd0-72ae-11ea-8dd2-9d8795a1200b","name":"search_0","type":"search"}],"sort":[1688154054424,4293],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwMTcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Alerts Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Alerts Over Time\",\"type\":\"line\",\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"linear\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"b419b100-72ae-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"5c3effd0-72ae-11ea-8dd2-9d8795a1200b","name":"search_0","type":"search"}],"sort":[1688154054424,4295],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwMTgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security Onion - Rule - Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.module.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Module\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rule.name.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"title\":\"Security Onion - Rule - Name\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"508fb520-72af-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"5c3effd0-72ae-11ea-8dd2-9d8795a1200b","name":"search_0","type":"search"}],"sort":[1688154054424,4297],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwMTksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Rule - Severity","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"event.severity_label.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Severity\"}}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Security Onion - Rule - Severity\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"a37b9fa0-72b0-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4299],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwMjAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Rule - Category","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Rule - Category\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.category.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"f7e1d570-72ae-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"5c3effd0-72ae-11ea-8dd2-9d8795a1200b","name":"search_0","type":"search"}],"sort":[1688154054424,4301],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwMjEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Destination Ports","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Destination Ports\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"destination.port: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4303],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwMjIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:alert\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"Low & Medium Severity\",\"disabled\":true,\"key\":\"event.severity\",\"negate\":false,\"params\":{\"gte\":1,\"lt\":3},\"type\":\"range\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"range\":{\"event.severity\":{\"gte\":1,\"lt\":3}}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"High & Critical Severity\",\"disabled\":true,\"key\":\"event.severity\",\"negate\":false,\"params\":{\"gte\":3,\"lt\":5},\"type\":\"range\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"range\":{\"event.severity\":{\"gte\":3,\"lt\":5}}}}]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":10,\"h\":8,\"i\":\"c2ddba4b-b0a1-4204-b952-fdc8073dd3c6\"},\"panelIndex\":\"c2ddba4b-b0a1-4204-b952-fdc8073dd3c6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_c2ddba4b-b0a1-4204-b952-fdc8073dd3c6\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":10,\"y\":0,\"w\":13,\"h\":8,\"i\":\"5a22818d-a0f7-4b39-978f-bee1e4280a54\"},\"panelIndex\":\"5a22818d-a0f7-4b39-978f-bee1e4280a54\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5a22818d-a0f7-4b39-978f-bee1e4280a54\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":23,\"y\":0,\"w\":25,\"h\":8,\"i\":\"41a7c313-2dc3-4563-8545-a55f57af532c\"},\"panelIndex\":\"41a7c313-2dc3-4563-8545-a55f57af532c\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_41a7c313-2dc3-4563-8545-a55f57af532c\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":8,\"w\":29,\"h\":19,\"i\":\"7f00befc-4315-45d2-b686-fa99db9fb79c\"},\"panelIndex\":\"7f00befc-4315-45d2-b686-fa99db9fb79c\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7f00befc-4315-45d2-b686-fa99db9fb79c\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":29,\"y\":8,\"w\":19,\"h\":19,\"i\":\"1fa5c765-6991-4ece-a6a4-cdb6f2d35553\"},\"panelIndex\":\"1fa5c765-6991-4ece-a6a4-cdb6f2d35553\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1fa5c765-6991-4ece-a6a4-cdb6f2d35553\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":27,\"w\":19,\"h\":18,\"i\":\"eee74597-fa74-4bf6-9c71-429bfe4c3ecd\"},\"panelIndex\":\"eee74597-fa74-4bf6-9c71-429bfe4c3ecd\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_eee74597-fa74-4bf6-9c71-429bfe4c3ecd\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":19,\"y\":27,\"w\":10,\"h\":18,\"i\":\"fa0e8955-a837-400c-abcb-43394471b39d\"},\"panelIndex\":\"fa0e8955-a837-400c-abcb-43394471b39d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_fa0e8955-a837-400c-abcb-43394471b39d\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":29,\"y\":27,\"w\":10,\"h\":18,\"i\":\"b60abef8-9b1e-4bae-ac3f-d7eb5a230430\"},\"panelIndex\":\"b60abef8-9b1e-4bae-ac3f-d7eb5a230430\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b60abef8-9b1e-4bae-ac3f-d7eb5a230430\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":39,\"y\":27,\"w\":9,\"h\":18,\"i\":\"799598a4-39de-455d-bc39-409466b8b119\"},\"panelIndex\":\"799598a4-39de-455d-bc39-409466b8b119\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_799598a4-39de-455d-bc39-409466b8b119\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":45,\"w\":48,\"h\":29,\"i\":\"a801f4a1-b678-47f2-9602-9c46e65533ca\"},\"panelIndex\":\"a801f4a1-b678-47f2-9602-9c46e65533ca\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a801f4a1-b678-47f2-9602-9c46e65533ca\"}]","timeRestore":false,"title":"Security Onion - Alerts","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"0e4af1d0-72ae-11ea-8dd2-9d8795a1200b","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"30df00e0-7733-11ea-bee5-af7f7c7b8e05","name":"c2ddba4b-b0a1-4204-b952-fdc8073dd3c6:panel_c2ddba4b-b0a1-4204-b952-fdc8073dd3c6","type":"visualization"},{"id":"931cb6f0-72ae-11ea-8dd2-9d8795a1200b","name":"5a22818d-a0f7-4b39-978f-bee1e4280a54:panel_5a22818d-a0f7-4b39-978f-bee1e4280a54","type":"visualization"},{"id":"b419b100-72ae-11ea-8dd2-9d8795a1200b","name":"41a7c313-2dc3-4563-8545-a55f57af532c:panel_41a7c313-2dc3-4563-8545-a55f57af532c","type":"visualization"},{"id":"508fb520-72af-11ea-8dd2-9d8795a1200b","name":"7f00befc-4315-45d2-b686-fa99db9fb79c:panel_7f00befc-4315-45d2-b686-fa99db9fb79c","type":"visualization"},{"id":"a37b9fa0-72b0-11ea-8dd2-9d8795a1200b","name":"1fa5c765-6991-4ece-a6a4-cdb6f2d35553:panel_1fa5c765-6991-4ece-a6a4-cdb6f2d35553","type":"visualization"},{"id":"f7e1d570-72ae-11ea-8dd2-9d8795a1200b","name":"eee74597-fa74-4bf6-9c71-429bfe4c3ecd:panel_eee74597-fa74-4bf6-9c71-429bfe4c3ecd","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"fa0e8955-a837-400c-abcb-43394471b39d:panel_fa0e8955-a837-400c-abcb-43394471b39d","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"b60abef8-9b1e-4bae-ac3f-d7eb5a230430:panel_b60abef8-9b1e-4bae-ac3f-d7eb5a230430","type":"visualization"},{"id":"f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b","name":"799598a4-39de-455d-bc39-409466b8b119:panel_799598a4-39de-455d-bc39-409466b8b119","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"a801f4a1-b678-47f2-9602-9c46e65533ca:panel_a801f4a1-b678-47f2-9602-9c46e65533ca","type":"search"}],"sort":[1688154054424,4316],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwMjMsMV0="}
-{"attributes":{"columns":["event_type","source_ip","source_port","destination_ip","destination_port","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:sysmon\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Sysmon - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4318],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwMjQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Sysmon - Summary","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Sysmon - Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"image_path.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Image\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_hostname.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source Hostname\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_hostname.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Hostname\"}},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"0eb1fd80-6d70-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688154054424,4320],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwMjUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Kerberos Client","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Kerberos Client\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"kerberos.client.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"kerberos.client.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"0ecc7310-75bd-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4322],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwMjYsMV0="}
-{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"All Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"aa05e920-3433-11e7-8867-29a39c0f86b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4324],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwMjcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Sensors/Devices - Total Number of Logs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Sensors/Devices - Total Number of Logs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"syslog-host_from.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Sensor/Device\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"0f25aac0-3434-11e7-8867-29a39c0f86b2","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"aa05e920-3433-11e7-8867-29a39c0f86b2","name":"search_0","type":"search"}],"sort":[1688154054424,4326],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwMjgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SSH - Direction","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - SSH - Direction\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ssh.direction.keyword: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ssh.direction.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Direction\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"104a4a90-75eb-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4328],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwMjksMV0="}
-{"attributes":{"columns":["source_ip","destination_ip","message_types","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"event_type:bro_dhcp\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"DHCP - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"ac1799d0-342d-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4330],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwMzAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DHCP - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DHCP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"1055ada0-3655-11e7-baa7-b7de4ee40605","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"ac1799d0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4332],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwMzEsMV0="}
-{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_dce_rpc\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"DCE/RPC - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4334],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwMzIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DCE/RPC - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DCE/RPC - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"10b8a610-3af3-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688154054424,4336],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwMzMsMV0="}
-{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_radius\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"RADIUS - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"75545310-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4338],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwMzQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RADIUS - MAC","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RADIUS - MAC\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mac.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MAC Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"10cd7190-3809-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"75545310-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4340],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwMzUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Source - Sum of Total Bytes ( Tile Map)","uiStateJSON":"{\"mapZoom\":3,\"mapCenter\":[39.70718665682654,-44.912109375]}","version":1,"visState":"{\"title\":\"Connections - Source - Sum of Total Bytes ( Tile Map)\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":0,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"total_bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"source_geo.location\",\"autoPrecision\":true,\"useGeocentroid\":true,\"precision\":2}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"1156b1e0-46c7-11e7-946f-1bfb1be7c36b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4342],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwMzYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Destination - Sum of Total Bytes ( Tile Map)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Connections - Destination - Sum of Total Bytes ( Tile Map)\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":0,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"total_bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.location\",\"autoPrecision\":true,\"useGeocentroid\":true,\"precision\":2}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"1342e630-4632-11e7-9903-85f789353078","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4344],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwMzcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DNS - Response Code Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dns.response.code_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Response Code Name\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"Security Onion - DNS - Response Code Name\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"13cda410-c770-11ea-bebb-37c5ab5894ea","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4346],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwMzgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Sysmon - Username","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Sysmon - Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"User\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"13ed0810-6d72-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688154054424,4348],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwMzksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Connection State","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Connections - Connection State\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"connection_state_description.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Connection State Description\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"13fe29c0-3b17-11e7-b871-5f76306b9694","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4350],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwNDAsMV0="}
-{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_rfb\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"RFB - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"8ba53710-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4352],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwNDEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Exclusive Session (Donut Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":true}}","version":1,"visState":"{\"title\":\"RFB - Exclusive Session (Donut Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"share_flag.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"14274040-371f-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4354],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwNDIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Agents","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Agents\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"agent.type.keyword: Descending\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"agent.version.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"agent.type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Agent\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"agent.version.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Version\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"14ed9540-6ed7-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4356],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwNDMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"X.509 - Certificate Key Length (Vertical Bar Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"X.509 - Certificate Key Length (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Key Length\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"certificate_key_length\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Key Length\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"150f7280-6e37-11e7-a8d6-ed2e692de531","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"f5038cc0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4358],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwNDQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Rule - Description","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Rule - Description\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.description.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"1563f380-7737-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4360],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwNDUsMV0="}
-{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query_string\":{\"query\":\"(event_type:bro_smb_mapping OR event_type:bro_smb_files)\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"SMB - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"19849f30-3aab-11e7-8b17-0d8709b02c80","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4362],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwNDYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMB - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMB - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"15b4e7a0-3aad-11e7-8b17-0d8709b02c80","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688154054424,4364],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwNDcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DHCP - Server Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DHCP - Server Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Server Address\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server.address.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server Address\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"15fa3b30-7375-11ea-a3da-cbdb4f8a90c0","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4366],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwNDgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Modbus - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Modbus - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"178209e0-6e1b-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"52dc9fe0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4368],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwNDksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"RDP - Destination Port","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"RDP - Destination Port\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"19dfd180-371c-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4370],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwNTAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Notices - Destination Country","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Notices - Destination Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"1a879c90-4ca5-11e8-888d-71b91451cf05","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4372],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwNTEsMV0="}
-{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":\"event_type:ids\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"NIDS - Alerts","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4374],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwNTIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NIDS - Drilldown - Alert Title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"NIDS - Drilldown - Alert Title\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":false},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":12}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"top_hits\",\"schema\":\"metric\",\"params\":{\"field\":\"alert.keyword\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"1b3faca0-e064-11e9-8f0c-2ddbf5ed9290","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4376],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwNTMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Weird - Source IP Address","uiStateJSON":"{\"P-5\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"P-6\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Weird - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"1b837b00-364e-11e7-9dc3-d35061cb642d","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"e32d0d50-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4378],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwNTQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Total Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Total Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 seconds\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"1c2aeb50-365e-11e7-b896-5bdd6bfa1561","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"aa05e920-3433-11e7-8867-29a39c0f86b2","name":"search_0","type":"search"}],"sort":[1688154054424,4380],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwNTUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SMB - Service","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SMB - Service\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"smb.service.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"1c6567b0-75f0-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4382],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwNTYsMV0="}
-{"attributes":{"columns":["entry","entry_location","image_path","hostname","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:autoruns\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Autoruns - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"dd700830-6d69-11e7-ad64-15aa071374a6","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4384],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwNTcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Autoruns - Profile","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Autoruns - Profile\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"profile.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Profile\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"1cd6a970-6d79-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"dd700830-6d69-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688154054424,4386],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwNTgsMV0="}
-{"attributes":{"columns":["alert_level","classification","description"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[{\"meta\":{\"negate\":false,\"key\":\"tags\",\"value\":\"alert\",\"disabled\":false,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"tags\":{\"query\":\"alert\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query_string\":{\"query\":\"event_type:ossec\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"OSSEC - Alerts","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"d9096bb0-342f-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1688154054424,4389],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwNTksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"OSSEC Alerts - User to Escalated User (Data Table)","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"OSSEC Alerts - User to Escalated User (Data Table)\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"User\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"escalated_user.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Escalated User\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"1de31b40-4a42-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d9096bb0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4391],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwNjAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNS - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"DNS - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 minutes\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"1ecdd2e0-34c0-11e7-9b32-bb903919ead9","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4393],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwNjEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SIP - Method (Horizontal Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SIP - Method (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"method.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Method\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"1ef5c230-6e24-11e7-a261-55504638cf3b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4395],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwNjIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - MySQL - Command/Argument","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - MySQL - Command/Argument\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"mysql.command.keyword: Descending\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"mysql.argument.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mysql.command.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Command\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mysql.argument.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Argument\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"1f306f60-75c0-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4397],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwNjMsMV0="}
-{"attributes":{"columns":["data_stream.dataset","user.email","onepassword.client.app_name","source.geo.country_iso_code"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlight\":{\"fields\":{\"*\":{}},\"fragment_size\":2147483647,\"post_tags\":[\"@/kibana-highlighted-field@\"],\"pre_tags\":[\"@kibana-highlighted-field@\"],\"require_field_match\":false},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"event.module:1password\"}}"},"sort":[["@timestamp","desc"]],"title":"1Password all events [1Password]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"1password-all-events","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-1password-default","name":"tag-ref-fleet-pkg-1password-default","type":"tag"}],"sort":[1688154054424,4401],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwNjQsMV0="}
-{"attributes":{"columns":["user.id","event.action","onepassword.object_type","onepassword.object_uuid","source.geo.country_iso_code"],"description":"","grid":{"columns":{"user.id":{"width":321.3333333333333}}},"hideChart":false,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlight\":{\"fields\":{\"*\":{}},\"fragment_size\":2147483647,\"post_tags\":[\"@/kibana-highlighted-field@\"],\"pre_tags\":[\"@kibana-highlighted-field@\"],\"require_field_match\":false},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:1password.audit_events\"}}"},"sort":[["@timestamp","desc"]],"title":"1Password audit events [1Password]"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"1password-audit-events","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-1password-default","name":"tag-ref-fleet-pkg-1password-default","type":"tag"}],"sort":[1688154054424,4405],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwNjUsMV0="}
-{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"useMargins\":true}","panelsJSON":"[{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":15,\"i\":\"a9a9a507-ae79-422c-ac05-2f4d9a2bb5e6\",\"w\":31,\"x\":0,\"y\":0},\"panelIndex\":\"a9a9a507-ae79-422c-ac05-2f4d9a2bb5e6\",\"panelRefName\":\"panel_a9a9a507-ae79-422c-ac05-2f4d9a2bb5e6\",\"type\":\"search\",\"version\":\"8.4.1\"},{\"version\":\"8.7.0\",\"type\":\"map\",\"gridData\":{\"h\":15,\"i\":\"5191f658-f717-49ec-9d3c-7c881c07a502\",\"w\":17,\"x\":31,\"y\":0},\"panelIndex\":\"5191f658-f717-49ec-9d3c-7c881c07a502\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"layerListJSON\":\"[{\\\"alpha\\\":1,\\\"id\\\":\\\"11a86591-809c-4c7b-9668-0d0cc31980c9\\\",\\\"label\\\":null,\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"sourceDescriptor\\\":{\\\"isAutoSelect\\\":true,\\\"type\\\":\\\"EMS_TMS\\\"},\\\"style\\\":{},\\\"type\\\":\\\"EMS_VECTOR_TILE\\\",\\\"visible\\\":true},{\\\"alpha\\\":0.75,\\\"id\\\":\\\"55025914-752d-4a12-88f4-c9fe89ddbb9d\\\",\\\"joins\\\":[],\\\"label\\\":\\\"Source Locations\\\",\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"query\\\":{\\\"language\\\":\\\"kuery\\\",\\\"query\\\":\\\"data_stream.dataset:1password.audit_events\\\"},\\\"sourceDescriptor\\\":{\\\"applyGlobalQuery\\\":true,\\\"filterByMapBounds\\\":true,\\\"geoField\\\":\\\"source.geo.location\\\",\\\"id\\\":\\\"ae93e398-4d52-4616-99c3-783c0f34d767\\\",\\\"indexPatternRefName\\\":\\\"layer_1_source_index_pattern\\\",\\\"scalingType\\\":\\\"LIMIT\\\",\\\"sortField\\\":\\\"\\\",\\\"sortOrder\\\":\\\"desc\\\",\\\"tooltipProperties\\\":[],\\\"topHitsSize\\\":1,\\\"type\\\":\\\"ES_SEARCH\\\"},\\\"style\\\":{\\\"isTimeAware\\\":true,\\\"properties\\\":{\\\"fillColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#54B399\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"icon\\\":{\\\"options\\\":{\\\"value\\\":\\\"marker\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"iconOrientation\\\":{\\\"options\\\":{\\\"orientation\\\":0},\\\"type\\\":\\\"STATIC\\\"},\\\"iconSize\\\":{\\\"options\\\":{\\\"size\\\":6},\\\"type\\\":\\\"STATIC\\\"},\\\"labelBorderColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#FFFFFF\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"labelBorderSize\\\":{\\\"options\\\":{\\\"size\\\":\\\"SMALL\\\"}},\\\"labelColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#000000\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"labelSize\\\":{\\\"options\\\":{\\\"size\\\":14},\\\"type\\\":\\\"STATIC\\\"},\\\"labelText\\\":{\\\"options\\\":{\\\"value\\\":\\\"\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"lineColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#41937c\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"lineWidth\\\":{\\\"options\\\":{\\\"size\\\":1},\\\"type\\\":\\\"STATIC\\\"},\\\"symbolizeAs\\\":{\\\"options\\\":{\\\"value\\\":\\\"circle\\\"}}},\\\"type\\\":\\\"VECTOR\\\"},\\\"type\\\":\\\"GEOJSON_VECTOR\\\",\\\"visible\\\":true}]\",\"mapStateJSON\":\"{\\\"center\\\":{\\\"lat\\\":0,\\\"lon\\\":156.44164},\\\"filters\\\":[],\\\"query\\\":{\\\"language\\\":\\\"kuery\\\",\\\"query\\\":\\\"\\\"},\\\"refreshConfig\\\":{\\\"interval\\\":0,\\\"isPaused\\\":true},\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false,\\\"backgroundColor\\\":\\\"#ffffff\\\",\\\"browserLocation\\\":{\\\"zoom\\\":2},\\\"customIcons\\\":[],\\\"disableInteractive\\\":false,\\\"disableTooltipControl\\\":false,\\\"fixedLocation\\\":{\\\"lat\\\":0,\\\"lon\\\":0,\\\"zoom\\\":2},\\\"hideLayerControl\\\":false,\\\"hideToolbarOverlay\\\":false,\\\"hideViewControl\\\":false,\\\"initialLocation\\\":\\\"LAST_SAVED_LOCATION\\\",\\\"keydownScrollZoom\\\":false,\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"showScaleControl\\\":false,\\\"showSpatialFilters\\\":true,\\\"showTimesliderToggleButton\\\":true,\\\"spatialFiltersAlpa\\\":0.3,\\\"spatialFiltersFillColor\\\":\\\"#DA8B45\\\",\\\"spatialFiltersLineColor\\\":\\\"#DA8B45\\\"},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-15M\\\",\\\"to\\\":\\\"now\\\"},\\\"zoom\\\":1.11}\",\"title\":\"Audit events Source Locations [1Password]\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[]}\"},\"enhancements\":{},\"hiddenLayers\":[],\"isLayerTOCOpen\":false,\"mapBuffer\":{\"maxLat\":85.05113,\"maxLon\":360,\"minLat\":-85.05113,\"minLon\":-360},\"mapCenter\":{\"lat\":54.23367,\"lon\":-72.77235,\"zoom\":0.5},\"openTOCDetails\":[],\"type\":\"map\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"7521b1b8-37a6-4890-a450-631bf653fb93\",\"w\":24,\"x\":0,\"y\":15},\"panelIndex\":\"7521b1b8-37a6-4890-a450-631bf653fb93\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extendToTimeRange\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"scaleMetricValues\":false,\"timeRange\":{\"from\":\"now-15M\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"used_interval\":\"1w\"},\"schema\":\"segment\",\"type\":\"date_histogram\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"detailedTooltip\":true,\"fittingFunction\":\"linear\",\"grid\":{\"categoryLines\":false},\"labels\":{},\"legendPosition\":\"right\",\"legendSize\":\"auto\",\"maxLegendLines\":1,\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"radiusRatio\":9,\"seriesParams\":[{\"circlesRadius\":3,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"truncateLegend\":true,\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"defaultYExtents\":true,\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}]},\"title\":\"Audit Events over time [1Password]\",\"type\":\"line\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"c76ab1dd-2177-4b19-8d0f-a44cd7280a79\",\"w\":24,\"x\":24,\"y\":15},\"panelIndex\":\"c76ab1dd-2177-4b19-8d0f-a44cd7280a79\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"User UUID\",\"excludeIsRegex\":true,\"field\":\"user.id\",\"includeIsRegex\":true,\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"autoFitRowToContent\":false,\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":false,\"showTotal\":false,\"totalFunc\":\"sum\"},\"title\":\"Audit Events hot users [1Password]\",\"type\":\"table\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"6785d29f-971b-445d-8997-dd97f302814d\",\"w\":24,\"x\":0,\"y\":26},\"panelIndex\":\"6785d29f-971b-445d-8997-dd97f302814d\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"\",\"emptyAsNull\":false},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Action\",\"excludeIsRegex\":true,\"field\":\"event.action\",\"includeIsRegex\":true,\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"autoFitRowToContent\":false,\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":false,\"showTotal\":false,\"totalFunc\":\"sum\"},\"title\":\"Audit Events hot actions [1Password]\",\"type\":\"table\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"60da356b-c843-4d41-8bf4-04e04ef77734\",\"w\":24,\"x\":24,\"y\":26},\"panelIndex\":\"60da356b-c843-4d41-8bf4-04e04ef77734\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"\",\"emptyAsNull\":false},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Object Type\",\"excludeIsRegex\":true,\"field\":\"onepassword.object_type\",\"includeIsRegex\":true,\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"autoFitRowToContent\":false,\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":false,\"showTotal\":false,\"totalFunc\":\"sum\"},\"title\":\"Audit Events hot object types [1Password]\",\"type\":\"table\",\"uiState\":{}},\"type\":\"visualization\"}}]","timeRestore":false,"title":"Audit Events [1Password]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"1password-audit-events-full-dashboard","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"1password-audit-events","name":"a9a9a507-ae79-422c-ac05-2f4d9a2bb5e6:panel_a9a9a507-ae79-422c-ac05-2f4d9a2bb5e6","type":"search"},{"id":"logs-*","name":"5191f658-f717-49ec-9d3c-7c881c07a502:layer_1_source_index_pattern","type":"index-pattern"},{"id":"1password-audit-events","name":"7521b1b8-37a6-4890-a450-631bf653fb93:search_0","type":"search"},{"id":"1password-audit-events","name":"c76ab1dd-2177-4b19-8d0f-a44cd7280a79:search_0","type":"search"},{"id":"1password-audit-events","name":"6785d29f-971b-445d-8997-dd97f302814d:search_0","type":"search"},{"id":"1password-audit-events","name":"60da356b-c843-4d41-8bf4-04e04ef77734:search_0","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-1password-default","name":"tag-ref-fleet-pkg-1password-default","type":"tag"}],"sort":[1688154054424,4414],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwNjYsMV0="}
-{"attributes":{"columns":["user.email","event.action","onepassword.vault_uuid","onepassword.item_uuid","source.geo.country_iso_code"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlight\":{\"fields\":{\"*\":{}},\"fragment_size\":2147483647,\"post_tags\":[\"@/kibana-highlighted-field@\"],\"pre_tags\":[\"@kibana-highlighted-field@\"],\"require_field_match\":false},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:1password.item_usages\"}}"},"sort":[["@timestamp","desc"]],"title":"1Password item usages [1Password]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"1password-item-usages","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-1password-default","name":"tag-ref-fleet-pkg-1password-default","type":"tag"}],"sort":[1688154054424,4418],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwNjcsMV0="}
-{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"useMargins\":true}","panelsJSON":"[{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":15,\"i\":\"33e47a7b-72d2-4721-818c-8df8d710c5ea\",\"w\":31,\"x\":0,\"y\":0},\"panelIndex\":\"33e47a7b-72d2-4721-818c-8df8d710c5ea\",\"panelRefName\":\"panel_33e47a7b-72d2-4721-818c-8df8d710c5ea\",\"type\":\"search\",\"version\":\"7.15.0-SNAPSHOT\"},{\"version\":\"8.7.0\",\"type\":\"map\",\"gridData\":{\"h\":15,\"i\":\"5270ad02-a029-4aab-a42a-b0b38988d36d\",\"w\":17,\"x\":31,\"y\":0},\"panelIndex\":\"5270ad02-a029-4aab-a42a-b0b38988d36d\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"layerListJSON\":\"[{\\\"alpha\\\":1,\\\"id\\\":\\\"11a86591-809c-4c7b-9668-0d0cc31980c9\\\",\\\"label\\\":null,\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"sourceDescriptor\\\":{\\\"isAutoSelect\\\":true,\\\"type\\\":\\\"EMS_TMS\\\",\\\"lightModeDefault\\\":\\\"road_map\\\"},\\\"style\\\":{},\\\"type\\\":\\\"EMS_VECTOR_TILE\\\",\\\"visible\\\":true},{\\\"alpha\\\":0.75,\\\"id\\\":\\\"55025914-752d-4a12-88f4-c9fe89ddbb9d\\\",\\\"joins\\\":[],\\\"label\\\":\\\"Source Locations\\\",\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"query\\\":{\\\"language\\\":\\\"kuery\\\",\\\"query\\\":\\\"data_stream.dataset:1password.item_usages\\\"},\\\"sourceDescriptor\\\":{\\\"applyGlobalQuery\\\":true,\\\"filterByMapBounds\\\":true,\\\"geoField\\\":\\\"source.geo.location\\\",\\\"id\\\":\\\"ae93e398-4d52-4616-99c3-783c0f34d767\\\",\\\"indexPatternRefName\\\":\\\"layer_1_source_index_pattern\\\",\\\"scalingType\\\":\\\"LIMIT\\\",\\\"sortField\\\":\\\"\\\",\\\"sortOrder\\\":\\\"desc\\\",\\\"tooltipProperties\\\":[],\\\"topHitsSize\\\":1,\\\"type\\\":\\\"ES_SEARCH\\\"},\\\"style\\\":{\\\"isTimeAware\\\":true,\\\"properties\\\":{\\\"fillColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#54B399\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"icon\\\":{\\\"options\\\":{\\\"value\\\":\\\"marker\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"iconOrientation\\\":{\\\"options\\\":{\\\"orientation\\\":0},\\\"type\\\":\\\"STATIC\\\"},\\\"iconSize\\\":{\\\"options\\\":{\\\"size\\\":6},\\\"type\\\":\\\"STATIC\\\"},\\\"labelBorderColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#FFFFFF\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"labelBorderSize\\\":{\\\"options\\\":{\\\"size\\\":\\\"SMALL\\\"}},\\\"labelColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#000000\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"labelSize\\\":{\\\"options\\\":{\\\"size\\\":14},\\\"type\\\":\\\"STATIC\\\"},\\\"labelText\\\":{\\\"options\\\":{\\\"value\\\":\\\"\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"lineColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#41937c\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"lineWidth\\\":{\\\"options\\\":{\\\"size\\\":1},\\\"type\\\":\\\"STATIC\\\"},\\\"symbolizeAs\\\":{\\\"options\\\":{\\\"value\\\":\\\"circle\\\"}}},\\\"type\\\":\\\"VECTOR\\\"},\\\"type\\\":\\\"GEOJSON_VECTOR\\\",\\\"visible\\\":true}]\",\"title\":\"Audit item usages Source Locations [1Password]\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[]}\"},\"enhancements\":{},\"hiddenLayers\":[],\"isLayerTOCOpen\":true,\"mapBuffer\":{\"maxLat\":85.05113,\"maxLon\":360,\"minLat\":-85.05113,\"minLon\":-360},\"mapCenter\":{\"lat\":19.94277,\"lon\":0,\"zoom\":0.5},\"openTOCDetails\":[],\"type\":\"map\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"1591a01e-b61e-4f3a-88d5-f825e39e60b6\",\"w\":24,\"x\":0,\"y\":15},\"panelIndex\":\"1591a01e-b61e-4f3a-88d5-f825e39e60b6\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"scaleMetricValues\":false,\"timeRange\":{\"from\":\"now-7d/d\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"used_interval\":\"3h\"},\"schema\":\"segment\",\"type\":\"date_histogram\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"detailedTooltip\":true,\"fittingFunction\":\"linear\",\"grid\":{\"categoryLines\":false},\"labels\":{},\"legendPosition\":\"right\",\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"radiusRatio\":9,\"seriesParams\":[{\"circlesRadius\":3,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"defaultYExtents\":true,\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"legendSize\":\"auto\"},\"title\":\"Item Usages over time [1Password]\",\"type\":\"line\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"3e1ea7df-1443-41c2-a4b4-45389042d2d4\",\"w\":24,\"x\":24,\"y\":15},\"panelIndex\":\"3e1ea7df-1443-41c2-a4b4-45389042d2d4\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"3\",\"params\":{\"aggregate\":\"concat\",\"customLabel\":\"Name\",\"field\":\"user.full_name\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"asc\"},\"schema\":\"metric\",\"type\":\"top_hits\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"aggregate\":\"concat\",\"customLabel\":\"Email\",\"field\":\"user.email\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"asc\"},\"schema\":\"metric\",\"type\":\"top_hits\"},{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"\"},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"User UUID\",\"field\":\"user.id\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":false,\"showTotal\":false,\"totalFunc\":\"sum\"},\"title\":\"Item Usages hot users [1Password]\",\"type\":\"table\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"36297d46-8bb5-476c-b772-479be5811393\",\"w\":24,\"x\":24,\"y\":26},\"panelIndex\":\"36297d46-8bb5-476c-b772-479be5811393\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"\"},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Last usage\",\"field\":\"@timestamp\"},\"schema\":\"metric\",\"type\":\"max\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Item UUID\",\"field\":\"onepassword.item_uuid\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":false,\"showTotal\":false,\"totalFunc\":\"sum\"},\"title\":\"Item Usages hot items [1Password]\",\"type\":\"table\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"d7f0be27-d6ed-4ef6-a217-3ee1837a7988\",\"w\":24,\"x\":0,\"y\":26},\"panelIndex\":\"d7f0be27-d6ed-4ef6-a217-3ee1837a7988\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"\"},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"aggregate\":\"concat\",\"customLabel\":\"Top Item UUID\",\"field\":\"onepassword.item_uuid\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\"},\"schema\":\"metric\",\"type\":\"top_hits\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Vault UUID\",\"field\":\"onepassword.vault_uuid\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":false,\"showTotal\":false,\"totalFunc\":\"sum\"},\"title\":\"Item Usages hot vaults [1Password]\",\"type\":\"table\",\"uiState\":{}},\"type\":\"visualization\"}}]","timeRestore":false,"title":"Item Usages [1Password]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"1password-item-usages-full-dashboard","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"1password-item-usages","name":"33e47a7b-72d2-4721-818c-8df8d710c5ea:panel_33e47a7b-72d2-4721-818c-8df8d710c5ea","type":"search"},{"id":"logs-*","name":"5270ad02-a029-4aab-a42a-b0b38988d36d:layer_1_source_index_pattern","type":"index-pattern"},{"id":"1password-item-usages","name":"1591a01e-b61e-4f3a-88d5-f825e39e60b6:search_0","type":"search"},{"id":"1password-item-usages","name":"3e1ea7df-1443-41c2-a4b4-45389042d2d4:search_0","type":"search"},{"id":"1password-item-usages","name":"36297d46-8bb5-476c-b772-479be5811393:search_0","type":"search"},{"id":"1password-item-usages","name":"d7f0be27-d6ed-4ef6-a217-3ee1837a7988:search_0","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-1password-default","name":"tag-ref-fleet-pkg-1password-default","type":"tag"}],"sort":[1688154054424,4427],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwNjgsMV0="}
-{"attributes":{"columns":["user.email","event.action","onepassword.type","source.geo.country_iso_code"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlight\":{\"fields\":{\"*\":{}},\"fragment_size\":2147483647,\"post_tags\":[\"@/kibana-highlighted-field@\"],\"pre_tags\":[\"@kibana-highlighted-field@\"],\"require_field_match\":false},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:1password.signin_attempts\"}}"},"sort":[["@timestamp","desc"]],"title":"1Password sign-in attempts [1Password]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"1password-signin-attempts","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-1password-default","name":"tag-ref-fleet-pkg-1password-default","type":"tag"}],"sort":[1688154054424,4431],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwNjksMV0="}
-{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"useMargins\":true}","panelsJSON":"[{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":15,\"i\":\"944e346e-36df-430b-9734-5d91da79bdc1\",\"w\":31,\"x\":0,\"y\":0},\"panelIndex\":\"944e346e-36df-430b-9734-5d91da79bdc1\",\"panelRefName\":\"panel_944e346e-36df-430b-9734-5d91da79bdc1\",\"type\":\"search\",\"version\":\"7.15.0-SNAPSHOT\"},{\"version\":\"8.7.0\",\"type\":\"map\",\"gridData\":{\"h\":15,\"i\":\"5a635dbb-4cb6-46f8-9d4c-dd12078b184f\",\"w\":17,\"x\":31,\"y\":0},\"panelIndex\":\"5a635dbb-4cb6-46f8-9d4c-dd12078b184f\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"layerListJSON\":\"[{\\\"alpha\\\":1,\\\"id\\\":\\\"db596930-2b43-4b31-b555-5bfb2ef9a3b3\\\",\\\"label\\\":null,\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"sourceDescriptor\\\":{\\\"isAutoSelect\\\":true,\\\"type\\\":\\\"EMS_TMS\\\",\\\"lightModeDefault\\\":\\\"road_map\\\"},\\\"style\\\":{},\\\"type\\\":\\\"EMS_VECTOR_TILE\\\",\\\"visible\\\":true},{\\\"alpha\\\":0.75,\\\"id\\\":\\\"a912dae9-61dd-4f45-96d4-15968e14aa79\\\",\\\"joins\\\":[],\\\"label\\\":\\\"Source Locations\\\",\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"query\\\":{\\\"language\\\":\\\"kuery\\\",\\\"query\\\":\\\"data_stream.dataset:1password.signin_attempts\\\"},\\\"sourceDescriptor\\\":{\\\"applyGlobalQuery\\\":true,\\\"filterByMapBounds\\\":true,\\\"geoField\\\":\\\"source.geo.location\\\",\\\"id\\\":\\\"98b57871-9ec7-49ce-b371-bd052adaf795\\\",\\\"indexPatternRefName\\\":\\\"layer_1_source_index_pattern\\\",\\\"scalingType\\\":\\\"LIMIT\\\",\\\"sortField\\\":\\\"\\\",\\\"sortOrder\\\":\\\"desc\\\",\\\"tooltipProperties\\\":[],\\\"topHitsSize\\\":1,\\\"type\\\":\\\"ES_SEARCH\\\"},\\\"style\\\":{\\\"isTimeAware\\\":true,\\\"properties\\\":{\\\"fillColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#54B399\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"icon\\\":{\\\"options\\\":{\\\"value\\\":\\\"marker\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"iconOrientation\\\":{\\\"options\\\":{\\\"orientation\\\":0},\\\"type\\\":\\\"STATIC\\\"},\\\"iconSize\\\":{\\\"options\\\":{\\\"size\\\":6},\\\"type\\\":\\\"STATIC\\\"},\\\"labelBorderColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#FFFFFF\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"labelBorderSize\\\":{\\\"options\\\":{\\\"size\\\":\\\"SMALL\\\"}},\\\"labelColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#000000\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"labelSize\\\":{\\\"options\\\":{\\\"size\\\":14},\\\"type\\\":\\\"STATIC\\\"},\\\"labelText\\\":{\\\"options\\\":{\\\"value\\\":\\\"\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"lineColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#41937c\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"lineWidth\\\":{\\\"options\\\":{\\\"size\\\":1},\\\"type\\\":\\\"STATIC\\\"},\\\"symbolizeAs\\\":{\\\"options\\\":{\\\"value\\\":\\\"circle\\\"}}},\\\"type\\\":\\\"VECTOR\\\"},\\\"type\\\":\\\"GEOJSON_VECTOR\\\",\\\"visible\\\":true}]\",\"title\":\"Audit sign-in attempts Source Locations [1Password]\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[]}\"},\"enhancements\":{},\"hiddenLayers\":[],\"isLayerTOCOpen\":false,\"mapBuffer\":{\"maxLat\":85.05113,\"maxLon\":360,\"minLat\":-85.05113,\"minLon\":-360},\"mapCenter\":{\"lat\":18.69679,\"lon\":-18.18807,\"zoom\":0.62},\"openTOCDetails\":[],\"type\":\"map\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"1249ea4b-cf49-4d87-8125-7f1dba37353f\",\"w\":11,\"x\":0,\"y\":15},\"panelIndex\":\"1249ea4b-cf49-4d87-8125-7f1dba37353f\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"filters\":[{\"input\":{\"language\":\"lucene\",\"query\":\"NOT event.action: (\\\"success\\\" \\\"firewall_reported_success\\\")\"},\"label\":\"Failed Sign-in attempts\"}]},\"schema\":\"group\",\"type\":\"filters\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"gauge\":{\"alignment\":\"automatic\",\"backStyle\":\"Full\",\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10},{\"from\":10,\"to\":30},{\"from\":30,\"to\":100}],\"extendRange\":true,\"gaugeColorMode\":\"Labels\",\"gaugeStyle\":\"Full\",\"gaugeType\":\"Arc\",\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"orientation\":\"vertical\",\"percentageMode\":false,\"scale\":{\"color\":\"rgba(105,112,125,0.2)\",\"labels\":false,\"show\":true},\"style\":{\"bgColor\":true,\"bgFill\":\"rgba(105,112,125,0.2)\",\"bgMask\":false,\"bgWidth\":0.9,\"fontSize\":60,\"mask\":false,\"maskBars\":50,\"subText\":\"\",\"width\":0.9},\"type\":\"meter\"},\"isDisplayWarning\":false,\"type\":\"gauge\"},\"title\":\"Sign-in Attempts unsuccessful gauge [1Password]\",\"type\":\"gauge\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"51433376-546a-492a-906e-9ca7f5d34f68\",\"w\":20,\"x\":11,\"y\":15},\"panelIndex\":\"51433376-546a-492a-906e-9ca7f5d34f68\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"scaleMetricValues\":false,\"timeRange\":{\"from\":\"now-7d/d\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"used_interval\":\"3h\"},\"schema\":\"segment\",\"type\":\"date_histogram\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"detailedTooltip\":true,\"fittingFunction\":\"linear\",\"grid\":{\"categoryLines\":false},\"labels\":{},\"legendPosition\":\"right\",\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"radiusRatio\":9,\"seriesParams\":[{\"circlesRadius\":3,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"defaultYExtents\":true,\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"legendSize\":\"auto\"},\"title\":\"Sign-in Attempts over time [1Password]\",\"type\":\"line\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"8f8ae43c-e8d4-4425-b418-224a7db57e86\",\"w\":17,\"x\":31,\"y\":15},\"panelIndex\":\"8f8ae43c-e8d4-4425-b418-224a7db57e86\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"scaleMetricValues\":false,\"timeRange\":{\"from\":\"now-7d/d\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"used_interval\":\"3h\"},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"event.action\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10},\"schema\":\"group\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"grid\":{\"categoryLines\":false},\"labels\":{},\"legendPosition\":\"right\",\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"radiusRatio\":9,\"seriesParams\":[{\"circlesRadius\":3,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"defaultYExtents\":true,\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"legendSize\":\"auto\"},\"title\":\"Sign-in Attempts categories over time [1Password]\",\"type\":\"line\",\"uiState\":{\"vis\":{\"colors\":{\"credentials_failed\":\"#e7664c\",\"firewall_failed\":\"#d36086\",\"firewall_reported_success\":\"#6092c0\",\"mfa_failed\":\"#9170b8\",\"modern_version_failed\":\"#d6bf57\",\"success\":\"#54b399\"}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"683d1c8e-bb0f-4048-8c15-e9dc3e40fcfd\",\"w\":48,\"x\":0,\"y\":24},\"panelIndex\":\"683d1c8e-bb0f-4048-8c15-e9dc3e40fcfd\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"3\",\"params\":{\"aggregate\":\"concat\",\"customLabel\":\"Name\",\"field\":\"user.full_name\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"asc\"},\"schema\":\"metric\",\"type\":\"top_hits\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"aggregate\":\"concat\",\"customLabel\":\"Email\",\"field\":\"user.email\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"asc\"},\"schema\":\"metric\",\"type\":\"top_hits\"},{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"\"},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Target User UUID\",\"field\":\"user.id\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":false,\"showTotal\":false,\"totalFunc\":\"sum\"},\"title\":\"Sign-in Attempts hot users [1Password]\",\"type\":\"table\",\"uiState\":{}},\"type\":\"visualization\"}}]","timeRestore":false,"title":"Sign-in Attempts [1Password]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"1password-signin-attempts-full-dashboard","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"1password-signin-attempts","name":"944e346e-36df-430b-9734-5d91da79bdc1:panel_944e346e-36df-430b-9734-5d91da79bdc1","type":"search"},{"id":"logs-*","name":"5a635dbb-4cb6-46f8-9d4c-dd12078b184f:layer_1_source_index_pattern","type":"index-pattern"},{"id":"1password-signin-attempts","name":"1249ea4b-cf49-4d87-8125-7f1dba37353f:search_0","type":"search"},{"id":"1password-signin-attempts","name":"51433376-546a-492a-906e-9ca7f5d34f68:search_0","type":"search"},{"id":"1password-signin-attempts","name":"8f8ae43c-e8d4-4425-b418-224a7db57e86:search_0","type":"search"},{"id":"1password-signin-attempts","name":"683d1c8e-bb0f-4048-8c15-e9dc3e40fcfd:search_0","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-1password-default","name":"tag-ref-fleet-pkg-1password-default","type":"tag"}],"sort":[1688154054424,4440],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwNzAsMV0="}
-{"attributes":{"columns":[],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Endgame","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"20c85b70-53aa-11ec-b3ef-6bcc33056a36","migrationVersion":{"search":"8.0.0"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4442],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwNzEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Modbus - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Modbus - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"20eabd60-380b-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"52dc9fe0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4444],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwNzIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DNP3 - FC Reply","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - DNP3 - FC Reply\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dnp3.fc_reply.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"FC Reply\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"214793c0-75b9-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4446],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwNzMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSL - Destination Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSL - Destination Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"21d090d0-365b-11e7-8bd0-1db2c55fb7a1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4448],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwNzQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DNS - Response Code (Name)","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNS - Response Code (Name)\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rcode_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Response Code (Name)\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"22f7de30-4949-11e8-9576-313be7c6b44b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4450],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwNzUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSL - Validation Status","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSL - Validation Status\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"validation_status.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Validation Status\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"23d22bd0-70b4-11e7-810e-2bafe9e41c10","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4452],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwNzYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"},"title":"Connections - Bytes and Duration","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Connections - Bytes and Duration\",\"type\":\"markdown\",\"params\":{\"markdown\":\"[Top Total Bytes](/kibana/app/dashboards#/view/a2ab0c40-3b0a-11e7-a6f9-5d3fe735ec2b)    \\n[Source - Originator Bytes](/kibana/app/dashboards#/view/68f738e0-46ca-11e7-946f-1bfb1be7c36b) | [Destination - Responder Bytes](/kibana/app/dashboards#/view/b65775e0-46cb-11e7-946f-1bfb1be7c36b)   \\n[Source - Sum of Total Bytes](/kibana/app/dashboards#/view/f042ad60-46c6-11e7-946f-1bfb1be7c36b) | [Destination - Sum of Total Bytes](/kibana/app/dashboards#/view/ccfcc540-4638-11e7-a82e-d97152153689)   \\n[Source - Top Connection Duration](/kibana/app/dashboards#/view/4e108070-46c7-11e7-946f-1bfb1be7c36b) | [Destination - Top Connection Duration](/kibana/app/dashboards#/view/ea211360-46c4-11e7-a82e-d97152153689)\",\"fontSize\":12,\"openLinksInNewTab\":false},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"25ce6eb0-463b-11e7-a82e-d97152153689","migrationVersion":{"visualization":"8.5.0"},"references":[],"sort":[1688154054424,4453],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwNzcsMV0="}
-{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_tunnels\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Tunnels - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"d26d5510-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4455],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwNzgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Tunnels - Destination Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Tunnels - Destination Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"26457730-3808-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d26d5510-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4457],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwNzksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"RFB - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"265a04d0-3640-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4459],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwODAsMV0="}
-{"attributes":{"columns":["source_ip","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_syslog\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Syslog (Bro) - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"269ca380-76b4-11e7-8c3e-cfcdd8c95d87","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4461],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwODEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.category.keyword : \\\"process\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Endgame - Event.Cat:Process Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Endgame - Event.Cat:Process Log Count Over Time\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-24h\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"used_interval\":\"30m\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"}],\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{},\"style\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"},\"style\":{}}],\"seriesParams\":[{\"show\":true,\"type\":\"area\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true,\"circlesRadius\":3}],\"addTooltip\":true,\"detailedTooltip\":true,\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"addLegend\":true,\"legendPosition\":\"right\",\"fittingFunction\":\"linear\",\"times\":[],\"addTimeMarker\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"labels\":{},\"radiusRatio\":9,\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"legendSize\":\"auto\"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"269cd740-634c-11ec-864c-8b5450f97635","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1688154054424,4464],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwODIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SIP - Method","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SIP - Method\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"sip.method.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sip.method.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Method\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"272b8ab0-75ca-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4466],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwODMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Bro - Connections - Service By Destination Country","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Bro - Connections - Service By Destination Country\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"top\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"\",\"row\":false}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"service.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Service\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"277f3250-4161-11e7-8493-51634b0a4565","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4468],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwODQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RADIUS - Result","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - RADIUS - Result\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"radius.result.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Result\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"27ab8260-75c5-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4470],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwODUsMV0="}
-{"attributes":{"columns":["alert_level","classification","description"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query_string\":{\"query\":\"event_type:ossec\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"OSSEC - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"efba60c0-3642-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4472],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwODYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"OSSEC - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"OSSEC - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"2817b300-3643-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"efba60c0-3642-11e7-a6f7-4f44d7bf1c33","name":"search_0","type":"search"}],"sort":[1688154054424,4474],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwODcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - PE - Machine","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.machine.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Machine\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"Security Onion - PE - Machine\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"282bf2c0-c763-11ea-bebb-37c5ab5894ea","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4476],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwODgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - X.509 - Key Type (Donut)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"x509.certificate.key.type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"boolean\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"x509.basic_constraints.ca: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Security Onion - X.509 - Key Type (Donut)\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"2895c940-75ef-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4478],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwODksMV0="}
-{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"tags:http\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Security Onion - HTTP","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"9ee33aa0-6eb1-11ea-9266-1fd14ca6af34","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4480],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwOTAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - HTTP - Virtual Host","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - HTTP - Virtual Host\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"http.virtual_host.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Virtual Host\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"28bf2ef0-6eb7-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9ee33aa0-6eb1-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1688154054424,4482],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwOTEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Top Source IPs","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Connections - Top Source IPs\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":false,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source_ip\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"28c27f80-3b05-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4484],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwOTIsMV0="}
-{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","request_type","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_kerberos\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Kerberos - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"452daa10-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4486],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwOTMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Kerberos - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Kerberos - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"28d04080-3636-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4488],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwOTQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SSH - Client","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SSH - Client\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"CLient\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ssh.client.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"292b1db0-75ea-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4490],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwOTUsMV0="}
-{"attributes":{"columns":["file_ip","destination_ip","source","uid","fuid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event_type:bro_files\"}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Files - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"e929e8a0-342d-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4492],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwOTYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FIles - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"FIles - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"295d7ed0-3656-11e7-baa7-b7de4ee40605","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"e929e8a0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4494],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwOTcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Sysmon - Target Filename","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Sysmon - Target Filename\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"target_filename.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Filename\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"29611940-6d75-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688154054424,4496],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwOTgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Source Country","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Connections - Source Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_geo.country_name.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"296823d0-366f-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4498],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQwOTksMV0="}
-{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_ntlm\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"NTLM - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4500],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxMDAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NTLM - Server Tree Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NTLM - Server Tree Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server_tree_name.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server Tree Name\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"2a054320-0edd-11e9-9846-59f545e7293f","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688154054424,4502],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxMDEsMV0="}
-{"attributes":{"columns":["action","reason","source_ip","source_port","destination_ip","destination_port","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:firewall\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Firewall - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"37c16940-6d6b-11e7-ad64-15aa071374a6","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4504],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxMDIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Firewall - Action/Reason (Vertical Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Firewall - Action/Reason (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"Action\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"action.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Action\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"reason.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Reason\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"2a1eb100-6d82-11e7-bcd4-0d514e0e7da1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"37c16940-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688154054424,4506],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxMDMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SNMP - Version","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SNMP - Version\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"top\",\"isDonut\":true,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"version.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"2a3ae810-36ba-11e7-9786-41a1d72e15ad","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"b12150a0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4508],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxMDQsMV0="}
-{"attributes":{"columns":["source_ip","destination_ip","destination_port","resp_fuids","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_http\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"HTTP - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"fad7d170-342d-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4510],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxMDUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HTTP - Referrer","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"HTTP - Referrer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"referrer.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"2a7c21d0-4165-11e7-9850-b78558d0ac17","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4512],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxMDYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Bro - Notices - Notice Types","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Bro - Notices - Notice Types\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"note.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Note\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"2a949080-4a3d-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4514],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxMDcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DHCP - Lease Time","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DHCP - Lease Time\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"dhcp.lease_time: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dhcp.lease_time\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Lease Time\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"2af5f980-96e2-11ea-814e-bb515e873c2c","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4516],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxMDgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSH - Client/Server","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSH - Client/Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"2bbdc020-6e34-11e7-9a19-a5996f8250c6","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c33e7600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4518],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxMDksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.category : \\\"registry\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Endgame - Registry Events","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Endgame - Registry Events\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.hostname\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":7,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"hostname\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"registry.key\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"registry key\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"registry.value\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"value\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"showToolbar\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"2cb579d0-64bd-11ec-864c-8b5450f97635","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1688154054424,4521],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxMTAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Kerberos - Request Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Kerberos - Request Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"kerberos.request_type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Request Type\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"2d73e460-75bd-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4523],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxMTEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Connections - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"2da139c0-34e7-11e7-9118-45bd317f0ca4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4525],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxMTIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SIP - Content Type (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SIP - Content Type (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"content_type.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"2db47070-3754-11e7-b74a-f5057991ccd2","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4527],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxMTMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - X.509 - Subject","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - X.509 - Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"x509.certificate.subject.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Subject\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"e3fb39a0-75ee-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4529],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxMTQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - X.509 - SAN DNS","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - X.509 - SAN DNS\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"x509.san_dns.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"x509.san_dns.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"SAN DNS\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"47f40770-75ef-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4531],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxMTUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - X.509 - Issuer","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - X.509 - Issuer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"x509.certificate.issuer.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"x509.certificate.issuer.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Issuer\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"b7334c00-75ee-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4533],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxMTYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - X509 - Key Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"x509.certificate.key.type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Key Type\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"Security Onion - X509 - Key Type\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"8d4a9990-c77c-11ea-bebb-37c5ab5894ea","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4535],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxMTcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:x509\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":8,\"i\":\"2d374b61-ac4b-4f89-aec2-254ab0a2e011\"},\"panelIndex\":\"2d374b61-ac4b-4f89-aec2-254ab0a2e011\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2d374b61-ac4b-4f89-aec2-254ab0a2e011\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":14,\"y\":0,\"w\":16,\"h\":8,\"i\":\"7372042e-3e70-4764-abb1-0c4c9288ff23\"},\"panelIndex\":\"7372042e-3e70-4764-abb1-0c4c9288ff23\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7372042e-3e70-4764-abb1-0c4c9288ff23\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":8,\"i\":\"eee8c3b6-66eb-4427-99ed-459c294599c7\"},\"panelIndex\":\"eee8c3b6-66eb-4427-99ed-459c294599c7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_eee8c3b6-66eb-4427-99ed-459c294599c7\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":8,\"w\":30,\"h\":22,\"i\":\"3c5d4fc3-bad7-435e-aadc-21de562b638d\"},\"panelIndex\":\"3c5d4fc3-bad7-435e-aadc-21de562b638d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3c5d4fc3-bad7-435e-aadc-21de562b638d\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":30,\"y\":8,\"w\":18,\"h\":22,\"i\":\"3fb3ec30-312a-45aa-93be-b8955615bf71\"},\"panelIndex\":\"3fb3ec30-312a-45aa-93be-b8955615bf71\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3fb3ec30-312a-45aa-93be-b8955615bf71\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":30,\"w\":30,\"h\":21,\"i\":\"0a395978-b95f-4bfc-82fa-737307cd8ebd\"},\"panelIndex\":\"0a395978-b95f-4bfc-82fa-737307cd8ebd\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0a395978-b95f-4bfc-82fa-737307cd8ebd\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":30,\"y\":30,\"w\":18,\"h\":21,\"i\":\"e6e39ec1-063a-4e34-a909-4f47397fa79b\"},\"panelIndex\":\"e6e39ec1-063a-4e34-a909-4f47397fa79b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e6e39ec1-063a-4e34-a909-4f47397fa79b\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":51,\"w\":48,\"h\":29,\"i\":\"3fa098f8-4a37-410e-a8f5-fd3667865c3f\"},\"panelIndex\":\"3fa098f8-4a37-410e-a8f5-fd3667865c3f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3fa098f8-4a37-410e-a8f5-fd3667865c3f\"}]","timeRestore":false,"title":"Security Onion - X509","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"2e0865f0-75ee-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"2d374b61-ac4b-4f89-aec2-254ab0a2e011:panel_2d374b61-ac4b-4f89-aec2-254ab0a2e011","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"7372042e-3e70-4764-abb1-0c4c9288ff23:panel_7372042e-3e70-4764-abb1-0c4c9288ff23","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"eee8c3b6-66eb-4427-99ed-459c294599c7:panel_eee8c3b6-66eb-4427-99ed-459c294599c7","type":"visualization"},{"id":"e3fb39a0-75ee-11ea-9565-7315f4ee5cac","name":"3c5d4fc3-bad7-435e-aadc-21de562b638d:panel_3c5d4fc3-bad7-435e-aadc-21de562b638d","type":"visualization"},{"id":"47f40770-75ef-11ea-9565-7315f4ee5cac","name":"3fb3ec30-312a-45aa-93be-b8955615bf71:panel_3fb3ec30-312a-45aa-93be-b8955615bf71","type":"visualization"},{"id":"b7334c00-75ee-11ea-9565-7315f4ee5cac","name":"0a395978-b95f-4bfc-82fa-737307cd8ebd:panel_0a395978-b95f-4bfc-82fa-737307cd8ebd","type":"visualization"},{"id":"8d4a9990-c77c-11ea-bebb-37c5ab5894ea","name":"e6e39ec1-063a-4e34-a909-4f47397fa79b:panel_e6e39ec1-063a-4e34-a909-4f47397fa79b","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"3fa098f8-4a37-410e-a8f5-fd3667865c3f:panel_3fa098f8-4a37-410e-a8f5-fd3667865c3f","type":"search"}],"sort":[1688154054424,4544],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxMTgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RDP - Cookie","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - RDP - Cookie\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rdp.cookie.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rdp.cookie.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Cookie\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"2e7363f0-75c6-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4546],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxMTksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Autoruns - Entry","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Autoruns - Entry\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"entry.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Entry\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"entry_location.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Entry Location\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"2ef9ccd0-6d7a-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"dd700830-6d69-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688154054424,4548],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxMjAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"osquery - Change Stats","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"osquery - Change Stats\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Changes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"osquery.hostIdentifier.keyword\",\"customLabel\":\"Endpoints\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"2f556c90-14e3-11e9-82f7-0da02d93a48b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"84116380-14e1-11e9-82f7-0da02d93a48b","name":"search_0","type":"search"}],"sort":[1688154054424,4550],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxMjEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Endgame - All Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Endgame - All Log Count Over Time\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-24h\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"used_interval\":\"30m\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"}],\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{},\"style\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"},\"style\":{}}],\"seriesParams\":[{\"show\":true,\"type\":\"area\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true,\"circlesRadius\":3}],\"addTooltip\":true,\"detailedTooltip\":true,\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"addLegend\":true,\"legendPosition\":\"right\",\"fittingFunction\":\"linear\",\"times\":[],\"addTimeMarker\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"labels\":{},\"radiusRatio\":9,\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"legendSize\":\"auto\"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"2f7966b0-53a4-11ec-b3ef-6bcc33056a36","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1688154054424,4553],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxMjIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset:files\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - File - Analyzer","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - File - Analyzer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"file.analyzer.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.analyzer.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Analyzer\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"2fc4bea0-7730-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4555],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxMjMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Intel - Seen (Donut Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":true}}","version":1,"visState":"{\"title\":\"Intel - Seen (Donut Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"seen_where.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Seen (Where)\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"3013af40-399b-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4557],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxMjQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Notices - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Notices - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"3027c4f0-34e4-11e7-9669-7f1d3242b798","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4559],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxMjUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"RADIUS - Authentication Result","uiStateJSON":"{\"vis\":{\"legendOpen\":true}}","version":1,"visState":"{\"title\":\"RADIUS - Authentication Result\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"result.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"30348db0-4a5b-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"75545310-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4561],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxMjYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMB - File/Path Summary","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"SMB - File/Path Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"path.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File Path\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"name.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"File Name\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"action.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Action\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"306c4330-4175-11e7-a0f7-47f4c03e3306","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688154054424,4563],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxMjcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Sysmon - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Sysmon - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_hostname.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Hostname\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"3072c750-6d71-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688154054424,4565],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxMjgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Security Onion - Navigation","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Navigation\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Home](/kibana/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645)     \\n \\n**Event Category**    \\n[Alert](/kibana/app/dashboards#/view/0e4af1d0-72ae-11ea-8dd2-9d8795a1200b) | \\n[File](/kibana/app/dashboards#/view/0245be10-6ec1-11ea-9266-1fd14ca6af34) |\\n[Host](/kibana/app/dashboards#/view/92e63cc0-6ec0-11ea-9266-1fd14ca6af34)  | [Network](/kibana/app/dashboards#/view/04ff3ef0-6ea4-11ea-9266-1fd14ca6af34) \"},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"8cfec8c0-6ec2-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[],"sort":[1688154054424,4566],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxMjksMV0="}
-{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"*\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":9,\"h\":8,\"i\":\"c706b8e5-9d49-4700-a3ea-26e86ac3a4c4\"},\"panelIndex\":\"c706b8e5-9d49-4700-a3ea-26e86ac3a4c4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":9,\"y\":0,\"w\":16,\"h\":8,\"i\":\"77c5d557-83e4-40b9-9177-388db29d711d\"},\"panelIndex\":\"77c5d557-83e4-40b9-9177-388db29d711d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":25,\"y\":0,\"w\":23,\"h\":8,\"i\":\"f044ff9c-455a-4085-88c8-92e9ead2bba0\"},\"panelIndex\":\"f044ff9c-455a-4085-88c8-92e9ead2bba0\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":8,\"w\":9,\"h\":19,\"i\":\"54873f75-4452-4938-840d-3a2f50547a88\"},\"panelIndex\":\"54873f75-4452-4938-840d-3a2f50547a88\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":9,\"y\":8,\"w\":13,\"h\":19,\"i\":\"30749cb6-18ad-4069-b18d-5912086fff9c\"},\"panelIndex\":\"30749cb6-18ad-4069-b18d-5912086fff9c\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":22,\"y\":8,\"w\":13,\"h\":19,\"i\":\"7c498d50-d009-493a-a8c9-c91303ad5556\"},\"panelIndex\":\"7c498d50-d009-493a-a8c9-c91303ad5556\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":35,\"y\":8,\"w\":13,\"h\":19,\"i\":\"2f69e716-e6e9-4595-801d-8f59b7d2c574\"},\"panelIndex\":\"2f69e716-e6e9-4595-801d-8f59b7d2c574\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":31,\"i\":\"6ddfd0a2-337e-47d1-8d4c-bc386a4210af\"},\"panelIndex\":\"6ddfd0a2-337e-47d1-8d4c-bc386a4210af\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"Security Onion - Indicator","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"30d0ac90-729f-11ea-8dd2-9d8795a1200b","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"8cfec8c0-6ec2-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"d9eb5b30-6ea9-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"ad398b70-6e9a-11ea-9266-1fd14ca6af34","name":"panel_3","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_5","type":"visualization"},{"id":"f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_6","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_7","type":"search"}],"sort":[1688154054424,4575],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxMzAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - HTTP - Destination IPs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - HTTP - Destination IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Source IP\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"30e97190-6eb6-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9ee33aa0-6eb1-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1688154054424,4577],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxMzEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Weird - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Weird - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"312cd460-364e-11e7-9dc3-d35061cb642d","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"e32d0d50-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4579],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxMzIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RFB - Server Version","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - RFB - Server Version\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rfb.server_major_version.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rfb.server_major_version.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Major Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rfb.server_minor_version.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Minor Version\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"316e90a0-75c8-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4581],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxMzMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DHCP - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DHCP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"317f8410-3655-11e7-baa7-b7de4ee40605","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"ac1799d0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4583],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxMzQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMB - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMB - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"31f5e040-3aad-11e7-8b17-0d8709b02c80","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688154054424,4585],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxMzUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Security Onion - Host Data","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Home](/kibana/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645)     \\n \\n**Modules**    \\n[Osquery](/kibana/app/dashboards#/view/bf7cf8d0-7732-11ea-bee5-af7f7c7b8e05)    \\n[Sysmon](/kibana/app/dashboards#/view/32f01e80-c780-11ea-bebb-37c5ab5894ea)    \\n\"},\"title\":\"Security Onion - Host Data\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"df50eba0-6ec0-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[],"sort":[1688154054424,4586],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxMzYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Username","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Username\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"Security Onion - Username\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"767c89f0-af4c-11ea-b262-353d451b125b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4588],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxMzcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Host - Process CLI","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Host - Process CLI\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"process.command_line\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Command Line\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"process.command_line.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"758187b0-72bd-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4590],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxMzgsMV0="}
-{"attributes":{"columns":["host.name","event.module","event.dataset","process.command_line","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.category:host \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[],"title":"Security Onion - Host Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"a866be10-0e45-11eb-a255-e1e8e85e3571","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4592],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxMzksMV0="}
-{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.module:sysmon\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":7,\"h\":7,\"i\":\"7f9eaa30-b358-4027-a312-249defe273c4\"},\"panelIndex\":\"7f9eaa30-b358-4027-a312-249defe273c4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":7,\"y\":0,\"w\":17,\"h\":7,\"i\":\"ca041a33-b29f-4ce6-8762-2dd86a9c27a2\"},\"panelIndex\":\"ca041a33-b29f-4ce6-8762-2dd86a9c27a2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":7,\"i\":\"4e6cdaec-ad6d-46b2-abdc-7383382635c7\"},\"panelIndex\":\"4e6cdaec-ad6d-46b2-abdc-7383382635c7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":7,\"w\":12,\"h\":16,\"i\":\"a49b6a25-fbb1-45bb-9585-c6ade0fced1f\"},\"panelIndex\":\"a49b6a25-fbb1-45bb-9585-c6ade0fced1f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":12,\"y\":7,\"w\":12,\"h\":16,\"i\":\"0172c75f-b90b-4bd6-852f-0852a2ace598\"},\"panelIndex\":\"0172c75f-b90b-4bd6-852f-0852a2ace598\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":24,\"y\":7,\"w\":24,\"h\":16,\"i\":\"1d246882-3945-4a7e-b602-15ccf3f09310\"},\"panelIndex\":\"1d246882-3945-4a7e-b602-15ccf3f09310\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}},\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":23,\"w\":48,\"h\":31,\"i\":\"48739737-ef82-4533-9a8e-f9fe0f615b05\"},\"panelIndex\":\"48739737-ef82-4533-9a8e-f9fe0f615b05\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"}]","timeRestore":false,"title":"Security Onion - Sysmon","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"32f01e80-c780-11ea-bebb-37c5ab5894ea","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"df50eba0-6ec0-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"ad398b70-6e9a-11ea-9266-1fd14ca6af34","name":"panel_3","type":"visualization"},{"id":"767c89f0-af4c-11ea-b262-353d451b125b","name":"panel_4","type":"visualization"},{"id":"758187b0-72bd-11ea-8dd2-9d8795a1200b","name":"panel_5","type":"visualization"},{"id":"a866be10-0e45-11eb-a255-e1e8e85e3571","name":"panel_6","type":"search"}],"sort":[1688154054424,4600],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxNDAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DNS - Query Type Name (Donut)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - DNS - Query Type Name (Donut)\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"dns.query.type_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"336dbde0-88aa-11eb-9841-852c8cc8a2e8","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4602],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxNDEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Tunnels - Action (Horizontal Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Tunnels - Action (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":false,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"action.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Action\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"33b39a60-6e35-11e7-9a19-a5996f8250c6","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d26d5510-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4604],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxNDIsMV0="}
-{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_irc\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"IRC - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"344c6010-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4606],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxNDMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Bro - Syslog - Severity (Horizontal Bar Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false},\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}","version":1,"visState":"{\"title\":\"Bro - Syslog - Severity (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":false,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{\"text\":\"Severity\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":false,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"severity.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Severity\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"346e5c30-76b7-11e7-94e1-3d2ec4e57ed9","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"269ca380-76b4-11e7-8c3e-cfcdd8c95d87","name":"search_0","type":"search"}],"sort":[1688154054424,4608],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxNDQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SMB - Share Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SMB - Share Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"smb.share_type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"34762420-75f0-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4610],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxNDUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Intel - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Intel - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"361d0bd0-35b7-11e7-a994-c528746bc6e8","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4612],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxNDYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DHCP - Message Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dhcp.message_types.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Message Type\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"Security Onion - DHCP - Message Type\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"36200e40-c76b-11ea-bebb-37c5ab5894ea","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4614],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxNDcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"osquery - Changes by Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"osquery - Changes by Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Count\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"osquery.name.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Change Type\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"369e16e0-14e4-11e9-82f7-0da02d93a48b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"84116380-14e1-11e9-82f7-0da02d93a48b","name":"search_0","type":"search"}],"sort":[1688154054424,4616],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxNDgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NTLM - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"NTLM - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per minute\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"36f23eb0-3ab0-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688154054424,4618],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxNDksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSL - Certificate Subject","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSL - Certificate Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"certificate_subject.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Subject\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"3753e110-365a-11e7-bf60-314364dd1cde","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4620],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxNTAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HTTP - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"HTTP - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"37f19e40-34c6-11e7-8360-0b86c90983fd","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4622],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxNTEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - IRC - Command Info","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - IRC - Command Info\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"irc.command.info.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"irc.command.info.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Command Info\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"db279540-75bb-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4624],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxNTIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - User Command Overview","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - User Command Overview\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"irc.nickname.keyword: Descending\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Command Type\",\"aggType\":\"terms\"},{\"accessor\":4,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"irc.username.keyword: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"irc.username.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"irc.nickname.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"irc.command.type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Command Type\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"f7ee5fb0-75bb-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4626],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxNTMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:irc\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"2d2b4444-14c0-4812-a22e-ca6d509a0c7f\"},\"panelIndex\":\"2d2b4444-14c0-4812-a22e-ca6d509a0c7f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2d2b4444-14c0-4812-a22e-ca6d509a0c7f\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":13,\"y\":0,\"w\":16,\"h\":8,\"i\":\"0035e7f6-2c85-494d-88aa-0f6ebc21f6c8\"},\"panelIndex\":\"0035e7f6-2c85-494d-88aa-0f6ebc21f6c8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0035e7f6-2c85-494d-88aa-0f6ebc21f6c8\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":8,\"i\":\"147c5d40-556b-4b41-a1bb-ed0976fae0c8\"},\"panelIndex\":\"147c5d40-556b-4b41-a1bb-ed0976fae0c8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_147c5d40-556b-4b41-a1bb-ed0976fae0c8\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":8,\"w\":8,\"h\":19,\"i\":\"9a9084a5-0f74-4bdd-befd-b9bece56ea53\"},\"panelIndex\":\"9a9084a5-0f74-4bdd-befd-b9bece56ea53\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9a9084a5-0f74-4bdd-befd-b9bece56ea53\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":8,\"y\":8,\"w\":9,\"h\":19,\"i\":\"9ffba622-36f6-4343-b0a3-1c59e3f6d297\"},\"panelIndex\":\"9ffba622-36f6-4343-b0a3-1c59e3f6d297\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9ffba622-36f6-4343-b0a3-1c59e3f6d297\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":17,\"y\":8,\"w\":15,\"h\":19,\"i\":\"f0f0af04-4f81-437a-ada5-173a1ef8bd11\"},\"panelIndex\":\"f0f0af04-4f81-437a-ada5-173a1ef8bd11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f0f0af04-4f81-437a-ada5-173a1ef8bd11\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":32,\"y\":8,\"w\":16,\"h\":19,\"i\":\"3dab7339-3266-4127-86f3-eef2108d5dbf\"},\"panelIndex\":\"3dab7339-3266-4127-86f3-eef2108d5dbf\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3dab7339-3266-4127-86f3-eef2108d5dbf\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":27,\"w\":47,\"h\":29,\"i\":\"f5bae4c6-d940-4a76-ba9c-3d5c5ab6849e\"},\"panelIndex\":\"f5bae4c6-d940-4a76-ba9c-3d5c5ab6849e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f5bae4c6-d940-4a76-ba9c-3d5c5ab6849e\"}]","timeRestore":false,"title":"Security Onion - IRC","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"38523560-75ba-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"2d2b4444-14c0-4812-a22e-ca6d509a0c7f:panel_2d2b4444-14c0-4812-a22e-ca6d509a0c7f","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"0035e7f6-2c85-494d-88aa-0f6ebc21f6c8:panel_0035e7f6-2c85-494d-88aa-0f6ebc21f6c8","type":"visualization"},{"id":"c879ad60-72a1-11ea-8dd2-9d8795a1200b","name":"147c5d40-556b-4b41-a1bb-ed0976fae0c8:panel_147c5d40-556b-4b41-a1bb-ed0976fae0c8","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"9a9084a5-0f74-4bdd-befd-b9bece56ea53:panel_9a9084a5-0f74-4bdd-befd-b9bece56ea53","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"9ffba622-36f6-4343-b0a3-1c59e3f6d297:panel_9ffba622-36f6-4343-b0a3-1c59e3f6d297","type":"visualization"},{"id":"db279540-75bb-11ea-9565-7315f4ee5cac","name":"f0f0af04-4f81-437a-ada5-173a1ef8bd11:panel_f0f0af04-4f81-437a-ada5-173a1ef8bd11","type":"visualization"},{"id":"f7ee5fb0-75bb-11ea-9565-7315f4ee5cac","name":"3dab7339-3266-4127-86f3-eef2108d5dbf:panel_3dab7339-3266-4127-86f3-eef2108d5dbf","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"f5bae4c6-d940-4a76-ba9c-3d5c5ab6849e:panel_f5bae4c6-d940-4a76-ba9c-3d5c5ab6849e","type":"search"}],"sort":[1688154054424,4635],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxNTQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"NIDS - Alert Summary - Drilldown","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NIDS - Alert Summary - Drilldown\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP Address\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"3a1b54b0-e061-11e9-8f0c-2ddbf5ed9290","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4637],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxNTUsMV0="}
-{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"tags:_grokparsefailure OR tags:_csvparsefailure OR tags:_rubyexception\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Errors","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"ef487fd0-46cf-11e7-ba56-317a6969f55c","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4639],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxNTYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Logstash - Error Type (Donut Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Logstash - Error Type (Donut Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tags.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"exclude\":\"\",\"include\":\"_csvparsefailure|_grokparsefailure|_rubyexception\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"event_type.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"3a273780-46d0-11e7-946f-1bfb1be7c36b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"ef487fd0-46cf-11e7-ba56-317a6969f55c","name":"search_0","type":"search"}],"sort":[1688154054424,4641],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxNTcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Endgame - All Log Count Over Time Stacked Bar Graph","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Endgame - All Log Count Over Time Stacked Bar Graph\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-24h\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"used_interval\":\"30m\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"group\"}],\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{},\"style\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"},\"style\":{}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true,\"circlesRadius\":3}],\"addTooltip\":true,\"detailedTooltip\":true,\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"addLegend\":true,\"legendPosition\":\"right\",\"fittingFunction\":\"linear\",\"times\":[],\"addTimeMarker\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"labels\":{},\"radiusRatio\":9,\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"row\":true,\"legendSize\":\"auto\"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"3ae34620-6258-11ec-864c-8b5450f97635","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1688154054424,4644],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxNTgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - MySQL - Response","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - MySQL - Response\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mysql.response.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"3af496e0-75c0-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4646],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxNTksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Endgame - Hosts","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Endgame - Hosts\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"showToolbar\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"3b50b220-53ab-11ec-b3ef-6bcc33056a36","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4648],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxNjAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}"},"savedSearchRefName":"search_0","title":"Sysmon - Image","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"Sysmon - Image\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"image_path.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"None\",\"exclude\":\"\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Image\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"parent_image_path.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"None\",\"exclude\":\"\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Parent Image\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"3b6c92c0-6d72-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688154054424,4650],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxNjEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Syslog - Priority (Vertical bar Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Syslog - Priority (Vertical bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Priority\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"syslog-priority.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Priority\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"3bf1fdc0-76e6-11e7-ab14-e1a4c1bc11e0","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"5a86ffe0-76e3-11e7-ab14-e1a4c1bc11e0","name":"search_0","type":"search"}],"sort":[1688154054424,4652],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxNjIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"IRC - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"IRC - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"3c073d20-6e17-11e7-8624-1fb07dd76c6a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"344c6010-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4654],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxNjMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Modbus - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Modbus - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"3c65f500-380b-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"52dc9fe0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4656],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxNjQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Tunnels - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Tunnels - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"3cdf2400-3808-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d26d5510-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4658],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxNjUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - File - Source","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - File - Source\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"file.action.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.source.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"3e6037d0-75f2-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4660],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxNjYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"NIDS - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NIDS - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"3f040620-4a44-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4662],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxNjcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Kerberos - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Kerberos - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"3f34faa0-3636-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4664],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxNjgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"HTTP - Destination Port (Vertical Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"HTTP - Destination Port (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":75,\"filter\":true},\"title\":{\"text\":\"Port\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"3f4abb40-6e0a-11e7-84cc-b363f104b3c7","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4666],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxNjksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Agent - Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Agent - Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"agent.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"407784f0-7738-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4668],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxNzAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Connections - Top 10 - Total Bytes By Source IP","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Connections - Top 10 - Total Bytes By Source IP\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100,\"filter\":true},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Source IP Address\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"left\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\",\"circlesRadius\":1}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"total_bytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"source_ip\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source_ip\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP Address\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"41a33c80-3b0d-11e7-a6f9-5d3fe735ec2b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4670],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxNzEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"X.509 - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"X.509 - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"41bee360-3642-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"f5038cc0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4672],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxNzIsMV0="}
-{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query_string\":{\"query\":\"event_type:bro_dns AND _exists_:creation_date AND creation_date:[now-3M TO now]\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"DNS - Domains with creation date < 3 months","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"fce833e0-6f12-11e7-86c8-a1b6db3b051a","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4674],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxNzMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNS - Baby Domain Requests","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNS - Baby Domain Requests\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"highest_registered_domain.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Domain\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"creation_date\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"_term\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"41ec0ca0-6f13-11e7-86c8-a1b6db3b051a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fce833e0-6f12-11e7-86c8-a1b6db3b051a","name":"search_0","type":"search"}],"sort":[1688154054424,4676],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxNzQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SNMP - Community String","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SNMP - Community String\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"snmp.community.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"snmp.community.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Community String\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"424ace90-75e9-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4678],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxNzUsMV0="}
-{"attributes":{"columns":[],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.category\",\"params\":{\"query\":\"process\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"event.category\":\"process\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Endgame - Process Search","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"424d7a60-6f0b-11ec-864c-8b5450f97635","migrationVersion":{"search":"8.0.0"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1688154054424,4681],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxNzYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DCE/RPC - Summary","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DCE/RPC - Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"endpoint.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Endpoint\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"operation.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Operation\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"named_pipe.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Named Pipe\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"42b17660-4a47-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688154054424,4683],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxNzcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Tunnels - Type (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Tunnels - Type (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tunnel_type.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"43b2b040-3807-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d26d5510-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4685],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxNzgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"X.509 - Certificate Key Algorithm (Horizontal Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"X.509 - Certificate Key Algorithm (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"certificate_key_algorithm.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Algorithm\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"446e85c0-6e37-11e7-a8d6-ed2e692de531","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"f5038cc0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4687],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxNzksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"OSSEC Alerts - Process and Username (Data Table)","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"OSSEC Alerts - Process and Username (Data Table)\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"process.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Process\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"447bd2f0-4a43-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d9096bb0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4689],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxODAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Least Common HTTP Methods","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Least Common HTTP Methods\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":13,\"maxFontSize\":39,\"showLabel\":false,\"metric\":{\"type\":\"vis_dimension\",\"accessor\":1,\"format\":{\"id\":\"string\",\"params\":{}}},\"bucket\":{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.method.keyword\",\"orderBy\":\"1\",\"order\":\"asc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"6411e5b0-6eb2-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9ee33aa0-6eb1-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1688154054424,4691],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxODEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - HTTP - Source IPs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - HTTP - Source IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Destination IP\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"6d0fb2b0-6eb6-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9ee33aa0-6eb1-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1688154054424,4693],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxODIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - HTTP - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - HTTP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"destination.port: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"51ad64d0-6eb7-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9ee33aa0-6eb1-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1688154054424,4695],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxODMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - HTTP - UserAgent","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - HTTP - UserAgent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"http.useragent.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"UserAgent\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"c2f93f40-6ed7-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9ee33aa0-6eb1-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1688154054424,4697],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxODQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - HTTP - URI","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - HTTP - URI\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"http.uri.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"http.uri.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"URI\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"f22e8660-6eb6-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9ee33aa0-6eb1-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1688154054424,4699],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxODUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:http\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":9,\"i\":\"6e3caf86-a1ea-4363-9c73-205de5f43ba9\"},\"panelIndex\":\"6e3caf86-a1ea-4363-9c73-205de5f43ba9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6e3caf86-a1ea-4363-9c73-205de5f43ba9\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":14,\"y\":0,\"w\":16,\"h\":9,\"i\":\"0b0546ef-637b-4a40-b87b-a454b78cc810\"},\"panelIndex\":\"0b0546ef-637b-4a40-b87b-a454b78cc810\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0b0546ef-637b-4a40-b87b-a454b78cc810\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":9,\"i\":\"9c49b93a-5b5d-4613-8342-c01c69970bce\"},\"panelIndex\":\"9c49b93a-5b5d-4613-8342-c01c69970bce\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9c49b93a-5b5d-4613-8342-c01c69970bce\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":8,\"h\":18,\"i\":\"15d7c88b-1619-4290-8968-fa2adfddd72f\"},\"panelIndex\":\"15d7c88b-1619-4290-8968-fa2adfddd72f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_15d7c88b-1619-4290-8968-fa2adfddd72f\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":8,\"y\":9,\"w\":8,\"h\":18,\"i\":\"d1219968-6b7f-4040-9c75-0611b9cbf8a0\"},\"panelIndex\":\"d1219968-6b7f-4040-9c75-0611b9cbf8a0\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_d1219968-6b7f-4040-9c75-0611b9cbf8a0\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":16,\"y\":9,\"w\":9,\"h\":18,\"i\":\"377e3099-7aec-474c-9201-2f1845c58d24\"},\"panelIndex\":\"377e3099-7aec-474c-9201-2f1845c58d24\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_377e3099-7aec-474c-9201-2f1845c58d24\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":25,\"y\":9,\"w\":23,\"h\":18,\"i\":\"1b444602-2f1c-4c32-85fc-1e5f46235303\"},\"panelIndex\":\"1b444602-2f1c-4c32-85fc-1e5f46235303\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1b444602-2f1c-4c32-85fc-1e5f46235303\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":27,\"w\":11,\"h\":18,\"i\":\"9b1df72c-b6fd-4abd-a961-32176c26cc3d\"},\"panelIndex\":\"9b1df72c-b6fd-4abd-a961-32176c26cc3d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9b1df72c-b6fd-4abd-a961-32176c26cc3d\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":11,\"y\":27,\"w\":10,\"h\":18,\"i\":\"52c3ab70-9b8d-4c26-953d-f1a943fdff38\"},\"panelIndex\":\"52c3ab70-9b8d-4c26-953d-f1a943fdff38\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_52c3ab70-9b8d-4c26-953d-f1a943fdff38\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":21,\"y\":27,\"w\":27,\"h\":18,\"i\":\"ea97cb71-fbb6-46ae-bb4a-4d01c3a6edb2\"},\"panelIndex\":\"ea97cb71-fbb6-46ae-bb4a-4d01c3a6edb2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_ea97cb71-fbb6-46ae-bb4a-4d01c3a6edb2\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":45,\"w\":48,\"h\":29,\"i\":\"17d41692-eb81-4c13-aaa3-2a4bccc125df\"},\"panelIndex\":\"17d41692-eb81-4c13-aaa3-2a4bccc125df\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_17d41692-eb81-4c13-aaa3-2a4bccc125df\"}]","timeRestore":false,"title":"Security Onion - HTTP","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"44e9c820-6eb1-11ea-9266-1fd14ca6af34","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"6e3caf86-a1ea-4363-9c73-205de5f43ba9:panel_6e3caf86-a1ea-4363-9c73-205de5f43ba9","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"0b0546ef-637b-4a40-b87b-a454b78cc810:panel_0b0546ef-637b-4a40-b87b-a454b78cc810","type":"visualization"},{"id":"6411e5b0-6eb2-11ea-9266-1fd14ca6af34","name":"9c49b93a-5b5d-4613-8342-c01c69970bce:panel_9c49b93a-5b5d-4613-8342-c01c69970bce","type":"visualization"},{"id":"6d0fb2b0-6eb6-11ea-9266-1fd14ca6af34","name":"15d7c88b-1619-4290-8968-fa2adfddd72f:panel_15d7c88b-1619-4290-8968-fa2adfddd72f","type":"visualization"},{"id":"30e97190-6eb6-11ea-9266-1fd14ca6af34","name":"d1219968-6b7f-4040-9c75-0611b9cbf8a0:panel_d1219968-6b7f-4040-9c75-0611b9cbf8a0","type":"visualization"},{"id":"51ad64d0-6eb7-11ea-9266-1fd14ca6af34","name":"377e3099-7aec-474c-9201-2f1845c58d24:panel_377e3099-7aec-474c-9201-2f1845c58d24","type":"visualization"},{"id":"c2f93f40-6ed7-11ea-9266-1fd14ca6af34","name":"1b444602-2f1c-4c32-85fc-1e5f46235303:panel_1b444602-2f1c-4c32-85fc-1e5f46235303","type":"visualization"},{"id":"088aad70-7377-11ea-a3da-cbdb4f8a90c0","name":"9b1df72c-b6fd-4abd-a961-32176c26cc3d:panel_9b1df72c-b6fd-4abd-a961-32176c26cc3d","type":"visualization"},{"id":"28bf2ef0-6eb7-11ea-9266-1fd14ca6af34","name":"52c3ab70-9b8d-4c26-953d-f1a943fdff38:panel_52c3ab70-9b8d-4c26-953d-f1a943fdff38","type":"visualization"},{"id":"f22e8660-6eb6-11ea-9266-1fd14ca6af34","name":"ea97cb71-fbb6-46ae-bb4a-4d01c3a6edb2:panel_ea97cb71-fbb6-46ae-bb4a-4d01c3a6edb2","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"17d41692-eb81-4c13-aaa3-2a4bccc125df:panel_17d41692-eb81-4c13-aaa3-2a4bccc125df","type":"search"}],"sort":[1688154054424,4711],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxODYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Modbus - Function","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Modbus - Function\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"function.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Function\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"453f8b90-4a58-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"52dc9fe0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4713],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxODcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"NIDS Alerts - Category","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"NIDS Alerts - Category\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":200},\"position\":\"left\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Category\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\",\"circlesRadius\":1}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":true,\"rotate\":75,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"bottom\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"category.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Category\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"45464b50-3af6-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4715],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxODgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DNS - Query Class (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"DNS - Query Class (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"query_class_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query Class\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"45a652b0-34c1-11e7-917c-af7a9d11771a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4717],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxODksMV0="}
-{"attributes":{"columns":["message","fuid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_pe\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"PE - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"66288140-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4719],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxOTAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"PE - OS (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"PE - OS (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"os.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"45c4ae10-380c-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"66288140-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4721],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxOTEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SSH - Server","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SSH - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ssh.server.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ssh.server.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"46221fe0-75ea-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4723],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxOTIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Autoruns - Category","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Autoruns - Category\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":75},\"title\":{\"text\":\"Category\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"category.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Category\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"482be9b0-6d78-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"dd700830-6d69-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688154054424,4725],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxOTMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Kerberos - Service","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Kerberos - Service\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"kerberos.service.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"kerberos.service.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"48331f00-75bd-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4727],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxOTQsMV0="}
-{"attributes":{"columns":["source_ip","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_dnp3\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"DNP3 - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"c2587840-342d-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4729],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxOTUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNP3 - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNP3 - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"4898f230-6e0e-11e7-8624-1fb07dd76c6a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c2587840-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4731],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxOTYsMV0="}
-{"attributes":{"columns":["file.name","file.directory"],"description":"","grid":{},"hideChart":false,"hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.category\",\"params\":{\"query\":\"file\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"event.category\":\"file\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Endgame - File Search","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"90facda0-6f08-11ec-864c-8b5450f97635","migrationVersion":{"search":"8.0.0"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1688154054424,4734],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxOTcsMV0="}
-{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":10,\"h\":12,\"i\":\"d3fd89cc-9483-41b1-90e8-c2e86b862d4c\"},\"panelIndex\":\"d3fd89cc-9483-41b1-90e8-c2e86b862d4c\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"Endgame - Navigation\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Admin](/kibana/app/dashboards#/view/6063a9e0-61b2-11ec-864c-8b5450f97635)     \\n \\n**Event Category**    \\n[Alert](https://PLACEHOLDER/kibana/app/dashboards#/view/0c8e61c0-67fc-11ec-864c-8b5450f97635) | \\n[File](/kibana/app/dashboards#/view/4923ad00-6349-11ec-864c-8b5450f97635) | [Network](/kibana/app/dashboards#/view/49d34770-53b2-11ec-b3ef-6bcc33056a36) | [Process](/kibana/app/dashboards#/view/790991a0-6287-11ec-864c-8b5450f97635) | [Authentication](/kibana/app/dashboards#/view/6c5aaff0-63f6-11ec-864c-8b5450f97635) | [Registry](/kibana/app/dashboards#/view/a6c6c880-63f7-11ec-864c-8b5450f97635)\\n\\n**Endgame**  \\n[Endgame Alerts](https:///alerts/dashboard)\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{},\"type\":\"visualization\"},\"panelRefName\":\"panel_d3fd89cc-9483-41b1-90e8-c2e86b862d4c\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"x\":10,\"y\":0,\"w\":13,\"h\":12,\"i\":\"dcf897df-beb2-4a1b-86b2-4b8b0370aa94\"},\"panelIndex\":\"dcf897df-beb2-4a1b-86b2-4b8b0370aa94\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"id\":\"3505d400-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_dcf897df-beb2-4a1b-86b2-4b8b0370aa94\",\"type\":\"lens\"},{\"id\":\"3505d400-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_dcf897df-beb2-4a1b-86b2-4b8b0370aa94\",\"type\":\"lens\"},{\"id\":\"3505d400-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_dcf897df-beb2-4a1b-86b2-4b8b0370aa94\",\"type\":\"lens\"},{\"id\":\"3505d400-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_dcf897df-beb2-4a1b-86b2-4b8b0370aa94\",\"type\":\"lens\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-265fc12b-5b8f-4440-9d9a-77ca0e8b2ac0\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"layerId\":\"265fc12b-5b8f-4440-9d9a-77ca0e8b2ac0\",\"accessor\":\"b2fc5f2d-52a4-4e20-9ca6-1afad1b8b45e\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"},\"query\":{\"query\":\"event.category.keyword : \\\"file\\\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.category\",\"params\":{\"query\":\"file\"},\"index\":\"filter-index-pattern-0\"},\"query\":{\"match_phrase\":{\"event.category\":\"file\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"265fc12b-5b8f-4440-9d9a-77ca0e8b2ac0\":{\"columns\":{\"b2fc5f2d-52a4-4e20-9ca6-1afad1b8b45e\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"columnOrder\":[\"b2fc5f2d-52a4-4e20-9ca6-1afad1b8b45e\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Endgame - File All Logs\",\"panelRefName\":\"panel_dcf897df-beb2-4a1b-86b2-4b8b0370aa94\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"x\":23,\"y\":0,\"w\":25,\"h\":12,\"i\":\"fb5061a4-571d-4f4d-a3b5-fd7851d324ca\"},\"panelIndex\":\"fb5061a4-571d-4f4d-a3b5-fd7851d324ca\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"42a22c30-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_fb5061a4-571d-4f4d-a3b5-fd7851d324ca\",\"type\":\"lens\"},{\"id\":\"42a22c30-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_fb5061a4-571d-4f4d-a3b5-fd7851d324ca\",\"type\":\"lens\"},{\"id\":\"42a22c30-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_fb5061a4-571d-4f4d-a3b5-fd7851d324ca\",\"type\":\"lens\"},{\"id\":\"42a22c30-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_fb5061a4-571d-4f4d-a3b5-fd7851d324ca\",\"type\":\"lens\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-10863c78-73fc-4739-88ea-b6e3419da4db\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"line\",\"layers\":[{\"layerId\":\"10863c78-73fc-4739-88ea-b6e3419da4db\",\"accessors\":[\"4e101a7c-04a5-4ab9-96c5-ef10fc92547b\"],\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"e472c6a1-d786-43f7-95f0-df55a990e268\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.category\",\"params\":{\"query\":\"file\"},\"index\":\"filter-index-pattern-0\"},\"query\":{\"match_phrase\":{\"event.category\":\"file\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"10863c78-73fc-4739-88ea-b6e3419da4db\":{\"columns\":{\"e472c6a1-d786-43f7-95f0-df55a990e268\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true}},\"4e101a7c-04a5-4ab9-96c5-ef10fc92547b\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"columnOrder\":[\"e472c6a1-d786-43f7-95f0-df55a990e268\",\"4e101a7c-04a5-4ab9-96c5-ef10fc92547b\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Endgame - File Log Count Over Time\",\"panelRefName\":\"panel_fb5061a4-571d-4f4d-a3b5-fd7851d324ca\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":12,\"w\":32,\"h\":16,\"i\":\"30774bd7-ee7f-4c21-aa67-104e961664ee\"},\"panelIndex\":\"30774bd7-ee7f-4c21-aa67-104e961664ee\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"4d6bdc60-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_30774bd7-ee7f-4c21-aa67-104e961664ee\",\"type\":\"lens\"},{\"id\":\"4d6bdc60-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_30774bd7-ee7f-4c21-aa67-104e961664ee\",\"type\":\"lens\"},{\"id\":\"4d6bdc60-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_30774bd7-ee7f-4c21-aa67-104e961664ee\",\"type\":\"lens\"},{\"id\":\"4d6bdc60-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_30774bd7-ee7f-4c21-aa67-104e961664ee\",\"type\":\"lens\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-860e44c0-e06a-4d8a-9172-b542532df353\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"860e44c0-e06a-4d8a-9172-b542532df353\",\"accessors\":[\"63defa8c-527b-4165-9fb9-4e564bd03695\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"0c6f3897-05c7-4aa3-90e5-17f58946a3af\",\"splitAccessor\":\"55eacb06-199f-41eb-b6dc-b5b1407b7073\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.category\",\"params\":{\"query\":\"file\"},\"index\":\"filter-index-pattern-0\"},\"query\":{\"match_phrase\":{\"event.category\":\"file\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"860e44c0-e06a-4d8a-9172-b542532df353\":{\"columns\":{\"55eacb06-199f-41eb-b6dc-b5b1407b7073\":{\"label\":\"Top values of event.action\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"event.action\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"63defa8c-527b-4165-9fb9-4e564bd03695\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"0c6f3897-05c7-4aa3-90e5-17f58946a3af\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true}},\"63defa8c-527b-4165-9fb9-4e564bd03695\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"columnOrder\":[\"55eacb06-199f-41eb-b6dc-b5b1407b7073\",\"0c6f3897-05c7-4aa3-90e5-17f58946a3af\",\"63defa8c-527b-4165-9fb9-4e564bd03695\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Endgame - File Event Action\",\"panelRefName\":\"panel_30774bd7-ee7f-4c21-aa67-104e961664ee\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"x\":32,\"y\":12,\"w\":16,\"h\":16,\"i\":\"8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1\"},\"panelIndex\":\"8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"id\":\"5a43fa30-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1\",\"type\":\"lens\"},{\"id\":\"5a43fa30-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1\",\"type\":\"lens\"},{\"id\":\"5a43fa30-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1\",\"type\":\"lens\"},{\"id\":\"5a43fa30-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1\",\"type\":\"lens\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-b12aced8-11a0-4a83-a7c5-129f142e8f04\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"layerId\":\"b12aced8-11a0-4a83-a7c5-129f142e8f04\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"bc61b519-0caa-4bf7-bbe7-6077fb307d0a\"},{\"columnId\":\"f549d182-14e5-4395-b185-4cd192e4030c\"}],\"rowHeight\":\"single\",\"rowHeightLines\":1},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.category\",\"params\":{\"query\":\"file\"},\"index\":\"filter-index-pattern-0\"},\"query\":{\"match_phrase\":{\"event.category\":\"file\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"b12aced8-11a0-4a83-a7c5-129f142e8f04\":{\"columns\":{\"bc61b519-0caa-4bf7-bbe7-6077fb307d0a\":{\"label\":\"Top values of user.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user.name\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"f549d182-14e5-4395-b185-4cd192e4030c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"f549d182-14e5-4395-b185-4cd192e4030c\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"columnOrder\":[\"bc61b519-0caa-4bf7-bbe7-6077fb307d0a\",\"f549d182-14e5-4395-b185-4cd192e4030c\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Endgame - File Username\",\"panelRefName\":\"panel_8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":28,\"w\":23,\"h\":31,\"i\":\"cd2e58e6-ecaf-46ff-89ae-3f6c104137b2\"},\"panelIndex\":\"cd2e58e6-ecaf-46ff-89ae-3f6c104137b2\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2\",\"type\":\"lens\"},{\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2\",\"type\":\"lens\"},{\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2\",\"type\":\"lens\"},{\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2\",\"type\":\"lens\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-e5f77e35-1bc5-4487-9602-e2962cafa87b\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"layerId\":\"e5f77e35-1bc5-4487-9602-e2962cafa87b\",\"layerType\":\"data\",\"columns\":[{\"isTransposed\":false,\"columnId\":\"ade5af28-bac8-4a2d-adff-28580282a9d2\"},{\"isTransposed\":false,\"columnId\":\"e480935c-b388-48c6-9582-fb4600b462fb\"},{\"columnId\":\"bb5f0057-5e74-4baf-9839-aff53de6d145\",\"isTransposed\":false}],\"rowHeight\":\"single\",\"rowHeightLines\":1},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.category\",\"params\":{\"query\":\"file\"},\"index\":\"filter-index-pattern-0\"},\"query\":{\"match_phrase\":{\"event.category\":\"file\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"e5f77e35-1bc5-4487-9602-e2962cafa87b\":{\"columns\":{\"ade5af28-bac8-4a2d-adff-28580282a9d2\":{\"label\":\"Top values of file.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"file.name\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e480935c-b388-48c6-9582-fb4600b462fb\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true}},\"e480935c-b388-48c6-9582-fb4600b462fb\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"bb5f0057-5e74-4baf-9839-aff53de6d145\":{\"label\":\"Top values of file.path\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"file.path\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e480935c-b388-48c6-9582-fb4600b462fb\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true}}},\"columnOrder\":[\"ade5af28-bac8-4a2d-adff-28580282a9d2\",\"bb5f0057-5e74-4baf-9839-aff53de6d145\",\"e480935c-b388-48c6-9582-fb4600b462fb\"],\"incompleteColumns\":{}}}}}}},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Endgame - File Name\",\"panelRefName\":\"panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"x\":23,\"y\":28,\"w\":25,\"h\":11,\"i\":\"7e1aecd8-bbbe-453c-868b-8335f5ab65ea\"},\"panelIndex\":\"7e1aecd8-bbbe-453c-868b-8335f5ab65ea\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"id\":\"74daec50-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_7e1aecd8-bbbe-453c-868b-8335f5ab65ea\",\"type\":\"lens\"},{\"id\":\"74daec50-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_7e1aecd8-bbbe-453c-868b-8335f5ab65ea\",\"type\":\"lens\"},{\"id\":\"74daec50-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_7e1aecd8-bbbe-453c-868b-8335f5ab65ea\",\"type\":\"lens\"},{\"id\":\"74daec50-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_7e1aecd8-bbbe-453c-868b-8335f5ab65ea\",\"type\":\"lens\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-377145dd-d931-4e01-8719-fa4e36df631a\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"layerId\":\"377145dd-d931-4e01-8719-fa4e36df631a\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"6ba09492-0ce8-4f51-9263-e85a0a74225c\"},{\"columnId\":\"123ad80c-6989-4387-a25a-9f0a60d6ea7b\"}],\"rowHeight\":\"single\",\"rowHeightLines\":1},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.category\",\"params\":{\"query\":\"file\"},\"index\":\"filter-index-pattern-0\"},\"query\":{\"match_phrase\":{\"event.category\":\"file\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"377145dd-d931-4e01-8719-fa4e36df631a\":{\"columns\":{\"6ba09492-0ce8-4f51-9263-e85a0a74225c\":{\"label\":\"Top values of host.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.name\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"123ad80c-6989-4387-a25a-9f0a60d6ea7b\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"123ad80c-6989-4387-a25a-9f0a60d6ea7b\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"columnOrder\":[\"6ba09492-0ce8-4f51-9263-e85a0a74225c\",\"123ad80c-6989-4387-a25a-9f0a60d6ea7b\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Endgame - File Hostname\",\"panelRefName\":\"panel_7e1aecd8-bbbe-453c-868b-8335f5ab65ea\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"x\":23,\"y\":39,\"w\":25,\"h\":20,\"i\":\"9fa50224-7ba0-4adb-806a-bca0ddaf81d0\"},\"panelIndex\":\"9fa50224-7ba0-4adb-806a-bca0ddaf81d0\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"id\":\"82ab9af0-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_9fa50224-7ba0-4adb-806a-bca0ddaf81d0\",\"type\":\"lens\"},{\"id\":\"82ab9af0-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_9fa50224-7ba0-4adb-806a-bca0ddaf81d0\",\"type\":\"lens\"},{\"id\":\"82ab9af0-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_9fa50224-7ba0-4adb-806a-bca0ddaf81d0\",\"type\":\"lens\"},{\"id\":\"82ab9af0-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_9fa50224-7ba0-4adb-806a-bca0ddaf81d0\",\"type\":\"lens\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-3320254d-3b41-4746-946e-70357e58da19\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"3320254d-3b41-4746-946e-70357e58da19\",\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"layerType\":\"data\",\"legendSize\":\"auto\",\"primaryGroups\":[\"4a9a0ae7-34cc-407e-8f0c-a60c234179b7\"],\"metrics\":[\"9ee7fb17-68de-4b29-b3e8-21336f4b15ca\"]}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.category\",\"params\":{\"query\":\"file\"},\"index\":\"filter-index-pattern-0\"},\"query\":{\"match_phrase\":{\"event.category\":\"file\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"3320254d-3b41-4746-946e-70357e58da19\":{\"columns\":{\"4a9a0ae7-34cc-407e-8f0c-a60c234179b7\":{\"label\":\"Top values of event.type\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"event.type\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"9ee7fb17-68de-4b29-b3e8-21336f4b15ca\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"9ee7fb17-68de-4b29-b3e8-21336f4b15ca\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"columnOrder\":[\"4a9a0ae7-34cc-407e-8f0c-a60c234179b7\",\"9ee7fb17-68de-4b29-b3e8-21336f4b15ca\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"fa53d234-1d45-4a90-8468-631012e68ce8\",\"triggers\":[\"FILTER_TRIGGER\"],\"action\":{\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"Go to File Dashboard\",\"config\":{\"useCurrentFilters\":true,\"useCurrentDateRange\":true}}}]}},\"type\":\"lens\"},\"title\":\"Endgame - File Event Type (Donut)\",\"panelRefName\":\"panel_9fa50224-7ba0-4adb-806a-bca0ddaf81d0\"},{\"version\":\"7.16.2\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":59,\"w\":48,\"h\":16,\"i\":\"0f24d345-114e-44a8-ac45-75258008cf3b\"},\"panelIndex\":\"0f24d345-114e-44a8-ac45-75258008cf3b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0f24d345-114e-44a8-ac45-75258008cf3b\"}]","timeRestore":false,"title":"Endgame - File","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"4923ad00-6349-11ec-864c-8b5450f97635","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"754f7380-6d82-11ec-864c-8b5450f97635","name":"d3fd89cc-9483-41b1-90e8-c2e86b862d4c:panel_d3fd89cc-9483-41b1-90e8-c2e86b862d4c","type":"visualization"},{"id":"3505d400-6d6d-11ec-864c-8b5450f97635","name":"dcf897df-beb2-4a1b-86b2-4b8b0370aa94:panel_dcf897df-beb2-4a1b-86b2-4b8b0370aa94","type":"lens"},{"id":"3505d400-6d6d-11ec-864c-8b5450f97635","name":"dcf897df-beb2-4a1b-86b2-4b8b0370aa94:panel_dcf897df-beb2-4a1b-86b2-4b8b0370aa94","type":"lens"},{"id":"3505d400-6d6d-11ec-864c-8b5450f97635","name":"dcf897df-beb2-4a1b-86b2-4b8b0370aa94:panel_dcf897df-beb2-4a1b-86b2-4b8b0370aa94","type":"lens"},{"id":"3505d400-6d6d-11ec-864c-8b5450f97635","name":"dcf897df-beb2-4a1b-86b2-4b8b0370aa94:panel_dcf897df-beb2-4a1b-86b2-4b8b0370aa94","type":"lens"},{"id":"3505d400-6d6d-11ec-864c-8b5450f97635","name":"dcf897df-beb2-4a1b-86b2-4b8b0370aa94:panel_dcf897df-beb2-4a1b-86b2-4b8b0370aa94","type":"lens"},{"id":"endgame-*","name":"dcf897df-beb2-4a1b-86b2-4b8b0370aa94:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"dcf897df-beb2-4a1b-86b2-4b8b0370aa94:indexpattern-datasource-layer-265fc12b-5b8f-4440-9d9a-77ca0e8b2ac0","type":"index-pattern"},{"id":"endgame-*","name":"dcf897df-beb2-4a1b-86b2-4b8b0370aa94:filter-index-pattern-0","type":"index-pattern"},{"id":"42a22c30-6d6d-11ec-864c-8b5450f97635","name":"fb5061a4-571d-4f4d-a3b5-fd7851d324ca:panel_fb5061a4-571d-4f4d-a3b5-fd7851d324ca","type":"lens"},{"id":"42a22c30-6d6d-11ec-864c-8b5450f97635","name":"fb5061a4-571d-4f4d-a3b5-fd7851d324ca:panel_fb5061a4-571d-4f4d-a3b5-fd7851d324ca","type":"lens"},{"id":"42a22c30-6d6d-11ec-864c-8b5450f97635","name":"fb5061a4-571d-4f4d-a3b5-fd7851d324ca:panel_fb5061a4-571d-4f4d-a3b5-fd7851d324ca","type":"lens"},{"id":"42a22c30-6d6d-11ec-864c-8b5450f97635","name":"fb5061a4-571d-4f4d-a3b5-fd7851d324ca:panel_fb5061a4-571d-4f4d-a3b5-fd7851d324ca","type":"lens"},{"id":"42a22c30-6d6d-11ec-864c-8b5450f97635","name":"fb5061a4-571d-4f4d-a3b5-fd7851d324ca:panel_fb5061a4-571d-4f4d-a3b5-fd7851d324ca","type":"lens"},{"id":"endgame-*","name":"fb5061a4-571d-4f4d-a3b5-fd7851d324ca:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"fb5061a4-571d-4f4d-a3b5-fd7851d324ca:indexpattern-datasource-layer-10863c78-73fc-4739-88ea-b6e3419da4db","type":"index-pattern"},{"id":"endgame-*","name":"fb5061a4-571d-4f4d-a3b5-fd7851d324ca:filter-index-pattern-0","type":"index-pattern"},{"id":"4d6bdc60-6d6d-11ec-864c-8b5450f97635","name":"30774bd7-ee7f-4c21-aa67-104e961664ee:panel_30774bd7-ee7f-4c21-aa67-104e961664ee","type":"lens"},{"id":"4d6bdc60-6d6d-11ec-864c-8b5450f97635","name":"30774bd7-ee7f-4c21-aa67-104e961664ee:panel_30774bd7-ee7f-4c21-aa67-104e961664ee","type":"lens"},{"id":"4d6bdc60-6d6d-11ec-864c-8b5450f97635","name":"30774bd7-ee7f-4c21-aa67-104e961664ee:panel_30774bd7-ee7f-4c21-aa67-104e961664ee","type":"lens"},{"id":"4d6bdc60-6d6d-11ec-864c-8b5450f97635","name":"30774bd7-ee7f-4c21-aa67-104e961664ee:panel_30774bd7-ee7f-4c21-aa67-104e961664ee","type":"lens"},{"id":"4d6bdc60-6d6d-11ec-864c-8b5450f97635","name":"30774bd7-ee7f-4c21-aa67-104e961664ee:panel_30774bd7-ee7f-4c21-aa67-104e961664ee","type":"lens"},{"id":"endgame-*","name":"30774bd7-ee7f-4c21-aa67-104e961664ee:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"30774bd7-ee7f-4c21-aa67-104e961664ee:indexpattern-datasource-layer-860e44c0-e06a-4d8a-9172-b542532df353","type":"index-pattern"},{"id":"endgame-*","name":"30774bd7-ee7f-4c21-aa67-104e961664ee:filter-index-pattern-0","type":"index-pattern"},{"id":"5a43fa30-6d6d-11ec-864c-8b5450f97635","name":"8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1:panel_8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1","type":"lens"},{"id":"5a43fa30-6d6d-11ec-864c-8b5450f97635","name":"8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1:panel_8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1","type":"lens"},{"id":"5a43fa30-6d6d-11ec-864c-8b5450f97635","name":"8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1:panel_8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1","type":"lens"},{"id":"5a43fa30-6d6d-11ec-864c-8b5450f97635","name":"8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1:panel_8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1","type":"lens"},{"id":"5a43fa30-6d6d-11ec-864c-8b5450f97635","name":"8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1:panel_8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1","type":"lens"},{"id":"endgame-*","name":"8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1:indexpattern-datasource-layer-b12aced8-11a0-4a83-a7c5-129f142e8f04","type":"index-pattern"},{"id":"endgame-*","name":"8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1:filter-index-pattern-0","type":"index-pattern"},{"id":"676296e0-6d6d-11ec-864c-8b5450f97635","name":"cd2e58e6-ecaf-46ff-89ae-3f6c104137b2:panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2","type":"lens"},{"id":"676296e0-6d6d-11ec-864c-8b5450f97635","name":"cd2e58e6-ecaf-46ff-89ae-3f6c104137b2:panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2","type":"lens"},{"id":"676296e0-6d6d-11ec-864c-8b5450f97635","name":"cd2e58e6-ecaf-46ff-89ae-3f6c104137b2:panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2","type":"lens"},{"id":"676296e0-6d6d-11ec-864c-8b5450f97635","name":"cd2e58e6-ecaf-46ff-89ae-3f6c104137b2:panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2","type":"lens"},{"id":"676296e0-6d6d-11ec-864c-8b5450f97635","name":"cd2e58e6-ecaf-46ff-89ae-3f6c104137b2:panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2","type":"lens"},{"id":"endgame-*","name":"cd2e58e6-ecaf-46ff-89ae-3f6c104137b2:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"cd2e58e6-ecaf-46ff-89ae-3f6c104137b2:indexpattern-datasource-layer-e5f77e35-1bc5-4487-9602-e2962cafa87b","type":"index-pattern"},{"id":"endgame-*","name":"cd2e58e6-ecaf-46ff-89ae-3f6c104137b2:filter-index-pattern-0","type":"index-pattern"},{"id":"74daec50-6d6d-11ec-864c-8b5450f97635","name":"7e1aecd8-bbbe-453c-868b-8335f5ab65ea:panel_7e1aecd8-bbbe-453c-868b-8335f5ab65ea","type":"lens"},{"id":"74daec50-6d6d-11ec-864c-8b5450f97635","name":"7e1aecd8-bbbe-453c-868b-8335f5ab65ea:panel_7e1aecd8-bbbe-453c-868b-8335f5ab65ea","type":"lens"},{"id":"74daec50-6d6d-11ec-864c-8b5450f97635","name":"7e1aecd8-bbbe-453c-868b-8335f5ab65ea:panel_7e1aecd8-bbbe-453c-868b-8335f5ab65ea","type":"lens"},{"id":"74daec50-6d6d-11ec-864c-8b5450f97635","name":"7e1aecd8-bbbe-453c-868b-8335f5ab65ea:panel_7e1aecd8-bbbe-453c-868b-8335f5ab65ea","type":"lens"},{"id":"74daec50-6d6d-11ec-864c-8b5450f97635","name":"7e1aecd8-bbbe-453c-868b-8335f5ab65ea:panel_7e1aecd8-bbbe-453c-868b-8335f5ab65ea","type":"lens"},{"id":"endgame-*","name":"7e1aecd8-bbbe-453c-868b-8335f5ab65ea:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"7e1aecd8-bbbe-453c-868b-8335f5ab65ea:indexpattern-datasource-layer-377145dd-d931-4e01-8719-fa4e36df631a","type":"index-pattern"},{"id":"endgame-*","name":"7e1aecd8-bbbe-453c-868b-8335f5ab65ea:filter-index-pattern-0","type":"index-pattern"},{"id":"82ab9af0-6d6d-11ec-864c-8b5450f97635","name":"9fa50224-7ba0-4adb-806a-bca0ddaf81d0:panel_9fa50224-7ba0-4adb-806a-bca0ddaf81d0","type":"lens"},{"id":"82ab9af0-6d6d-11ec-864c-8b5450f97635","name":"9fa50224-7ba0-4adb-806a-bca0ddaf81d0:panel_9fa50224-7ba0-4adb-806a-bca0ddaf81d0","type":"lens"},{"id":"82ab9af0-6d6d-11ec-864c-8b5450f97635","name":"9fa50224-7ba0-4adb-806a-bca0ddaf81d0:panel_9fa50224-7ba0-4adb-806a-bca0ddaf81d0","type":"lens"},{"id":"82ab9af0-6d6d-11ec-864c-8b5450f97635","name":"9fa50224-7ba0-4adb-806a-bca0ddaf81d0:panel_9fa50224-7ba0-4adb-806a-bca0ddaf81d0","type":"lens"},{"id":"82ab9af0-6d6d-11ec-864c-8b5450f97635","name":"9fa50224-7ba0-4adb-806a-bca0ddaf81d0:panel_9fa50224-7ba0-4adb-806a-bca0ddaf81d0","type":"lens"},{"id":"endgame-*","name":"9fa50224-7ba0-4adb-806a-bca0ddaf81d0:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"9fa50224-7ba0-4adb-806a-bca0ddaf81d0:indexpattern-datasource-layer-3320254d-3b41-4746-946e-70357e58da19","type":"index-pattern"},{"id":"endgame-*","name":"9fa50224-7ba0-4adb-806a-bca0ddaf81d0:filter-index-pattern-0","type":"index-pattern"},{"id":"4923ad00-6349-11ec-864c-8b5450f97635","name":"9fa50224-7ba0-4adb-806a-bca0ddaf81d0:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:fa53d234-1d45-4a90-8468-631012e68ce8:dashboardId","type":"dashboard"},{"id":"90facda0-6f08-11ec-864c-8b5450f97635","name":"0f24d345-114e-44a8-ac45-75258008cf3b:panel_0f24d345-114e-44a8-ac45-75258008cf3b","type":"search"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1688154054424,4795],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxOTgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SIP - Request From","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SIP - Request From\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"sip.request.from.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sip.request.from.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Request From\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"49384710-75ca-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4797],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQxOTksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"network.transport:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Network - Transport","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Network - Transport\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"network.transport: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.transport\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Network Transport\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"499a0690-6ead-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4799],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyMDAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Strelka - File - Source","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Strelka - File - Source\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.source.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"49cfe850-772c-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4801],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyMDEsMV0="}
-{"attributes":{"columns":[],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.category\",\"params\":{\"query\":\"network\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"event.category\":\"network\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Endgame - Network Search","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"4e1aa7c0-6ed2-11ec-864c-8b5450f97635","migrationVersion":{"search":"8.0.0"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1688154054424,4804],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyMDIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Endgame - Network Heatmap","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 5,500,000,000\":\"rgb(247,252,245)\",\"5,500,000,000 - 11,000,000,000\":\"rgb(198,232,191)\",\"11,000,000,000 - 16,500,000,000\":\"rgb(114,195,120)\",\"16,500,000,000 - 22,000,000,000\":\"rgb(34,139,69)\"},\"legendOpen\":true}}","version":1,"visState":"{\"title\":\"Endgame - Network Heatmap\",\"type\":\"heatmap\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":17,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"source.ip\"},\"schema\":\"group\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"destination.ip\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"heatmap\",\"addTooltip\":true,\"addLegend\":true,\"enableHover\":false,\"legendPosition\":\"right\",\"times\":[],\"colorsNumber\":4,\"colorSchema\":\"Greens\",\"setColorRange\":false,\"colorsRange\":[],\"invertColors\":false,\"percentageMode\":false,\"valueAxes\":[{\"show\":false,\"id\":\"ValueAxis-1\",\"type\":\"value\",\"scale\":{\"type\":\"linear\",\"defaultYExtents\":false},\"labels\":{\"show\":false,\"rotate\":0,\"overwriteColor\":false,\"color\":\"black\"}}],\"legendSize\":\"auto\"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"de389910-6f0a-11ec-864c-8b5450f97635","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"4e1aa7c0-6ed2-11ec-864c-8b5450f97635","name":"search_0","type":"search"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1688154054424,4807],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyMDMsMV0="}
-{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":10,\"h\":10,\"i\":\"5485c8f5-90ea-409f-8522-f0a58716a12e\"},\"panelIndex\":\"5485c8f5-90ea-409f-8522-f0a58716a12e\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"Endgame - Navigation\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Admin](/kibana/app/dashboards#/view/6063a9e0-61b2-11ec-864c-8b5450f97635)     \\n \\n**Event Category**    \\n[Alert](https://PLACEHOLDER/kibana/app/dashboards#/view/0c8e61c0-67fc-11ec-864c-8b5450f97635) | \\n[File](/kibana/app/dashboards#/view/4923ad00-6349-11ec-864c-8b5450f97635) | [Network](/kibana/app/dashboards#/view/49d34770-53b2-11ec-b3ef-6bcc33056a36) | [Process](/kibana/app/dashboards#/view/790991a0-6287-11ec-864c-8b5450f97635) | [Authentication](/kibana/app/dashboards#/view/6c5aaff0-63f6-11ec-864c-8b5450f97635) | [Registry](/kibana/app/dashboards#/view/a6c6c880-63f7-11ec-864c-8b5450f97635)\\n\\n**Endgame**  \\n[Endgame Alerts](https:///alerts/dashboard)\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{},\"type\":\"visualization\"},\"panelRefName\":\"panel_5485c8f5-90ea-409f-8522-f0a58716a12e\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":10,\"y\":0,\"w\":14,\"h\":10,\"i\":\"2fcc00ab-4db8-4760-9bd0-111a3cd1c822\"},\"panelIndex\":\"2fcc00ab-4db8-4760-9bd0-111a3cd1c822\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2fcc00ab-4db8-4760-9bd0-111a3cd1c822\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":0,\"w\":12,\"h\":13,\"i\":\"0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\"},\"panelIndex\":\"0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\",\"type\":\"lens\",\"id\":\"a82d8250-6324-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\",\"type\":\"lens\",\"id\":\"a82d8250-6324-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\",\"type\":\"lens\",\"id\":\"a82d8250-6324-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\",\"type\":\"lens\",\"id\":\"a82d8250-6324-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\",\"type\":\"lens\",\"id\":\"a82d8250-6324-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\",\"type\":\"lens\",\"id\":\"a82d8250-6324-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\",\"type\":\"lens\",\"id\":\"a82d8250-6324-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\",\"type\":\"lens\",\"id\":\"a82d8250-6324-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\",\"type\":\"lens\",\"id\":\"a82d8250-6324-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\",\"type\":\"lens\",\"id\":\"a82d8250-6324-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\",\"type\":\"lens\",\"id\":\"a82d8250-6324-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\",\"type\":\"lens\",\"id\":\"a82d8250-6324-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-909005b3-b986-4bf6-9504-f4a9c877a966\"}],\"state\":{\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"909005b3-b986-4bf6-9504-f4a9c877a966\",\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"layerType\":\"data\",\"legendSize\":\"auto\",\"primaryGroups\":[\"b65c177b-364a-4656-854a-69e6b07f05ff\"],\"metrics\":[\"98109e10-1bb1-4a93-bd3f-64a228aba2c4\"]}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"909005b3-b986-4bf6-9504-f4a9c877a966\":{\"columns\":{\"b65c177b-364a-4656-854a-69e6b07f05ff\":{\"label\":\"Top values of network.transport\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"network.transport\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"98109e10-1bb1-4a93-bd3f-64a228aba2c4\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"98109e10-1bb1-4a93-bd3f-64a228aba2c4\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"columnOrder\":[\"b65c177b-364a-4656-854a-69e6b07f05ff\",\"98109e10-1bb1-4a93-bd3f-64a228aba2c4\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Endgame - Network Transport\",\"panelRefName\":\"panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":36,\"y\":0,\"w\":12,\"h\":13,\"i\":\"3db56ff3-17bb-4304-95ca-5b7b6254257a\"},\"panelIndex\":\"3db56ff3-17bb-4304-95ca-5b7b6254257a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3db56ff3-17bb-4304-95ca-5b7b6254257a\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":10,\"w\":24,\"h\":19,\"i\":\"0fd77215-f380-4e05-8e8d-7eff24e7eb10\"},\"panelIndex\":\"0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"type\":\"lens\",\"id\":\"22ffcc70-6322-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"type\":\"lens\",\"id\":\"22ffcc70-6322-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"type\":\"lens\",\"id\":\"22ffcc70-6322-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"type\":\"lens\",\"id\":\"22ffcc70-6322-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"type\":\"lens\",\"id\":\"22ffcc70-6322-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"type\":\"lens\",\"id\":\"22ffcc70-6322-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"type\":\"lens\",\"id\":\"22ffcc70-6322-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"type\":\"lens\",\"id\":\"22ffcc70-6322-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"type\":\"lens\",\"id\":\"22ffcc70-6322-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"type\":\"lens\",\"id\":\"22ffcc70-6322-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"type\":\"lens\",\"id\":\"22ffcc70-6322-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"type\":\"lens\",\"id\":\"22ffcc70-6322-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"type\":\"lens\",\"id\":\"22ffcc70-6322-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-7d4edcbb-fca9-47d9-93df-acba6aaf6f58\"}],\"state\":{\"visualization\":{\"layerId\":\"7d4edcbb-fca9-47d9-93df-acba6aaf6f58\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"0cbe5805-5e69-4a7e-a5ef-21dfabd592f5\"},{\"columnId\":\"92a4b279-4a18-4513-a75c-52dcf79a6801\"}],\"rowHeight\":\"single\",\"rowHeightLines\":1},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"7d4edcbb-fca9-47d9-93df-acba6aaf6f58\":{\"columns\":{\"0cbe5805-5e69-4a7e-a5ef-21dfabd592f5\":{\"label\":\"Top values of event.category\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"event.category\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"column\",\"columnId\":\"92a4b279-4a18-4513-a75c-52dcf79a6801\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"92a4b279-4a18-4513-a75c-52dcf79a6801\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"columnOrder\":[\"0cbe5805-5e69-4a7e-a5ef-21dfabd592f5\",\"92a4b279-4a18-4513-a75c-52dcf79a6801\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Endgame - Network Events\",\"panelRefName\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":13,\"w\":12,\"h\":16,\"i\":\"55ac1386-6ccb-4926-813d-1dc397a60036\"},\"panelIndex\":\"55ac1386-6ccb-4926-813d-1dc397a60036\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_55ac1386-6ccb-4926-813d-1dc397a60036\",\"type\":\"lens\",\"id\":\"ac2e7c60-6e41-11ec-864c-8b5450f97635\"},{\"name\":\"panel_55ac1386-6ccb-4926-813d-1dc397a60036\",\"type\":\"lens\",\"id\":\"ac2e7c60-6e41-11ec-864c-8b5450f97635\"},{\"name\":\"panel_55ac1386-6ccb-4926-813d-1dc397a60036\",\"type\":\"lens\",\"id\":\"ac2e7c60-6e41-11ec-864c-8b5450f97635\"},{\"name\":\"panel_55ac1386-6ccb-4926-813d-1dc397a60036\",\"type\":\"lens\",\"id\":\"ac2e7c60-6e41-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-f2b4871a-9aca-4016-848c-331b8c221cf7\"}],\"state\":{\"visualization\":{\"layerId\":\"f2b4871a-9aca-4016-848c-331b8c221cf7\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"a06965e8-9258-490d-9765-54afc2fb5073\"},{\"columnId\":\"e81257d5-bbe1-406d-b8b7-01db30a05390\"}],\"rowHeight\":\"single\",\"rowHeightLines\":1},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"f2b4871a-9aca-4016-848c-331b8c221cf7\":{\"columns\":{\"a06965e8-9258-490d-9765-54afc2fb5073\":{\"label\":\"Top values of source.ip\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"source.ip\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e81257d5-bbe1-406d-b8b7-01db30a05390\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"e81257d5-bbe1-406d-b8b7-01db30a05390\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"columnOrder\":[\"a06965e8-9258-490d-9765-54afc2fb5073\",\"e81257d5-bbe1-406d-b8b7-01db30a05390\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Endgame - Network Source IP\",\"panelRefName\":\"panel_55ac1386-6ccb-4926-813d-1dc397a60036\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"x\":36,\"y\":13,\"w\":12,\"h\":16,\"i\":\"0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6\"},\"panelIndex\":\"0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6\",\"type\":\"lens\",\"id\":\"c7f8be60-6e41-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6\",\"type\":\"lens\",\"id\":\"c7f8be60-6e41-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6\",\"type\":\"lens\",\"id\":\"c7f8be60-6e41-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6\",\"type\":\"lens\",\"id\":\"c7f8be60-6e41-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-d76872f3-61fb-4b26-8440-0ca886e33224\"}],\"state\":{\"visualization\":{\"layerId\":\"d76872f3-61fb-4b26-8440-0ca886e33224\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"822af2db-f82f-4f05-a4c3-8c6b7808d79a\"},{\"columnId\":\"6f747e8d-b264-42e8-ae88-2df81bf5bfa5\"}],\"rowHeight\":\"single\",\"rowHeightLines\":1},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"d76872f3-61fb-4b26-8440-0ca886e33224\":{\"columns\":{\"822af2db-f82f-4f05-a4c3-8c6b7808d79a\":{\"label\":\"Top values of destination.ip\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"destination.ip\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6f747e8d-b264-42e8-ae88-2df81bf5bfa5\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"6f747e8d-b264-42e8-ae88-2df81bf5bfa5\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"columnOrder\":[\"822af2db-f82f-4f05-a4c3-8c6b7808d79a\",\"6f747e8d-b264-42e8-ae88-2df81bf5bfa5\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Endgame - Network Destination IP\",\"panelRefName\":\"panel_0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":29,\"w\":48,\"h\":12,\"i\":\"93e059d5-fc50-4357-9dfa-939f48da5834\"},\"panelIndex\":\"93e059d5-fc50-4357-9dfa-939f48da5834\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_93e059d5-fc50-4357-9dfa-939f48da5834\"},{\"version\":\"7.15.2\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":41,\"w\":48,\"h\":21,\"i\":\"cb25c6cd-4360-4a3f-8c5c-49a1b1a3d002\"},\"panelIndex\":\"cb25c6cd-4360-4a3f-8c5c-49a1b1a3d002\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_cb25c6cd-4360-4a3f-8c5c-49a1b1a3d002\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":62,\"w\":28,\"h\":17,\"i\":\"1d174f74-9575-4827-8ae0-d5db7d53777b\"},\"panelIndex\":\"1d174f74-9575-4827-8ae0-d5db7d53777b\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_1d174f74-9575-4827-8ae0-d5db7d53777b\",\"type\":\"lens\",\"id\":\"85048e40-6329-11ec-864c-8b5450f97635\"},{\"name\":\"panel_1d174f74-9575-4827-8ae0-d5db7d53777b\",\"type\":\"lens\",\"id\":\"85048e40-6329-11ec-864c-8b5450f97635\"},{\"name\":\"panel_1d174f74-9575-4827-8ae0-d5db7d53777b\",\"type\":\"lens\",\"id\":\"85048e40-6329-11ec-864c-8b5450f97635\"},{\"name\":\"panel_1d174f74-9575-4827-8ae0-d5db7d53777b\",\"type\":\"lens\",\"id\":\"85048e40-6329-11ec-864c-8b5450f97635\"},{\"name\":\"panel_1d174f74-9575-4827-8ae0-d5db7d53777b\",\"type\":\"lens\",\"id\":\"85048e40-6329-11ec-864c-8b5450f97635\"},{\"name\":\"panel_1d174f74-9575-4827-8ae0-d5db7d53777b\",\"type\":\"lens\",\"id\":\"85048e40-6329-11ec-864c-8b5450f97635\"},{\"name\":\"panel_1d174f74-9575-4827-8ae0-d5db7d53777b\",\"type\":\"lens\",\"id\":\"85048e40-6329-11ec-864c-8b5450f97635\"},{\"name\":\"panel_1d174f74-9575-4827-8ae0-d5db7d53777b\",\"type\":\"lens\",\"id\":\"85048e40-6329-11ec-864c-8b5450f97635\"},{\"name\":\"panel_1d174f74-9575-4827-8ae0-d5db7d53777b\",\"type\":\"lens\",\"id\":\"85048e40-6329-11ec-864c-8b5450f97635\"},{\"name\":\"panel_1d174f74-9575-4827-8ae0-d5db7d53777b\",\"type\":\"lens\",\"id\":\"85048e40-6329-11ec-864c-8b5450f97635\"},{\"name\":\"panel_1d174f74-9575-4827-8ae0-d5db7d53777b\",\"type\":\"lens\",\"id\":\"85048e40-6329-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-89c7faa8-15c2-4772-95a6-8049a683be1a\"}],\"state\":{\"visualization\":{\"layerId\":\"89c7faa8-15c2-4772-95a6-8049a683be1a\",\"layerType\":\"data\",\"columns\":[{\"isTransposed\":false,\"columnId\":\"0cf6d6cf-9585-4e5f-8729-af8484507670\"},{\"isTransposed\":false,\"columnId\":\"e520b985-a9b8-4183-b29c-61373ed817c8\"},{\"isTransposed\":false,\"columnId\":\"fa5a503a-c448-4dc7-8b1e-5679822218ae\"},{\"isTransposed\":false,\"columnId\":\"9079d4df-8e60-4749-bc38-b3b52782f71d\"}],\"rowHeight\":\"single\",\"rowHeightLines\":1},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"89c7faa8-15c2-4772-95a6-8049a683be1a\":{\"columns\":{\"0cf6d6cf-9585-4e5f-8729-af8484507670\":{\"label\":\"Top values of dns.question.type\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"dns.question.type\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"column\",\"columnId\":\"9079d4df-8e60-4749-bc38-b3b52782f71d\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"e520b985-a9b8-4183-b29c-61373ed817c8\":{\"label\":\"Top values of dns.question.registered_domain\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"dns.question.registered_domain\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"column\",\"columnId\":\"9079d4df-8e60-4749-bc38-b3b52782f71d\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"fa5a503a-c448-4dc7-8b1e-5679822218ae\":{\"label\":\"Top values of dns.question.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"dns.question.name\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"column\",\"columnId\":\"9079d4df-8e60-4749-bc38-b3b52782f71d\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"9079d4df-8e60-4749-bc38-b3b52782f71d\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"columnOrder\":[\"0cf6d6cf-9585-4e5f-8729-af8484507670\",\"e520b985-a9b8-4183-b29c-61373ed817c8\",\"fa5a503a-c448-4dc7-8b1e-5679822218ae\",\"9079d4df-8e60-4749-bc38-b3b52782f71d\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Endgame - Network DNS Query\",\"panelRefName\":\"panel_1d174f74-9575-4827-8ae0-d5db7d53777b\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":28,\"y\":62,\"w\":20,\"h\":17,\"i\":\"0dc8b0a7-c750-4e4d-8fa3-fa9fb8814fa1\"},\"panelIndex\":\"0dc8b0a7-c750-4e4d-8fa3-fa9fb8814fa1\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Endgame - Network DNS Requests Chart\",\"panelRefName\":\"panel_0dc8b0a7-c750-4e4d-8fa3-fa9fb8814fa1\"},{\"version\":\"7.15.2\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":79,\"w\":48,\"h\":17,\"i\":\"fb5ece46-c6e7-4d56-a48a-607783ad818f\"},\"panelIndex\":\"fb5ece46-c6e7-4d56-a48a-607783ad818f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_fb5ece46-c6e7-4d56-a48a-607783ad818f\"}]","timeRestore":false,"title":"Endgame - Network","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"49d34770-53b2-11ec-b3ef-6bcc33056a36","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"754f7380-6d82-11ec-864c-8b5450f97635","name":"5485c8f5-90ea-409f-8522-f0a58716a12e:panel_5485c8f5-90ea-409f-8522-f0a58716a12e","type":"visualization"},{"id":"ec0fa520-6329-11ec-864c-8b5450f97635","name":"2fcc00ab-4db8-4760-9bd0-111a3cd1c822:panel_2fcc00ab-4db8-4760-9bd0-111a3cd1c822","type":"lens"},{"id":"a82d8250-6324-11ec-864c-8b5450f97635","name":"0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800","type":"lens"},{"id":"a82d8250-6324-11ec-864c-8b5450f97635","name":"0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800","type":"lens"},{"id":"a82d8250-6324-11ec-864c-8b5450f97635","name":"0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800","type":"lens"},{"id":"a82d8250-6324-11ec-864c-8b5450f97635","name":"0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800","type":"lens"},{"id":"a82d8250-6324-11ec-864c-8b5450f97635","name":"0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800","type":"lens"},{"id":"a82d8250-6324-11ec-864c-8b5450f97635","name":"0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800","type":"lens"},{"id":"a82d8250-6324-11ec-864c-8b5450f97635","name":"0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800","type":"lens"},{"id":"a82d8250-6324-11ec-864c-8b5450f97635","name":"0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800","type":"lens"},{"id":"a82d8250-6324-11ec-864c-8b5450f97635","name":"0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800","type":"lens"},{"id":"a82d8250-6324-11ec-864c-8b5450f97635","name":"0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800","type":"lens"},{"id":"a82d8250-6324-11ec-864c-8b5450f97635","name":"0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800","type":"lens"},{"id":"a82d8250-6324-11ec-864c-8b5450f97635","name":"0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800","type":"lens"},{"id":"a82d8250-6324-11ec-864c-8b5450f97635","name":"0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800","type":"lens"},{"id":"endgame-*","name":"0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:indexpattern-datasource-layer-909005b3-b986-4bf6-9504-f4a9c877a966","type":"index-pattern"},{"id":"2f20b2c0-6323-11ec-864c-8b5450f97635","name":"3db56ff3-17bb-4304-95ca-5b7b6254257a:panel_3db56ff3-17bb-4304-95ca-5b7b6254257a","type":"lens"},{"id":"22ffcc70-6322-11ec-864c-8b5450f97635","name":"0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10","type":"lens"},{"id":"22ffcc70-6322-11ec-864c-8b5450f97635","name":"0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10","type":"lens"},{"id":"22ffcc70-6322-11ec-864c-8b5450f97635","name":"0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10","type":"lens"},{"id":"22ffcc70-6322-11ec-864c-8b5450f97635","name":"0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10","type":"lens"},{"id":"22ffcc70-6322-11ec-864c-8b5450f97635","name":"0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10","type":"lens"},{"id":"22ffcc70-6322-11ec-864c-8b5450f97635","name":"0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10","type":"lens"},{"id":"22ffcc70-6322-11ec-864c-8b5450f97635","name":"0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10","type":"lens"},{"id":"22ffcc70-6322-11ec-864c-8b5450f97635","name":"0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10","type":"lens"},{"id":"22ffcc70-6322-11ec-864c-8b5450f97635","name":"0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10","type":"lens"},{"id":"22ffcc70-6322-11ec-864c-8b5450f97635","name":"0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10","type":"lens"},{"id":"22ffcc70-6322-11ec-864c-8b5450f97635","name":"0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10","type":"lens"},{"id":"22ffcc70-6322-11ec-864c-8b5450f97635","name":"0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10","type":"lens"},{"id":"22ffcc70-6322-11ec-864c-8b5450f97635","name":"0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10","type":"lens"},{"id":"22ffcc70-6322-11ec-864c-8b5450f97635","name":"0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10","type":"lens"},{"id":"endgame-*","name":"0fd77215-f380-4e05-8e8d-7eff24e7eb10:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"0fd77215-f380-4e05-8e8d-7eff24e7eb10:indexpattern-datasource-layer-7d4edcbb-fca9-47d9-93df-acba6aaf6f58","type":"index-pattern"},{"id":"ac2e7c60-6e41-11ec-864c-8b5450f97635","name":"55ac1386-6ccb-4926-813d-1dc397a60036:panel_55ac1386-6ccb-4926-813d-1dc397a60036","type":"lens"},{"id":"ac2e7c60-6e41-11ec-864c-8b5450f97635","name":"55ac1386-6ccb-4926-813d-1dc397a60036:panel_55ac1386-6ccb-4926-813d-1dc397a60036","type":"lens"},{"id":"ac2e7c60-6e41-11ec-864c-8b5450f97635","name":"55ac1386-6ccb-4926-813d-1dc397a60036:panel_55ac1386-6ccb-4926-813d-1dc397a60036","type":"lens"},{"id":"ac2e7c60-6e41-11ec-864c-8b5450f97635","name":"55ac1386-6ccb-4926-813d-1dc397a60036:panel_55ac1386-6ccb-4926-813d-1dc397a60036","type":"lens"},{"id":"ac2e7c60-6e41-11ec-864c-8b5450f97635","name":"55ac1386-6ccb-4926-813d-1dc397a60036:panel_55ac1386-6ccb-4926-813d-1dc397a60036","type":"lens"},{"id":"endgame-*","name":"55ac1386-6ccb-4926-813d-1dc397a60036:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"55ac1386-6ccb-4926-813d-1dc397a60036:indexpattern-datasource-layer-f2b4871a-9aca-4016-848c-331b8c221cf7","type":"index-pattern"},{"id":"c7f8be60-6e41-11ec-864c-8b5450f97635","name":"0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6:panel_0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6","type":"lens"},{"id":"c7f8be60-6e41-11ec-864c-8b5450f97635","name":"0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6:panel_0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6","type":"lens"},{"id":"c7f8be60-6e41-11ec-864c-8b5450f97635","name":"0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6:panel_0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6","type":"lens"},{"id":"c7f8be60-6e41-11ec-864c-8b5450f97635","name":"0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6:panel_0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6","type":"lens"},{"id":"c7f8be60-6e41-11ec-864c-8b5450f97635","name":"0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6:panel_0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6","type":"lens"},{"id":"endgame-*","name":"0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6:indexpattern-datasource-layer-d76872f3-61fb-4b26-8440-0ca886e33224","type":"index-pattern"},{"id":"38c95ae0-6e4d-11ec-864c-8b5450f97635","name":"93e059d5-fc50-4357-9dfa-939f48da5834:panel_93e059d5-fc50-4357-9dfa-939f48da5834","type":"lens"},{"id":"de389910-6f0a-11ec-864c-8b5450f97635","name":"cb25c6cd-4360-4a3f-8c5c-49a1b1a3d002:panel_cb25c6cd-4360-4a3f-8c5c-49a1b1a3d002","type":"visualization"},{"id":"85048e40-6329-11ec-864c-8b5450f97635","name":"1d174f74-9575-4827-8ae0-d5db7d53777b:panel_1d174f74-9575-4827-8ae0-d5db7d53777b","type":"lens"},{"id":"85048e40-6329-11ec-864c-8b5450f97635","name":"1d174f74-9575-4827-8ae0-d5db7d53777b:panel_1d174f74-9575-4827-8ae0-d5db7d53777b","type":"lens"},{"id":"85048e40-6329-11ec-864c-8b5450f97635","name":"1d174f74-9575-4827-8ae0-d5db7d53777b:panel_1d174f74-9575-4827-8ae0-d5db7d53777b","type":"lens"},{"id":"85048e40-6329-11ec-864c-8b5450f97635","name":"1d174f74-9575-4827-8ae0-d5db7d53777b:panel_1d174f74-9575-4827-8ae0-d5db7d53777b","type":"lens"},{"id":"85048e40-6329-11ec-864c-8b5450f97635","name":"1d174f74-9575-4827-8ae0-d5db7d53777b:panel_1d174f74-9575-4827-8ae0-d5db7d53777b","type":"lens"},{"id":"85048e40-6329-11ec-864c-8b5450f97635","name":"1d174f74-9575-4827-8ae0-d5db7d53777b:panel_1d174f74-9575-4827-8ae0-d5db7d53777b","type":"lens"},{"id":"85048e40-6329-11ec-864c-8b5450f97635","name":"1d174f74-9575-4827-8ae0-d5db7d53777b:panel_1d174f74-9575-4827-8ae0-d5db7d53777b","type":"lens"},{"id":"85048e40-6329-11ec-864c-8b5450f97635","name":"1d174f74-9575-4827-8ae0-d5db7d53777b:panel_1d174f74-9575-4827-8ae0-d5db7d53777b","type":"lens"},{"id":"85048e40-6329-11ec-864c-8b5450f97635","name":"1d174f74-9575-4827-8ae0-d5db7d53777b:panel_1d174f74-9575-4827-8ae0-d5db7d53777b","type":"lens"},{"id":"85048e40-6329-11ec-864c-8b5450f97635","name":"1d174f74-9575-4827-8ae0-d5db7d53777b:panel_1d174f74-9575-4827-8ae0-d5db7d53777b","type":"lens"},{"id":"85048e40-6329-11ec-864c-8b5450f97635","name":"1d174f74-9575-4827-8ae0-d5db7d53777b:panel_1d174f74-9575-4827-8ae0-d5db7d53777b","type":"lens"},{"id":"85048e40-6329-11ec-864c-8b5450f97635","name":"1d174f74-9575-4827-8ae0-d5db7d53777b:panel_1d174f74-9575-4827-8ae0-d5db7d53777b","type":"lens"},{"id":"endgame-*","name":"1d174f74-9575-4827-8ae0-d5db7d53777b:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"1d174f74-9575-4827-8ae0-d5db7d53777b:indexpattern-datasource-layer-89c7faa8-15c2-4772-95a6-8049a683be1a","type":"index-pattern"},{"id":"f30bef10-6328-11ec-864c-8b5450f97635","name":"0dc8b0a7-c750-4e4d-8fa3-fa9fb8814fa1:panel_0dc8b0a7-c750-4e4d-8fa3-fa9fb8814fa1","type":"lens"},{"id":"4e1aa7c0-6ed2-11ec-864c-8b5450f97635","name":"fb5ece46-c6e7-4d56-a48a-607783ad818f:panel_fb5ece46-c6e7-4d56-a48a-607783ad818f","type":"search"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1688154054424,4875],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyMDQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DNS - Protocol (Donut Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"DNS - Protocol (Donut Chart)\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"protocol.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Protocol\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"49e04860-4a4e-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4877],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyMDUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Kerberos - Request Type (Horizontal Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Kerberos - Request Type (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":false,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"request_type.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Request Type\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"4aa0b2a0-6e1a-11e7-89e4-613b96f597e1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4879],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyMDYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Network - Destination IPs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Network - Destination IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IPs\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"4adca340-6eae-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"387f44c0-6ea7-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1688154054424,4881],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyMDcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NTLM - Username","uiStateJSON":"{\n  \"vis\": {\n    \"params\": {\n      \"sort\": {\n        \"columnIndex\": null,\n        \"direction\": null\n      }\n    }\n  }\n}","version":1,"visState":"{\"title\":\"NTLM - Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"4d869ee0-3ab1-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688154054424,4883],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyMDgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_dns AND highest_registered_domain:google.com~ -highest_registered_domain:google.com AND highest_registered_domain:youtube.com~ -highest_registered_domain:youtube.com AND highest_registered_domain:facebook.com~ -highest_registered_domain:facebook.com AND highest_registered_domain:wikipedia.org~ -highest_registered_domain:wikipedia.org AND highest_registered_domain:google.co.in~ -highest_registered_domain:google.co.in AND highest_registered_domain:reddit.com~ -highest_registered_domain:reddit.com AND highest_registered_domain:amazon.com~ -highest_registered_domain:amazon.com AND highest_registered_domain:taobao.com~ -highest_registered_domain:taobao.com AND highest_registered_domain:twitter.com~ -highest_registered_domain:twitter.com AND highest_registered_domain:google.co.jp~ -highest_registered_domain:google.co.jp AND highest_registered_domain:instagram.com~ -highest_registered_domain:instagram.com AND highest_registered_domain:sina.com.cn~ -highest_registered_domain:sina.com.cn AND highest_registered_domain:google.co.uk~ -highest_registered_domain:google.co.uk AND highest_registered_domain:linkedin.com~ -highest_registered_domain:linkedin.com AND highest_registered_domain:list.tmall.com~ -highest_registered_domain:list.tmall.com AND highest_registered_domain:google.com.br~ -highest_registered_domain:google.com.br AND highest_registered_domain:google.com.hk~ -highest_registered_domain:google.com.hk AND highest_registered_domain:netflix.com~ -highest_registered_domain:netflix.com AND highest_registered_domain:yahoo.co.jp~ -highest_registered_domain:yahoo.co.jp AND highest_registered_domain:pornhub.com~ -highest_registered_domain:pornhub.com AND highest_registered_domain:xvideos.com~ -highest_registered_domain:xvideos.com AND highest_registered_domain:microsoft.com~ -highest_registered_domain:microsoft.com AND highest_registered_domain:livejasmin.com~ -highest_registered_domain:livejasmin.com AND highest_registered_domain:aliexpress.com~ -highest_registered_domain:aliexpress.com AND highest_registered_domain:stackoverflow.com~ -highest_registered_domain:stackoverflow.com AND highest_registered_domain:wordpress.com~ -highest_registered_domain:wordpress.com AND highest_registered_domain:hao123.com~ -highest_registered_domain:hao123.com AND highest_registered_domain:github.com~ -highest_registered_domain:github.com AND highest_registered_domain:amazon.co.jp~ -highest_registered_domain:amazon.co.jp AND highest_registered_domain:blogspot.com~ -highest_registered_domain:blogspot.com AND highest_registered_domain:pinterest.com~ -highest_registered_domain:pinterest.com AND highest_registered_domain:bongacams.com~ -highest_registered_domain:bongacams.com AND highest_registered_domain:google.com.tr~ -highest_registered_domain:google.com.tr AND highest_registered_domain:popads.net~ -highest_registered_domain:popads.net AND highest_registered_domain:paypal.com~ -highest_registered_domain:paypal.com AND highest_registered_domain:office.com~ -highest_registered_domain:office.com AND highest_registered_domain:google.com.tw~ -highest_registered_domain:google.com.tw AND highest_registered_domain:google.com.au~ -highest_registered_domain:google.com.au AND highest_registered_domain:whatsapp.com~ -highest_registered_domain:whatsapp.com AND highest_registered_domain:microsoftonline.com~ -highest_registered_domain:microsoftonline.com\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"DNS - Phishing Attempts Against Alexa Top Sites","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 0\":\"rgb(0,104,55)\",\"1 - 999999\":\"rgb(165,0,38)\"}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Phishing attempts against your domain(s)\"},\"schema\":\"metric\",\"type\":\"count\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTooltip\":true,\"gauge\":{\"backStyle\":\"Full\",\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":0},{\"from\":1,\"to\":999999}],\"extendRange\":true,\"gaugeColorMode\":\"Labels\",\"gaugeStyle\":\"Full\",\"gaugeType\":\"Arc\",\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"orientation\":\"vertical\",\"percentageMode\":false,\"scale\":{\"color\":\"#333\",\"labels\":false,\"show\":true},\"style\":{\"bgColor\":false,\"bgFill\":\"#eee\",\"bgMask\":false,\"bgWidth\":0.9,\"fontSize\":60,\"labelColor\":true,\"mask\":false,\"maskBars\":50,\"subText\":\"Edit this to reflect your domain(s)\",\"width\":0.9},\"type\":\"meter\",\"alignment\":\"horizontal\"}},\"title\":\"DNS - Phishing Attempts Against Alexa Top Sites\",\"type\":\"gauge\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"4d89e140-6f09-11e7-9d31-23c0596994a7","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4885],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyMDksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"},"title":"Navigation","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"[Home](/kibana/app/dashboards#/view/94b52620-342a-11e7-9d52-4f090484f59e)   \\n[Help](/kibana/app/dashboards#/view/AV6-POJSDwoBUzALqKAg)   \\n\\n**Alert Data**  \\n[Bro Notices](/kibana/app/dashboards#/view/01600fb0-34e4-11e7-9669-7f1d3242b798)   \\n[ElastAlert](/kibana/app/dashboards#/view/1d98d620-7dce-11e7-846a-150cdcaf3374)   \\n[HIDS](/kibana/app/dashboards#/view/0de7a390-3644-11e7-a6f7-4f44d7bf1c33)  \\n[NIDS](/kibana/app/dashboards#/view/7f27a830-34e5-11e7-9669-7f1d3242b798)      \\n\\n**Bro Hunting**   \\n[Connections](/kibana/app/dashboards#/view/e0a34b90-34e6-11e7-9118-45bd317f0ca4)   \\n[DCE/RPC](/kibana/app/dashboards#/view/46582d50-3af2-11e7-a83b-b1b4da7d15f4)   \\n[DHCP](/kibana/app/dashboards#/view/85348270-357b-11e7-ac34-8965f6420c51)  \\n[DNP3](/kibana/app/dashboards#/view/2fdf5bf0-3581-11e7-98ef-19df58fe538b)  \\n[DNS](/kibana/app/dashboards#/view/ebf5ec90-34bf-11e7-9b32-bb903919ead9)  \\n[Files](/kibana/app/dashboards#/view/2d315d80-3582-11e7-98ef-19df58fe538b)  \\n[FTP](/kibana/app/dashboards#/view/27f3b380-3583-11e7-a588-05992195c551)  \\n[HTTP](/kibana/app/dashboards#/view/230134a0-34c6-11e7-8360-0b86c90983fd)  \\n[Intel](/kibana/app/dashboards#/view/468022c0-3583-11e7-a588-05992195c551)  \\n[IRC](/kibana/app/dashboards#/view/56a34ce0-3583-11e7-a588-05992195c551)  \\n[Kerberos](/kibana/app/dashboards#/view/6b0d4870-3583-11e7-a588-05992195c551)  \\n[Modbus](/kibana/app/dashboards#/view/70c005f0-3583-11e7-a588-05992195c551)  \\n[MySQL](/kibana/app/dashboards#/view/7929f430-3583-11e7-a588-05992195c551)  \\n[NTLM](/kibana/app/dashboards#/view/022713e0-3ab0-11e7-a83b-b1b4da7d15f4)  \\n[PE](/kibana/app/dashboards#/view/8a10e380-3583-11e7-a588-05992195c551)  \\n[RADIUS](/kibana/app/dashboards#/view/90b246c0-3583-11e7-a588-05992195c551)  \\n[RDP](/kibana/app/dashboards#/view/97f8c3a0-3583-11e7-a588-05992195c551)  \\n[RFB](/kibana/app/dashboards#/view/9ef20ae0-3583-11e7-a588-05992195c551)  \\n[SIP](/kibana/app/dashboards#/view/ad3c0830-3583-11e7-a588-05992195c551)  \\n[SMB](/kibana/app/dashboards#/view/b3a53710-3aaa-11e7-8b17-0d8709b02c80)  \\n[SMTP](/kibana/app/dashboards#/view/b10a9c60-3583-11e7-a588-05992195c551)  \\n[SNMP](/kibana/app/dashboards#/view/b65c2710-3583-11e7-a588-05992195c551)  \\n[Software](/kibana/app/dashboards#/view/c2c99c30-3583-11e7-a588-05992195c551)  \\n[SSH](/kibana/app/dashboards#/view/c6ccfc00-3583-11e7-a588-05992195c551)  \\n[SSL](/kibana/app/dashboards#/view/cca67b60-3583-11e7-a588-05992195c551)  \\n[Syslog](/kibana/app/dashboards#/view/c4bbe040-76b3-11e7-ba96-cba76a1e264d)   \\n[Tunnels](/kibana/app/dashboards#/view/d7b54ae0-3583-11e7-a588-05992195c551)  \\n[Weird](/kibana/app/dashboards#/view/de2da250-3583-11e7-a588-05992195c551)  \\n[X.509](/kibana/app/dashboards#/view/e5aa7170-3583-11e7-a588-05992195c551)  \\n\\n**Host Hunting**   \\n[Autoruns](/kibana/app/dashboards#/view/61d43810-6d62-11e7-8ddb-e71eb260f4a3)   \\n[Beats](/kibana/app/dashboards#/view/AWBLNS3CRuBloj96jxub)  \\n[Osquery](/kibana/app/dashboards#/view/9d0e2da0-14e1-11e9-82f7-0da02d93a48b)      \\n[OSSEC](/kibana/app/dashboards#/view/3a457d70-3583-11e7-a588-05992195c551)    \\n[Sysmon](/kibana/app/dashboards#/view/6d189680-6d62-11e7-8ddb-e71eb260f4a3)      \\n\\n**Other**   \\n[Domain Stats](/kibana/app/dashboards#/view/AWAi6wvxAvKNGEbUWO_j)  \\n[Firewall](/kibana/app/dashboards#/view/50173bd0-3582-11e7-98ef-19df58fe538b)   \\n[Frequency](/kibana/app/dashboards#/view/AWAi5k4jAvKNGEbUWFis)  \\n[Stats](/kibana/app/dashboards#/view/130017f0-46ce-11e7-946f-1bfb1be7c36b)   \\n[Syslog](/kibana/app/dashboards#/view/4323af90-76e5-11e7-ab14-e1a4c1bc11e0)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"b3b449d0-3429-11e7-9d52-4f090484f59e","migrationVersion":{"visualization":"8.5.0"},"references":[],"sort":[1688154054424,4886],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyMTAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Source - Top Connection Duration  (Tile Map)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Connections - Source - Top Connection Duration  (Tile Map)\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":0,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"duration\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"source_geo.location\",\"autoPrecision\":true,\"useGeocentroid\":true,\"precision\":2}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"5ea38360-46c7-11e7-946f-1bfb1be7c36b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4888],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyMTEsMV0="}
-{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.3.0\",\"gridData\":{\"w\":8,\"h\":44,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.3.0\",\"gridData\":{\"w\":40,\"h\":40,\"x\":8,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[14.604847155053898,0.17578125],\"mapZoom\":2,\"enhancements\":{}},\"panelRefName\":\"panel_1\"}]","timeRestore":false,"title":"Connections - Source - Top Connection Duration","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"4e108070-46c7-11e7-946f-1bfb1be7c36b","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"5ea38360-46c7-11e7-946f-1bfb1be7c36b","name":"panel_1","type":"visualization"}],"sort":[1688154054424,4891],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyMTIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"PE - Section Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"PE - Section Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"section_names.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"4e56b4d0-416f-11e7-9850-b78558d0ac17","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"66288140-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4893],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyMTMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DHCP - IP to MAC Assignment","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DHCP - IP to MAC Assignment\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"assigned_ip.keyword\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Assigned IP Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mac.keyword\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MAC Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP Address\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"4e877100-4a48-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"ac1799d0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4895],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyMTQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SSL - Issuer","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SSL - Issuer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ssl.certificate.issuer.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ssl.certificate.issuer.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Issuer\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"4e8cbf80-75ec-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4897],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyMTUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"OSSEC Alerts - Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"OSSEC Alerts - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"4fa0e530-3644-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d9096bb0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4899],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyMTYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Server Version","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RFB - Server Version\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server_major_version.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Major Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server_minor_version.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Minor Version\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"4fade7b0-6e22-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4901],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyMTcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - File Size","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - File Size\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"file.size: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.size\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Size\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"50b4c880-72df-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4903],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyMTgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RDP - Client","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RDP - Client\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client_name.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"524e13b0-371c-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4905],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyMTksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DNS - Answers","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DNS - Answers\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"dns.answers.name.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dns.answers.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Answer\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"536876a0-72ba-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4907],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyMjAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Tunnels - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Tunnels - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"53824da0-6e35-11e7-9a19-a5996f8250c6","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d26d5510-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4909],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyMjEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SIP - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SIP - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"5393c710-3640-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4911],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyMjIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSL - Server","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSL - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server_name.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"53ac63e0-365b-11e7-8bd0-1db2c55fb7a1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4913],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyMjMsMV0="}
-{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_smtp\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"SMTP - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"a6cea530-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4915],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyMjQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - Webmail - True/False (Vertical Bar Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"SMTP - Webmail - True/False (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Webmail\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"is_webmail.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Webmail\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"53beb0d0-6e29-11e7-8b76-75eee0095daa","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4917],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyMjUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Notices - File MIME Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Notices - File MIME Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file_mime_type.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MIME Type\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"53c62730-39ad-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4919],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyMjYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSH - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSH - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"54d78f50-6e33-11e7-9a19-a5996f8250c6","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c33e7600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4921],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyMjcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DCE/RPC - Endpoint","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DCE/RPC - Endpoint\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"endpoint.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Endpoint\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"553acbb0-3af3-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688154054424,4923],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyMjgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - NTLM - Success","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - NTLM - Success\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"boolean\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ntlm.success: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ntlm.success\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Success\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"e9f31a70-75c2-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4925],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyMjksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - NTLM - Tree","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - NTLM - Tree\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ntlm.server.tree.name.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ntlm.server.tree.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Tree\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"8cb83890-75c2-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4927],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyMzAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - NTLM - Server","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - NTLM - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Netbios\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"DNS\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ntlm.server.nb.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"NetBIOS\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ntlm.server.dns.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"\",\"customLabel\":\"DNS\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"63f139c0-75c2-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4929],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyMzEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:ntlm\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":9,\"i\":\"4555a871-9c2c-48d4-b143-bffc6d41ea4d\"},\"panelIndex\":\"4555a871-9c2c-48d4-b143-bffc6d41ea4d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4555a871-9c2c-48d4-b143-bffc6d41ea4d\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":14,\"y\":0,\"w\":16,\"h\":9,\"i\":\"0bc9ae29-cbc1-4272-ad27-9c2ff51c19ff\"},\"panelIndex\":\"0bc9ae29-cbc1-4272-ad27-9c2ff51c19ff\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0bc9ae29-cbc1-4272-ad27-9c2ff51c19ff\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":9,\"i\":\"d32748d9-d47b-41bb-ab9f-b59817230998\"},\"panelIndex\":\"d32748d9-d47b-41bb-ab9f-b59817230998\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_d32748d9-d47b-41bb-ab9f-b59817230998\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":8,\"h\":18,\"i\":\"2f7a5ee8-2258-4c8d-af2d-99a9e11defa2\"},\"panelIndex\":\"2f7a5ee8-2258-4c8d-af2d-99a9e11defa2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2f7a5ee8-2258-4c8d-af2d-99a9e11defa2\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":8,\"y\":9,\"w\":8,\"h\":18,\"i\":\"4a50def3-c905-4493-b352-59741d68326e\"},\"panelIndex\":\"4a50def3-c905-4493-b352-59741d68326e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4a50def3-c905-4493-b352-59741d68326e\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":16,\"y\":9,\"w\":10,\"h\":18,\"i\":\"075d7365-e106-4a1e-b003-bab7abbb7146\"},\"panelIndex\":\"075d7365-e106-4a1e-b003-bab7abbb7146\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_075d7365-e106-4a1e-b003-bab7abbb7146\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":26,\"y\":9,\"w\":9,\"h\":18,\"i\":\"5202d0b2-7f34-4182-8e25-ec87d4df0965\"},\"panelIndex\":\"5202d0b2-7f34-4182-8e25-ec87d4df0965\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5202d0b2-7f34-4182-8e25-ec87d4df0965\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":35,\"y\":9,\"w\":13,\"h\":18,\"i\":\"f93042fa-bdd7-495f-af7b-eec95073e015\"},\"panelIndex\":\"f93042fa-bdd7-495f-af7b-eec95073e015\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f93042fa-bdd7-495f-af7b-eec95073e015\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":29,\"i\":\"c72c241d-5b6f-475c-831b-4419dd437a26\"},\"panelIndex\":\"c72c241d-5b6f-475c-831b-4419dd437a26\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_c72c241d-5b6f-475c-831b-4419dd437a26\"}]","timeRestore":false,"title":"Security Onion - NTLM","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"558292e0-75c1-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"4555a871-9c2c-48d4-b143-bffc6d41ea4d:panel_4555a871-9c2c-48d4-b143-bffc6d41ea4d","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"0bc9ae29-cbc1-4272-ad27-9c2ff51c19ff:panel_0bc9ae29-cbc1-4272-ad27-9c2ff51c19ff","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"d32748d9-d47b-41bb-ab9f-b59817230998:panel_d32748d9-d47b-41bb-ab9f-b59817230998","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"2f7a5ee8-2258-4c8d-af2d-99a9e11defa2:panel_2f7a5ee8-2258-4c8d-af2d-99a9e11defa2","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"4a50def3-c905-4493-b352-59741d68326e:panel_4a50def3-c905-4493-b352-59741d68326e","type":"visualization"},{"id":"e9f31a70-75c2-11ea-9565-7315f4ee5cac","name":"075d7365-e106-4a1e-b003-bab7abbb7146:panel_075d7365-e106-4a1e-b003-bab7abbb7146","type":"visualization"},{"id":"8cb83890-75c2-11ea-9565-7315f4ee5cac","name":"5202d0b2-7f34-4182-8e25-ec87d4df0965:panel_5202d0b2-7f34-4182-8e25-ec87d4df0965","type":"visualization"},{"id":"63f139c0-75c2-11ea-9565-7315f4ee5cac","name":"f93042fa-bdd7-495f-af7b-eec95073e015:panel_f93042fa-bdd7-495f-af7b-eec95073e015","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"c72c241d-5b6f-475c-831b-4419dd437a26:panel_c72c241d-5b6f-475c-831b-4419dd437a26","type":"search"}],"sort":[1688154054424,4939],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyMzIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:dns\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":9,\"i\":\"ae3e83b1-5e53-40eb-8e4f-541e4851ddd2\"},\"panelIndex\":\"ae3e83b1-5e53-40eb-8e4f-541e4851ddd2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_ae3e83b1-5e53-40eb-8e4f-541e4851ddd2\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":14,\"y\":0,\"w\":14,\"h\":9,\"i\":\"4b8b4859-bd5c-446c-94e1-6d9b57cbe922\"},\"panelIndex\":\"4b8b4859-bd5c-446c-94e1-6d9b57cbe922\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4b8b4859-bd5c-446c-94e1-6d9b57cbe922\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":20,\"h\":9,\"i\":\"ee03c5c1-9e26-42e3-b569-afa2712d7047\"},\"panelIndex\":\"ee03c5c1-9e26-42e3-b569-afa2712d7047\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_ee03c5c1-9e26-42e3-b569-afa2712d7047\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":9,\"h\":19,\"i\":\"706d8a5a-a263-48d0-8eb8-12eeade27115\"},\"panelIndex\":\"706d8a5a-a263-48d0-8eb8-12eeade27115\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_706d8a5a-a263-48d0-8eb8-12eeade27115\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":9,\"w\":9,\"h\":19,\"i\":\"bf29b086-8b8d-47a5-8280-afeb737d6163\"},\"panelIndex\":\"bf29b086-8b8d-47a5-8280-afeb737d6163\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_bf29b086-8b8d-47a5-8280-afeb737d6163\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":18,\"y\":9,\"w\":8,\"h\":19,\"i\":\"e99fb09c-6d8a-4a26-87ca-9ab82ef137c9\"},\"panelIndex\":\"e99fb09c-6d8a-4a26-87ca-9ab82ef137c9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e99fb09c-6d8a-4a26-87ca-9ab82ef137c9\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":26,\"y\":9,\"w\":11,\"h\":19,\"i\":\"499d1548-292c-47a9-8f26-73a6af91d004\"},\"panelIndex\":\"499d1548-292c-47a9-8f26-73a6af91d004\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_499d1548-292c-47a9-8f26-73a6af91d004\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":28,\"w\":23,\"h\":21,\"i\":\"e41240ec-8024-4f3f-9de0-869622470e4d\"},\"panelIndex\":\"e41240ec-8024-4f3f-9de0-869622470e4d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e41240ec-8024-4f3f-9de0-869622470e4d\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":23,\"y\":28,\"w\":25,\"h\":21,\"i\":\"fe297ab2-9a4b-438c-913b-7b5d1dea6182\"},\"panelIndex\":\"fe297ab2-9a4b-438c-913b-7b5d1dea6182\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_fe297ab2-9a4b-438c-913b-7b5d1dea6182\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":49,\"w\":48,\"h\":29,\"i\":\"ae756423-c1d9-46f8-a1ee-28ee9626349d\"},\"panelIndex\":\"ae756423-c1d9-46f8-a1ee-28ee9626349d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_ae756423-c1d9-46f8-a1ee-28ee9626349d\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":37,\"y\":9,\"w\":11,\"h\":19,\"i\":\"e79ec813-6af2-4618-ad48-a25444a8abe4\"},\"panelIndex\":\"e79ec813-6af2-4618-ad48-a25444a8abe4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e79ec813-6af2-4618-ad48-a25444a8abe4\"}]","timeRestore":false,"title":"Security Onion - DNS","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"55ac6bf0-6ec4-11ea-9266-1fd14ca6af34","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"ae3e83b1-5e53-40eb-8e4f-541e4851ddd2:panel_ae3e83b1-5e53-40eb-8e4f-541e4851ddd2","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"4b8b4859-bd5c-446c-94e1-6d9b57cbe922:panel_4b8b4859-bd5c-446c-94e1-6d9b57cbe922","type":"visualization"},{"id":"c879ad60-72a1-11ea-8dd2-9d8795a1200b","name":"ee03c5c1-9e26-42e3-b569-afa2712d7047:panel_ee03c5c1-9e26-42e3-b569-afa2712d7047","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"706d8a5a-a263-48d0-8eb8-12eeade27115:panel_706d8a5a-a263-48d0-8eb8-12eeade27115","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"bf29b086-8b8d-47a5-8280-afeb737d6163:panel_bf29b086-8b8d-47a5-8280-afeb737d6163","type":"visualization"},{"id":"f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b","name":"e99fb09c-6d8a-4a26-87ca-9ab82ef137c9:panel_e99fb09c-6d8a-4a26-87ca-9ab82ef137c9","type":"visualization"},{"id":"13cda410-c770-11ea-bebb-37c5ab5894ea","name":"499d1548-292c-47a9-8f26-73a6af91d004:panel_499d1548-292c-47a9-8f26-73a6af91d004","type":"visualization"},{"id":"07065340-72ba-11ea-8dd2-9d8795a1200b","name":"e41240ec-8024-4f3f-9de0-869622470e4d:panel_e41240ec-8024-4f3f-9de0-869622470e4d","type":"visualization"},{"id":"536876a0-72ba-11ea-8dd2-9d8795a1200b","name":"fe297ab2-9a4b-438c-913b-7b5d1dea6182:panel_fe297ab2-9a4b-438c-913b-7b5d1dea6182","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"ae756423-c1d9-46f8-a1ee-28ee9626349d:panel_ae756423-c1d9-46f8-a1ee-28ee9626349d","type":"search"},{"id":"336dbde0-88aa-11eb-9841-852c8cc8a2e8","name":"e79ec813-6af2-4618-ad48-a25444a8abe4:panel_e79ec813-6af2-4618-ad48-a25444a8abe4","type":"visualization"}],"sort":[1688154054424,4951],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyMzMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNS - Client","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNS - Client\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"57a9a3f0-34c0-11e7-9b32-bb903919ead9","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4953],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyMzQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DHCP - Lease Time","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DHCP - Lease Time\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"lease_time.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Lease Time\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"58c84f60-0edb-11e9-9846-59f545e7293f","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"ac1799d0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4955],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyMzUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNP3 - Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"DNP3 - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 minutes\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"593f1850-3581-11e7-98ef-19df58fe538b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c2587840-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4957],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyMzYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Devices - Log Count By Device","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Devices - Log Count By Device\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"type\":\"table\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"syslog-host_from.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Device\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"5b3988c0-a840-11e7-893a-1b88920b2837","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4959],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyMzcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RDP - Client Build","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - RDP - Client Build\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rdp.client_build.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rdp.client_build.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Build\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"bdae8640-75c5-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4961],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyMzgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RDP - Security Protocol","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - RDP - Security Protocol\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rdp.security_protocol.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rdp.security_protocol.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"dad85840-75c5-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4963],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyMzksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:rdp\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"1aacbaf6-078a-4b6e-bbd2-ae21a4974aba\"},\"panelIndex\":\"1aacbaf6-078a-4b6e-bbd2-ae21a4974aba\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1aacbaf6-078a-4b6e-bbd2-ae21a4974aba\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":13,\"y\":0,\"w\":16,\"h\":8,\"i\":\"8abc0250-1076-45e8-b62b-54dc7dd0cfca\"},\"panelIndex\":\"8abc0250-1076-45e8-b62b-54dc7dd0cfca\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8abc0250-1076-45e8-b62b-54dc7dd0cfca\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":8,\"i\":\"dc48b27e-f00b-4723-87ab-64f726e51e74\"},\"panelIndex\":\"dc48b27e-f00b-4723-87ab-64f726e51e74\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_dc48b27e-f00b-4723-87ab-64f726e51e74\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":8,\"w\":9,\"h\":19,\"i\":\"da3945b4-9e74-4bb9-8868-a13f1d9bc0d8\"},\"panelIndex\":\"da3945b4-9e74-4bb9-8868-a13f1d9bc0d8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_da3945b4-9e74-4bb9-8868-a13f1d9bc0d8\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":8,\"w\":9,\"h\":19,\"i\":\"f4437b55-61ef-4818-a8c4-448407c7052b\"},\"panelIndex\":\"f4437b55-61ef-4818-a8c4-448407c7052b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f4437b55-61ef-4818-a8c4-448407c7052b\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":18,\"y\":8,\"w\":7,\"h\":19,\"i\":\"33630c53-4de4-4064-a319-bd71be01dc06\"},\"panelIndex\":\"33630c53-4de4-4064-a319-bd71be01dc06\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_33630c53-4de4-4064-a319-bd71be01dc06\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":25,\"y\":8,\"w\":7,\"h\":19,\"i\":\"ed8dee78-79d4-47cf-9ed5-6120f00f3aaf\"},\"panelIndex\":\"ed8dee78-79d4-47cf-9ed5-6120f00f3aaf\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_ed8dee78-79d4-47cf-9ed5-6120f00f3aaf\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":32,\"y\":8,\"w\":7,\"h\":19,\"i\":\"35083762-4591-44ac-a31f-36bed3414af2\"},\"panelIndex\":\"35083762-4591-44ac-a31f-36bed3414af2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_35083762-4591-44ac-a31f-36bed3414af2\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":39,\"y\":8,\"w\":9,\"h\":19,\"i\":\"66e7cf00-ec90-4df3-acd3-02fb271f0959\"},\"panelIndex\":\"66e7cf00-ec90-4df3-acd3-02fb271f0959\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_66e7cf00-ec90-4df3-acd3-02fb271f0959\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":29,\"i\":\"f84fe347-bdda-4297-b460-eee297f7e91e\"},\"panelIndex\":\"f84fe347-bdda-4297-b460-eee297f7e91e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f84fe347-bdda-4297-b460-eee297f7e91e\"}]","timeRestore":false,"title":"Security Onion - RDP","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"5b743150-75c5-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"1aacbaf6-078a-4b6e-bbd2-ae21a4974aba:panel_1aacbaf6-078a-4b6e-bbd2-ae21a4974aba","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"8abc0250-1076-45e8-b62b-54dc7dd0cfca:panel_8abc0250-1076-45e8-b62b-54dc7dd0cfca","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"dc48b27e-f00b-4723-87ab-64f726e51e74:panel_dc48b27e-f00b-4723-87ab-64f726e51e74","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"da3945b4-9e74-4bb9-8868-a13f1d9bc0d8:panel_da3945b4-9e74-4bb9-8868-a13f1d9bc0d8","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"f4437b55-61ef-4818-a8c4-448407c7052b:panel_f4437b55-61ef-4818-a8c4-448407c7052b","type":"visualization"},{"id":"bdae8640-75c5-11ea-9565-7315f4ee5cac","name":"33630c53-4de4-4064-a319-bd71be01dc06:panel_33630c53-4de4-4064-a319-bd71be01dc06","type":"visualization"},{"id":"dad85840-75c5-11ea-9565-7315f4ee5cac","name":"ed8dee78-79d4-47cf-9ed5-6120f00f3aaf:panel_ed8dee78-79d4-47cf-9ed5-6120f00f3aaf","type":"visualization"},{"id":"0c006bb0-75c6-11ea-9565-7315f4ee5cac","name":"35083762-4591-44ac-a31f-36bed3414af2:panel_35083762-4591-44ac-a31f-36bed3414af2","type":"visualization"},{"id":"2e7363f0-75c6-11ea-9565-7315f4ee5cac","name":"66e7cf00-ec90-4df3-acd3-02fb271f0959:panel_66e7cf00-ec90-4df3-acd3-02fb271f0959","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"f84fe347-bdda-4297-b460-eee297f7e91e:panel_f84fe347-bdda-4297-b460-eee297f7e91e","type":"search"}],"sort":[1688154054424,4974],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyNDAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Nodes","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Nodes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"agent.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"5cba9760-6e9b-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4976],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyNDEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Endgame - All Logs","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Endgame - All Logs\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":50}}}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"e2da1340-53a3-11ec-b3ef-6bcc33056a36","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1688154054424,4979],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyNDIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Endgame - Categories with Full Event Type","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Endgame - Categories with Full Event Type\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"endgame.event_type_full\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Event Type\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Event Category\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"showToolbar\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"row\":true}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"af1768b0-53ac-11ec-b3ef-6bcc33056a36","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1688154054424,4982],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyNDMsMV0="}
-{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"7.15.2\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":9,\"i\":\"fe254730-eee5-4aff-b672-a83e54b49c12\"},\"panelIndex\":\"fe254730-eee5-4aff-b672-a83e54b49c12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_fe254730-eee5-4aff-b672-a83e54b49c12\"},{\"version\":\"7.15.2\",\"type\":\"visualization\",\"gridData\":{\"x\":13,\"y\":0,\"w\":25,\"h\":9,\"i\":\"5e96a8cf-1dab-4df2-a4be-baf960448da4\"},\"panelIndex\":\"5e96a8cf-1dab-4df2-a4be-baf960448da4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5e96a8cf-1dab-4df2-a4be-baf960448da4\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"x\":38,\"y\":0,\"w\":10,\"h\":9,\"i\":\"38c65a86-724b-4c25-818b-1564fbb3793f\"},\"panelIndex\":\"38c65a86-724b-4c25-818b-1564fbb3793f\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"Endgame - Alert Count\",\"description\":\"\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"uiState\":{},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"}],\"searchSource\":{\"index\":\"endgame-*\",\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"endgame-*\",\"key\":\"event.action\",\"negate\":false,\"params\":{\"query\":\"detection\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.action\":\"detection\"}}}]}}},\"enhancements\":{},\"type\":\"visualization\"}},{\"version\":\"7.15.2\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":13,\"h\":16,\"i\":\"680adbf3-9347-4c45-87b8-d87587e38b09\"},\"panelIndex\":\"680adbf3-9347-4c45-87b8-d87587e38b09\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_680adbf3-9347-4c45-87b8-d87587e38b09\"},{\"version\":\"7.15.2\",\"type\":\"visualization\",\"gridData\":{\"x\":13,\"y\":9,\"w\":25,\"h\":16,\"i\":\"6569d104-bb49-4de6-8d2d-9dc49739b291\"},\"panelIndex\":\"6569d104-bb49-4de6-8d2d-9dc49739b291\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6569d104-bb49-4de6-8d2d-9dc49739b291\"},{\"version\":\"7.15.2\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":25,\"w\":48,\"h\":13,\"i\":\"4a354630-93fd-4370-b10f-80386aee6d00\"},\"panelIndex\":\"4a354630-93fd-4370-b10f-80386aee6d00\",\"embeddableConfig\":{\"columns\":[],\"enhancements\":{}},\"panelRefName\":\"panel_4a354630-93fd-4370-b10f-80386aee6d00\"}]","timeRestore":false,"title":"Endgame - Host","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"5d8f04d0-53b6-11ec-b3ef-6bcc33056a36","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"e2da1340-53a3-11ec-b3ef-6bcc33056a36","name":"fe254730-eee5-4aff-b672-a83e54b49c12:panel_fe254730-eee5-4aff-b672-a83e54b49c12","type":"visualization"},{"id":"2f7966b0-53a4-11ec-b3ef-6bcc33056a36","name":"5e96a8cf-1dab-4df2-a4be-baf960448da4:panel_5e96a8cf-1dab-4df2-a4be-baf960448da4","type":"visualization"},{"id":"endgame-*","name":"38c65a86-724b-4c25-818b-1564fbb3793f:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"endgame-*","name":"38c65a86-724b-4c25-818b-1564fbb3793f:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"3b50b220-53ab-11ec-b3ef-6bcc33056a36","name":"680adbf3-9347-4c45-87b8-d87587e38b09:panel_680adbf3-9347-4c45-87b8-d87587e38b09","type":"visualization"},{"id":"af1768b0-53ac-11ec-b3ef-6bcc33056a36","name":"6569d104-bb49-4de6-8d2d-9dc49739b291:panel_6569d104-bb49-4de6-8d2d-9dc49739b291","type":"visualization"},{"id":"20c85b70-53aa-11ec-b3ef-6bcc33056a36","name":"4a354630-93fd-4370-b10f-80386aee6d00:panel_4a354630-93fd-4370-b10f-80386aee6d00","type":"search"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1688154054424,4991],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyNDQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"MySQL - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"MySQL - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"5d9031a0-363f-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"5d624230-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4993],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyNDUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RFB - Client Version","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - RFB - Client Version\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Major Version\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rfb.client_major_version.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Major Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rfb.client_minor_version.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Minor Version\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"5dcf09e0-75c8-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4995],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyNDYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RADIUS - Connection Information","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RADIUS - Connection Information\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"connect_info.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Connection Info\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"5df79fe0-3809-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"75545310-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,4997],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyNDcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Host - Process Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"process.executable.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Process Image\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"process.command_line.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"title\":\"Security Onion - Host - Process Name\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"5e18a970-c77f-11ea-bebb-37c5ab5894ea","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,4999],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyNDgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastAlert - Rule","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastAlert - Rule\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule_name\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Rule\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"5e1dc100-7dcf-11e7-a1a2-3be6827d22ce","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:elastalert_status*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5001],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyNDksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SIP - URI","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SIP - URI\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"uri.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"URI\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"5e36c370-3753-11e7-b74a-f5057991ccd2","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5003],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyNTAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - FTP - Argument","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - FTP - Argument\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ftp.argument.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"5fcdb0c0-755f-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5005],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyNTEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMB - FIle Path","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMB - FIle Path\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"path.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File Path\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"60384e00-3aaf-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688154054424,5007],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyNTIsMV0="}
-{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":11,\"i\":\"26712c83-24f3-4af6-a20e-edab103002fd\"},\"panelIndex\":\"26712c83-24f3-4af6-a20e-edab103002fd\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"Endgame - Navigation\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Admin](/kibana/app/dashboards#/view/6063a9e0-61b2-11ec-864c-8b5450f97635)     \\n \\n**Event Category**    \\n[Alert](https://PLACEHOLDER/kibana/app/dashboards#/view/0c8e61c0-67fc-11ec-864c-8b5450f97635) | \\n[File](/kibana/app/dashboards#/view/4923ad00-6349-11ec-864c-8b5450f97635) | [Network](/kibana/app/dashboards#/view/49d34770-53b2-11ec-b3ef-6bcc33056a36) | [Process](/kibana/app/dashboards#/view/790991a0-6287-11ec-864c-8b5450f97635) | [Authentication](/kibana/app/dashboards#/view/6c5aaff0-63f6-11ec-864c-8b5450f97635) | [Registry](/kibana/app/dashboards#/view/a6c6c880-63f7-11ec-864c-8b5450f97635)\\n\\n**Endgame**  \\n[Endgame Alerts](https:///alerts/dashboard)\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{},\"type\":\"visualization\"},\"panelRefName\":\"panel_26712c83-24f3-4af6-a20e-edab103002fd\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":8,\"y\":0,\"w\":11,\"h\":11,\"i\":\"b7feb2b8-999d-433e-9b12-85aacdc61f16\"},\"panelIndex\":\"b7feb2b8-999d-433e-9b12-85aacdc61f16\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - Process Logs\",\"panelRefName\":\"panel_b7feb2b8-999d-433e-9b12-85aacdc61f16\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":19,\"y\":0,\"w\":29,\"h\":11,\"i\":\"8b515da9-7c43-4e1a-872f-e92da896933f\"},\"panelIndex\":\"8b515da9-7c43-4e1a-872f-e92da896933f\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - Process Log Count Over Time\",\"panelRefName\":\"panel_8b515da9-7c43-4e1a-872f-e92da896933f\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":11,\"w\":24,\"h\":15,\"i\":\"7837aa9f-dca6-4a7b-9881-65f26b2a5f4f\"},\"panelIndex\":\"7837aa9f-dca6-4a7b-9881-65f26b2a5f4f\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - Processes\",\"panelRefName\":\"panel_7837aa9f-dca6-4a7b-9881-65f26b2a5f4f\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":11,\"w\":10,\"h\":15,\"i\":\"26df0dd7-8042-4e69-a4b1-c8ed5a677f6a\"},\"panelIndex\":\"26df0dd7-8042-4e69-a4b1-c8ed5a677f6a\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - Process Users\",\"panelRefName\":\"panel_26df0dd7-8042-4e69-a4b1-c8ed5a677f6a\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":34,\"y\":11,\"w\":14,\"h\":15,\"i\":\"508bbc67-1a96-465d-b30d-23aecaaf4895\"},\"panelIndex\":\"508bbc67-1a96-465d-b30d-23aecaaf4895\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - Process Actions\",\"panelRefName\":\"panel_508bbc67-1a96-465d-b30d-23aecaaf4895\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":26,\"w\":48,\"h\":14,\"i\":\"a89ab8ad-a272-405f-8db8-4f722bbfeb61\"},\"panelIndex\":\"a89ab8ad-a272-405f-8db8-4f722bbfeb61\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Endgame - Process Information\",\"panelRefName\":\"panel_a89ab8ad-a272-405f-8db8-4f722bbfeb61\"},{\"version\":\"7.15.2\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":40,\"w\":48,\"h\":17,\"i\":\"9248209e-9f35-48c5-958c-3cab215eb410\"},\"panelIndex\":\"9248209e-9f35-48c5-958c-3cab215eb410\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9248209e-9f35-48c5-958c-3cab215eb410\"}]","timeRestore":false,"title":"Endgame - Process","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"790991a0-6287-11ec-864c-8b5450f97635","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"754f7380-6d82-11ec-864c-8b5450f97635","name":"26712c83-24f3-4af6-a20e-edab103002fd:panel_26712c83-24f3-4af6-a20e-edab103002fd","type":"visualization"},{"id":"ed1f0300-6cd1-11ec-864c-8b5450f97635","name":"b7feb2b8-999d-433e-9b12-85aacdc61f16:panel_b7feb2b8-999d-433e-9b12-85aacdc61f16","type":"lens"},{"id":"f1e98360-6cd1-11ec-864c-8b5450f97635","name":"8b515da9-7c43-4e1a-872f-e92da896933f:panel_8b515da9-7c43-4e1a-872f-e92da896933f","type":"lens"},{"id":"e2cff350-6ccc-11ec-864c-8b5450f97635","name":"7837aa9f-dca6-4a7b-9881-65f26b2a5f4f:panel_7837aa9f-dca6-4a7b-9881-65f26b2a5f4f","type":"lens"},{"id":"e88fd030-6ccc-11ec-864c-8b5450f97635","name":"26df0dd7-8042-4e69-a4b1-c8ed5a677f6a:panel_26df0dd7-8042-4e69-a4b1-c8ed5a677f6a","type":"lens"},{"id":"edca7780-6ccc-11ec-864c-8b5450f97635","name":"508bbc67-1a96-465d-b30d-23aecaaf4895:panel_508bbc67-1a96-465d-b30d-23aecaaf4895","type":"lens"},{"id":"dbb93900-6ccc-11ec-864c-8b5450f97635","name":"a89ab8ad-a272-405f-8db8-4f722bbfeb61:panel_a89ab8ad-a272-405f-8db8-4f722bbfeb61","type":"lens"},{"id":"424d7a60-6f0b-11ec-864c-8b5450f97635","name":"9248209e-9f35-48c5-958c-3cab215eb410:panel_9248209e-9f35-48c5-958c-3cab215eb410","type":"search"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1688154054424,5017],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyNTMsMV0="}
-{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":11,\"h\":9,\"i\":\"64356467-dfe4-4eed-b53d-0cdf0b94f6d0\"},\"panelIndex\":\"64356467-dfe4-4eed-b53d-0cdf0b94f6d0\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"Endgame - Navigation\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Admin](/kibana/app/dashboards#/view/6063a9e0-61b2-11ec-864c-8b5450f97635)     \\n \\n**Event Category**    \\n[Alert](https://PLACEHOLDER/kibana/app/dashboards#/view/0c8e61c0-67fc-11ec-864c-8b5450f97635) | \\n[File](/kibana/app/dashboards#/view/4923ad00-6349-11ec-864c-8b5450f97635) | [Network](/kibana/app/dashboards#/view/49d34770-53b2-11ec-b3ef-6bcc33056a36) | [Process](/kibana/app/dashboards#/view/790991a0-6287-11ec-864c-8b5450f97635) | [Authentication](/kibana/app/dashboards#/view/6c5aaff0-63f6-11ec-864c-8b5450f97635) | [Registry](/kibana/app/dashboards#/view/a6c6c880-63f7-11ec-864c-8b5450f97635)\\n\\n**Endgame**  \\n[Endgame Alerts](https:///alerts/dashboard)\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{},\"type\":\"visualization\"},\"panelRefName\":\"panel_64356467-dfe4-4eed-b53d-0cdf0b94f6d0\"},{\"version\":\"7.15.2\",\"type\":\"visualization\",\"gridData\":{\"x\":11,\"y\":0,\"w\":15,\"h\":9,\"i\":\"cc23bd7c-9000-4af9-875e-5779794011d0\"},\"panelIndex\":\"cc23bd7c-9000-4af9-875e-5779794011d0\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"panelRefName\":\"panel_cc23bd7c-9000-4af9-875e-5779794011d0\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"x\":26,\"y\":0,\"w\":11,\"h\":9,\"i\":\"276394f1-fa5b-42b2-ab7c-8db18bd367a3\"},\"panelIndex\":\"276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-97b747de-fee3-4557-84f6-3d6aecd1f5c7\"}],\"state\":{\"visualization\":{\"layerId\":\"97b747de-fee3-4557-84f6-3d6aecd1f5c7\",\"accessor\":\"dccdca2f-fac1-43ce-8c74-d50a8a007366\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"97b747de-fee3-4557-84f6-3d6aecd1f5c7\":{\"columns\":{\"dccdca2f-fac1-43ce-8c74-d50a8a007366\":{\"label\":\"Hosts\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.ip\",\"isBucketed\":false,\"customLabel\":true}},\"columnOrder\":[\"dccdca2f-fac1-43ce-8c74-d50a8a007366\"],\"incompleteColumns\":{}}}}}}},\"enhancements\":{},\"type\":\"lens\"},\"panelRefName\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"x\":37,\"y\":0,\"w\":11,\"h\":9,\"i\":\"2c8d6219-3e37-47c9-bfb2-9330167ad7b8\"},\"panelIndex\":\"2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-fac6e4a9-2d36-463c-b2b0-b451546f6f20\"},{\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\",\"id\":\"endgame-*\"}],\"state\":{\"visualization\":{\"layerId\":\"fac6e4a9-2d36-463c-b2b0-b451546f6f20\",\"accessor\":\"2bea62c1-f8ef-43c3-b9c3-1931437bc5db\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.action\",\"params\":{\"query\":\"detection\"},\"index\":\"filter-index-pattern-0\"},\"query\":{\"match_phrase\":{\"event.action\":\"detection\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"fac6e4a9-2d36-463c-b2b0-b451546f6f20\":{\"columns\":{\"2bea62c1-f8ef-43c3-b9c3-1931437bc5db\":{\"label\":\"Alerts\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"customLabel\":true}},\"columnOrder\":[\"2bea62c1-f8ef-43c3-b9c3-1931437bc5db\"],\"incompleteColumns\":{}}}}}}},\"enhancements\":{},\"type\":\"lens\"},\"panelRefName\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":9,\"w\":48,\"h\":13,\"i\":\"f702b2f2-5fc3-4a29-90a6-0d0d223fd358\"},\"panelIndex\":\"f702b2f2-5fc3-4a29-90a6-0d0d223fd358\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f702b2f2-5fc3-4a29-90a6-0d0d223fd358\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":22,\"w\":48,\"h\":14,\"i\":\"93800440-ed84-48b6-8055-c58a5d290ec6\"},\"panelIndex\":\"93800440-ed84-48b6-8055-c58a5d290ec6\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-1828f449-a2e9-4ed2-a72c-e6f22382569e\"}],\"state\":{\"visualization\":{\"columns\":[{\"columnId\":\"e5498d4d-b9af-4016-8afc-e4639ceb6c10\",\"isTransposed\":false},{\"columnId\":\"b76f4623-7690-4ad3-ae68-d19b80a2361a\",\"isTransposed\":false}],\"layerId\":\"1828f449-a2e9-4ed2-a72c-e6f22382569e\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"1828f449-a2e9-4ed2-a72c-e6f22382569e\":{\"columns\":{\"e5498d4d-b9af-4016-8afc-e4639ceb6c10\":{\"label\":\"Top values of host.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.name\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"alphabetical\",\"fallback\":true},\"orderDirection\":\"asc\",\"otherBucket\":true,\"missingBucket\":false}},\"b76f4623-7690-4ad3-ae68-d19b80a2361a\":{\"label\":\"Last value of host.ip\",\"dataType\":\"ip\",\"operationType\":\"last_value\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"host.ip\",\"params\":{\"sortField\":\"@timestamp\",\"showArrayValues\":true}}},\"columnOrder\":[\"e5498d4d-b9af-4016-8afc-e4639ceb6c10\",\"b76f4623-7690-4ad3-ae68-d19b80a2361a\"],\"incompleteColumns\":{}}}}}}},\"enhancements\":{},\"type\":\"lens\"},\"panelRefName\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\"},{\"version\":\"7.15.2\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":36,\"w\":48,\"h\":14,\"i\":\"f389ba6c-bcad-4564-aca0-e696e2981239\"},\"panelIndex\":\"f389ba6c-bcad-4564-aca0-e696e2981239\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f389ba6c-bcad-4564-aca0-e696e2981239\"},{\"version\":\"7.15.2\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":50,\"w\":48,\"h\":18,\"i\":\"1ae20b57-e5db-4e2b-b45b-51132e0892d2\"},\"panelIndex\":\"1ae20b57-e5db-4e2b-b45b-51132e0892d2\",\"embeddableConfig\":{\"enhancements\":{},\"vis\":null},\"panelRefName\":\"panel_1ae20b57-e5db-4e2b-b45b-51132e0892d2\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":68,\"w\":23,\"h\":16,\"i\":\"64991e9b-5624-4d8d-9624-3077e970068f\"},\"panelIndex\":\"64991e9b-5624-4d8d-9624-3077e970068f\",\"embeddableConfig\":{\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"842ed2f7-3fb1-4c0d-a62c-dd9d06de42da\",\"triggers\":[\"FILTER_TRIGGER\"],\"action\":{\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"Go to Dashboard\",\"config\":{\"useCurrentFilters\":true,\"useCurrentDateRange\":true}}}]}},\"hidePanelTitles\":false},\"title\":\"Endgame - Network DNS Requests Chart\",\"panelRefName\":\"panel_64991e9b-5624-4d8d-9624-3077e970068f\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":23,\"y\":68,\"w\":25,\"h\":16,\"i\":\"d3b35751-4ec0-441c-a399-4c56a38ea9d3\"},\"panelIndex\":\"d3b35751-4ec0-441c-a399-4c56a38ea9d3\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"99f3c946-0494-42aa-a14f-cac5dce6757d\",\"triggers\":[\"FILTER_TRIGGER\"],\"action\":{\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"View in Process Dashboard\",\"config\":{\"useCurrentFilters\":true,\"useCurrentDateRange\":true}}}]}}},\"title\":\"Endgame - Processes\",\"panelRefName\":\"panel_d3b35751-4ec0-441c-a399-4c56a38ea9d3\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":84,\"w\":24,\"h\":15,\"i\":\"77406005-0714-4d8f-a535-79c693437dfe\"},\"panelIndex\":\"77406005-0714-4d8f-a535-79c693437dfe\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Endgame - Auth Event Outcome\",\"panelRefName\":\"panel_77406005-0714-4d8f-a535-79c693437dfe\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":84,\"w\":24,\"h\":15,\"i\":\"79b433c6-e740-40be-8b5e-02155ee11955\"},\"panelIndex\":\"79b433c6-e740-40be-8b5e-02155ee11955\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_79b433c6-e740-40be-8b5e-02155ee11955\",\"type\":\"lens\",\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\"},{\"name\":\"panel_79b433c6-e740-40be-8b5e-02155ee11955\",\"type\":\"lens\",\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\"},{\"name\":\"panel_79b433c6-e740-40be-8b5e-02155ee11955\",\"type\":\"lens\",\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\"},{\"name\":\"panel_79b433c6-e740-40be-8b5e-02155ee11955\",\"type\":\"lens\",\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\"},{\"name\":\"panel_79b433c6-e740-40be-8b5e-02155ee11955\",\"type\":\"lens\",\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\"},{\"name\":\"panel_79b433c6-e740-40be-8b5e-02155ee11955\",\"type\":\"lens\",\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\"},{\"name\":\"panel_79b433c6-e740-40be-8b5e-02155ee11955\",\"type\":\"lens\",\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\"},{\"name\":\"panel_79b433c6-e740-40be-8b5e-02155ee11955\",\"type\":\"lens\",\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\"},{\"name\":\"panel_79b433c6-e740-40be-8b5e-02155ee11955\",\"type\":\"lens\",\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\"},{\"name\":\"panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2\",\"type\":\"lens\",\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\"},{\"name\":\"panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2\",\"type\":\"lens\",\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-e5f77e35-1bc5-4487-9602-e2962cafa87b\"},{\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\",\"id\":\"endgame-*\"}],\"state\":{\"visualization\":{\"layerId\":\"e5f77e35-1bc5-4487-9602-e2962cafa87b\",\"layerType\":\"data\",\"columns\":[{\"isTransposed\":false,\"columnId\":\"ade5af28-bac8-4a2d-adff-28580282a9d2\"},{\"isTransposed\":false,\"columnId\":\"e480935c-b388-48c6-9582-fb4600b462fb\"},{\"columnId\":\"bb5f0057-5e74-4baf-9839-aff53de6d145\",\"isTransposed\":false}],\"rowHeight\":\"single\",\"rowHeightLines\":1},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.category\",\"params\":{\"query\":\"file\"},\"index\":\"filter-index-pattern-0\"},\"query\":{\"match_phrase\":{\"event.category\":\"file\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"e5f77e35-1bc5-4487-9602-e2962cafa87b\":{\"columns\":{\"ade5af28-bac8-4a2d-adff-28580282a9d2\":{\"label\":\"Top values of file.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"file.name\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e480935c-b388-48c6-9582-fb4600b462fb\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true}},\"e480935c-b388-48c6-9582-fb4600b462fb\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"bb5f0057-5e74-4baf-9839-aff53de6d145\":{\"label\":\"Top values of file.path\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"file.path\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e480935c-b388-48c6-9582-fb4600b462fb\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true}}},\"columnOrder\":[\"ade5af28-bac8-4a2d-adff-28580282a9d2\",\"bb5f0057-5e74-4baf-9839-aff53de6d145\",\"e480935c-b388-48c6-9582-fb4600b462fb\"],\"incompleteColumns\":{}}}}}}},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Endgame - File Name\",\"panelRefName\":\"panel_79b433c6-e740-40be-8b5e-02155ee11955\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":99,\"w\":48,\"h\":15,\"i\":\"812191d7-0fc5-4dba-8cb6-600b9e3ee15c\"},\"panelIndex\":\"812191d7-0fc5-4dba-8cb6-600b9e3ee15c\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Endgame - Registry Events\",\"panelRefName\":\"panel_812191d7-0fc5-4dba-8cb6-600b9e3ee15c\"},{\"version\":\"7.15.2\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":114,\"w\":48,\"h\":19,\"i\":\"b4898ca9-c99e-4ea2-a269-4e60616f2a4f\"},\"panelIndex\":\"b4898ca9-c99e-4ea2-a269-4e60616f2a4f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b4898ca9-c99e-4ea2-a269-4e60616f2a4f\"}]","timeRestore":false,"title":"Endgame - Admin","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"6063a9e0-61b2-11ec-864c-8b5450f97635","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"754f7380-6d82-11ec-864c-8b5450f97635","name":"64356467-dfe4-4eed-b53d-0cdf0b94f6d0:panel_64356467-dfe4-4eed-b53d-0cdf0b94f6d0","type":"visualization"},{"id":"e2da1340-53a3-11ec-b3ef-6bcc33056a36","name":"cc23bd7c-9000-4af9-875e-5779794011d0:panel_cc23bd7c-9000-4af9-875e-5779794011d0","type":"visualization"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"endgame-*","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:indexpattern-datasource-layer-97b747de-fee3-4557-84f6-3d6aecd1f5c7","type":"index-pattern"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"endgame-*","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:indexpattern-datasource-layer-fac6e4a9-2d36-463c-b2b0-b451546f6f20","type":"index-pattern"},{"id":"endgame-*","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:filter-index-pattern-0","type":"index-pattern"},{"id":"82185ff0-696d-11ec-864c-8b5450f97635","name":"f702b2f2-5fc3-4a29-90a6-0d0d223fd358:panel_f702b2f2-5fc3-4a29-90a6-0d0d223fd358","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"endgame-*","name":"93800440-ed84-48b6-8055-c58a5d290ec6:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"93800440-ed84-48b6-8055-c58a5d290ec6:indexpattern-datasource-layer-1828f449-a2e9-4ed2-a72c-e6f22382569e","type":"index-pattern"},{"id":"3ae34620-6258-11ec-864c-8b5450f97635","name":"f389ba6c-bcad-4564-aca0-e696e2981239:panel_f389ba6c-bcad-4564-aca0-e696e2981239","type":"visualization"},{"id":"de389910-6f0a-11ec-864c-8b5450f97635","name":"1ae20b57-e5db-4e2b-b45b-51132e0892d2:panel_1ae20b57-e5db-4e2b-b45b-51132e0892d2","type":"visualization"},{"id":"f30bef10-6328-11ec-864c-8b5450f97635","name":"64991e9b-5624-4d8d-9624-3077e970068f:panel_64991e9b-5624-4d8d-9624-3077e970068f","type":"lens"},{"id":"49d34770-53b2-11ec-b3ef-6bcc33056a36","name":"64991e9b-5624-4d8d-9624-3077e970068f:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:842ed2f7-3fb1-4c0d-a62c-dd9d06de42da:dashboardId","type":"dashboard"},{"id":"e2cff350-6ccc-11ec-864c-8b5450f97635","name":"d3b35751-4ec0-441c-a399-4c56a38ea9d3:panel_d3b35751-4ec0-441c-a399-4c56a38ea9d3","type":"lens"},{"id":"790991a0-6287-11ec-864c-8b5450f97635","name":"d3b35751-4ec0-441c-a399-4c56a38ea9d3:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:99f3c946-0494-42aa-a14f-cac5dce6757d:dashboardId","type":"dashboard"},{"id":"072ae530-6d6c-11ec-864c-8b5450f97635","name":"77406005-0714-4d8f-a535-79c693437dfe:panel_77406005-0714-4d8f-a535-79c693437dfe","type":"lens"},{"id":"676296e0-6d6d-11ec-864c-8b5450f97635","name":"79b433c6-e740-40be-8b5e-02155ee11955:panel_79b433c6-e740-40be-8b5e-02155ee11955","type":"lens"},{"id":"676296e0-6d6d-11ec-864c-8b5450f97635","name":"79b433c6-e740-40be-8b5e-02155ee11955:panel_79b433c6-e740-40be-8b5e-02155ee11955","type":"lens"},{"id":"676296e0-6d6d-11ec-864c-8b5450f97635","name":"79b433c6-e740-40be-8b5e-02155ee11955:panel_79b433c6-e740-40be-8b5e-02155ee11955","type":"lens"},{"id":"676296e0-6d6d-11ec-864c-8b5450f97635","name":"79b433c6-e740-40be-8b5e-02155ee11955:panel_79b433c6-e740-40be-8b5e-02155ee11955","type":"lens"},{"id":"676296e0-6d6d-11ec-864c-8b5450f97635","name":"79b433c6-e740-40be-8b5e-02155ee11955:panel_79b433c6-e740-40be-8b5e-02155ee11955","type":"lens"},{"id":"676296e0-6d6d-11ec-864c-8b5450f97635","name":"79b433c6-e740-40be-8b5e-02155ee11955:panel_79b433c6-e740-40be-8b5e-02155ee11955","type":"lens"},{"id":"676296e0-6d6d-11ec-864c-8b5450f97635","name":"79b433c6-e740-40be-8b5e-02155ee11955:panel_79b433c6-e740-40be-8b5e-02155ee11955","type":"lens"},{"id":"676296e0-6d6d-11ec-864c-8b5450f97635","name":"79b433c6-e740-40be-8b5e-02155ee11955:panel_79b433c6-e740-40be-8b5e-02155ee11955","type":"lens"},{"id":"676296e0-6d6d-11ec-864c-8b5450f97635","name":"79b433c6-e740-40be-8b5e-02155ee11955:panel_79b433c6-e740-40be-8b5e-02155ee11955","type":"lens"},{"id":"676296e0-6d6d-11ec-864c-8b5450f97635","name":"79b433c6-e740-40be-8b5e-02155ee11955:panel_79b433c6-e740-40be-8b5e-02155ee11955","type":"lens"},{"id":"676296e0-6d6d-11ec-864c-8b5450f97635","name":"79b433c6-e740-40be-8b5e-02155ee11955:panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2","type":"lens"},{"id":"676296e0-6d6d-11ec-864c-8b5450f97635","name":"79b433c6-e740-40be-8b5e-02155ee11955:panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2","type":"lens"},{"id":"endgame-*","name":"79b433c6-e740-40be-8b5e-02155ee11955:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"79b433c6-e740-40be-8b5e-02155ee11955:indexpattern-datasource-layer-e5f77e35-1bc5-4487-9602-e2962cafa87b","type":"index-pattern"},{"id":"endgame-*","name":"79b433c6-e740-40be-8b5e-02155ee11955:filter-index-pattern-0","type":"index-pattern"},{"id":"e1e12ab0-6cc5-11ec-864c-8b5450f97635","name":"812191d7-0fc5-4dba-8cb6-600b9e3ee15c:panel_812191d7-0fc5-4dba-8cb6-600b9e3ee15c","type":"lens"},{"id":"20c85b70-53aa-11ec-b3ef-6bcc33056a36","name":"b4898ca9-c99e-4ea2-a269-4e60616f2a4f:panel_b4898ca9-c99e-4ea2-a269-4e60616f2a4f","type":"search"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1688154054424,5107],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyNTQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Data Types","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Data Types\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"type\":\"table\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event_type.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Data Type\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"60925490-34bf-11e7-9b32-bb903919ead9","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"aa05e920-3433-11e7-8867-29a39c0f86b2","name":"search_0","type":"search"}],"sort":[1688154054424,5109],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyNTUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSL - Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SSL - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"6139edd0-3641-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5111],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyNTYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Intel - Source","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Intel - Source\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sources.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"613de590-399b-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5113],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyNTcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.category.keyword : \\\"registry\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Endgame - Event.Cat:Registry Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Endgame - Event.Cat:Registry Log Count Over Time\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-24h\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"used_interval\":\"30m\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"}],\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{},\"style\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"},\"style\":{}}],\"seriesParams\":[{\"show\":true,\"type\":\"area\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true,\"circlesRadius\":3}],\"addTooltip\":true,\"detailedTooltip\":true,\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"addLegend\":true,\"legendPosition\":\"right\",\"fittingFunction\":\"linear\",\"times\":[],\"addTimeMarker\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"labels\":{},\"radiusRatio\":9,\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"legendSize\":\"auto\"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"61f72150-6406-11ec-864c-8b5450f97635","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1688154054424,5116],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyNTgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NIDS Alerts - Source Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NIDS Alerts - Source Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"620283e0-3af5-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5118],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyNTksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Modbus - Function","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Modbus - Function\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"modbus.function.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"modbus.function.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Function\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"62449800-75be-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5120],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyNjAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - MySQL - Success","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - MySQL - Success\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mysql.success\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Success\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"62969db0-75c0-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5122],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyNjEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Connections - Top Destination IPs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Connections - Top Destination IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"62ac4060-6ea0-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1688154054424,5124],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyNjIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Intel - Indicator","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Intel - Indicator\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"indicator.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Indicator\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"6380b430-399c-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5126],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyNjMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Desktop Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RFB - Desktop Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"desktop_name.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Desktop Name\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"63c072c0-371f-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5128],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyNjQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NIDS - Drilldown - Rule Signature","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NIDS - Drilldown - Rule Signature\",\"type\":\"table\",\"params\":{\"perPage\":1,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"top_hits\",\"schema\":\"metric\",\"params\":{\"field\":\"rule_signature.keyword\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"NIDS Signature\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"6533dd40-e064-11e9-8f0c-2ddbf5ed9290","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5130],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyNjUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Files - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Files - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"6571ee10-3584-11e7-a588-05992195c551","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"e929e8a0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5132],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyNjYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Syslog - Facility","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Syslog - Facility\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"syslog.facility_label: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"syslog.facility_label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Facility\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"e017cb80-777b-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5134],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyNjcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Syslog - Severity","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"syslog.severity_label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Severity\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"Security Onion - Syslog - Severity\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"9e1a4240-c77a-11ea-bebb-37c5ab5894ea","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5136],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyNjgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:syslog\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"9c4d23d9-2dd5-4a9f-aa67-edc6b73f3086\"},\"panelIndex\":\"9c4d23d9-2dd5-4a9f-aa67-edc6b73f3086\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9c4d23d9-2dd5-4a9f-aa67-edc6b73f3086\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":13,\"y\":0,\"w\":16,\"h\":8,\"i\":\"a3e3afae-dd54-4024-9d09-608a6baecd42\"},\"panelIndex\":\"a3e3afae-dd54-4024-9d09-608a6baecd42\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a3e3afae-dd54-4024-9d09-608a6baecd42\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":8,\"i\":\"e7dbc7be-d1ef-499a-bbb6-2963bfdaabfb\"},\"panelIndex\":\"e7dbc7be-d1ef-499a-bbb6-2963bfdaabfb\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e7dbc7be-d1ef-499a-bbb6-2963bfdaabfb\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":8,\"w\":8,\"h\":18,\"i\":\"e1ea8adf-acd8-4577-9c81-1acb711d20ce\"},\"panelIndex\":\"e1ea8adf-acd8-4577-9c81-1acb711d20ce\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e1ea8adf-acd8-4577-9c81-1acb711d20ce\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":8,\"y\":8,\"w\":8,\"h\":18,\"i\":\"16f2046a-4417-4e78-9699-65d253db78cb\"},\"panelIndex\":\"16f2046a-4417-4e78-9699-65d253db78cb\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_16f2046a-4417-4e78-9699-65d253db78cb\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":16,\"y\":8,\"w\":11,\"h\":18,\"i\":\"226810af-b55b-4fba-99c8-0c28ca99aa37\"},\"panelIndex\":\"226810af-b55b-4fba-99c8-0c28ca99aa37\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_226810af-b55b-4fba-99c8-0c28ca99aa37\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":27,\"y\":8,\"w\":9,\"h\":18,\"i\":\"9cc5fffe-3834-4550-84e3-33d1246f68f6\"},\"panelIndex\":\"9cc5fffe-3834-4550-84e3-33d1246f68f6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9cc5fffe-3834-4550-84e3-33d1246f68f6\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":8,\"w\":12,\"h\":18,\"i\":\"cdad19b0-4f35-4143-8677-0a64a64dbca6\"},\"panelIndex\":\"cdad19b0-4f35-4143-8677-0a64a64dbca6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_cdad19b0-4f35-4143-8677-0a64a64dbca6\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":26,\"w\":48,\"h\":29,\"i\":\"b06c2c59-18a2-4e4c-bfc8-b4d496a89d30\"},\"panelIndex\":\"b06c2c59-18a2-4e4c-bfc8-b4d496a89d30\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b06c2c59-18a2-4e4c-bfc8-b4d496a89d30\"}]","timeRestore":false,"title":"Security Onion - Syslog","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"66499a20-75ed-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"9c4d23d9-2dd5-4a9f-aa67-edc6b73f3086:panel_9c4d23d9-2dd5-4a9f-aa67-edc6b73f3086","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"a3e3afae-dd54-4024-9d09-608a6baecd42:panel_a3e3afae-dd54-4024-9d09-608a6baecd42","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"e7dbc7be-d1ef-499a-bbb6-2963bfdaabfb:panel_e7dbc7be-d1ef-499a-bbb6-2963bfdaabfb","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"e1ea8adf-acd8-4577-9c81-1acb711d20ce:panel_e1ea8adf-acd8-4577-9c81-1acb711d20ce","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"16f2046a-4417-4e78-9699-65d253db78cb:panel_16f2046a-4417-4e78-9699-65d253db78cb","type":"visualization"},{"id":"f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b","name":"226810af-b55b-4fba-99c8-0c28ca99aa37:panel_226810af-b55b-4fba-99c8-0c28ca99aa37","type":"visualization"},{"id":"e017cb80-777b-11ea-bee5-af7f7c7b8e05","name":"9cc5fffe-3834-4550-84e3-33d1246f68f6:panel_9cc5fffe-3834-4550-84e3-33d1246f68f6","type":"visualization"},{"id":"9e1a4240-c77a-11ea-bebb-37c5ab5894ea","name":"cdad19b0-4f35-4143-8677-0a64a64dbca6:panel_cdad19b0-4f35-4143-8677-0a64a64dbca6","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"b06c2c59-18a2-4e4c-bfc8-b4d496a89d30:panel_b06c2c59-18a2-4e4c-bfc8-b4d496a89d30","type":"search"}],"sort":[1688154054424,5146],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyNjksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Notices - Source IP Addresses","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Notices - Source IP Addresses\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"66e26ad0-3580-11e7-98ef-19df58fe538b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5148],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyNzAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"HTTP  - Status and Method","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"HTTP  - Status and Method\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"status_message.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Status Message\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"method.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Method\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"66faa650-4c99-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5150],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyNzEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FIles - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"FIles - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file_ip.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"67ab33d0-3656-11e7-baa7-b7de4ee40605","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"e929e8a0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5152],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyNzIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Network Data - Count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Network Data - Count\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":false},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":40}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"689991b0-6ea7-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"387f44c0-6ea7-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1688154054424,5154],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyNzMsMV0="}
-{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.3.0\",\"gridData\":{\"w\":8,\"h\":44,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.3.0\",\"gridData\":{\"w\":40,\"h\":40,\"x\":8,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[25.16517336866393,0.17578125],\"mapZoom\":2,\"enhancements\":{}},\"panelRefName\":\"panel_1\"}]","timeRestore":false,"title":"Connections - Source - Originator Bytes","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"68f738e0-46ca-11e7-946f-1bfb1be7c36b","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"05809df0-46cb-11e7-946f-1bfb1be7c36b","name":"panel_1","type":"visualization"}],"sort":[1688154054424,5157],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyNzQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SNMP - Version","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - SNMP - Version\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"snmp.version.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Version\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"690ef880-75e9-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5159],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyNzUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Weird - Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Weird - Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Name\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"691ade50-4c85-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"e32d0d50-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5161],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyNzYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"OSSEC Alerts - Alert Level (Pie Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"OSSEC Alerts - Alert Level (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"alert_level.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Alert Level\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"69d98570-398b-11e7-84f8-a1f7cef50fcb","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d9096bb0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5163],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyNzcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:intel\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Intel - Indicator Type (Pie)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Intel - Indicator Type (Pie)\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"intel.indicator_type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":24,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Indicator Type\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"6b109430-0e60-11eb-a255-e1e8e85e3571","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5165],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyNzgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Sysmon - Destination Port","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Sysmon - Destination Port\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Port\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"6b70b840-6d75-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688154054424,5167],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyNzksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DCE/RPC - Named Pipe","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DCE/RPC - Named Pipe\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"named_pipe.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Named Pipe\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"6b7122d0-3af3-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688154054424,5169],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyODAsMV0="}
-{"attributes":{"columns":["host.hostname","user.name","host.ip"],"description":"","grid":{},"hideChart":false,"hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.category\",\"params\":{\"query\":\"authentication\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"event.category\":\"authentication\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Endgame - Authentication Search","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"7a1fc780-6f07-11ec-864c-8b5450f97635","migrationVersion":{"search":"8.0.0"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1688154054424,5172],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyODEsMV0="}
-{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":10,\"h\":10,\"i\":\"16f743b7-687e-43ce-86a5-3ad5c607c1fe\"},\"panelIndex\":\"16f743b7-687e-43ce-86a5-3ad5c607c1fe\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"Endgame - Navigation\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Admin](/kibana/app/dashboards#/view/6063a9e0-61b2-11ec-864c-8b5450f97635)     \\n \\n**Event Category**    \\n[Alert](https://PLACEHOLDER/kibana/app/dashboards#/view/0c8e61c0-67fc-11ec-864c-8b5450f97635) | \\n[File](/kibana/app/dashboards#/view/4923ad00-6349-11ec-864c-8b5450f97635) | [Network](/kibana/app/dashboards#/view/49d34770-53b2-11ec-b3ef-6bcc33056a36) | [Process](/kibana/app/dashboards#/view/790991a0-6287-11ec-864c-8b5450f97635) | [Authentication](/kibana/app/dashboards#/view/6c5aaff0-63f6-11ec-864c-8b5450f97635) | [Registry](/kibana/app/dashboards#/view/a6c6c880-63f7-11ec-864c-8b5450f97635)\\n\\n**Endgame**  \\n[Endgame Alerts](https:///alerts/dashboard)\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{},\"type\":\"visualization\"},\"panelRefName\":\"panel_16f743b7-687e-43ce-86a5-3ad5c607c1fe\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":10,\"y\":0,\"w\":14,\"h\":10,\"i\":\"b9a19eb1-8a99-4ba7-89e5-7176371c1365\"},\"panelIndex\":\"b9a19eb1-8a99-4ba7-89e5-7176371c1365\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - Auth Count\",\"panelRefName\":\"panel_b9a19eb1-8a99-4ba7-89e5-7176371c1365\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":10,\"i\":\"f16a41be-56eb-4852-b44c-7303c89b3332\"},\"panelIndex\":\"f16a41be-56eb-4852-b44c-7303c89b3332\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - Auth Username\",\"panelRefName\":\"panel_f16a41be-56eb-4852-b44c-7303c89b3332\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":10,\"w\":24,\"h\":15,\"i\":\"dc68201b-bd8a-4fe9-9009-68fe91013c9f\"},\"panelIndex\":\"dc68201b-bd8a-4fe9-9009-68fe91013c9f\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - Auth Logs Over Time\",\"panelRefName\":\"panel_dc68201b-bd8a-4fe9-9009-68fe91013c9f\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":10,\"w\":24,\"h\":10,\"i\":\"c394186d-2848-42bf-a521-7ba497a3b3b6\"},\"panelIndex\":\"c394186d-2848-42bf-a521-7ba497a3b3b6\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - Auth Hostname\",\"panelRefName\":\"panel_c394186d-2848-42bf-a521-7ba497a3b3b6\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":20,\"w\":24,\"h\":15,\"i\":\"c08e4616-5f26-4b6a-aa37-9c6a5e27d739\"},\"panelIndex\":\"c08e4616-5f26-4b6a-aa37-9c6a5e27d739\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{\"dynamicActions\":{\"events\":[]}}},\"title\":\"Endgame - Auth Event Action (Donut)\",\"panelRefName\":\"panel_c08e4616-5f26-4b6a-aa37-9c6a5e27d739\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":25,\"w\":24,\"h\":10,\"i\":\"d7b3a140-a1a5-48d4-82a5-a84dc3a0285a\"},\"panelIndex\":\"d7b3a140-a1a5-48d4-82a5-a84dc3a0285a\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - Auth Event Action\",\"panelRefName\":\"panel_d7b3a140-a1a5-48d4-82a5-a84dc3a0285a\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":35,\"w\":48,\"h\":15,\"i\":\"aa35ad44-a937-4fa6-9444-7bcb1922a167\"},\"panelIndex\":\"aa35ad44-a937-4fa6-9444-7bcb1922a167\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Endgame - Auth Event Outcome\",\"panelRefName\":\"panel_aa35ad44-a937-4fa6-9444-7bcb1922a167\"},{\"version\":\"7.15.2\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":50,\"w\":48,\"h\":18,\"i\":\"ffffbd7a-71f4-4977-bdf2-cad011e281c4\"},\"panelIndex\":\"ffffbd7a-71f4-4977-bdf2-cad011e281c4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_ffffbd7a-71f4-4977-bdf2-cad011e281c4\"}]","timeRestore":false,"title":"Endgame - Authentication","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"6c5aaff0-63f6-11ec-864c-8b5450f97635","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"754f7380-6d82-11ec-864c-8b5450f97635","name":"16f743b7-687e-43ce-86a5-3ad5c607c1fe:panel_16f743b7-687e-43ce-86a5-3ad5c607c1fe","type":"visualization"},{"id":"63569670-6d6b-11ec-864c-8b5450f97635","name":"b9a19eb1-8a99-4ba7-89e5-7176371c1365:panel_b9a19eb1-8a99-4ba7-89e5-7176371c1365","type":"lens"},{"id":"6b3841e0-6d6b-11ec-864c-8b5450f97635","name":"f16a41be-56eb-4852-b44c-7303c89b3332:panel_f16a41be-56eb-4852-b44c-7303c89b3332","type":"lens"},{"id":"6f648670-6d6b-11ec-864c-8b5450f97635","name":"dc68201b-bd8a-4fe9-9009-68fe91013c9f:panel_dc68201b-bd8a-4fe9-9009-68fe91013c9f","type":"lens"},{"id":"b6bd72c0-6d6b-11ec-864c-8b5450f97635","name":"c394186d-2848-42bf-a521-7ba497a3b3b6:panel_c394186d-2848-42bf-a521-7ba497a3b3b6","type":"lens"},{"id":"d3e6cf90-6d6b-11ec-864c-8b5450f97635","name":"c08e4616-5f26-4b6a-aa37-9c6a5e27d739:panel_c08e4616-5f26-4b6a-aa37-9c6a5e27d739","type":"lens"},{"id":"c9b17020-6d6b-11ec-864c-8b5450f97635","name":"d7b3a140-a1a5-48d4-82a5-a84dc3a0285a:panel_d7b3a140-a1a5-48d4-82a5-a84dc3a0285a","type":"lens"},{"id":"072ae530-6d6c-11ec-864c-8b5450f97635","name":"aa35ad44-a937-4fa6-9444-7bcb1922a167:panel_aa35ad44-a937-4fa6-9444-7bcb1922a167","type":"lens"},{"id":"7a1fc780-6f07-11ec-864c-8b5450f97635","name":"ffffbd7a-71f4-4977-bdf2-cad011e281c4:panel_ffffbd7a-71f4-4977-bdf2-cad011e281c4","type":"search"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1688154054424,5183],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyODIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Bro - Syslog - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Bro - Syslog - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"6c60a280-76b5-11e7-94e1-3d2ec4e57ed9","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"269ca380-76b4-11e7-8c3e-cfcdd8c95d87","name":"search_0","type":"search"}],"sort":[1688154054424,5185],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyODMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Autoruns - Signer","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Autoruns - Signer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"signer.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Signer\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"6cf187b0-6d7c-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"dd700830-6d69-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688154054424,5187],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyODQsMV0="}
-{"attributes":{"fieldAttrs":"{}","fieldFormatMap":"{}","fields":"[]","name":"logs-osquery_manager.result*","runtimeFieldMap":"{}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"logs-osquery_manager.result*","typeMeta":"{}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"6db0d12f-ede1-4445-8ce7-3d51a80c76c9","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"sort":[1688154054424,5188],"type":"index-pattern","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyODUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNS - Server","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNS - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"type\":\"table\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"6ef90c30-34c0-11e7-9b32-bb903919ead9","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5190],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyODYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SMB - Action (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SMB - Action (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"action.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"6f883480-3aad-11e7-8b17-0d8709b02c80","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688154054424,5192],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyODcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SSL - Subject","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SSL - Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ssl.certificate.subject.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ssl.certificate.subject.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Subject\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"6fccb600-75ec-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5194],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyODgsMV0="}
-{"attributes":{"buildNum":39457,"defaultIndex":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","defaultRoute":"/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize":100,"securitySolution:defaultIndex":["apm-*-transaction*","traces-apm*","auditbeat-*","endgame-*","filebeat-*","logs-*","packetbeat-*","winlogbeat-*","*:so-*"],"theme:darkMode":true,"timepicker:timeDefaults":"{\n  \"from\": \"now-24h\",\n  \"to\": \"now\"\n}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"7.16.2","migrationVersion":{"config":"8.7.0"},"references":[],"sort":[1688154054424,5195],"type":"config","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyODksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Strelka - File - MIME Flavors","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Strelka - File - MIME Flavors\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"file.mime_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"70243970-772c-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5197],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyOTAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Kerberos - Client","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Kerberos - Client\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"710ccbf0-35bb-11e7-b9ee-834112670159","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5199],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyOTEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"osquery -  Chrome Extensions - Change Stats","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"osquery -  ChromeExt - Change Stats\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":70}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Changes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"osquery.hostIdentifier.keyword\",\"customLabel\":\"Endpoints\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"71538370-18d5-11e9-932c-d12d2cf4ee95","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0eee4360-18d4-11e9-932c-d12d2cf4ee95","name":"search_0","type":"search"}],"sort":[1688154054424,5201],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyOTIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query_string\":{\"query\":\"\\\"application/x-dosexec\\\"\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"HTTP - Sites Hosting EXEs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"HTTP - Sites Hosting EXEs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"virtual_host.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Site\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"7153e7f0-34c7-11e7-8360-0b86c90983fd","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5203],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyOTMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Connections - Total Bytes Per Source/Destination IP Pair","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Total Bytes\",\"field\":\"total_bytes\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_term\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Source IP\",\"field\":\"source_ip\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderAgg\":{\"enabled\":true,\"id\":\"2-orderAgg\",\"params\":{\"field\":\"total_bytes\"},\"schema\":\"orderAgg\",\"type\":\"cardinality\"},\"orderBy\":\"custom\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Destination IP\",\"field\":\"destination_ip\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderAgg\":{\"enabled\":true,\"id\":\"3-orderAgg\",\"params\":{\"field\":\"total_bytes\"},\"schema\":\"orderAgg\",\"type\":\"cardinality\"},\"orderBy\":\"custom\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"}],\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"title\":\"Connections - Total Bytes Per Source/Destination IP Pair\",\"type\":\"table\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"726cc040-48cf-11e8-9576-313be7c6b44b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5205],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyOTQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMB - File Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMB - File Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"name.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File Name\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"72f0f010-3aaf-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688154054424,5207],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyOTUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Log Type Per Sensor/Device","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Log Type Per Sensor/Device\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"syslog-host_from.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Sensor/Device\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event_type.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Log Type\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"733ce440-494d-11e8-9576-313be7c6b44b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5209],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyOTYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Top 50 - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Top 50 - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"73806f30-4948-11e8-9576-313be7c6b44b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5211],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyOTcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"X.509 - Certificate Signing Algorithm","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"X.509 - Certificate Signing Algorithm\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"certificate_signing_algorithm.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Algorithm\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"738127f0-37d7-11e7-9efb-91e89505091f","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"f5038cc0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5213],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyOTgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - FTP - Command","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - FTP - Command\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ftp.command.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"d3435690-755f-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5215],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQyOTksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - FTP - User","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"User\",\"field\":\"ftp.user.keyword\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"}],\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\",\"parsedUrl\":{\"basePath\":\"/kibana\",\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\"}}},\"label\":\"ftp.user.keyword: Descending\",\"params\":{}}],\"metrics\":[{\"accessor\":1,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"label\":\"Count\",\"params\":{}}]},\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"title\":\"Security Onion - FTP - User\",\"type\":\"table\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"8346bc70-7561-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5217],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzMDAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - FTP - Password","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - FTP - Password\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ftp.password.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ftp.password.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Password\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"bc3e2bd0-7561-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5219],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzMDEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:ftp\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"728d0151-5dc6-429d-9b14-b457ab73d3fd\"},\"panelIndex\":\"728d0151-5dc6-429d-9b14-b457ab73d3fd\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_728d0151-5dc6-429d-9b14-b457ab73d3fd\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":13,\"y\":0,\"w\":15,\"h\":8,\"i\":\"1b99097d-a957-4163-9810-263a0e653c18\"},\"panelIndex\":\"1b99097d-a957-4163-9810-263a0e653c18\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1b99097d-a957-4163-9810-263a0e653c18\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":20,\"h\":8,\"i\":\"43bb3cf4-ee4a-4eba-8eea-8e133957fd48\"},\"panelIndex\":\"43bb3cf4-ee4a-4eba-8eea-8e133957fd48\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_43bb3cf4-ee4a-4eba-8eea-8e133957fd48\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":8,\"w\":9,\"h\":19,\"i\":\"87f23747-38c9-4d15-a85b-8beff66abaf4\"},\"panelIndex\":\"87f23747-38c9-4d15-a85b-8beff66abaf4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_87f23747-38c9-4d15-a85b-8beff66abaf4\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":8,\"w\":9,\"h\":19,\"i\":\"d10ae5ac-6400-4a2c-a376-e6e74ed529ad\"},\"panelIndex\":\"d10ae5ac-6400-4a2c-a376-e6e74ed529ad\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_d10ae5ac-6400-4a2c-a376-e6e74ed529ad\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":18,\"y\":8,\"w\":13,\"h\":19,\"i\":\"1bf79bc6-8595-41e0-8a7e-2b21bd2bd928\"},\"panelIndex\":\"1bf79bc6-8595-41e0-8a7e-2b21bd2bd928\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1bf79bc6-8595-41e0-8a7e-2b21bd2bd928\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":31,\"y\":8,\"w\":17,\"h\":19,\"i\":\"e244437a-17a5-4e00-9176-f4e88ac54938\"},\"panelIndex\":\"e244437a-17a5-4e00-9176-f4e88ac54938\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e244437a-17a5-4e00-9176-f4e88ac54938\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":27,\"w\":22,\"h\":16,\"i\":\"9196bb67-30ad-4a8e-b75f-22a9cced6f35\"},\"panelIndex\":\"9196bb67-30ad-4a8e-b75f-22a9cced6f35\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9196bb67-30ad-4a8e-b75f-22a9cced6f35\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":22,\"y\":27,\"w\":26,\"h\":16,\"i\":\"9da1ff1b-aebe-45fb-9e48-420eafb1b655\"},\"panelIndex\":\"9da1ff1b-aebe-45fb-9e48-420eafb1b655\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9da1ff1b-aebe-45fb-9e48-420eafb1b655\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":43,\"w\":48,\"h\":28,\"i\":\"c57349cc-4699-4d52-b386-14e1d1260c87\"},\"panelIndex\":\"c57349cc-4699-4d52-b386-14e1d1260c87\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_c57349cc-4699-4d52-b386-14e1d1260c87\"}]","timeRestore":false,"title":"Security Onion - FTP","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"739bfad0-755a-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"728d0151-5dc6-429d-9b14-b457ab73d3fd:panel_728d0151-5dc6-429d-9b14-b457ab73d3fd","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"1b99097d-a957-4163-9810-263a0e653c18:panel_1b99097d-a957-4163-9810-263a0e653c18","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"43bb3cf4-ee4a-4eba-8eea-8e133957fd48:panel_43bb3cf4-ee4a-4eba-8eea-8e133957fd48","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"87f23747-38c9-4d15-a85b-8beff66abaf4:panel_87f23747-38c9-4d15-a85b-8beff66abaf4","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"d10ae5ac-6400-4a2c-a376-e6e74ed529ad:panel_d10ae5ac-6400-4a2c-a376-e6e74ed529ad","type":"visualization"},{"id":"d3435690-755f-11ea-9565-7315f4ee5cac","name":"1bf79bc6-8595-41e0-8a7e-2b21bd2bd928:panel_1bf79bc6-8595-41e0-8a7e-2b21bd2bd928","type":"visualization"},{"id":"5fcdb0c0-755f-11ea-9565-7315f4ee5cac","name":"e244437a-17a5-4e00-9176-f4e88ac54938:panel_e244437a-17a5-4e00-9176-f4e88ac54938","type":"visualization"},{"id":"8346bc70-7561-11ea-9565-7315f4ee5cac","name":"9196bb67-30ad-4a8e-b75f-22a9cced6f35:panel_9196bb67-30ad-4a8e-b75f-22a9cced6f35","type":"visualization"},{"id":"bc3e2bd0-7561-11ea-9565-7315f4ee5cac","name":"9da1ff1b-aebe-45fb-9e48-420eafb1b655:panel_9da1ff1b-aebe-45fb-9e48-420eafb1b655","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"c57349cc-4699-4d52-b386-14e1d1260c87:panel_c57349cc-4699-4d52-b386-14e1d1260c87","type":"search"}],"sort":[1688154054424,5230],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzMDIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - \"From\" Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMTP - \\\"From\\\" Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mail_from.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"\\\"From\\\" Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"73b1b240-39a2-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5232],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzMDMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SIP - User Agent","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SIP - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user_agent.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"User Agent\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"73f663f0-3753-11e7-b74a-f5057991ccd2","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5234],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzMDQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_dns AND highest_registered_domain:securityonion.net~ -securityonion.net\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"DNS - Phishing Attempts Against Organizational Domain(s)","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 0\":\"rgb(0,104,55)\",\"1 - 999999\":\"rgb(165,0,38)\"}}}","version":1,"visState":"{\"title\":\"DNS - Phishing Attempts Against Organizational Domain(s)\",\"type\":\"gauge\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"gauge\":{\"extendRange\":true,\"percentageMode\":false,\"gaugeType\":\"Arc\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"Labels\",\"colorsRange\":[{\"from\":0,\"to\":0},{\"from\":1,\"to\":999999}],\"invertColors\":false,\"labels\":{\"show\":true,\"color\":\"black\"},\"scale\":{\"show\":true,\"labels\":false,\"color\":\"#333\"},\"type\":\"meter\",\"style\":{\"bgWidth\":0.9,\"width\":0.9,\"mask\":false,\"bgMask\":false,\"maskBars\":50,\"bgFill\":\"#eee\",\"bgColor\":false,\"subText\":\"Edit this to reflect your domain(s)\",\"fontSize\":60,\"labelColor\":true},\"alignment\":\"horizontal\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Phishing attempts against your domain(s)\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"74861280-6f06-11e7-b253-211f64f37eda","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5236],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzMDUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RDP - Cookie","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RDP - Cookie\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"cookie.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Cookie\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"75597b60-371c-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5238],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzMDYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"NTLM - Hostname to Username","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NTLM - Hostname to Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"hostname.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Hostname\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"domain_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Domain\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"75ab1050-4a59-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688154054424,5240],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzMDcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Tunnels - Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Tunnels - Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"tunnel.type.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"tunnel.type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Type\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"781447d0-75ef-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5242],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzMDgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset:intel\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Intel - Indicator Type (Donut)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Intel - Indicator Type (Donut)\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"intel.indicator_type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":24,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Indicator Type\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"78185810-0e61-11eb-a255-e1e8e85e3571","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5244],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzMDksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"osquery - Chrome Extensions - Sensitive Permissions","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"osquery - Chrome Extensions - Sensitive Permissions\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"osquery.columns.name.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Extension Name\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"osquery.columns.permissions.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Permissions\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"78cf8bf0-1a59-11e9-ac0b-cb0ba10141ab","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"040dda10-18d8-11e9-932c-d12d2cf4ee95","name":"search_0","type":"search"}],"sort":[1688154054424,5246],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzMTAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Notices - File Description","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Notices - File Description\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file_description.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Description\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"793c2640-39ad-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5248],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzMTEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Syslog - Log Count Over Time","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Syslog - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 10 minutes\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"79a2a4e0-76e5-11e7-ab14-e1a4c1bc11e0","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"5a86ffe0-76e3-11e7-ab14-e1a4c1bc11e0","name":"search_0","type":"search"}],"sort":[1688154054424,5250],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzMTIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - FIle - Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - FIle - Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"File Name\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"7a88adc0-75f0-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5252],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzMTMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"IRC - Command","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"IRC - Command\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"irc_command.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Command\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"7bc09930-4a57-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"344c6010-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5254],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzMTQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Sysmon - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Sysmon - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_hostname.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Hostname\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"7bc74b40-6d71-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688154054424,5256],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzMTUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Client Version","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RFB - Client Version\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client_major_version.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Major Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client_minor_version.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Minor Version\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"7c1e3f70-6e22-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5258],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzMTYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Notices - Destination IP Addresses","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Notices - Destination IP Addresses\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"7c47b650-3580-11e7-98ef-19df58fe538b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5260],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzMTcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SMTP - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"7c922990-3640-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5262],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzMTgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_http AND _exists_:virtual_host_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"HTTP - Virtual Host Frequency Analysis","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"HTTP - Virtual Host Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"virtual_host_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"virtual_host.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Virtual Host\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"7d1ede50-6f19-11e7-86c8-a1b6db3b051a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5264],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzMTksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SSH - Authentication Sucess","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - SSH - Authentication Sucess\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"boolean\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ssh.authentication.success: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ssh.authentication.success\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Success\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"7d61f430-75ea-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5266],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzMjAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SNMP - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SNMP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"7dc62970-6e2a-11e7-8b76-75eee0095daa","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"b12150a0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5268],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzMjEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"PE - Machine","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"PE - Machine\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"machine.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Machine\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"7de76e10-6e1f-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"66288140-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5270],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzMjIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_dns AND _exists_:highest_registered_domain_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"DNS - Highest Registered Domain Frequency Analysis","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNS - Highest Registered Domain Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"highest_registered_domain_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"highest_registered_domain.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Domain\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"7f1f00a0-6f04-11e7-b253-211f64f37eda","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5272],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzMjMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Destination - Top Connection Duration  (Tile Map)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Connections - Destination - Top Connection Duration  (Tile Map)\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":0,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"duration\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.location\",\"autoPrecision\":true,\"useGeocentroid\":true,\"precision\":2}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"7f7492d0-46c4-11e7-a82e-d97152153689","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5274],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzMjQsMV0="}
-{"attributes":{"buildNum":39457,"defaultIndex":"logs-*","defaultRoute":"/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize":100,"securitySolution:defaultIndex":["apm-*-transaction*","traces-apm*","auditbeat-*","endgame-*","filebeat-*","logs-*","packetbeat-*","winlogbeat-*","*:so-*"],"theme:darkMode":true,"timepicker:timeDefaults":"{\n  \"from\": \"now-24h\",\n  \"to\": \"now\"\n}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"8.7.1","migrationVersion":{"config":"8.7.0"},"references":[],"sort":[1688154054424,5275],"type":"config","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzMjUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Host - MAC","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Host - MAC\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.mac.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MAC\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"eaa31ba0-7374-11ea-a3da-cbdb4f8a90c0","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5277],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzMjYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DHCP - Requested Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DHCP - Requested Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dhcp.requested_address.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Requested Address\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"9a693c50-7374-11ea-a3da-cbdb4f8a90c0","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5279],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzMjcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DHCP - Assigned Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DHCP - Assigned Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dhcp.assigned_ip.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Assigned Address\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"cc3aaf20-7374-11ea-a3da-cbdb4f8a90c0","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5281],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzMjgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:dhcp\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":9,\"i\":\"7e10f47b-2096-452d-9b40-be150226504f\"},\"panelIndex\":\"7e10f47b-2096-452d-9b40-be150226504f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7e10f47b-2096-452d-9b40-be150226504f\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":13,\"y\":0,\"w\":10,\"h\":9,\"i\":\"a795e5b9-2afd-43ef-91db-cd9c23a996f9\"},\"panelIndex\":\"a795e5b9-2afd-43ef-91db-cd9c23a996f9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a795e5b9-2afd-43ef-91db-cd9c23a996f9\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":23,\"y\":0,\"w\":25,\"h\":9,\"i\":\"d0f65b83-17cd-4a8c-950d-06e5e88bf80b\"},\"panelIndex\":\"d0f65b83-17cd-4a8c-950d-06e5e88bf80b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_d0f65b83-17cd-4a8c-950d-06e5e88bf80b\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":8,\"h\":20,\"i\":\"c5565d1e-719c-4401-b886-1ad84638b855\"},\"panelIndex\":\"c5565d1e-719c-4401-b886-1ad84638b855\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_c5565d1e-719c-4401-b886-1ad84638b855\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":8,\"y\":9,\"w\":8,\"h\":20,\"i\":\"ada9481a-335b-4091-ac4e-5f94c96e4cea\"},\"panelIndex\":\"ada9481a-335b-4091-ac4e-5f94c96e4cea\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_ada9481a-335b-4091-ac4e-5f94c96e4cea\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":16,\"y\":9,\"w\":8,\"h\":20,\"i\":\"bcba795f-8008-4f91-887d-35b5aff11022\"},\"panelIndex\":\"bcba795f-8008-4f91-887d-35b5aff11022\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_bcba795f-8008-4f91-887d-35b5aff11022\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":9,\"w\":7,\"h\":20,\"i\":\"a9615bc2-7e50-4a88-be1c-53eb7096e093\"},\"panelIndex\":\"a9615bc2-7e50-4a88-be1c-53eb7096e093\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a9615bc2-7e50-4a88-be1c-53eb7096e093\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":31,\"y\":9,\"w\":17,\"h\":20,\"i\":\"87dce718-7595-4bb0-b1be-b2f51518f026\"},\"panelIndex\":\"87dce718-7595-4bb0-b1be-b2f51518f026\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_87dce718-7595-4bb0-b1be-b2f51518f026\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":29,\"w\":48,\"h\":29,\"i\":\"4f1bdb3c-15b5-4d72-bc4f-96a266423272\"},\"panelIndex\":\"4f1bdb3c-15b5-4d72-bc4f-96a266423272\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4f1bdb3c-15b5-4d72-bc4f-96a266423272\"}]","timeRestore":false,"title":"Security Onion - DHCP","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"80625c10-96dd-11ea-814e-bb515e873c2c","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"7e10f47b-2096-452d-9b40-be150226504f:panel_7e10f47b-2096-452d-9b40-be150226504f","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"a795e5b9-2afd-43ef-91db-cd9c23a996f9:panel_a795e5b9-2afd-43ef-91db-cd9c23a996f9","type":"visualization"},{"id":"c879ad60-72a1-11ea-8dd2-9d8795a1200b","name":"d0f65b83-17cd-4a8c-950d-06e5e88bf80b:panel_d0f65b83-17cd-4a8c-950d-06e5e88bf80b","type":"visualization"},{"id":"eaa31ba0-7374-11ea-a3da-cbdb4f8a90c0","name":"c5565d1e-719c-4401-b886-1ad84638b855:panel_c5565d1e-719c-4401-b886-1ad84638b855","type":"visualization"},{"id":"9a693c50-7374-11ea-a3da-cbdb4f8a90c0","name":"ada9481a-335b-4091-ac4e-5f94c96e4cea:panel_ada9481a-335b-4091-ac4e-5f94c96e4cea","type":"visualization"},{"id":"cc3aaf20-7374-11ea-a3da-cbdb4f8a90c0","name":"bcba795f-8008-4f91-887d-35b5aff11022:panel_bcba795f-8008-4f91-887d-35b5aff11022","type":"visualization"},{"id":"2af5f980-96e2-11ea-814e-bb515e873c2c","name":"a9615bc2-7e50-4a88-be1c-53eb7096e093:panel_a9615bc2-7e50-4a88-be1c-53eb7096e093","type":"visualization"},{"id":"36200e40-c76b-11ea-bebb-37c5ab5894ea","name":"87dce718-7595-4bb0-b1be-b2f51518f026:panel_87dce718-7595-4bb0-b1be-b2f51518f026","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"4f1bdb3c-15b5-4d72-bc4f-96a266423272:panel_4f1bdb3c-15b5-4d72-bc4f-96a266423272","type":"search"}],"sort":[1688154054424,5291],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzMjksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"PE - Subsystem (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"PE - Subsystem (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"subsystem.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"807da390-380c-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"66288140-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5293],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzMzAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - PE - Subsytem","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.subsystem.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Subsystem\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"Security Onion - PE - Subsytem\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"80a39cb0-c762-11ea-bebb-37c5ab5894ea","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5295],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzMzEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - MySQL - Success","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - MySQL - Success\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"boolean\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"mysql.success: Descending\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"mysql.success\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Success\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"80aa0c60-75c0-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5297],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzMzIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Rule - SID","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Rule - SID\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.uuid\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Rule ID\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"a47ffc70-96f0-11ea-814e-bb515e873c2c","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5299],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzMzMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:alert AND event.module:suricata\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":7,\"h\":8,\"i\":\"afb23064-13dc-4b97-b1be-cf672a6cfb56\"},\"panelIndex\":\"afb23064-13dc-4b97-b1be-cf672a6cfb56\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_afb23064-13dc-4b97-b1be-cf672a6cfb56\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":7,\"y\":0,\"w\":17,\"h\":8,\"i\":\"67961875-85aa-443b-9cac-130c8783cd8d\"},\"panelIndex\":\"67961875-85aa-443b-9cac-130c8783cd8d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_67961875-85aa-443b-9cac-130c8783cd8d\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":8,\"i\":\"44bf55fb-18d8-4ae6-a15a-902042d3623c\"},\"panelIndex\":\"44bf55fb-18d8-4ae6-a15a-902042d3623c\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_44bf55fb-18d8-4ae6-a15a-902042d3623c\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":8,\"w\":19,\"h\":20,\"i\":\"cedf23aa-c331-496a-bf27-7c9c8f587d80\"},\"panelIndex\":\"cedf23aa-c331-496a-bf27-7c9c8f587d80\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_cedf23aa-c331-496a-bf27-7c9c8f587d80\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":19,\"y\":8,\"w\":9,\"h\":20,\"i\":\"a2e54d3b-ee05-4d67-82d2-4ac917d9ec4b\"},\"panelIndex\":\"a2e54d3b-ee05-4d67-82d2-4ac917d9ec4b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a2e54d3b-ee05-4d67-82d2-4ac917d9ec4b\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":8,\"w\":10,\"h\":20,\"i\":\"ab088b32-c40e-4a1c-9dcd-758c1ad97edc\"},\"panelIndex\":\"ab088b32-c40e-4a1c-9dcd-758c1ad97edc\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_ab088b32-c40e-4a1c-9dcd-758c1ad97edc\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":38,\"y\":8,\"w\":10,\"h\":20,\"i\":\"2faea405-e4d3-488b-adfa-373b135d2122\"},\"panelIndex\":\"2faea405-e4d3-488b-adfa-373b135d2122\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2faea405-e4d3-488b-adfa-373b135d2122\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":28,\"w\":19,\"h\":18,\"i\":\"728a4c22-9a7e-4152-a4d6-eed2d728abb8\"},\"panelIndex\":\"728a4c22-9a7e-4152-a4d6-eed2d728abb8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_728a4c22-9a7e-4152-a4d6-eed2d728abb8\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":19,\"y\":28,\"w\":19,\"h\":18,\"i\":\"32459b34-f7be-4ac0-a672-7a9697ce3bca\"},\"panelIndex\":\"32459b34-f7be-4ac0-a672-7a9697ce3bca\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_32459b34-f7be-4ac0-a672-7a9697ce3bca\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":38,\"y\":28,\"w\":10,\"h\":18,\"i\":\"0681c2c1-531d-4f5e-a73f-8382789cbd14\"},\"panelIndex\":\"0681c2c1-531d-4f5e-a73f-8382789cbd14\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0681c2c1-531d-4f5e-a73f-8382789cbd14\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":46,\"w\":48,\"h\":20,\"i\":\"b7ad7fb7-60d2-4a1c-b71a-c438626507af\"},\"panelIndex\":\"b7ad7fb7-60d2-4a1c-b71a-c438626507af\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b7ad7fb7-60d2-4a1c-b71a-c438626507af\"}]","timeRestore":false,"title":"Security Onion - Alerts - Suricata","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"81057f40-7733-11ea-bee5-af7f7c7b8e05","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"30df00e0-7733-11ea-bee5-af7f7c7b8e05","name":"afb23064-13dc-4b97-b1be-cf672a6cfb56:panel_afb23064-13dc-4b97-b1be-cf672a6cfb56","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"67961875-85aa-443b-9cac-130c8783cd8d:panel_67961875-85aa-443b-9cac-130c8783cd8d","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"44bf55fb-18d8-4ae6-a15a-902042d3623c:panel_44bf55fb-18d8-4ae6-a15a-902042d3623c","type":"visualization"},{"id":"508fb520-72af-11ea-8dd2-9d8795a1200b","name":"cedf23aa-c331-496a-bf27-7c9c8f587d80:panel_cedf23aa-c331-496a-bf27-7c9c8f587d80","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"a2e54d3b-ee05-4d67-82d2-4ac917d9ec4b:panel_a2e54d3b-ee05-4d67-82d2-4ac917d9ec4b","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"ab088b32-c40e-4a1c-9dcd-758c1ad97edc:panel_ab088b32-c40e-4a1c-9dcd-758c1ad97edc","type":"visualization"},{"id":"f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b","name":"2faea405-e4d3-488b-adfa-373b135d2122:panel_2faea405-e4d3-488b-adfa-373b135d2122","type":"visualization"},{"id":"a37b9fa0-72b0-11ea-8dd2-9d8795a1200b","name":"728a4c22-9a7e-4152-a4d6-eed2d728abb8:panel_728a4c22-9a7e-4152-a4d6-eed2d728abb8","type":"visualization"},{"id":"f7e1d570-72ae-11ea-8dd2-9d8795a1200b","name":"32459b34-f7be-4ac0-a672-7a9697ce3bca:panel_32459b34-f7be-4ac0-a672-7a9697ce3bca","type":"visualization"},{"id":"a47ffc70-96f0-11ea-814e-bb515e873c2c","name":"0681c2c1-531d-4f5e-a73f-8382789cbd14:panel_0681c2c1-531d-4f5e-a73f-8382789cbd14","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"b7ad7fb7-60d2-4a1c-b71a-c438626507af:panel_b7ad7fb7-60d2-4a1c-b71a-c438626507af","type":"search"}],"sort":[1688154054424,5311],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzMzQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SIP - Response From","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SIP - Response From\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"sip.response.from.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sip.response.from.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Response From\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"81a1a740-75ca-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5313],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzMzUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NIDS - Alerts By Country (Vertical Bar Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"NIDS - Alerts By Country (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":75},\"title\":{\"text\":\"Country\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"81de16f0-6e0f-11e7-8624-1fb07dd76c6a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5315],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzMzYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Connections - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"8261cf00-366e-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5317],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzMzcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SNMP - Community String","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SNMP - Community String\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"community.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Community String\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"83a91450-4c79-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"b12150a0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5319],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzMzgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Network Data Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Network Data Over Time\",\"type\":\"line\",\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":true},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":true,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm\"}},\"params\":{\"date\":true,\"interval\":\"PT30M\",\"intervalESValue\":30,\"intervalESUnit\":\"m\",\"format\":\"HH:mm\",\"bounds\":{\"min\":\"2020-03-24T15:15:25.819Z\",\"max\":\"2020-03-25T15:15:25.819Z\"}},\"label\":\"@timestamp per 30 minutes\",\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"linear\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-24h\",\"to\":\"now\",\"mode\":\"quick\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"8491c4b0-6eab-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"387f44c0-6ea7-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1688154054424,5321],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzMzksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Kerberos - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Kerberos - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"84f28670-3636-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5323],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzNDAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DNP3 - Function Request","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNP3 - Function Request\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"fc_request.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Request\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"857c6760-4a4d-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c2587840-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5325],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzNDEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"IRC - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"IRC - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"85b1f890-35b7-11e7-a994-c528746bc6e8","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"344c6010-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5327],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzNDIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"tags:intel\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Intel - Indicator","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Indicator\",\"excludeIsRegex\":true,\"field\":\"intel.indicator.keyword\",\"includeIsRegex\":true,\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"params\":{\"autoFitRowToContent\":false,\"perPage\":10,\"percentageCol\":\"\",\"row\":true,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Security Onion - Intel - Indicator\",\"type\":\"table\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"db8c57c0-0e5c-11eb-a255-e1e8e85e3571","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5329],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzNDMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:intel\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Intel - Source","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Intel - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"intel.sources.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Source\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"b4222d00-0e60-11eb-a255-e1e8e85e3571","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5331],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzNDQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:intel\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Intel - Seen Where","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Intel - Seen Where\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"intel.seen_where.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Seen Where\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"ec57d300-0e60-11eb-a255-e1e8e85e3571","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5333],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzNDUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:intel\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":9,\"i\":\"a9613b03-8b84-4149-9dfa-5b059c1e0e70\"},\"panelIndex\":\"a9613b03-8b84-4149-9dfa-5b059c1e0e70\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a9613b03-8b84-4149-9dfa-5b059c1e0e70\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":14,\"y\":0,\"w\":10,\"h\":9,\"i\":\"77e957c4-13ac-480c-b799-0bd39559781b\"},\"panelIndex\":\"77e957c4-13ac-480c-b799-0bd39559781b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_77e957c4-13ac-480c-b799-0bd39559781b\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":9,\"i\":\"722a0294-a47b-4cd1-85c0-37f9933552c5\"},\"panelIndex\":\"722a0294-a47b-4cd1-85c0-37f9933552c5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_722a0294-a47b-4cd1-85c0-37f9933552c5\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":10,\"h\":21,\"i\":\"a008c6c0-0e76-4dc6-802b-72d68ad0c10d\"},\"panelIndex\":\"a008c6c0-0e76-4dc6-802b-72d68ad0c10d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a008c6c0-0e76-4dc6-802b-72d68ad0c10d\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":10,\"y\":9,\"w\":10,\"h\":21,\"i\":\"0adce98b-c9e8-469b-8cac-fb4ceb35b68a\"},\"panelIndex\":\"0adce98b-c9e8-469b-8cac-fb4ceb35b68a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0adce98b-c9e8-469b-8cac-fb4ceb35b68a\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":20,\"y\":9,\"w\":13,\"h\":21,\"i\":\"2b95ef19-525e-4659-8ab3-67cb0e9dc41a\"},\"panelIndex\":\"2b95ef19-525e-4659-8ab3-67cb0e9dc41a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2b95ef19-525e-4659-8ab3-67cb0e9dc41a\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":33,\"y\":9,\"w\":15,\"h\":21,\"i\":\"bde38fe7-9aec-4e19-b9fe-035ee6a66ef7\"},\"panelIndex\":\"bde38fe7-9aec-4e19-b9fe-035ee6a66ef7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_bde38fe7-9aec-4e19-b9fe-035ee6a66ef7\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":30,\"w\":24,\"h\":15,\"i\":\"2fa3b43b-f3b3-4eeb-8f32-1a3f2ccfc6c0\"},\"panelIndex\":\"2fa3b43b-f3b3-4eeb-8f32-1a3f2ccfc6c0\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2fa3b43b-f3b3-4eeb-8f32-1a3f2ccfc6c0\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":30,\"w\":24,\"h\":15,\"i\":\"79c4ec17-8411-49d8-82af-6921a321dd3b\"},\"panelIndex\":\"79c4ec17-8411-49d8-82af-6921a321dd3b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_79c4ec17-8411-49d8-82af-6921a321dd3b\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":45,\"w\":48,\"h\":34,\"i\":\"779d2461-4d8a-4254-b380-26650a52a026\"},\"panelIndex\":\"779d2461-4d8a-4254-b380-26650a52a026\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_779d2461-4d8a-4254-b380-26650a52a026\"}]","timeRestore":false,"title":"Security Onion - Intel","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"85b529a0-0e5a-11eb-a255-e1e8e85e3571","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"a9613b03-8b84-4149-9dfa-5b059c1e0e70:panel_a9613b03-8b84-4149-9dfa-5b059c1e0e70","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"77e957c4-13ac-480c-b799-0bd39559781b:panel_77e957c4-13ac-480c-b799-0bd39559781b","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"722a0294-a47b-4cd1-85c0-37f9933552c5:panel_722a0294-a47b-4cd1-85c0-37f9933552c5","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"a008c6c0-0e76-4dc6-802b-72d68ad0c10d:panel_a008c6c0-0e76-4dc6-802b-72d68ad0c10d","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"0adce98b-c9e8-469b-8cac-fb4ceb35b68a:panel_0adce98b-c9e8-469b-8cac-fb4ceb35b68a","type":"visualization"},{"id":"db8c57c0-0e5c-11eb-a255-e1e8e85e3571","name":"2b95ef19-525e-4659-8ab3-67cb0e9dc41a:panel_2b95ef19-525e-4659-8ab3-67cb0e9dc41a","type":"visualization"},{"id":"b4222d00-0e60-11eb-a255-e1e8e85e3571","name":"bde38fe7-9aec-4e19-b9fe-035ee6a66ef7:panel_bde38fe7-9aec-4e19-b9fe-035ee6a66ef7","type":"visualization"},{"id":"6b109430-0e60-11eb-a255-e1e8e85e3571","name":"2fa3b43b-f3b3-4eeb-8f32-1a3f2ccfc6c0:panel_2fa3b43b-f3b3-4eeb-8f32-1a3f2ccfc6c0","type":"visualization"},{"id":"ec57d300-0e60-11eb-a255-e1e8e85e3571","name":"79c4ec17-8411-49d8-82af-6921a321dd3b:panel_79c4ec17-8411-49d8-82af-6921a321dd3b","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"779d2461-4d8a-4254-b380-26650a52a026:panel_779d2461-4d8a-4254-b380-26650a52a026","type":"search"}],"sort":[1688154054424,5344],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzNDYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMB - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SMB - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per minute\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"85e40a70-3aac-11e7-8b17-0d8709b02c80","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688154054424,5346],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzNDcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DCE/RPC - Operation","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DCE/RPC - Operation\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"operation.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Operation\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"86107960-3af3-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688154054424,5348],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzNDgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Authentication Status (Donut Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"RFB - Authentication Status (Donut Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"auth.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Authentication Status\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"869e3030-371e-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5350],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzNDksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Modbus - Exception","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Modbus - Exception\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"modbus.exception.keyword: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"modbus.exception.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Exception\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"93cdb730-75be-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5352],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzNTAsMV0="}
-{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"tags:modbus*\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"dcdc1d0b-bec1-402d-a34b-39464e9a2749\"},\"panelIndex\":\"dcdc1d0b-bec1-402d-a34b-39464e9a2749\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":13,\"y\":0,\"w\":17,\"h\":8,\"i\":\"ccbb40c9-d2e4-4592-a91f-b1f6912a35f9\"},\"panelIndex\":\"ccbb40c9-d2e4-4592-a91f-b1f6912a35f9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":8,\"i\":\"32fd8cfa-64ad-41d7-b4f7-2c71f351916a\"},\"panelIndex\":\"32fd8cfa-64ad-41d7-b4f7-2c71f351916a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":8,\"w\":8,\"h\":19,\"i\":\"b15f438a-6f24-4099-90e6-d66f950029bc\"},\"panelIndex\":\"b15f438a-6f24-4099-90e6-d66f950029bc\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":8,\"h\":19,\"i\":\"089f29d5-cf23-4b6a-8b80-27911ffd6b1a\"},\"panelIndex\":\"089f29d5-cf23-4b6a-8b80-27911ffd6b1a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":16,\"y\":8,\"w\":14,\"h\":19,\"i\":\"4154e8b1-e314-4623-aaf4-0404a108551a\"},\"panelIndex\":\"4154e8b1-e314-4623-aaf4-0404a108551a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":30,\"y\":8,\"w\":18,\"h\":19,\"i\":\"8acbc44d-4fe2-42b0-a6e9-4a3bc4e4aeb6\"},\"panelIndex\":\"8acbc44d-4fe2-42b0-a6e9-4a3bc4e4aeb6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":29,\"i\":\"c4d3c93a-746f-4edc-835c-66f1380fc5d4\"},\"panelIndex\":\"c4d3c93a-746f-4edc-835c-66f1380fc5d4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"Security Onion - Modbus","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"886a7b90-75bd-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"c879ad60-72a1-11ea-8dd2-9d8795a1200b","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"62449800-75be-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"93cdb730-75be-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_7","type":"search"}],"sort":[1688154054424,5361],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzNTEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSH - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSH - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"8a60eb50-365f-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c33e7600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5363],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzNTIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SSH - HASSH","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SSH - HASSH\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"hash.hassh.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"8afa5f50-75eb-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5365],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzNTMsMV0="}
-{"attributes":{"description":"based on the Endgame - Categories with Full Event Type viz, modded by rlp 20211220","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Endgame - Event Categories","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"}}}}","version":1,"visState":"{\"title\":\"Endgame - Event Categories\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"event.category\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"showToolbar\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"row\":true}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"8b3bb5c0-61af-11ec-864c-8b5450f97635","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1688154054424,5368],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzNTQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HTTP - Sites","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"HTTP - Sites\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"virtual_host.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Site\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"8ba31820-34c6-11e7-8360-0b86c90983fd","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5370],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzNTUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Files - MIME Type (Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Files - MIME Type (Bar Chart)\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"rotate\":75,\"show\":true,\"truncate\":100,\"filter\":true},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"MIME Type\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\",\"circlesRadius\":1}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"mimetype.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MIME Type\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"8c57f3d0-3674-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"e929e8a0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5372],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzNTYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Sysmon - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Sysmon - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 seconds\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"8cfdeff0-6d6b-11e7-ad64-15aa071374a6","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688154054424,5374],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzNTcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Weird - Notice Generated (Donut Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Weird - Notice Generated (Donut Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"notice.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"8dbbbed0-364e-11e7-9dc3-d35061cb642d","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"e32d0d50-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5376],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzNTgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"RDP - Client Build","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"RDP - Client Build\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"client_build.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client Build\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"8e18ee60-371c-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5378],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzNTksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastAlert - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastAlert - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"match_body.source.ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"8ec77cb0-7dcf-11e7-a1a2-3be6827d22ce","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:elastalert_status*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5380],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzNjAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_ssl AND _exists_:certificate_common_name_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"SSL - Certificate Common Name Frequency Analysis","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSL - Certificate Common Name Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"certificate_common_name_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"certificate_common_name.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Common Name\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"8fa702e0-6f0b-11e7-9d31-23c0596994a7","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5382],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzNjEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Files - MIME Type","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Files - MIME Type\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"file.mimetype.keyword: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"file.mimetype.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MIMEType\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"8fb3c480-75f2-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5384],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzNjIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"All Sensors - Log Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"All Sensors - Log Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event_type.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Log Type(s)\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"901bda80-a83f-11e7-893a-1b88920b2837","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"aa05e920-3433-11e7-8867-29a39c0f86b2","name":"search_0","type":"search"}],"sort":[1688154054424,5386],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzNjMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SIP - Destination Country (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SIP - Destination Country (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"90bf0a80-3750-11e7-b74a-f5057991ccd2","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5388],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzNjQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\n  \"indexRefName\": \"kibanaSavedObjectMeta.searchSourceJSON.index\"\n}"},"title":"Security Onion - Rule - ID","uiStateJSON":"{\n  \"vis\": {\n    \"params\": {\n      \"sort\": {\n        \"columnIndex\": null,\n        \"direction\": null\n      }\n    }\n  }\n}","version":1,"visState":"{\"title\":\"Security Onion - Rule - ID\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.uuid\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"ID\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"91bd9990-7737-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5390],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzNjUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Bro - Syslog - Log Count Over Time","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Bro - Syslog - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 seconds\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"92b202e0-76b4-11e7-94e1-3d2ec4e57ed9","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"269ca380-76b4-11e7-8c3e-cfcdd8c95d87","name":"search_0","type":"search"}],"sort":[1688154054424,5392],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzNjYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Host - Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Host - Name\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"agent.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Agent Name\",\"aggType\":\"terms\"}]},\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"f03402e0-72bc-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5394],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzNjcsMV0="}
-{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.category:host\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":8,\"i\":\"c743998d-d4c5-429f-87ce-67bac2649e72\"},\"panelIndex\":\"c743998d-d4c5-429f-87ce-67bac2649e72\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":15,\"h\":8,\"i\":\"8acc6336-35b7-4c1a-b0ef-3b3ec6870b1f\"},\"panelIndex\":\"8acc6336-35b7-4c1a-b0ef-3b3ec6870b1f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":23,\"y\":0,\"w\":25,\"h\":8,\"i\":\"8485e0bf-8342-42ff-82b4-eb2611191060\"},\"panelIndex\":\"8485e0bf-8342-42ff-82b4-eb2611191060\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":8,\"w\":8,\"h\":18,\"i\":\"ba08df96-10b9-4b30-803f-f40387867ccc\"},\"panelIndex\":\"ba08df96-10b9-4b30-803f-f40387867ccc\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":8,\"y\":8,\"w\":7,\"h\":18,\"i\":\"254bcae3-60d3-4193-b258-6f9f3eba0af3\"},\"panelIndex\":\"254bcae3-60d3-4193-b258-6f9f3eba0af3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":15,\"y\":8,\"w\":8,\"h\":18,\"i\":\"89d115c0-ee70-4250-9742-fb3c554e69a7\"},\"panelIndex\":\"89d115c0-ee70-4250-9742-fb3c554e69a7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":23,\"y\":8,\"w\":25,\"h\":18,\"i\":\"0c1675bb-01ef-4020-95f1-3f35e0c6fad8\"},\"panelIndex\":\"0c1675bb-01ef-4020-95f1-3f35e0c6fad8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":26,\"w\":48,\"h\":20,\"i\":\"38bc9e98-7934-4d1b-89fa-1b57765086c3\"},\"panelIndex\":\"38bc9e98-7934-4d1b-89fa-1b57765086c3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"Security Onion - Host","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"92e63cc0-6ec0-11ea-9266-1fd14ca6af34","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"df50eba0-6ec0-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"c879ad60-72a1-11ea-8dd2-9d8795a1200b","name":"panel_2","type":"visualization"},{"id":"8b065a80-6eca-11ea-9266-1fd14ca6af34","name":"panel_3","type":"visualization"},{"id":"ad398b70-6e9a-11ea-9266-1fd14ca6af34","name":"panel_4","type":"visualization"},{"id":"f03402e0-72bc-11ea-8dd2-9d8795a1200b","name":"panel_5","type":"visualization"},{"id":"758187b0-72bd-11ea-8dd2-9d8795a1200b","name":"panel_6","type":"visualization"},{"id":"a866be10-0e45-11eb-a255-e1e8e85e3571","name":"panel_7","type":"search"}],"sort":[1688154054424,5403],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzNjgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SIP - Content Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SIP - Content Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"content_type.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Content Type\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"930b1600-3753-11e7-b74a-f5057991ccd2","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5405],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzNjksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HTTP - MIME Type (Tag Cloud)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"HTTP - MIME Type (Tag Cloud)\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":14,\"maxFontSize\":40,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"resp_mime_types.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MIME Type\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"934fe550-6e08-11e7-9370-174c4785d3e1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5407],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzNzAsMV0="}
-{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.module:ossec AND event.dataset:alert\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":8,\"i\":\"c2172038-7740-458c-977a-98d139c438c2\"},\"panelIndex\":\"c2172038-7740-458c-977a-98d139c438c2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":18,\"h\":8,\"i\":\"b18f1671-c1a0-44c8-946b-71bc21e62482\"},\"panelIndex\":\"b18f1671-c1a0-44c8-946b-71bc21e62482\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":26,\"y\":0,\"w\":22,\"h\":8,\"i\":\"b26faccc-11d5-4cc3-8fd2-484b5e3659bc\"},\"panelIndex\":\"b26faccc-11d5-4cc3-8fd2-484b5e3659bc\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":8,\"w\":12,\"h\":19,\"i\":\"1f88747a-06f5-4450-8d08-150d0cd37667\"},\"panelIndex\":\"1f88747a-06f5-4450-8d08-150d0cd37667\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":12,\"y\":8,\"w\":11,\"h\":19,\"i\":\"0b5a83d1-8f56-4616-b0aa-af25a1995379\"},\"panelIndex\":\"0b5a83d1-8f56-4616-b0aa-af25a1995379\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":23,\"y\":8,\"w\":7,\"h\":19,\"i\":\"a4bd8139-6fdd-476e-b6ff-8dd036e0f747\"},\"panelIndex\":\"a4bd8139-6fdd-476e-b6ff-8dd036e0f747\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":30,\"y\":8,\"w\":8,\"h\":19,\"i\":\"df2cccc2-5ac2-4522-9756-76a16ba2b0ce\"},\"panelIndex\":\"df2cccc2-5ac2-4522-9756-76a16ba2b0ce\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":38,\"y\":8,\"w\":10,\"h\":19,\"i\":\"8b5674df-aad2-4af7-aa91-90a9d3e3980c\"},\"panelIndex\":\"8b5674df-aad2-4af7-aa91-90a9d3e3980c\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":21,\"i\":\"365259e4-659e-4950-8e82-b8d8fc7fadca\"},\"panelIndex\":\"365259e4-659e-4950-8e82-b8d8fc7fadca\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"}]","timeRestore":false,"title":"Security Onion - Wazuh","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"9480f190-7732-11ea-bee5-af7f7c7b8e05","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"30df00e0-7733-11ea-bee5-af7f7c7b8e05","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"508fb520-72af-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"f7e1d570-72ae-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"91bd9990-7737-11ea-bee5-af7f7c7b8e05","name":"panel_5","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_6","type":"visualization"},{"id":"407784f0-7738-11ea-bee5-af7f7c7b8e05","name":"panel_7","type":"visualization"},{"id":"a866be10-0e45-11eb-a255-e1e8e85e3571","name":"panel_8","type":"search"}],"sort":[1688154054424,5417],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzNzEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - PE - OS","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.os.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"OS\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"Security Onion - PE - OS\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"b449a870-c762-11ea-bebb-37c5ab5894ea","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5419],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzNzIsMV0="}
-{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"tags:pe\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":9,\"i\":\"858c0209-49ab-4c0c-9b9c-bc71e363be32\"},\"panelIndex\":\"858c0209-49ab-4c0c-9b9c-bc71e363be32\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":13,\"y\":0,\"w\":12,\"h\":9,\"i\":\"94db978d-70ba-4ade-a680-1297961aa832\"},\"panelIndex\":\"94db978d-70ba-4ade-a680-1297961aa832\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":25,\"y\":0,\"w\":23,\"h\":9,\"i\":\"8973a749-ddc9-4476-8946-280e748da61e\"},\"panelIndex\":\"8973a749-ddc9-4476-8946-280e748da61e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":10,\"h\":18,\"i\":\"8797e1d3-84b0-4840-9ba3-6e74f15a5f08\"},\"panelIndex\":\"8797e1d3-84b0-4840-9ba3-6e74f15a5f08\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":10,\"y\":9,\"w\":15,\"h\":18,\"i\":\"b9da8481-6781-4431-83de-c51834199de7\"},\"panelIndex\":\"b9da8481-6781-4431-83de-c51834199de7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":25,\"y\":9,\"w\":10,\"h\":18,\"i\":\"ceba5670-4f26-411e-a19a-e130cf715228\"},\"panelIndex\":\"ceba5670-4f26-411e-a19a-e130cf715228\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":35,\"y\":9,\"w\":13,\"h\":18,\"i\":\"5f1b3a55-7919-448d-897c-fc7166b283d0\"},\"panelIndex\":\"5f1b3a55-7919-448d-897c-fc7166b283d0\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":29,\"i\":\"767dc27a-2b54-4360-bb34-c1a41528ad25\"},\"panelIndex\":\"767dc27a-2b54-4360-bb34-c1a41528ad25\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"Security Onion - PE","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"94b55b90-c761-11ea-bebb-37c5ab5894ea","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"c879ad60-72a1-11ea-8dd2-9d8795a1200b","name":"panel_2","type":"visualization"},{"id":"80a39cb0-c762-11ea-bebb-37c5ab5894ea","name":"panel_3","type":"visualization"},{"id":"b449a870-c762-11ea-bebb-37c5ab5894ea","name":"panel_4","type":"visualization"},{"id":"07419650-c763-11ea-bebb-37c5ab5894ea","name":"panel_5","type":"visualization"},{"id":"282bf2c0-c763-11ea-bebb-37c5ab5894ea","name":"panel_6","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_7","type":"search"}],"sort":[1688154054424,5428],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzNzMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Autoruns - Company","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Autoruns - Company\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":14,\"maxFontSize\":36,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"company.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"96105ff0-6d7b-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"dd700830-6d69-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688154054424,5430],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzNzQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:snmp\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"752f2974-3abc-482c-afdc-c85cf5643cc6\"},\"panelIndex\":\"752f2974-3abc-482c-afdc-c85cf5643cc6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_752f2974-3abc-482c-afdc-c85cf5643cc6\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":13,\"y\":0,\"w\":17,\"h\":8,\"i\":\"dfa3b3da-b86b-4d11-add3-c7e18c40654b\"},\"panelIndex\":\"dfa3b3da-b86b-4d11-add3-c7e18c40654b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_dfa3b3da-b86b-4d11-add3-c7e18c40654b\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":8,\"i\":\"4c444c07-93f9-43d2-966e-1a0db864c011\"},\"panelIndex\":\"4c444c07-93f9-43d2-966e-1a0db864c011\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4c444c07-93f9-43d2-966e-1a0db864c011\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":8,\"w\":9,\"h\":19,\"i\":\"3f20fbbb-d47b-4b9e-94a0-f5f144ce0dd2\"},\"panelIndex\":\"3f20fbbb-d47b-4b9e-94a0-f5f144ce0dd2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3f20fbbb-d47b-4b9e-94a0-f5f144ce0dd2\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":8,\"w\":10,\"h\":19,\"i\":\"5c5850b6-1e17-4d4a-9122-8d6a6b275fb0\"},\"panelIndex\":\"5c5850b6-1e17-4d4a-9122-8d6a6b275fb0\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5c5850b6-1e17-4d4a-9122-8d6a6b275fb0\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":19,\"y\":8,\"w\":11,\"h\":19,\"i\":\"2df47b07-dcfd-46a9-a908-cd03bb3ae82e\"},\"panelIndex\":\"2df47b07-dcfd-46a9-a908-cd03bb3ae82e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2df47b07-dcfd-46a9-a908-cd03bb3ae82e\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":30,\"y\":8,\"w\":18,\"h\":19,\"i\":\"7fec36da-2c28-4eef-9d15-bd5d64628d1d\"},\"panelIndex\":\"7fec36da-2c28-4eef-9d15-bd5d64628d1d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7fec36da-2c28-4eef-9d15-bd5d64628d1d\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":29,\"i\":\"db2dff22-e4c1-41ea-a07d-8c0b0080cb04\"},\"panelIndex\":\"db2dff22-e4c1-41ea-a07d-8c0b0080cb04\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_db2dff22-e4c1-41ea-a07d-8c0b0080cb04\"}]","timeRestore":false,"title":"Security Onion - SNMP","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"96522610-75e8-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"752f2974-3abc-482c-afdc-c85cf5643cc6:panel_752f2974-3abc-482c-afdc-c85cf5643cc6","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"dfa3b3da-b86b-4d11-add3-c7e18c40654b:panel_dfa3b3da-b86b-4d11-add3-c7e18c40654b","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"4c444c07-93f9-43d2-966e-1a0db864c011:panel_4c444c07-93f9-43d2-966e-1a0db864c011","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"3f20fbbb-d47b-4b9e-94a0-f5f144ce0dd2:panel_3f20fbbb-d47b-4b9e-94a0-f5f144ce0dd2","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"5c5850b6-1e17-4d4a-9122-8d6a6b275fb0:panel_5c5850b6-1e17-4d4a-9122-8d6a6b275fb0","type":"visualization"},{"id":"424ace90-75e9-11ea-9565-7315f4ee5cac","name":"2df47b07-dcfd-46a9-a908-cd03bb3ae82e:panel_2df47b07-dcfd-46a9-a908-cd03bb3ae82e","type":"visualization"},{"id":"690ef880-75e9-11ea-9565-7315f4ee5cac","name":"7fec36da-2c28-4eef-9d15-bd5d64628d1d:panel_7fec36da-2c28-4eef-9d15-bd5d64628d1d","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"db2dff22-e4c1-41ea-a07d-8c0b0080cb04:panel_db2dff22-e4c1-41ea-a07d-8c0b0080cb04","type":"search"}],"sort":[1688154054424,5439],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzNzUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - \"To\" Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMTP - \\\"To\\\" Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"recipient_to.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"\\\"To\\\" Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"96767400-39a2-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5441],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzNzYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastAlert - Log Count Over Time","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"ElastAlert - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 seconds\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"969e4820-7dce-11e7-a1a2-3be6827d22ce","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:elastalert_status*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5443],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzNzcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"NIDS - Alert Summary","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NIDS - Alert Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"alert.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Alert\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"96c2cf10-4a3d-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5445],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzNzgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSH - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSH - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"9a33f9a0-365f-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c33e7600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5447],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzNzksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Connections - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"9a54f150-366e-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5449],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzODAsMV0="}
-{"attributes":{"columns":["source_ip","name","software_type"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_software\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Software - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"ba3d77e0-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5451],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzODEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Software - Summary","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Software - Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Name\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"version_major.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Major Version\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"version_minor.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Minor Version\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"software_type.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"9b0f6a80-4c7a-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"ba3d77e0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5453],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzODIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"MySQL - Response","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"MySQL - Response\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"response.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Response\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"9c411ad0-4a58-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"5d624230-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5455],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzODMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Zeek - Notice","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Zeek - Notice\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"notice.note.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Notice\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"9c6ccff0-7a84-11ea-9d13-57f5db13d1ed","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5457],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzODQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Sensors - Sensor and Services (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Sensors - Sensor and Services (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"sensor_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Sensor\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"service.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"9c979ea0-345b-11e7-8867-29a39c0f86b2","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"aa05e920-3433-11e7-8867-29a39c0f86b2","name":"search_0","type":"search"}],"sort":[1688154054424,5459],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzODUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"PE - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"PE - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"9cffd160-363f-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"66288140-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5461],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzODYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Connections - Top Source Ports","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Connections - Top Source Ports\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source Port\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"9d3413c0-6ea0-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1688154054424,5463],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzODcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:ssh\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"b816ee0e-45c6-438d-a4ed-799d9e80a9f0\"},\"panelIndex\":\"b816ee0e-45c6-438d-a4ed-799d9e80a9f0\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b816ee0e-45c6-438d-a4ed-799d9e80a9f0\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":13,\"y\":0,\"w\":17,\"h\":8,\"i\":\"cbfd7081-d82b-4e29-b21c-6e9584d67328\"},\"panelIndex\":\"cbfd7081-d82b-4e29-b21c-6e9584d67328\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_cbfd7081-d82b-4e29-b21c-6e9584d67328\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":8,\"i\":\"d9b0c92a-8625-4e72-8a7c-333381e17244\"},\"panelIndex\":\"d9b0c92a-8625-4e72-8a7c-333381e17244\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_d9b0c92a-8625-4e72-8a7c-333381e17244\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":8,\"w\":10,\"h\":19,\"i\":\"766c95ce-e20f-4e88-935f-2211b7be6b65\"},\"panelIndex\":\"766c95ce-e20f-4e88-935f-2211b7be6b65\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_766c95ce-e20f-4e88-935f-2211b7be6b65\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":10,\"y\":8,\"w\":10,\"h\":19,\"i\":\"e9ec8c9e-8a76-4501-abcb-2c9c08adfc44\"},\"panelIndex\":\"e9ec8c9e-8a76-4501-abcb-2c9c08adfc44\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e9ec8c9e-8a76-4501-abcb-2c9c08adfc44\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":20,\"y\":8,\"w\":13,\"h\":19,\"i\":\"c2747e56-14c2-4a70-a1a7-e31affae20f8\"},\"panelIndex\":\"c2747e56-14c2-4a70-a1a7-e31affae20f8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_c2747e56-14c2-4a70-a1a7-e31affae20f8\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":33,\"y\":8,\"w\":15,\"h\":19,\"i\":\"ff324073-699d-4b26-b4fd-28190fa3803b\"},\"panelIndex\":\"ff324073-699d-4b26-b4fd-28190fa3803b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_ff324073-699d-4b26-b4fd-28190fa3803b\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":27,\"w\":17,\"h\":18,\"i\":\"248c6442-b868-4e06-bfaa-e6da2d2d7463\"},\"panelIndex\":\"248c6442-b868-4e06-bfaa-e6da2d2d7463\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_248c6442-b868-4e06-bfaa-e6da2d2d7463\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":17,\"y\":27,\"w\":16,\"h\":18,\"i\":\"d24e4833-8b52-45ac-ac3f-bb31379e8380\"},\"panelIndex\":\"d24e4833-8b52-45ac-ac3f-bb31379e8380\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_d24e4833-8b52-45ac-ac3f-bb31379e8380\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":33,\"y\":27,\"w\":15,\"h\":18,\"i\":\"6711f807-284e-4025-99bb-cee25c0e970d\"},\"panelIndex\":\"6711f807-284e-4025-99bb-cee25c0e970d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6711f807-284e-4025-99bb-cee25c0e970d\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":45,\"w\":48,\"h\":29,\"i\":\"3d4c3a76-579f-494d-b87c-d594fea44d83\"},\"panelIndex\":\"3d4c3a76-579f-494d-b87c-d594fea44d83\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3d4c3a76-579f-494d-b87c-d594fea44d83\"}]","timeRestore":false,"title":"Security Onion - SSH","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"9dfd77e0-75eb-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"b816ee0e-45c6-438d-a4ed-799d9e80a9f0:panel_b816ee0e-45c6-438d-a4ed-799d9e80a9f0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"cbfd7081-d82b-4e29-b21c-6e9584d67328:panel_cbfd7081-d82b-4e29-b21c-6e9584d67328","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"d9b0c92a-8625-4e72-8a7c-333381e17244:panel_d9b0c92a-8625-4e72-8a7c-333381e17244","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"766c95ce-e20f-4e88-935f-2211b7be6b65:panel_766c95ce-e20f-4e88-935f-2211b7be6b65","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"e9ec8c9e-8a76-4501-abcb-2c9c08adfc44:panel_e9ec8c9e-8a76-4501-abcb-2c9c08adfc44","type":"visualization"},{"id":"292b1db0-75ea-11ea-9565-7315f4ee5cac","name":"c2747e56-14c2-4a70-a1a7-e31affae20f8:panel_c2747e56-14c2-4a70-a1a7-e31affae20f8","type":"visualization"},{"id":"46221fe0-75ea-11ea-9565-7315f4ee5cac","name":"ff324073-699d-4b26-b4fd-28190fa3803b:panel_ff324073-699d-4b26-b4fd-28190fa3803b","type":"visualization"},{"id":"7d61f430-75ea-11ea-9565-7315f4ee5cac","name":"248c6442-b868-4e06-bfaa-e6da2d2d7463:panel_248c6442-b868-4e06-bfaa-e6da2d2d7463","type":"visualization"},{"id":"104a4a90-75eb-11ea-9565-7315f4ee5cac","name":"d24e4833-8b52-45ac-ac3f-bb31379e8380:panel_d24e4833-8b52-45ac-ac3f-bb31379e8380","type":"visualization"},{"id":"8afa5f50-75eb-11ea-9565-7315f4ee5cac","name":"6711f807-284e-4025-99bb-cee25c0e970d:panel_6711f807-284e-4025-99bb-cee25c0e970d","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"3d4c3a76-579f-494d-b87c-d594fea44d83:panel_3d4c3a76-579f-494d-b87c-d594fea44d83","type":"search"}],"sort":[1688154054424,5475],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzODgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DCE/RPC - Endpoint","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DCE/RPC - Endpoint\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dce_rpc.endpoint.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Endpoint\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"a427d6e0-96db-11ea-814e-bb515e873c2c","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5477],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzODksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DCE/RPC - Named Pipe","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DCE/RPC - Named Pipe\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dce_rpc.named_pipe.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Named Pipe\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"c2f21270-96db-11ea-814e-bb515e873c2c","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5479],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzOTAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DCE/RPC - Operation","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DCE/RPC - Operation\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dce_rpc.operation.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Operation\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"df7989f0-96db-11ea-814e-bb515e873c2c","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5481],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzOTEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:dce_rpc\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":9,\"i\":\"95dc50d5-926a-4ab3-a746-0e53f475d658\"},\"panelIndex\":\"95dc50d5-926a-4ab3-a746-0e53f475d658\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_95dc50d5-926a-4ab3-a746-0e53f475d658\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":14,\"y\":0,\"w\":14,\"h\":9,\"i\":\"5b559994-ed67-43c8-8eed-ab30fd8b3d26\"},\"panelIndex\":\"5b559994-ed67-43c8-8eed-ab30fd8b3d26\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5b559994-ed67-43c8-8eed-ab30fd8b3d26\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":20,\"h\":9,\"i\":\"4251a61c-1dcd-47b3-9866-f7ed939c73d4\"},\"panelIndex\":\"4251a61c-1dcd-47b3-9866-f7ed939c73d4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4251a61c-1dcd-47b3-9866-f7ed939c73d4\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":8,\"h\":21,\"i\":\"e74255f5-4dc6-4df0-ab24-032dd7d4bc02\"},\"panelIndex\":\"e74255f5-4dc6-4df0-ab24-032dd7d4bc02\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e74255f5-4dc6-4df0-ab24-032dd7d4bc02\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":8,\"y\":9,\"w\":8,\"h\":21,\"i\":\"55f5c9e0-264b-44d1-9b49-0bb7890ef4bd\"},\"panelIndex\":\"55f5c9e0-264b-44d1-9b49-0bb7890ef4bd\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_55f5c9e0-264b-44d1-9b49-0bb7890ef4bd\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":16,\"y\":9,\"w\":9,\"h\":21,\"i\":\"2a33a3df-4690-4ea4-a71a-9c98cb612213\"},\"panelIndex\":\"2a33a3df-4690-4ea4-a71a-9c98cb612213\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2a33a3df-4690-4ea4-a71a-9c98cb612213\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":25,\"y\":9,\"w\":8,\"h\":21,\"i\":\"ee61c32f-e801-494f-a819-b5788bed856f\"},\"panelIndex\":\"ee61c32f-e801-494f-a819-b5788bed856f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_ee61c32f-e801-494f-a819-b5788bed856f\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":33,\"y\":9,\"w\":15,\"h\":21,\"i\":\"f7c23591-431c-4a4c-a69b-a349c37697da\"},\"panelIndex\":\"f7c23591-431c-4a4c-a69b-a349c37697da\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f7c23591-431c-4a4c-a69b-a349c37697da\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":30,\"w\":48,\"h\":29,\"i\":\"f360db9a-9572-4b67-8be4-6f53084940a3\"},\"panelIndex\":\"f360db9a-9572-4b67-8be4-6f53084940a3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f360db9a-9572-4b67-8be4-6f53084940a3\"}]","timeRestore":false,"title":"Security Onion - DCE/RPC","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"9e882df0-72c5-11ea-8dd2-9d8795a1200b","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"95dc50d5-926a-4ab3-a746-0e53f475d658:panel_95dc50d5-926a-4ab3-a746-0e53f475d658","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"5b559994-ed67-43c8-8eed-ab30fd8b3d26:panel_5b559994-ed67-43c8-8eed-ab30fd8b3d26","type":"visualization"},{"id":"c879ad60-72a1-11ea-8dd2-9d8795a1200b","name":"4251a61c-1dcd-47b3-9866-f7ed939c73d4:panel_4251a61c-1dcd-47b3-9866-f7ed939c73d4","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"e74255f5-4dc6-4df0-ab24-032dd7d4bc02:panel_e74255f5-4dc6-4df0-ab24-032dd7d4bc02","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"55f5c9e0-264b-44d1-9b49-0bb7890ef4bd:panel_55f5c9e0-264b-44d1-9b49-0bb7890ef4bd","type":"visualization"},{"id":"a427d6e0-96db-11ea-814e-bb515e873c2c","name":"2a33a3df-4690-4ea4-a71a-9c98cb612213:panel_2a33a3df-4690-4ea4-a71a-9c98cb612213","type":"visualization"},{"id":"c2f21270-96db-11ea-814e-bb515e873c2c","name":"ee61c32f-e801-494f-a819-b5788bed856f:panel_ee61c32f-e801-494f-a819-b5788bed856f","type":"visualization"},{"id":"df7989f0-96db-11ea-814e-bb515e873c2c","name":"f7c23591-431c-4a4c-a69b-a349c37697da:panel_f7c23591-431c-4a4c-a69b-a349c37697da","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"f360db9a-9572-4b67-8be4-6f53084940a3:panel_f360db9a-9572-4b67-8be4-6f53084940a3","type":"search"}],"sort":[1688154054424,5491],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzOTIsMV0="}
-{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.module:osquery\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Security Onion - Osquery","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"9eed5fc0-afcb-11ea-b262-353d451b125b","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5493],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzOTMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SIP - Content Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SIP - Content Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"sip.content_type.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sip.content_type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Type\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"9ff24600-75ca-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5495],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzOTQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"OSSEC Alerts - Command (Data Table)","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"OSSEC Alerts - Command (Data Table)\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"command.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Command\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"9ff34f60-4a42-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d9096bb0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5497],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzOTUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":{\"match_all\":{}},\"language\":\"lucene\"},\"filter\":[]}"},"title":"Help","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Help\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"markdown\":\"## Introduction\\nWelcome to the Security Onion Elastic Stack!  This is our implementation of the Elastic Stack on Security Onion.  The Elastic Stack consists of three primary components:\\n- `Elasticsearch` - stores logs\\n- `Logstash` - collects and enriches logs before storing them in Elasticsearch\\n- `Kibana` - web interface for visualizing logs\\n\\n## Sidebar\\nStarting on the far left side of the page, you see the Sidebar.  This contains links such as:\\n- `Discover` - search data\\n- `Visualize` - create visualizations based on searches\\n- `Dashboard` - view or create dashboards based on visualizations\\n- `Timelion` - timeline analysis\\n- `Dev Tools` - query Elasticsearch directly\\n- `Management` - view or modify Kibana settings\\n- `Squert` - separate web interface for viewing NIDS and HIDS alerts\\n- `Logout` - log out of your session\\n\\nThe first six of those links are within Kibana itself.  If you click one of those and then want to get back to the Dashboards area where you started, simply click the `Dashboard` link.\\n\\nClicking the `Squert` link will take you out of Kibana and into Squert.  You will not be required to authenticate to Squert since you already have an active Single Sign On (SSO) session.\\n\\nClicking the `Logout` link in either Squert or Kibana will log you out of your SSO session and take you back to the logon screen.\\n\\n## Navigation Panel\\nWhen you are in the Kibana Dashboard area, the panel to the immediate right of the sidebar is the Navigation Panel and it includes links to our dashboards such as Home, Help (this page), Bro Notices, ElastAlert, HIDS, NIDS, etc.  Clicking one of the links in the Navigation Panel will take you to a dashboard dedicated to that particular log type.  \\n\\n## Dashboards\\nAll dashboards are designed to work at 1024x768 screen resolution in order to maximize compatibility.\\n\\n### Dashboard Hyperlinks\\n\\nThe `source_ip` and `destination_ip` fields are hyperlinked.  These hyperlinks will take you to the Indicator dashboard which will help you analyze the traffic relating to that particular IP address.\\n\\n`UID` fields are also hyperlinked.  This hyperlink will start a new Kibana search for that particular UID.  In the case of Bro UIDs this will show you all Bro logs related to that particular connection.\\n\\nEach log entry also has an `_id` field that is hyperlinked.  This hyperlink will take you to CapMe, allowing you to request full packet capture for any arbitrary log type.  This assumes that the log is for tcp or udp traffic that was seen by Bro and Bro recorded it correctly in its conn.log.  \\n\\n### Overview Dashboard\\nWhen you first go to the Kibana Dashboard area, you are automatically placed into the Overview dashboard, where you will see overview information, such as total number of logs and sensors.  Use the information on the Overview dashboard to determine which of the other dashboards on the Navigation Panel you might want to visit next.\\n\\n### Dashboard Categories\\nOur remaining dashboards are grouped into a few categories:\\n- `Alert Data` - dashboards that display alerts created by rules or signatures\\n- `Bro Hunting` - dashboards that allow you to slice and dice network metadata for hunting\\n- `Host Hunting` - dashboards that allow you to hunt via host telemetry\\n- `Other` - dashboards that don't fit into the categories above\\n\\n### Bro Notices\\nBro sniffs network traffic and generates notices such as `SSL::Invalid Server Cert` and `TeamCymruMalwareHashRegistry::Match`.\\n\\n### ElastAlert\\nElastAlert queries Elasticsearch on a regular basis and then generates alerts based on your desired criteria.  Security Onion includes two example rules that alert on new IDS events and new connection logs.  You can add your own ElastAlert rules in `/etc/elastalert/rules/`.\\n\\n### HIDS\\nOSSEC analyzes log files and generates Host Intrusion Detection System alerts based on its ruleset at `/var/ossec/rules/`.  You can add your own rules in `/var/ossec/rules/local_rules.xml`.\\n\\n### NIDS\\nSecurity Onion can use either Snort or Suricata to sniff network traffic and generate Network Intrusion Detection System alerts.  \\n\\n### Connections\\nBro sniffs network traffic and logs connection metadata including source IP/port, destination IP/port, protocol, and number of bytes.\\n\\n### DCE/RPC\\nBro sniffs network traffic and logs DCE/RPC metadata including source IP/port, destination IP/port, operation, endpoint, and named pipe.\\n\\n### DHCP\\nBro sniffs network traffic and logs DHCP requests and responses including source IP/port, destination IP/port, and MAC addresses.\\n\\n### DNP3\\nBro sniffs network traffic and logs DNP3 metadata including source IP/port, destination IP/port, function request, function reply.\\n\\n### DNS\\nBro sniffs network traffic and logs DNS queries and answers.  Bro also includes other name lookups such as Windows NetBIOS name service requests and Bonjour.\\n\\n### Files\\nBro sniffs network traffic and logs metadata related to files being transferred over the network including IP addresses, MIME type, source, and checksums.\\n\\n### FTP\\nBro sniffs network traffic and logs FTP metadata including source IP/port, destination IP/port, command, reply code, argument, and username.\\n\\n### HTTP\\nBro sniffs network traffic and logs HTTP metadata including source IP/port, destination IP/port, method, status message, MIME type, site name, referer, and user agent.\\n\\n### Intel\\nBro sniffs network traffic and watches for indicators using the Intel framework.  You can add your own indicators to `/opt/bro/share/bro/intel/intel.dat`.\\n\\n### IRC\\nBro sniffs network traffic and logs IRC metadata including source IP/port, destination IP/port, command, and username.\\n\\n### Kerberos\\nBro sniffs network traffic and logs Kerberos metadata including source IP/port, destination IP/port, cipher, client, server, service, request type, and success status.\\n\\n### Modbus\\nBro sniffs network traffic and logs Modbus metadata including source IP/port, destination IP/port, and function.\\n\\n### MySQL\\nBro sniffs network traffic and logs MySQL metadata including source IP/port, destination IP/port, command/argument, status, and response.\\n\\n### NTLM\\nBro sniffs network traffic and logs NTLM metadata including source IP/port, destination IP/port, hostname, username, and status.\\n\\n### PE\\nBro sniffs network traffic and logs PE metadata including OS, subsystem, machine, and section name.\\n\\n### RADIUS\\nBro sniffs network traffic and logs RADIUS metadata including source IP/port, destination IP/port, username, and result.\\n\\n### RDP\\nBro sniffs network traffic and logs RDP metadata including source IP/port, destination IP/port, client build, keyboard layout, encryption level, and result.\\n\\n### RFB\\nBro sniffs network traffic and logs RFB metadata including source IP/port, destination IP/port, authentication method, authentication status, client version, server version, and desktop name.\\n\\n### SIP\\nBro sniffs network traffic and logs SIP metadata including source IP/port, destination IP/port, method, content type, status, uri, and user agent.\\n\\n### SMB\\nBro sniffs network traffic and logs SMB metadata including source IP/port, destination IP/port, file name, and action.\\n\\n### SMTP\\nBro sniffs network traffic and logs SMTP metadata including source IP/port, destination IP/port, from, to, subject, and user agent.\\n\\n### SNMP\\nBro sniffs network traffic and logs SNMP metadata including source IP/port, destination IP/port, version, community, and duration.\\n\\n### Software\\nBro sniffs network traffic and logs metadata relating to the kinds of software that generated that traffic including name, type, and version.\\n\\n### SSH\\nBro sniffs network traffic and logs SSH metadata including source IP/port, destination IP/port, client version, server version, and success.\\n\\n### SSL\\nBro sniffs network traffic and logs SSL metadata including source IP/port, destination IP/port, server name, certificate subject, cipher, and validation status.\\n\\n### Syslog\\nBro sniffs network traffic and logs Syslog metadata including source IP/port, destination IP/port, severity, and protocol.\\n\\n### Tunnels\\nBro sniffs network traffic and detects IP, GRE, SOCKS, TEREDO, and AVAYA tunnels.  It logs metadata including source IP/port, destination IP/port, type, and action.\\n\\n### Weird\\nBro sniffs network traffic and logs protocol anomalies metadata including source IP/port, destination IP/port, and the type of anomaly.\\n\\n### X.509\\nBro sniffs network traffic and logs X.509 metadata including certificate subject, issuer, key algorithm, key length, and signing algorithm.\\n\\n### Autoruns\\nSysinternals Autoruns can identify the processes which Windows is configured to automatically run.  Autoruns data can then be ingested via [Autoruns To WinEventLog](https://github.com/palantir/windows-event-forwarding/tree/master/AutorunsToWinEventLog).\\n\\n### Beats\\nElastic Beats can be deployed on endpoints to collect host telemetry and send to Logstash for storage in Elasticsearch.\\n\\n### OSSEC\\nOSSEC agents can be deployed on endpoints to collect host telemetry and send to the OSSEC Server included in Security Onion.  OSSEC Alerts can be found in the Alert Data category at the top of the Navigation Panel.  This OSSEC hunting dashboard will allow you to hunt through all OSSEC logs, not just alerts.\\n\\n### Sysmon\\nSysinternal Sysmon provides comprehensive telemetry for Windows hosts.  Its logs can be consumed using Beats, OSSEC, or other transport mechanism.\\n\\n### Domain Stats\\nSecurity Onion includes a tool called domain_stats which will do a whois lookup on a domain name to determine the age of the domain.  If enabled, this dashboard looks for baby domains that have been recently registered.  Please note that domain_stats is only enabled when running in Evaluation Mode.\\n\\n### Firewall\\nFirewall logs can be consumed via syslog or other transport mechanism.  Once consumed, this dashboard allows you to slice and dice those firewall logs based on source IP/port, destination IP/port, protocol, and action.\\n\\n### Frequency\\nSecurity Onion includes a tool called freq_server which can perform frequency analysis of hostnames.  If enabled, this dashboard will show hostnames with a frequency analysis score that indicates that they could have been randomly generated.  Please note that freq_server is only enabled when running in Evaluation Mode.\\n\\n### Stats\\nThis dashboard shows statistics for Logstash including processing times for different log types and any errors that may have occurred.\\n\\n## More Information\\nFor additional information, please refer to our documentation at:\\n\\nhttps://securityonion.net/docs/Elastic\",\"type\":\"markdown\"},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AV6-PHKnDwoBUzALqJ_c","migrationVersion":{"visualization":"8.5.0"},"references":[],"sort":[1688154054424,5498],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzOTYsMV0="}
-{"attributes":{"fieldFormatMap":"{\"process_id\":{\"id\":\"number\",\"params\":{\"pattern\":\"0\"}},\"event_id\":{\"id\":\"number\",\"params\":{\"pattern\":\"0\"}}}","fields":"[{\"name\":\"@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"@version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"aa\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"aa.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"action.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"activity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"additional_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"additional_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"age\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"age.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"alert.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_level\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_level.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"analyzer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"analyzer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"answers\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"answers.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"apache2.access.body_sent.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.geoip.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.geoip.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.geoip.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.geoip.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.geoip.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.http_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.referrer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.remote_ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.response_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.url\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.device\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.major\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.minor\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.os\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.os_major\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.os_minor\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.os_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.patch\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.error.client\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.error.code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.error.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.error.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"apache2.error.module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.error.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.error.tid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.error.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"assigned_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"assigned_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.a0\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.acct\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.geoip.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.geoip.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.geoip.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.geoip.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.geoip.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.item\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.items\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.new_auid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.new_ses\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.old_auid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.old_ses\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.pid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.ppid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.record_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.res\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.sequence\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auth\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"auth.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"authentication_attempts\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"authentication_method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"authentication_method.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"authentication_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"authentication_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"basic_constraints_ca\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"basic_constraints_ca.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"basic_constraints_path_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"bound_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"call_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"call_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"category\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"category.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cc\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cc.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_chain_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_chain_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_common_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_common_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_common_name_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_common_name_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_curve\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_curve.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_exponent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_exponent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_issuer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_issuer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_key_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_key_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_key_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_key_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_key_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_locality\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_locality.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_not_valid_after\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_not_valid_before\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_number_days_valid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_organization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_organization.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_organization_unit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_organization_unit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_permanent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_permanent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_serial\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_serial.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_serial_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_serial_number.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_signing_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_signing_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"checksum\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"checksum.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cipher\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cipher.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cipher_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cipher_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"class\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"class.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"classification\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"classification.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_build\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_build.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_certificate_chain_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_certificate_chain_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_certificate_fuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_certificate_fuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_certificate_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_certificate_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_digital_product_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_digital_product_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_issuer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_issuer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_major_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_major_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_minor_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_minor_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"community\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"community.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"company.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"compile_ts\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"compile_ts.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"compression_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"compression_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"computer_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"computer_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connect_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connect_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection_state_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection_state_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"content_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"content_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cookie\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cookie.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"creation_date\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"creation_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"current_directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"current_directory.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"curve\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"curve.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_destination_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_destination_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_passive\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data_channel_passive.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_source_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"date\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dcc_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dcc_file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dcc_file_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dcc_mime_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dcc_mime_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"depth\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"desktop_height\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"desktop_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"desktop_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"desktop_width\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dest_is_ipv6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dest_is_ipv6.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_city\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_city.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.city_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.continent_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.country_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.dma_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.longitude.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.postal_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.region_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.region_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.region_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.timezone.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_latitude\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_latitude.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_longitude\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_longitude.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_port_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_port_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_region\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_region.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"details\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"details.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dir\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dir.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"direction\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"direction.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"display_string\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"display_string.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"docker.container.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"docker.container.image\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"docker.container.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"domain_age\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"domain_age.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"domain_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"domain_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dropped\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dropped.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"duration\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"enabled\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"enabled.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"encryption_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"encryption_level.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"encryption_method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"encryption_method.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"endpoint\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"endpoint.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"entry\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"entry.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"entry_location\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"entry_location.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"error.code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"error.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"error.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"error_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"error_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"escalated_user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"escalated_user.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"established\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"established.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.AccountName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.AlgorithmName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.AuthenticationPackageName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Binary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.CommandLine\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Configuration\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ConfigurationFileHash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.CreationUtcTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.CurrentDirectory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DestinationIp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DestinationIsIpv6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DestinationPort\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Details\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DeviceName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DeviceNameLength\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DeviceTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DeviceVersionMajor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DeviceVersionMinor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DirtyPages\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ElevatedToken\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.EventType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ExtraInfoLength\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ExtraInfoString\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.FilterID\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.FinalStatus\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Hashes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.HiveName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.HiveNameLength\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Image\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ImagePath\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ImpersonationLevel\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Initiated\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.IntegrityLevel\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.IpAddress\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.IpPort\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.KeyFilePath\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.KeyLength\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.KeyName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.KeyType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.KeysUpdated\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.LmPackageName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.LogonGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.LogonId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.LogonProcessName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.LogonType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.NewSize\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.NewTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.OldTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Operation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.OriginalSize\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ParentCommandLine\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ParentImage\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ParentProcessGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ParentProcessId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.PreviousCreationUtcTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.PreviousTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.PrivilegeList\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ProcessGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ProcessId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ProcessName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ProviderName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Reason\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.RestrictedAdminMode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ReturnCode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SchemaVersion\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ServiceName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ServiceType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SourceHostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SourceIp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SourceIsIpv6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SourcePort\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.StartType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.State\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SubjectDomainName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SubjectLogonId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SubjectUserName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SubjectUserSid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetDomainName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetFilename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetLinkedLogonId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetLogonId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetObject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetOutboundDomainName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetOutboundUserName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetUserName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetUserSid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TerminalSessionId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TransmittedServices\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.User\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.UtcTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.VirtualAccount\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Workstation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.WorkstationName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param10\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param11\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param12\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param13\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param14\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param15\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param16\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param17\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param19\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param20\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param21\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param22\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param4\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param7\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param8\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param9\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.serviceGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.updateGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.updateRevisionNumber\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.updateTitle\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"exception\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"exception.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"extracted\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"extracted.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"facility.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fc_reply\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fc_reply.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fc_request\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fc_request.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_mime_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file_mime_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fileset.module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fileset.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"first_received\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"first_received.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow_label\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"flow_label.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"forwardable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"forwardable.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"freq_virtual_host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"freq_virtual_host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"frequency_scores\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"frequency_scores.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp_argument\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp_argument.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp_command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp_command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"function\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"function.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"get_bulk_requests\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"get_bulk_requests.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"get_requests\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"get_requests.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"gid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_cert_table\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_cert_table.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_debug_data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_debug_data.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_export_table\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_export_table.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_import_table\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_import_table.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"height\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"helo\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"helo.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"highest_registered_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"highest_registered_domain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"highest_registered_domain_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"history\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"history.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hop_limit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hop_limit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host_key\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host_key.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host_key_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host_key_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"icinga.debug.facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"icinga.debug.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"icinga.debug.severity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"icinga.main.facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"icinga.main.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"icinga.main.severity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"icinga.startup.facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"icinga.startup.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"icinga.startup.severity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"iin\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"iin.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"image_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"image_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"in_reply_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"in_reply_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"indicator\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"indicator.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"indicator_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"indicator_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"info_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"info_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"info_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"initiated\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"initiated.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"integrity_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"integrity_level.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"interface\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"interface.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ip_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_flags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_flags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_offset.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_protocol_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_protocol_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_protocol_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_tos\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_tos.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_ttl\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"irc_command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc_command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_64bit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_64bit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_exe\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_exe.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_orig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_orig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_source_ipv6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_source_ipv6.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_webmail\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_webmail.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_common_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_common_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_common_name_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_common_name_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_distinguished_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_distinguished_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_locality\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_locality.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_organization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_organization.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_organization_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_organization_unit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_organization_unit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_serial_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_serial_number.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kafka.log.class\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kafka.log.component\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kafka.log.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kafka.log.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kafka.log.timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kafka.log.trace.class\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kafka.log.trace.full\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kafka.log.trace.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kex_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kex_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"keyboard_layout\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"keyboard_layout.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"keywords\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.container.image\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.container.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.namespace\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.pod.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"last_alert\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"last_alert.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"last_reply\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"last_reply.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"launch_string\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"launch_string.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"lease_time\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"lease_time.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"length\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"length.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"local_orig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"local_orig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"local_respond\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"local_respond.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"location\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"location.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logged\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logged.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logon_guid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logon_guid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logon_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logon_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash.log.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash.log.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logstash.log.module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash.log.thread\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logstash.slowlog.event\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logstash.slowlog.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash.slowlog.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logstash.slowlog.module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash.slowlog.plugin_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash.slowlog.plugin_params\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logstash.slowlog.plugin_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash.slowlog.thread\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logstash.slowlog.took_in_millis\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash.slowlog.took_in_nanos\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash_time\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mac\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mac.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mac_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mac_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"machine\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"machine.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mail_date\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mail_date.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mail_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mail_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"matched\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"matched.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"md5.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message_error\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"meta.cloud.availability_zone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"meta.cloud.instance_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"meta.cloud.instance_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"meta.cloud.machine_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"meta.cloud.project_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"meta.cloud.provider\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"meta.cloud.region\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"method.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mimetype\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mimetype.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"missed_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"missing_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"msg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"msg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.error.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.error.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql.error.thread_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.error.timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.lock_time.sec\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.query\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.query_time.sec\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.rows_examined\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.rows_sent\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.timestamp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql_argument\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql_argument.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql_command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql_command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"n\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"named_pipe\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"named_pipe.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"native_file_system\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"native_file_system.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"next_protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"next_protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"nginx.access.body_sent.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.geoip.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.geoip.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.geoip.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.geoip.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.geoip.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.http_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.referrer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.remote_ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.response_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.url\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.device\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.major\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.minor\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.os\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.os_major\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.os_minor\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.os_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.patch\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.error.connection_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.error.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.error.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"nginx.error.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.error.tid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nick\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"nick.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"note\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"note.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"notice\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ntlm_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ntlm_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"num_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"object_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"offset\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"opcode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"operation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"operation.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"orig_filenames\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"orig_filenames.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"orig_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"orig_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"orig_mime_types\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"orig_mime_types.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"original_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_ip_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"os\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"os.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ossec_agent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ossec_agent_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ossec_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ossec_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"overflow_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"p\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_domain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_domain_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_domain_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_image_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_image_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_process_guid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_process_guid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_process_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_process_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_process_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_process_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"password\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"password.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"peer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"peer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"peer_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"peer_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pesha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"pesha1.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pesha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"pesha256.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"postgresql.log.database\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"postgresql.log.duration\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"postgresql.log.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"postgresql.log.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"postgresql.log.query\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"postgresql.log.thread_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"postgresql.log.timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"postgresql.log.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"postgresql.log.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"prev_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"prev_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_arguments\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process_arguments.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_guid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"profile\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"profile.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"program\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"program.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"prospector.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"protocol_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"protocol_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"protocol_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"protocol_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"provider_guid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"proxied\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"proxied.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"query.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_class\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_class_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"query_class_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_type\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_type_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"query_type_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ra\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ra.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rcode\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rcode_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rcode_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rd.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"read_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reason\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reason.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"recipient_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"recipient_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"record_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"redis.log.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"redis.log.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"redis.log.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"redis.log.role\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"redis.slowlog.args\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"redis.slowlog.cmd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"redis.slowlog.duration.us\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"redis.slowlog.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"redis.slowlog.key\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"referrer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"referrer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rejected\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rejected.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"related_activity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"remote_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"renewable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"renewable.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reply_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reply_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reply_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reply_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reply_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reply_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_body_len\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_body_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requested_color_depth\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"requested_color_depth.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requested_resource\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"requested_resource.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resp_filenames\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resp_filenames.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resp_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resp_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resp_mime_types\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resp_mime_types.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_ip_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_body_len\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_body_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"result\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"result.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resumed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resumed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rev\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rev.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rows\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rows.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rtt\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rtt.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule_number\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"san_dns\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"san_dns.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"second_received\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"second_received.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"section_names\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"section_names.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"security_protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"security_protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seen_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seen_node\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"seen_node.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seen_where\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"seen_where.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sensor_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sensor_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seq\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"seq.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_certificate_fuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_certificate_fuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_certificate_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_certificate_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_major_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_major_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_minor_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_minor_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_name_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_name_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"service\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"service.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"set_requests\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"set_requests.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"severity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"severity.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sha1.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sha256.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"share_flag\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"share_flag.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"share_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"share_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"signature_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"signer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"signer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"site\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"site.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"software_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"software_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.city_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.continent_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.dma_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.postal_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.region_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.region_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.region_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.timezone.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_port_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_port_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sources\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sources.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"status_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status_msg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"status_msg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stream\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sub_msg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sub_msg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sub_rule_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sub_rule_number.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subdomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"subdomain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subdomain_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subdomain_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subsystem\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"subsystem.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"suppress_for\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-facility.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-host_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-host_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-legacy_msghdr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-legacy_msghdr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-pid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-pid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-sourceip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-tags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sysmon_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sysmon_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.groupadd.gid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.groupadd.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.program\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.dropped_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.event\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.geoip.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.geoip.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.geoip.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.geoip.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.geoip.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.sudo.command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.sudo.error\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.sudo.pwd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.sudo.tty\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.sudo.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.useradd.gid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.useradd.home\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.useradd.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.useradd.shell\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.useradd.uid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.syslog.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.syslog.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.syslog.pid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.syslog.program\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.syslog.timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"target_filename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"target_filename.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"task\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tc\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tc.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"terminal_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"terminal_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"thread_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"timed_out\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"timed_out.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_accessed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_accessed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_changed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_changed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_created\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_created.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_modified\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_modified.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tld.subdomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tld.subdomain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tls\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tls.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"top_level_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"top_level_domain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"total_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tracker_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tracker_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"traefik.access.backend_url\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"traefik.access.body_sent.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.frontend_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"traefik.access.geoip.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.geoip.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.geoip.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.geoip.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.geoip.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.http_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.referrer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.remote_ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.request_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.response_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.url\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.device\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.major\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.minor\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.os\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.os_major\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.os_minor\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.os_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.patch\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"trans_depth\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"transaction_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ttls\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tty\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tty.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tunnel_parents\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tunnel_parents.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tunnel_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tunnel_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"unparsed_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"unparsed_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"up_since\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"up_since.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uri\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uri.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uri_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user_agent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_data.binaryData\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_data.binaryDataSize\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_data.param1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_data.param2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_data.xml_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"useragent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"useragent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"useragent_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"username\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"username.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_aslr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_aslr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_code_integrity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_code_integrity.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_dep\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_dep.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_seh\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_seh.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"valid_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"valid_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"valid_till\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"valid_till.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"validation_status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"validation_status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"value\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"value.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_additional_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_additional_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_major\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_major.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_minor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_minor.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_minor2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_minor2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_minor3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_minor3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"virtual_host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"virtual_host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"virtual_host_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"virtual_host_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"warning\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"warning.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"width\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"width.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"x_originating_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"xml\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"year\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"z\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"z.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","notExpandable":true,"timeFieldName":"@timestamp","title":"*:logstash-beats-*"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AWBLHZaBRuBloj96jvrD","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"sort":[1688154054424,5499],"type":"index-pattern","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzOTcsMV0="}
-{"attributes":{"columns":["computer_name","process_id","user.name","event_id","event_data.Image"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"All Beats Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AWBLMr9vRuBloj96jxp1","migrationVersion":{"search":"8.0.0"},"references":[{"id":"AWBLHZaBRuBloj96jvrD","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5501],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzOTgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Beats - Process IDs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Beats - Process IDs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"type\":\"table\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"process_id\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AWBLN7X2RuBloj96jxxY","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"AWBLHZaBRuBloj96jvrD","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5503],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQzOTksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Beats - Computer Names","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Beats - Computer Names\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"type\":\"table\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"computer_name.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AWBLNriuRuBloj96jxv3","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"AWBLHZaBRuBloj96jvrD","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5505],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0MDAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Beats - Usernames","uiStateJSON":"{\n  \"vis\": {\n    \"params\": {\n      \"sort\": {\n        \"columnIndex\": null,\n        \"direction\": null\n      }\n    }\n  }\n}","version":1,"visState":"{\"title\":\"Beats - Usernames\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"type\":\"table\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user.name\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AWBLONJCRuBloj96jxzY","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"AWBLHZaBRuBloj96jvrD","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5507],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0MDEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Beats - Event IDs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Beats - Event IDs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"type\":\"table\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event_id\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AWBLOT8MRuBloj96jx0N","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"AWBLHZaBRuBloj96jvrD","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5509],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0MDIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Beats - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Beats - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"filter\":true},\"title\":{\"text\":\"@timestamp per 30 minutes\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"line\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"linear\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AWBLQ2__RuBloj96jyDn","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"AWBLHZaBRuBloj96jvrD","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5511],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0MDMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Intel - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Intel - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AWDG-Qf8xQT5EBNmq4G5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5513],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0MDQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Devices - Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Devices - Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"syslog-host_from.keyword\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AWDG0UDvxQT5EBNmq3WD","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5515],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0MDUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Notices - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Notices - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AWDG1uC-xQT5EBNmq3dP","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5517],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0MDYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NIDS - Alert Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"NIDS - Alert Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AWDG3ym0xQT5EBNmq3mG","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5519],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0MDcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"OSSEC Alerts - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"OSSEC Alerts - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AWDG4pcDxQT5EBNmq3pi","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d9096bb0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5521],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0MDgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Connections - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AWDG71xFxQT5EBNmq336","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5523],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0MDksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Elastalert - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Elastalert - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AWDG7DVRxQT5EBNmq3zM","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:elastalert_status*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5525],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0MTAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DHCP - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"DHCP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AWDG80RwxQT5EBNmq38x","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"ac1799d0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5527],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0MTEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DCE/RPC - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"DCE/RPC - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AWDG8k4OxQT5EBNmq37a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688154054424,5529],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0MTIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HTTP - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"HTTP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AWDG97t7xQT5EBNmq4E1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5531],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0MTMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNP3 - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"DNP3 - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AWDG9DWvxQT5EBNmq3-m","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c2587840-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5533],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0MTQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNS - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"DNS - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AWDG9Qx0xQT5EBNmq3_2","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5535],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0MTUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Files - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Files - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AWDG9goqxQT5EBNmq4BP","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"e929e8a0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5537],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0MTYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FTP - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"FTP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AWDG9sT_xQT5EBNmq4DI","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5539],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0MTcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Modbus - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Modbus - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AWDG_9KpxQT5EBNmq4Oo","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"52dc9fe0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5541],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0MTgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"IRC - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"IRC - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AWDG_HoKxQT5EBNmq4KN","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"344c6010-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5543],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0MTksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Kerberos - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Kerberos - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AWDG_UbkxQT5EBNmq4Lg","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5545],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0MjAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Total Number of Logs","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Total Number of Logs\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Total Number of Logs\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AWDGyaGxxQT5EBNmq3K9","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5547],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0MjEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Sensors - Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Sensors - Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"sensor_name.keyword\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AWDGzmzcxQT5EBNmq3Sj","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5549],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0MjIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"MySQL - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"MySQL - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AWDHBRrrxQT5EBNmq4TI","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"5d624230-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5551],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0MjMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"RFB - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AWDHC8iGxQT5EBNmq4bs","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5553],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0MjQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NTLM - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"NTLM - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AWDHCEx7xQT5EBNmq4Vf","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688154054424,5555],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0MjUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"PE - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"PE - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AWDHCUeZxQT5EBNmq4Xy","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"66288140-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5557],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0MjYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RADIUS - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"RADIUS - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AWDHCgWzxQT5EBNmq4Y5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"75545310-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5559],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0MjcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RDP - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"RDP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AWDHCvBexQT5EBNmq4aK","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5561],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0MjgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SNMP - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"SNMP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AWDHD-LfxQT5EBNmq4iB","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"b12150a0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5563],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0MjksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SIP - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"SIP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AWDHDNS4xQT5EBNmq4dF","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5565],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0MzAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMB - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"SMB - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AWDHDfDkxQT5EBNmq4fQ","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688154054424,5567],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0MzEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"SMTP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AWDHDsr0xQT5EBNmq4gw","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5569],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0MzIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Bro - Syslog - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Bro - Syslog - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AWDHE-_wxQT5EBNmq4n3","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"269ca380-76b4-11e7-8c3e-cfcdd8c95d87","name":"search_0","type":"search"}],"sort":[1688154054424,5571],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0MzMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Software - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Software - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AWDHEKJUxQT5EBNmq4jW","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"ba3d77e0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5573],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0MzQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSH - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"SSH - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AWDHEYk4xQT5EBNmq4k5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c33e7600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5575],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0MzUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSL - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"SSL - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AWDHElRWxQT5EBNmq4lz","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5577],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0MzYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Tunnels - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Tunnels - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AWDHFYrqxQT5EBNmq4qT","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d26d5510-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5579],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0MzcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Autoruns - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Autoruns - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AWDHG1IaxQT5EBNmq4yR","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"dd700830-6d69-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688154054424,5581],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0MzgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Weird - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Weird - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AWDHGXk-xQT5EBNmq4uf","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"e32d0d50-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5583],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0MzksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"X.509 - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"X.509 - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AWDHGklsxQT5EBNmq4wG","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"f5038cc0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5585],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0NDAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Firewall - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Firewall - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AWDHH3kBxQT5EBNmq459","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"37c16940-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688154054424,5587],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0NDEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Beats - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Beats - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AWDHHHR8xQT5EBNmq4z7","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"AWBLHZaBRuBloj96jvrD","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5589],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0NDIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"OSSEC - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"OSSEC - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AWDHHXl3xQT5EBNmq42U","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"efba60c0-3642-11e7-a6f7-4f44d7bf1c33","name":"search_0","type":"search"}],"sort":[1688154054424,5591],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0NDMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Sysmon - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Sysmon - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AWDHHk1sxQT5EBNmq43Y","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688154054424,5593],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0NDQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Logstash - Avg Processing Time","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Logstash - Avg Processing Time\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":true,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"logstash_time\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AWDHIynExQT5EBNmq49q","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5595],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0NDUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Logstash - Median Processing TIme","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Logstash - Median Processing TIme\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":true,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"median\",\"schema\":\"metric\",\"params\":{\"field\":\"logstash_time\",\"percents\":[50]}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AWDHJY1BxQT5EBNmq5Ay","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5597],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0NDYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Logstash - Max Processing Time","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Logstash - Max Processing Time\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":true,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"logstash_time\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AWDHJpuBxQT5EBNmq5Cr","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5599],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0NDcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"tags:_grokparsefailure OR tags:_csvparsefailure OR tags:_rubyexception\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Logstash - Error Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Logstash - Error Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AWDHKEF2xQT5EBNmq5FA","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5601],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0NDgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Syslog - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Syslog - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"AWDHKVLMxQT5EBNmq5HX","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"5a86ffe0-76e3-11e7-ab14-e1a4c1bc11e0","name":"search_0","type":"search"}],"sort":[1688154054424,5603],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0NDksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"FTP - Reply Code","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"FTP - Reply Code\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"reply_code.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"a0cb0860-367a-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5605],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0NTAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.category.keyword : \\\"registry\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Endgame - All Event.Cat:Registry Logs","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Endgame - All Event.Cat:Registry Logs\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":42}}}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"a0d30200-6405-11ec-864c-8b5450f97635","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1688154054424,5608],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0NTEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastAlert - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastAlert - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"match_body.destination.ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"a26faee0-7dcf-11e7-a1a2-3be6827d22ce","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:elastalert_status*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5610],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0NTIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Top 10 - Total Bytes By Connection","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Connections - Top 10 - Total Bytes By Connection\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Connection ID\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"left\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"total_bytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"uid.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Connection ID\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"uid.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Connection ID\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"f1325230-3b0d-11e7-a0fe-29878c6f414a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5612],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0NTMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Top 10 - Total Bytes By Destination Port","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Connections - Top 10 - Total Bytes By Destination Port\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination Port\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Max total_bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"total_bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"destination_port\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_port\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"acd65230-3b0d-11e7-a0fe-29878c6f414a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5614],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0NTQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Top 10 - Total Bytes By Destination IP","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Total Bytes\",\"field\":\"total_bytes\"},\"schema\":\"metric\",\"type\":\"max\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Destination IP Address\",\"field\":\"destination_ip\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":10},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"5\",\"params\":{\"customLabel\":\"Destination IP Address\",\"field\":\"destination_ip\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"group\",\"type\":\"terms\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination IP Address\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"legendSize\":\"auto\"},\"title\":\"Connections - Top 10 - Total Bytes By Destination IP\",\"type\":\"histogram\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"eeafbb70-3b0c-11e7-a6f9-5d3fe735ec2b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5616],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0NTUsMV0="}
-{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.3.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":71,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.3.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":20,\"h\":18,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.3.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":20,\"h\":18,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.3.0\",\"gridData\":{\"x\":8,\"y\":18,\"w\":20,\"h\":20,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.3.0\",\"gridData\":{\"x\":8,\"y\":38,\"w\":40,\"h\":33,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.3.0\",\"gridData\":{\"x\":0,\"y\":71,\"w\":48,\"h\":35,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.3.0\",\"gridData\":{\"x\":28,\"y\":18,\"w\":20,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"}]","timeRestore":false,"title":"Connections - Total Bytes","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"a2ab0c40-3b0a-11e7-a6f9-5d3fe735ec2b","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"f1325230-3b0d-11e7-a0fe-29878c6f414a","name":"panel_1","type":"visualization"},{"id":"acd65230-3b0d-11e7-a0fe-29878c6f414a","name":"panel_2","type":"visualization"},{"id":"41a33c80-3b0d-11e7-a6f9-5d3fe735ec2b","name":"panel_3","type":"visualization"},{"id":"726cc040-48cf-11e8-9576-313be7c6b44b","name":"panel_4","type":"visualization"},{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"panel_5","type":"search"},{"id":"eeafbb70-3b0c-11e7-a6f9-5d3fe735ec2b","name":"panel_6","type":"visualization"}],"sort":[1688154054424,5624],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0NTYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMTP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"a5045e20-3bd1-11e7-a3ae-1754b87179c0","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5626],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0NTcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Intel - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Intel - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"a5571030-399b-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5628],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0NTgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Intel - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Intel - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"a5bcec80-6e15-11e7-8624-1fb07dd76c6a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5630],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0NTksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SMB - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMB - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"a663e070-4c78-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688154054424,5632],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0NjAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SNMP - Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SNMP - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"a67546c0-3640-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"b12150a0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5634],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0NjEsMV0="}
-{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":11,\"i\":\"066310d0-63f3-4cc8-9daa-8c0be5ad5b5f\"},\"panelIndex\":\"066310d0-63f3-4cc8-9daa-8c0be5ad5b5f\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"Endgame - Navigation\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Admin](/kibana/app/dashboards#/view/6063a9e0-61b2-11ec-864c-8b5450f97635)     \\n \\n**Event Category**    \\n[Alert](https://PLACEHOLDER/kibana/app/dashboards#/view/0c8e61c0-67fc-11ec-864c-8b5450f97635) | \\n[File](/kibana/app/dashboards#/view/4923ad00-6349-11ec-864c-8b5450f97635) | [Network](/kibana/app/dashboards#/view/49d34770-53b2-11ec-b3ef-6bcc33056a36) | [Process](/kibana/app/dashboards#/view/790991a0-6287-11ec-864c-8b5450f97635) | [Authentication](/kibana/app/dashboards#/view/6c5aaff0-63f6-11ec-864c-8b5450f97635) | [Registry](/kibana/app/dashboards#/view/a6c6c880-63f7-11ec-864c-8b5450f97635)\\n\\n**Endgame**  \\n[Endgame Alerts](https:///alerts/dashboard)\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{},\"type\":\"visualization\"},\"panelRefName\":\"panel_066310d0-63f3-4cc8-9daa-8c0be5ad5b5f\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":8,\"y\":0,\"w\":10,\"h\":11,\"i\":\"06494306-08f9-440f-a361-d63cbd6176be\"},\"panelIndex\":\"06494306-08f9-440f-a361-d63cbd6176be\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - Registry All Logs \",\"panelRefName\":\"panel_06494306-08f9-440f-a361-d63cbd6176be\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":18,\"y\":0,\"w\":30,\"h\":11,\"i\":\"9461ee7e-d1fd-448b-9094-eff9e2ebdd58\"},\"panelIndex\":\"9461ee7e-d1fd-448b-9094-eff9e2ebdd58\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - Registry Logs Over Time\",\"panelRefName\":\"panel_9461ee7e-d1fd-448b-9094-eff9e2ebdd58\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":11,\"w\":33,\"h\":17,\"i\":\"3265c94f-df4b-4a1d-bc7c-64c2e99e72a7\"},\"panelIndex\":\"3265c94f-df4b-4a1d-bc7c-64c2e99e72a7\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - Registry Event Process\",\"panelRefName\":\"panel_3265c94f-df4b-4a1d-bc7c-64c2e99e72a7\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":33,\"y\":11,\"w\":15,\"h\":17,\"i\":\"ca05c1e6-7d21-4c69-b6be-ab95031f30f9\"},\"panelIndex\":\"ca05c1e6-7d21-4c69-b6be-ab95031f30f9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_ca05c1e6-7d21-4c69-b6be-ab95031f30f9\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":28,\"w\":30,\"h\":17,\"i\":\"5b3b7aed-80c9-4e18-a55a-7ca2841913a1\"},\"panelIndex\":\"5b3b7aed-80c9-4e18-a55a-7ca2841913a1\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Endgame - Registry Events\",\"panelRefName\":\"panel_5b3b7aed-80c9-4e18-a55a-7ca2841913a1\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":30,\"y\":28,\"w\":18,\"h\":17,\"i\":\"83bb52e5-74b3-459b-8767-78bc47d1ff8d\"},\"panelIndex\":\"83bb52e5-74b3-459b-8767-78bc47d1ff8d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_83bb52e5-74b3-459b-8767-78bc47d1ff8d\"},{\"version\":\"7.15.2\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":45,\"w\":48,\"h\":34,\"i\":\"aa14e2db-4c3d-4a44-ad58-aae071e6ed3f\"},\"panelIndex\":\"aa14e2db-4c3d-4a44-ad58-aae071e6ed3f\",\"embeddableConfig\":{\"enhancements\":{},\"columns\":[\"host.name\",\"registry.path\",\"related.user\",\"registry.key\",\"registry.value\"]},\"panelRefName\":\"panel_aa14e2db-4c3d-4a44-ad58-aae071e6ed3f\"}]","timeRestore":false,"title":"Endgame - Registry","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"a6c6c880-63f7-11ec-864c-8b5450f97635","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"754f7380-6d82-11ec-864c-8b5450f97635","name":"066310d0-63f3-4cc8-9daa-8c0be5ad5b5f:panel_066310d0-63f3-4cc8-9daa-8c0be5ad5b5f","type":"visualization"},{"id":"10af1a20-6cc9-11ec-864c-8b5450f97635","name":"06494306-08f9-440f-a361-d63cbd6176be:panel_06494306-08f9-440f-a361-d63cbd6176be","type":"lens"},{"id":"e09d6340-6cc9-11ec-864c-8b5450f97635","name":"9461ee7e-d1fd-448b-9094-eff9e2ebdd58:panel_9461ee7e-d1fd-448b-9094-eff9e2ebdd58","type":"lens"},{"id":"e9afc350-6cc5-11ec-864c-8b5450f97635","name":"3265c94f-df4b-4a1d-bc7c-64c2e99e72a7:panel_3265c94f-df4b-4a1d-bc7c-64c2e99e72a7","type":"lens"},{"id":"c86a8ba0-6e44-11ec-864c-8b5450f97635","name":"ca05c1e6-7d21-4c69-b6be-ab95031f30f9:panel_ca05c1e6-7d21-4c69-b6be-ab95031f30f9","type":"lens"},{"id":"e1e12ab0-6cc5-11ec-864c-8b5450f97635","name":"5b3b7aed-80c9-4e18-a55a-7ca2841913a1:panel_5b3b7aed-80c9-4e18-a55a-7ca2841913a1","type":"lens"},{"id":"8d1f99e0-6e45-11ec-864c-8b5450f97635","name":"83bb52e5-74b3-459b-8767-78bc47d1ff8d:panel_83bb52e5-74b3-459b-8767-78bc47d1ff8d","type":"lens"},{"id":"0359b740-64cc-11ec-864c-8b5450f97635","name":"aa14e2db-4c3d-4a44-ad58-aae071e6ed3f:panel_aa14e2db-4c3d-4a44-ad58-aae071e6ed3f","type":"search"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1688154054424,5644],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0NjIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NIDS Alerts - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NIDS Alerts - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"a6df8820-399f-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5646],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0NjMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Strelka - Request - Client","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Strelka - Request - Client\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"request.client.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"request.client.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"a7ebb450-772c-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5648],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0NjQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_ssl AND _exists_:issuer_common_name_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"SSL - Certificate Issuer Common Name Frequency Analysis","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSL - Certificate Issuer Common Name Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"issuer_common_name_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"issuer_common_name.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Issuer Common Name\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"a83f17c0-6f0b-11e7-9d31-23c0596994a7","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5650],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0NjUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Data Overview","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Data Overview\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.category.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":false,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":false,\"last_level\":false,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Category\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"url\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:event.module.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(event.module.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now%2Fw,to:now%2Fw))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"params\":{},\"label\":\"event.module.keyword: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"ac6b1720-7559-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5652],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0NjYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"observer.name:* OR agent.name:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Log Count By Node ","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Log Count By Node \",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"observer.name.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"observer.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Node\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"a9fae5c0-6e9b-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5654],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0NjcsMV0="}
-{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":9,\"h\":8,\"i\":\"e243c0f0-f7cf-453e-8f5c-dc93e4651d69\"},\"panelIndex\":\"e243c0f0-f7cf-453e-8f5c-dc93e4651d69\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":9,\"y\":0,\"w\":17,\"h\":8,\"i\":\"5fdac8ff-799a-4d54-8dcb-ee1728d9623d\"},\"panelIndex\":\"5fdac8ff-799a-4d54-8dcb-ee1728d9623d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":26,\"y\":0,\"w\":22,\"h\":8,\"i\":\"126f5365-8829-469d-8349-a08874975584\"},\"panelIndex\":\"126f5365-8829-469d-8349-a08874975584\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":8,\"w\":22,\"h\":26,\"i\":\"9c61759c-0b14-433b-bca7-fd22f9a20630\"},\"panelIndex\":\"9c61759c-0b14-433b-bca7-fd22f9a20630\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":22,\"y\":8,\"w\":9,\"h\":26,\"i\":\"504e0ba1-08f7-4601-833d-6615d84e8fba\"},\"panelIndex\":\"504e0ba1-08f7-4601-833d-6615d84e8fba\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":31,\"y\":8,\"w\":8,\"h\":26,\"i\":\"e3425787-250b-4dad-8244-4c7ba65df3d9\"},\"panelIndex\":\"e3425787-250b-4dad-8244-4c7ba65df3d9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":39,\"y\":8,\"w\":9,\"h\":26,\"i\":\"9c133f8f-ca11-4a4b-ac5a-3dfe3b87f20e\"},\"panelIndex\":\"9c133f8f-ca11-4a4b-ac5a-3dfe3b87f20e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":34,\"w\":48,\"h\":30,\"i\":\"3c89322f-4209-40ba-bbe7-5c5fb45420ac\"},\"panelIndex\":\"3c89322f-4209-40ba-bbe7-5c5fb45420ac\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"Security Onion - Home","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"a8411b30-6d03-11ea-b301-3d6c35840645","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"8cfec8c0-6ec2-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"ac6b1720-7559-11ea-9565-7315f4ee5cac","name":"panel_3","type":"visualization"},{"id":"ad398b70-6e9a-11ea-9266-1fd14ca6af34","name":"panel_4","type":"visualization"},{"id":"8b065a80-6eca-11ea-9266-1fd14ca6af34","name":"panel_5","type":"visualization"},{"id":"a9fae5c0-6e9b-11ea-9266-1fd14ca6af34","name":"panel_6","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_7","type":"search"}],"sort":[1688154054424,5663],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0NjgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DHCP - Message Types","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DHCP - Message Types\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"message_types.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Message Types\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"a88e1020-0edb-11e9-9846-59f545e7293f","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"ac1799d0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5665],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0NjksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DNS - Response Code Name (Donut)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dns.response.code_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"}}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"dns.response.code_name.keyword: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Security Onion - DNS - Response Code Name (Donut)\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"a9bd4090-72b9-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5667],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0NzAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FIles - MIME Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"FIles - MIME Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mimetype.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MIME Type\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"aa021c90-3678-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"e929e8a0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5669],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0NzEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HTTP - URIs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"HTTP - URIs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"uri.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"URI\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"aa7abb00-34e3-11e7-9669-7f1d3242b798","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5671],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0NzIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\n  \"query\": {\n    \"language\": \"kuery\",\n    \"query\": \"\"\n  },\n  \"filter\": []\n}"},"savedSearchRefName":"search_0","title":"Security Onion - Osquery - Query Results Count","uiStateJSON":"{\n  \"vis\": {\n    \"params\": {\n      \"sort\": {\n        \"columnIndex\": null,\n        \"direction\": null\n      }\n    }\n  }\n}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"result.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Query Results\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"result.hostname.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Endpoint\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"result.live_query.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Live Query Pivot\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"result.endpoint_ip1.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Endpoint Primary IP\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"Security Onion - Osquery - Query Results Count\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"ab47a590-afcc-11ea-b262-353d451b125b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9eed5fc0-afcb-11ea-b262-353d451b125b","name":"search_0","type":"search"}],"sort":[1688154054424,5673],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0NzMsMV0="}
-{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"h\":8,\"i\":\"3919aa4b-bef6-4545-a780-484bae2df9ee\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"3919aa4b-bef6-4545-a780-484bae2df9ee\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"}]","timeRestore":false,"title":"Security Onion - Users","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"abbe1140-72c7-11ea-8dd2-9d8795a1200b","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"8cfec8c0-6ec2-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"}],"sort":[1688154054424,5675],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0NzQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Dataset By Node","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Dataset By Node\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Dataset\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"event.dataset.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Count\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.dataset.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dataset\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"abffa080-6ec9-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5677],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0NzUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_x509 AND _exists_:issuer_common_name_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"X.509 - Certificate Issuer Frequency Analysis","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"X.509 - Certificate Issuer Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"issuer_common_name_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"issuer_common_name.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Issuer\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"acd38970-6f0a-11e7-83d2-adea2f314dc5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5679],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0NzYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.module:zeek AND event.dataset:*file*\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":7,\"i\":\"257c130f-3673-410c-9f60-d67deb13b580\"},\"panelIndex\":\"257c130f-3673-410c-9f60-d67deb13b580\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_257c130f-3673-410c-9f60-d67deb13b580\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":8,\"y\":0,\"w\":17,\"h\":7,\"i\":\"de6206b4-7adb-44a0-ae00-2d28274478c8\"},\"panelIndex\":\"de6206b4-7adb-44a0-ae00-2d28274478c8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_de6206b4-7adb-44a0-ae00-2d28274478c8\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":25,\"y\":0,\"w\":23,\"h\":7,\"i\":\"93532ba0-f446-4a97-8783-a04dd4347485\"},\"panelIndex\":\"93532ba0-f446-4a97-8783-a04dd4347485\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_93532ba0-f446-4a97-8783-a04dd4347485\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":7,\"w\":8,\"h\":19,\"i\":\"a2af856c-7069-46b2-974c-e8b9054af929\"},\"panelIndex\":\"a2af856c-7069-46b2-974c-e8b9054af929\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a2af856c-7069-46b2-974c-e8b9054af929\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":8,\"y\":7,\"w\":9,\"h\":19,\"i\":\"4a3de026-5001-46a6-af20-78db885bd4bb\"},\"panelIndex\":\"4a3de026-5001-46a6-af20-78db885bd4bb\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4a3de026-5001-46a6-af20-78db885bd4bb\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":17,\"y\":7,\"w\":17,\"h\":19,\"i\":\"74071657-abfc-49e7-a0c3-e318b72a9d4c\"},\"panelIndex\":\"74071657-abfc-49e7-a0c3-e318b72a9d4c\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_74071657-abfc-49e7-a0c3-e318b72a9d4c\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":34,\"y\":7,\"w\":14,\"h\":19,\"i\":\"2379029c-c749-4804-91df-3d9be3fc4f8a\"},\"panelIndex\":\"2379029c-c749-4804-91df-3d9be3fc4f8a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2379029c-c749-4804-91df-3d9be3fc4f8a\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":26,\"w\":21,\"h\":19,\"i\":\"0e36a0b5-5905-43c6-8ae1-f3eb348571a0\"},\"panelIndex\":\"0e36a0b5-5905-43c6-8ae1-f3eb348571a0\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0e36a0b5-5905-43c6-8ae1-f3eb348571a0\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":21,\"y\":26,\"w\":8,\"h\":19,\"i\":\"99813eab-a19b-47d2-a8ee-8bcb667eedbf\"},\"panelIndex\":\"99813eab-a19b-47d2-a8ee-8bcb667eedbf\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_99813eab-a19b-47d2-a8ee-8bcb667eedbf\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":29,\"y\":26,\"w\":10,\"h\":19,\"i\":\"18a734f4-78a1-4d84-9f7f-7c5aa6d3b1c2\"},\"panelIndex\":\"18a734f4-78a1-4d84-9f7f-7c5aa6d3b1c2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_18a734f4-78a1-4d84-9f7f-7c5aa6d3b1c2\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":39,\"y\":26,\"w\":9,\"h\":19,\"i\":\"c51df9f8-9010-4cae-9c7c-76ca7af98f13\"},\"panelIndex\":\"c51df9f8-9010-4cae-9c7c-76ca7af98f13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_c51df9f8-9010-4cae-9c7c-76ca7af98f13\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":45,\"w\":48,\"h\":24,\"i\":\"226350dd-3afe-4135-a8da-71db63287a95\"},\"panelIndex\":\"226350dd-3afe-4135-a8da-71db63287a95\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_226350dd-3afe-4135-a8da-71db63287a95\"}]","timeRestore":false,"title":"Security Onion - Zeek Files","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"ad4d5d60-75f4-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"8cfec8c0-6ec2-11ea-9266-1fd14ca6af34","name":"257c130f-3673-410c-9f60-d67deb13b580:panel_257c130f-3673-410c-9f60-d67deb13b580","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"de6206b4-7adb-44a0-ae00-2d28274478c8:panel_de6206b4-7adb-44a0-ae00-2d28274478c8","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"93532ba0-f446-4a97-8783-a04dd4347485:panel_93532ba0-f446-4a97-8783-a04dd4347485","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"a2af856c-7069-46b2-974c-e8b9054af929:panel_a2af856c-7069-46b2-974c-e8b9054af929","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"4a3de026-5001-46a6-af20-78db885bd4bb:panel_4a3de026-5001-46a6-af20-78db885bd4bb","type":"visualization"},{"id":"bcf25e30-75f1-11ea-9565-7315f4ee5cac","name":"74071657-abfc-49e7-a0c3-e318b72a9d4c:panel_74071657-abfc-49e7-a0c3-e318b72a9d4c","type":"visualization"},{"id":"e8d35c50-75f3-11ea-9565-7315f4ee5cac","name":"2379029c-c749-4804-91df-3d9be3fc4f8a:panel_2379029c-c749-4804-91df-3d9be3fc4f8a","type":"visualization"},{"id":"09fc6ef0-7732-11ea-bee5-af7f7c7b8e05","name":"0e36a0b5-5905-43c6-8ae1-f3eb348571a0:panel_0e36a0b5-5905-43c6-8ae1-f3eb348571a0","type":"visualization"},{"id":"2fc4bea0-7730-11ea-bee5-af7f7c7b8e05","name":"99813eab-a19b-47d2-a8ee-8bcb667eedbf:panel_99813eab-a19b-47d2-a8ee-8bcb667eedbf","type":"visualization"},{"id":"49cfe850-772c-11ea-bee5-af7f7c7b8e05","name":"18a734f4-78a1-4d84-9f7f-7c5aa6d3b1c2:panel_18a734f4-78a1-4d84-9f7f-7c5aa6d3b1c2","type":"visualization"},{"id":"efc25540-75f1-11ea-9565-7315f4ee5cac","name":"c51df9f8-9010-4cae-9c7c-76ca7af98f13:panel_c51df9f8-9010-4cae-9c7c-76ca7af98f13","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"226350dd-3afe-4135-a8da-71db63287a95:panel_226350dd-3afe-4135-a8da-71db63287a95","type":"search"}],"sort":[1688154054424,5692],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0NzcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FTP - Reply Message","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"FTP - Reply Message\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"reply_message.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Reply Message\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"adcd38e0-3679-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5694],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0NzgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HTTP - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"HTTP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"ae1f1fb0-3648-11e7-bf60-314364dd1cde","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5696],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0NzksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Bro - Syslog - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Bro - Syslog - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"ae4e88b0-76b5-11e7-94e1-3d2ec4e57ed9","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"269ca380-76b4-11e7-8c3e-cfcdd8c95d87","name":"search_0","type":"search"}],"sort":[1688154054424,5698],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0ODAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HTTP - User Agent","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"HTTP - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"useragent.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"User Agent\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"ae591c20-4164-11e7-9850-b78558d0ac17","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5700],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0ODEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SSL - Destination Country (Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SSL - Destination Country (Bar Chart)\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100,\"filter\":true},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"destination_geo.country_name.keyword: Descending\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\",\"circlesRadius\":1}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"ae959820-365c-11e7-8bd0-1db2c55fb7a1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5702],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0ODIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - TLS - True/False (Vertical Bar Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"SMTP - TLS - True/False (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"TLS\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tls.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"TLS\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"aeb71cc0-6e29-11e7-8b76-75eee0095daa","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5704],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0ODMsMV0="}
-{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"Initial Systems/Queries\",\"disabled\":true,\"key\":\"osquery.counter\",\"negate\":true,\"params\":{\"query\":0,\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"0\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"osquery.counter\":{\"query\":0,\"type\":\"phrase\"}}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"Servers Only\",\"disabled\":true,\"key\":\"osquery.codename\",\"negate\":false,\"params\":{\"query\":\"server\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"server\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match\":{\"osquery.codename\":{\"query\":\"server\",\"type\":\"phrase\"}}}}],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.3.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":64,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.3.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":17,\"h\":11,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.3.0\",\"gridData\":{\"x\":8,\"y\":29,\"w\":40,\"h\":20,\"i\":\"18\"},\"panelIndex\":\"18\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Chrome Extensions - Logs\",\"panelRefName\":\"panel_2\"},{\"version\":\"7.3.0\",\"gridData\":{\"x\":8,\"y\":11,\"w\":40,\"h\":18,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Chrome Extensions - Sensitive Permissions\",\"panelRefName\":\"panel_3\"},{\"version\":\"7.3.0\",\"gridData\":{\"x\":25,\"y\":0,\"w\":23,\"h\":11,\"i\":\"20\"},\"panelIndex\":\"20\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Chrome Extensions - Changes by Hostname\",\"panelRefName\":\"panel_4\"}]","timeRestore":false,"title":"osquery - Chrome Extensions","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"af0ea750-18d3-11e9-932c-d12d2cf4ee95","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"71538370-18d5-11e9-932c-d12d2cf4ee95","name":"panel_1","type":"visualization"},{"id":"0eee4360-18d4-11e9-932c-d12d2cf4ee95","name":"panel_2","type":"search"},{"id":"78cf8bf0-1a59-11e9-ac0b-cb0ba10141ab","name":"panel_3","type":"visualization"},{"id":"04f86530-1a59-11e9-ac0b-cb0ba10141ab","name":"panel_4","type":"visualization"}],"sort":[1688154054424,5712],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0ODQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security Onion - Osquery - Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rule.name.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"title\":\"Security Onion - Osquery - Name\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"af139720-afcb-11ea-b262-353d451b125b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"5c3effd0-72ae-11ea-8dd2-9d8795a1200b","name":"search_0","type":"search"}],"sort":[1688154054424,5714],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0ODUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DHCP - Message Type (Donut)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dhcp.message_types.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Message Type\"}}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Security Onion - DHCP - Message Type (Donut)\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"af26c6e0-96e6-11ea-814e-bb515e873c2c","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,5716],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0ODYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Intel - MIME Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Intel - MIME Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mimetype.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MIME Type\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"af614b80-399c-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,5718],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0ODcsMV0="}
-{"attributes":{"allowNoIndex":true,"fieldFormatMap":"{\"system.process.memory.size\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.mem.usage.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.mem.usage.max.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.mem.limit.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.memsw.usage.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.memsw.usage.max.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.memsw.limit.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.kmem.usage.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.kmem.usage.max.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.kmem.limit.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.kmem_tcp.usage.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.kmem_tcp.usage.max.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.kmem_tcp.limit.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.stats.active_anon.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.stats.active_file.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.stats.cache.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.stats.hierarchical_memory_limit.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.stats.hierarchical_memsw_limit.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.stats.inactive_anon.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.stats.inactive_file.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.stats.mapped_file.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.stats.rss.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.stats.rss_huge.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.stats.swap.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.stats.unevictable.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.blkio.total.bytes\":{\"id\":\"bytes\"},\"system.core.user.pct\":{\"id\":\"percent\"},\"system.core.system.pct\":{\"id\":\"percent\"},\"system.core.nice.pct\":{\"id\":\"percent\"},\"system.core.idle.pct\":{\"id\":\"percent\"},\"system.core.iowait.pct\":{\"id\":\"percent\"},\"system.core.irq.pct\":{\"id\":\"percent\"},\"system.core.softirq.pct\":{\"id\":\"percent\"},\"system.core.steal.pct\":{\"id\":\"percent\"},\"host.disk.read.bytes\":{\"id\":\"bytes\"},\"host.disk.write.bytes\":{\"id\":\"bytes\"},\"system.diskio.read.bytes\":{\"id\":\"bytes\"},\"system.diskio.write.bytes\":{\"id\":\"bytes\"},\"system.diskio.iostat.read.per_sec.bytes\":{\"id\":\"bytes\"},\"system.diskio.iostat.write.per_sec.bytes\":{\"id\":\"bytes\"},\"system.diskio.iostat.request.avg_size\":{\"id\":\"bytes\"},\"host.cpu.pct\":{\"id\":\"percent\"},\"system.cpu.user.pct\":{\"id\":\"percent\"},\"system.cpu.system.pct\":{\"id\":\"percent\"},\"system.cpu.nice.pct\":{\"id\":\"percent\"},\"system.cpu.idle.pct\":{\"id\":\"percent\"},\"system.cpu.iowait.pct\":{\"id\":\"percent\"},\"system.cpu.irq.pct\":{\"id\":\"percent\"},\"system.cpu.softirq.pct\":{\"id\":\"percent\"},\"system.cpu.steal.pct\":{\"id\":\"percent\"},\"system.cpu.total.pct\":{\"id\":\"percent\"},\"system.cpu.user.norm.pct\":{\"id\":\"percent\"},\"system.cpu.system.norm.pct\":{\"id\":\"percent\"},\"system.cpu.nice.norm.pct\":{\"id\":\"percent\"},\"system.cpu.idle.norm.pct\":{\"id\":\"percent\"},\"system.cpu.iowait.norm.pct\":{\"id\":\"percent\"},\"system.cpu.irq.norm.pct\":{\"id\":\"percent\"},\"system.cpu.softirq.norm.pct\":{\"id\":\"percent\"},\"system.cpu.steal.norm.pct\":{\"id\":\"percent\"},\"system.cpu.total.norm.pct\":{\"id\":\"percent\"},\"system.filesystem.available\":{\"id\":\"bytes\"},\"system.filesystem.free\":{\"id\":\"bytes\"},\"system.filesystem.total\":{\"id\":\"bytes\"},\"system.filesystem.used.bytes\":{\"id\":\"bytes\"},\"system.filesystem.used.pct\":{\"id\":\"percent\"},\"process.cpu.pct\":{\"id\":\"percent\"},\"process.memory.pct\":{\"id\":\"percent\"},\"system.process.cpu.total.pct\":{\"id\":\"percent\"},\"system.process.cpu.total.norm.pct\":{\"id\":\"percent\"},\"system.process.memory.rss.bytes\":{\"id\":\"bytes\"},\"system.process.memory.rss.pct\":{\"id\":\"percent\"},\"system.process.memory.share\":{\"id\":\"bytes\"},\"system.process.cgroup.cpu.pressure.some.10.pct\":{\"id\":\"percent\"},\"system.process.cgroup.cpu.pressure.some.60.pct\":{\"id\":\"percent\"},\"system.process.cgroup.cpu.pressure.some.300.pct\":{\"id\":\"percent\"},\"system.process.cgroup.cpu.pressure.some.total\":{\"id\":\"percent\"},\"system.process.cgroup.cpu.pressure.full.10.pct\":{\"id\":\"percent\"},\"system.process.cgroup.cpu.pressure.full.60.pct\":{\"id\":\"percent\"},\"system.process.cgroup.cpu.pressure.full.300.pct\":{\"id\":\"percent\"},\"system.process.cgroup.memory.mem.low.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.mem.high.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.mem.max.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.memsw.low.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.memsw.high.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.memsw.max.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.io.pressure.full.10.pct\":{\"id\":\"percent\"},\"system.process.cgroup.io.pressure.full.60.pct\":{\"id\":\"percent\"},\"system.process.cgroup.io.pressure.full.300.pct\":{\"id\":\"percent\"},\"system.process.cgroup.io.pressure.some.10.pct\":{\"id\":\"percent\"},\"system.process.cgroup.io.pressure.some.60.pct\":{\"id\":\"percent\"},\"system.socket.summary.tcp.memory\":{\"id\":\"bytes\"},\"system.socket.summary.udp.memory\":{\"id\":\"bytes\"},\"system.fsstat.total_size.free\":{\"id\":\"bytes\"},\"system.fsstat.total_size.used\":{\"id\":\"bytes\"},\"system.fsstat.total_size.total\":{\"id\":\"bytes\"},\"system.memory.total\":{\"id\":\"bytes\"},\"system.memory.used.bytes\":{\"id\":\"bytes\"},\"system.memory.free\":{\"id\":\"bytes\"},\"system.memory.used.pct\":{\"id\":\"percent\"},\"system.memory.actual.used.bytes\":{\"id\":\"bytes\"},\"system.memory.actual.free\":{\"id\":\"bytes\"},\"system.memory.actual.used.pct\":{\"id\":\"percent\"},\"system.memory.swap.total\":{\"id\":\"bytes\"},\"system.memory.swap.used.bytes\":{\"id\":\"bytes\"},\"system.memory.swap.free\":{\"id\":\"bytes\"},\"system.memory.swap.used.pct\":{\"id\":\"percent\"},\"system.memory.page_stats.pgscan_kswapd.pages\":{\"id\":\"number\"},\"system.memory.page_stats.pgscan_direct.pages\":{\"id\":\"number\"},\"system.memory.page_stats.pgfree.pages\":{\"id\":\"number\"},\"system.memory.page_stats.pgsteal_kswapd.pages\":{\"id\":\"number\"},\"system.memory.page_stats.pgsteal_direct.pages\":{\"id\":\"number\"},\"system.memory.page_stats.direct_efficiency.pct\":{\"id\":\"percent\"},\"system.memory.page_stats.kswapd_efficiency.pct\":{\"id\":\"percent\"},\"system.memory.hugepages.total\":{\"id\":\"number\"},\"system.memory.hugepages.used.bytes\":{\"id\":\"bytes\"},\"system.memory.hugepages.used.pct\":{\"id\":\"percent\"},\"system.memory.hugepages.free\":{\"id\":\"number\"},\"system.memory.hugepages.reserved\":{\"id\":\"number\"},\"system.memory.hugepages.surplus\":{\"id\":\"number\"},\"system.memory.hugepages.default_size\":{\"id\":\"bytes\"},\"host.network.in.bytes\":{\"id\":\"bytes\"},\"host.network.out.bytes\":{\"id\":\"bytes\"},\"system.network.out.bytes\":{\"id\":\"bytes\"},\"system.network.in.bytes\":{\"id\":\"bytes\"},\"system.uptime.duration.ms\":{\"id\":\"duration\"},\"event.sequence\":{\"id\":\"string\"},\"event.severity\":{\"id\":\"string\"}}","fields":"[{\"name\":\"cloud.account.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.availability_zone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.instance.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.instance.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.machine.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.provider\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.region\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.project.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.image.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"container.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"container.image.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"container.labels\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"container.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.mac\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.family\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.kernel\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"host.os.platform\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.containerized\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.build\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.codename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_stream.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_stream.dataset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_stream.namespace\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.output.events.acked\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.output.events.active\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.output.events.batches\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.output.events.dropped\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.output.events.duplicates\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.output.events.failed\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.output.events.toomany\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.output.events.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.output.write.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.output.write.errors\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic_agent.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic_agent.process\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic_agent.snapshot\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic_agent.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cpu.user.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cpu.total.value\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cpu.system.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cpu.total.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cpu.total.time.ms\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cpu.user.time.ms\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cpu.system.time.ms\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.memory.size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.fd.open\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.fd.limit.soft\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.fd.limit.hard\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.cfs.period.us\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.cfs.quota.us\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.cfs.shares\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.rt.period.us\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.rt.runtime.us\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.stats.periods\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.stats.throttled.periods\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.stats.throttled.ns\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpuacct.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpuacct.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpuacct.total.ns\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpuacct.stats.user.ns\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpuacct.stats.system.ns\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpuacct.percpu\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.mem.usage.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.mem.usage.max.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.mem.limit.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.mem.failures\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.memsw.usage.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.memsw.usage.max.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.memsw.limit.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.memsw.failures\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.kmem.usage.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.kmem.usage.max.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.kmem.limit.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.kmem.failures\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.kmem_tcp.usage.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.kmem_tcp.usage.max.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.kmem_tcp.limit.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.kmem_tcp.failures\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.active_anon.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.active_file.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.cache.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.hierarchical_memory_limit.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.hierarchical_memsw_limit.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.inactive_anon.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.inactive_file.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.mapped_file.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.page_faults\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.major_page_faults\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.pages_in\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.pages_out\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.rss.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.rss_huge.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.swap.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.unevictable.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.blkio.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.blkio.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.blkio.total.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.blkio.total.ios\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.beat.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.beat.host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.beat.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.beat.uuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.beat.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.system.cpu.cores\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.system.load.1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.system.load.15\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.system.load.5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.system.load.norm.1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.system.load.norm.15\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.system.load.norm.5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cpu.system.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cpu.system.time.ms\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cpu.total.value\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cpu.total.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cpu.total.time.ms\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cpu.user.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cpu.user.time.ms\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.info.ephemeral_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.info.uptime.ms\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cgroup.cpu.cfs.period.us\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cgroup.cpu.cfs.quota.us\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cgroup.cpu.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cgroup.cpu.stats.periods\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cgroup.cpu.stats.throttled.periods\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cgroup.cpu.stats.throttled.ns\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cgroup.cpuacct.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cgroup.cpuacct.total.ns\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cgroup.memory.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cgroup.memory.mem.limit.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cgroup.memory.mem.usage.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.memstats.gc_next\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.memstats.memory.alloc\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.memstats.memory.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.memstats.rss\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.handles.open\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.handles.limit.hard\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.handles.limit.soft\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.uptime.ms\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.runtime.goroutines\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.pipeline.clients\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.pipeline.queue.acked\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.pipeline.events.active\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.pipeline.events.dropped\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.pipeline.events.failed\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.pipeline.events.filtered\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.pipeline.events.published\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.pipeline.events.retry\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.pipeline.events.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.config.running\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.config.starts\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.config.stops\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.output.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.output.read.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.output.read.errors\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.dataset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.cpu.usage\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.disk.read.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.disk.write.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.region_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.network.egress.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.network.egress.packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.network.ingress.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.network.ingress.packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.full\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.email\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.full_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.roles\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.user.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.user.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.system.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.system.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.nice.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.nice.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.idle.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.idle.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.iowait.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.iowait.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.irq.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.irq.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.softirq.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.softirq.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.steal.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.steal.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.serial_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.read.count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.write.count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.read.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.write.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.read.time\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.write.time\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.io.time\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.iostat.read.request.merges_per_sec\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.iostat.write.request.merges_per_sec\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.iostat.read.request.per_sec\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.iostat.write.request.per_sec\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.iostat.read.per_sec.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.iostat.read.await\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.iostat.write.per_sec.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.iostat.write.await\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.iostat.request.avg_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.iostat.queue.avg_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.iostat.await\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.iostat.service_time\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.iostat.busy\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.cpu.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.cores\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.user.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.system.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.nice.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.idle.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.iowait.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.irq.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.softirq.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.steal.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.total.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.user.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.system.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.nice.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.idle.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.iowait.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.irq.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.softirq.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.steal.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.total.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.user.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.system.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.nice.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.idle.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.iowait.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.irq.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.softirq.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.steal.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.filesystem.available\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.filesystem.device_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.filesystem.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.filesystem.mount_point\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.filesystem.files\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.filesystem.free\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.filesystem.free_files\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.filesystem.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.filesystem.used.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.filesystem.used.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.cpu.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.cpu.start_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.memory.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.args\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.args_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.digest_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.signing_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.team_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.command_line\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.byte_order\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.cpu_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.creation_date\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.exports\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.header.abi_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.header.class\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.header.data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.header.entrypoint\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.header.object_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.header.os_abi\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.header.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.header.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.imports\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.sections\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.sections.chi2\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.sections.entropy\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.sections.flags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.sections.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.sections.physical_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.sections.physical_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.sections.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.sections.virtual_address\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.sections.virtual_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.segments\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.segments.sections\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.segments.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.shared_libraries\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.telfhash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.end\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.entity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.executable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.exit_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.hash.ssdeep\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.args\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.args_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.digest_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.signing_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.team_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.command_line\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.byte_order\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.cpu_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.creation_date\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.exports\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.header.abi_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.header.class\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.header.data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.header.entrypoint\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.header.object_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.header.os_abi\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.header.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.header.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.imports\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.sections\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.sections.chi2\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.sections.entropy\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.sections.flags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.sections.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.sections.physical_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.sections.physical_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.sections.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.sections.virtual_address\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.sections.virtual_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.segments\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.segments.sections\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.segments.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.shared_libraries\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.telfhash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.end\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.entity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.executable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.exit_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.hash.ssdeep\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pgid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.ppid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.thread.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.thread.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.title\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.working_directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pgid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.ppid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.title\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.working_directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.changes.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.changes.email\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.changes.full_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.changes.group.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.changes.group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.changes.group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.changes.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.changes.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.changes.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.changes.roles\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.effective.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.effective.email\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.effective.full_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.effective.group.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.effective.group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.effective.group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.effective.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.effective.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.effective.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.effective.roles\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.email\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.full_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.roles\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.email\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.full_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.group.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.roles\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cmdline\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.env\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cpu.total.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cpu.total.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cpu.start_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.memory.rss.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.memory.rss.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.memory.share\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cgroups_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.stats.usage.ns\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.stats.usage.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.stats.usage.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.stats.user.ns\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.stats.user.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.stats.user.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.stats.system.ns\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.stats.system.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.stats.system.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.stats.throttled.us\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.pressure.some.10.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.pressure.some.60.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.pressure.some.300.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.pressure.some.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.pressure.full.10.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.pressure.full.60.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.pressure.full.300.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.pressure.full.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpuacct.total.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpuacct.total.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpuacct.stats.user.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpuacct.stats.user.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpuacct.stats.system.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpuacct.stats.system.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.mem.low.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.mem.high.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.mem.max.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.mem.events.low\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.mem.events.high\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.mem.events.max\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.mem.events.oom\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.mem.events.oom_kill\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.mem.events.fail\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.memsw.low.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.memsw.high.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.memsw.max.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.memsw.events.low\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.memsw.events.high\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.memsw.events.max\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.memsw.events.oom\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.memsw.events.oom_kill\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.memsw.events.fail\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.*\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.*.bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.stats.*\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.stats.*.*\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.stats.*.*.bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.stats.*.*.ios\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.pressure.full.10.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.pressure.full.60.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.pressure.full.300.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.pressure.full.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.pressure.some.10.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.pressure.some.60.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.pressure.some.300.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.pressure.some.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.as.number\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.as.organization.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.region_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.mac\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.nat.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.nat.port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.registered_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.subdomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.top_level_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.user.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.user.email\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.user.full_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.user.group.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.user.group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.user.group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.user.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.user.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.user.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.user.roles\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.all.count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.all.listening\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.tcp.memory\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.tcp.all.orphan\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.tcp.all.count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.tcp.all.listening\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.tcp.all.established\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.tcp.all.close_wait\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.tcp.all.time_wait\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.tcp.all.syn_sent\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.tcp.all.syn_recv\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.tcp.all.fin_wait1\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.tcp.all.fin_wait2\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.tcp.all.last_ack\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.tcp.all.closing\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.udp.memory\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.udp.all.count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.fsstat.count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.fsstat.total_files\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.fsstat.total_size.free\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.fsstat.total_size.used\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.fsstat.total_size.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.used.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.free\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.used.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.actual.used.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.actual.free\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.actual.used.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.swap.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.swap.used.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.swap.free\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.swap.out.pages\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.swap.in.pages\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.swap.readahead.pages\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.swap.readahead.cached\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.swap.used.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.page_stats.pgscan_kswapd.pages\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.page_stats.pgscan_direct.pages\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.page_stats.pgfree.pages\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.page_stats.pgsteal_kswapd.pages\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.page_stats.pgsteal_direct.pages\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.page_stats.direct_efficiency.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.page_stats.kswapd_efficiency.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.hugepages.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.hugepages.used.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.hugepages.used.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.hugepages.free\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.hugepages.reserved\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.hugepages.surplus\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.hugepages.default_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.hugepages.swap.out.pages\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.hugepages.swap.out.fallback\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.summary.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.summary.running\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.summary.idle\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.summary.sleeping\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.summary.stopped\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.summary.zombie\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.summary.dead\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.summary.unknown\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.network.in.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.network.in.packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.network.out.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.network.out.packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.network.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.network.out.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.network.in.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.network.out.packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.network.in.packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.network.in.errors\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.network.out.errors\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.network.in.dropped\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.network.out.dropped\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.uptime.duration.ms\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.load.1\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.load.5\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.load.15\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.load.norm.1\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.load.norm.5\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.load.norm.15\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.load.cores\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.capabilities\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"Endpoint.configuration\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.configuration.isolation\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.state.isolation\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ecs.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic.agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic.agent.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.category\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.created\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.ingested\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.kind\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.outcome\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.provider\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.sequence\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.severity\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.Ext.variant\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.full.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.full.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"host.os.name.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.cpu\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.cpu.endpoint\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.cpu.endpoint.histogram\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.cpu.endpoint.latest\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.cpu.endpoint.mean\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.disks\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Endpoint.metrics.disks.device\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.disks.endpoint_drive\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.disks.free\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.disks.fstype\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.disks.mount\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.disks.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.file_events.sent_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.file_events.sent_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.file_events.suppressed_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.file_events.suppressed_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.library_events.sent_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.library_events.sent_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.library_events.suppressed_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.library_events.suppressed_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.network_events.sent_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.network_events.sent_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.network_events.suppressed_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.network_events.suppressed_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.overall.sent_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.overall.sent_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.overall.suppressed_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.overall.suppressed_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.process_events.sent_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.process_events.sent_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.process_events.suppressed_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.process_events.suppressed_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.registry_events.sent_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.registry_events.sent_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.registry_events.suppressed_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.registry_events.suppressed_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.memory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.memory.endpoint\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.memory.endpoint.private\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.memory.endpoint.private.latest\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.memory.endpoint.private.mean\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.system_impact\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Endpoint.metrics.threads\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Endpoint.metrics.uptime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.uptime.endpoint\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.uptime.system\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.end\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.actions.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.actions.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.actions.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Endpoint.policy.applied.artifacts.global\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.identifiers\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.identifiers.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.identifiers.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.identifiers\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.identifiers.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.identifiers.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.endpoint_policy_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Endpoint.policy.applied.response.configurations\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Endpoint.policy.applied.response.configurations.antivirus_registration\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Endpoint.policy.applied.response.configurations.antivirus_registration.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.antivirus_registration.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.behavior_protection.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.behavior_protection.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.events\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.events.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.events.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.host_isolation.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.host_isolation.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.logging\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.logging.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.logging.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.malware\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.malware.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.malware.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.memory_protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.memory_protection.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.memory_protection.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.ransomware.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.ransomware.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.streaming\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.streaming.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.streaming.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.diagnostic\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Endpoint.policy.applied.response.diagnostic.behavior_protection.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.diagnostic.behavior_protection.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.diagnostic.credential_protection.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.diagnostic.credential_protection.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.diagnostic.malware.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.diagnostic.malware.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.diagnostic.memory_protection.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.diagnostic.memory_protection.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.diagnostic.memory_scan.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.diagnostic.memory_scan.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.diagnostic.ransomware.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.diagnostic.ransomware.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.build.original\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","timeFieldName":"@timestamp","title":"metrics-*"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"metrics-*","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"sort":[1688154054424,5719],"type":"index-pattern","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0ODgsMV0="}
-{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{\"55d94407-b21c-49ae-a16e-72640d21a881\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"cloud.region\",\"title\":\"Regions\",\"id\":\"55d94407-b21c-49ae-a16e-72640d21a881\",\"enhancements\":{}}},\"4240efc9-bf68-427c-8fe3-be4f47247d98\":{\"order\":3,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"aws.dimensions.StreamName\",\"title\":\"Stream Names\",\"id\":\"4240efc9-bf68-427c-8fe3-be4f47247d98\",\"enhancements\":{}}},\"7fcde1e0-44fd-48bf-b0b3-13c82f49adf3\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"cloud.availability_zone\",\"title\":\"Availability Zones\",\"id\":\"7fcde1e0-44fd-48bf-b0b3-13c82f49adf3\",\"enhancements\":{}}},\"dd664f97-eec2-4a38-b4a3-a807a5a6e8d5\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"cloud.account.name\",\"title\":\"Account Names\",\"id\":\"dd664f97-eec2-4a38-b4a3-a807a5a6e8d5\",\"enhancements\":{}}}}"},"description":"Overview of Amazon Kinesis Metrics","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.kinesis\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.kinesis\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":6,\"i\":\"84bfd8e4-fcfe-4985-8e80-f840c190787c\",\"w\":12,\"x\":0,\"y\":0},\"panelIndex\":\"84bfd8e4-fcfe-4985-8e80-f840c190787c\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-e90bdb01-c733-4cf6-b3ca-7f727eec5d0e\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"e90bdb01-c733-4cf6-b3ca-7f727eec5d0e\":{\"columnOrder\":[\"d4bfc6f7-1652-44a3-8ebc-614ce412a7bd\"],\"columns\":{\"d4bfc6f7-1652-44a3-8ebc-614ce412a7bd\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Stream Count\",\"operationType\":\"unique_count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.dimensions.StreamName\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"d4bfc6f7-1652-44a3-8ebc-614ce412a7bd\",\"layerId\":\"e90bdb01-c733-4cf6-b3ca-7f727eec5d0e\",\"layerType\":\"data\",\"size\":\"l\",\"textAlign\":\"center\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":true,\"type\":\"lens\"},\"title\":\"Stream Count\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":6,\"i\":\"d2561e5f-82df-4c7e-940d-e443263a5761\",\"w\":19,\"x\":12,\"y\":0},\"panelIndex\":\"d2561e5f-82df-4c7e-940d-e443263a5761\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-85000cbe-652e-4337-81c6-6abb10541e21\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"c2983c5b-02c3-4f54-9c89-9bfa1ca0efe8\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"85000cbe-652e-4337-81c6-6abb10541e21\":{\"columnOrder\":[\"6902038d-7bb1-4339-9b9f-07ea69d05480\"],\"columns\":{\"6902038d-7bb1-4339-9b9f-07ea69d05480\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average Incoming Bytes (in selected time range)\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}},\"scale\":\"ratio\",\"sourceField\":\"aws.kinesis.metrics.IncomingBytes.avg\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"c2983c5b-02c3-4f54-9c89-9bfa1ca0efe8\",\"key\":\"aws.kinesis.metrics.IncomingBytes.avg\",\"negate\":false,\"type\":\"exists\",\"value\":\"exists\"},\"query\":{\"exists\":{\"field\":\"aws.kinesis.metrics.IncomingBytes.avg\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"6902038d-7bb1-4339-9b9f-07ea69d05480\",\"layerId\":\"85000cbe-652e-4337-81c6-6abb10541e21\",\"layerType\":\"data\",\"size\":\"l\",\"textAlign\":\"center\",\"titlePosition\":\"top\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":true,\"type\":\"lens\"},\"title\":\"Incoming Bytes\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":6,\"i\":\"fe687607-118e-4b28-87d2-770bacc39c16\",\"w\":17,\"x\":31,\"y\":0},\"panelIndex\":\"fe687607-118e-4b28-87d2-770bacc39c16\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-fea14ee9-35c1-47b8-b245-010f56ed252e\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"fea14ee9-35c1-47b8-b245-010f56ed252e\":{\"columnOrder\":[\"f198a9d8-490f-4385-98c1-455a7a0ee030\"],\"columns\":{\"f198a9d8-490f-4385-98c1-455a7a0ee030\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average Get Records Bytes (in selected time range)\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}},\"scale\":\"ratio\",\"sourceField\":\"aws.kinesis.metrics.GetRecords_Bytes.avg\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"f198a9d8-490f-4385-98c1-455a7a0ee030\",\"layerId\":\"fea14ee9-35c1-47b8-b245-010f56ed252e\",\"layerType\":\"data\",\"size\":\"l\",\"textAlign\":\"center\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":true,\"type\":\"lens\"},\"title\":\"Average Get Records Bytes\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"bcb7cf5d-0f3e-42e4-a85b-fcf8aaf0272f\",\"w\":4,\"x\":0,\"y\":6},\"panelIndex\":\"bcb7cf5d-0f3e-42e4-a85b-fcf8aaf0272f\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":24,\"markdown\":\"Incoming Data\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Incoming Data Label\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"35950b92-e435-4d8e-939f-729865b86d05\",\"w\":22,\"x\":4,\"y\":6},\"panelIndex\":\"35950b92-e435-4d8e-939f-729865b86d05\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-f364a471-26d4-4349-a977-0852b7c54b72\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"f364a471-26d4-4349-a977-0852b7c54b72\":{\"columnOrder\":[\"b0fcf617-1944-40a7-b423-63f3ba179e96\",\"4a9105bb-d594-489c-a999-828c551d2397\",\"772f4177-1cca-494f-9b95-d7d885c458ca\"],\"columns\":{\"4a9105bb-d594-489c-a999-828c551d2397\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 values of aws.dimensions.StreamName\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"772f4177-1cca-494f-9b95-d7d885c458ca\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.dimensions.StreamName\"},\"772f4177-1cca-494f-9b95-d7d885c458ca\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Incoming Bytes per Stream\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}},\"scale\":\"ratio\",\"sourceField\":\"aws.kinesis.metrics.IncomingBytes.avg\"},\"b0fcf617-1944-40a7-b423-63f3ba179e96\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"curveType\":\"LINEAR\",\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"hideEndzones\":false,\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"772f4177-1cca-494f-9b95-d7d885c458ca\"],\"layerId\":\"f364a471-26d4-4349-a977-0852b7c54b72\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"4a9105bb-d594-489c-a999-828c551d2397\",\"xAccessor\":\"b0fcf617-1944-40a7-b423-63f3ba179e96\"}],\"legend\":{\"isInside\":true,\"isVisible\":true,\"position\":\"right\",\"showSingleSeries\":false},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"valuesInLegend\":false,\"xTitle\":\"timestamp\",\"yLeftExtent\":{\"mode\":\"dataBounds\"},\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Incoming Bytes per Stream\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"ef1f9b18-05dd-4dad-aaf4-f0c93363b82a\",\"w\":22,\"x\":26,\"y\":6},\"panelIndex\":\"ef1f9b18-05dd-4dad-aaf4-f0c93363b82a\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-ef45f5b2-6ee6-4630-83df-ac21859098ac\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"ef45f5b2-6ee6-4630-83df-ac21859098ac\":{\"columnOrder\":[\"56dce76d-00b6-42ca-95c3-df6510c9b577\",\"d477a257-1ca8-4d0f-a5ae-c5ea28415aed\",\"6c6de2f7-4864-46c6-916d-5bf11169f90a\"],\"columns\":{\"56dce76d-00b6-42ca-95c3-df6510c9b577\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"6c6de2f7-4864-46c6-916d-5bf11169f90a\":{\"customLabel\":false,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average of aws.kinesis.metrics.IncomingRecords.avg\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.kinesis.metrics.IncomingRecords.avg\"},\"d477a257-1ca8-4d0f-a5ae-c5ea28415aed\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 values of aws.dimensions.StreamName\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"6c6de2f7-4864-46c6-916d-5bf11169f90a\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.dimensions.StreamName\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"6c6de2f7-4864-46c6-916d-5bf11169f90a\"],\"layerId\":\"ef45f5b2-6ee6-4630-83df-ac21859098ac\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"d477a257-1ca8-4d0f-a5ae-c5ea28415aed\",\"xAccessor\":\"56dce76d-00b6-42ca-95c3-df6510c9b577\"}],\"legend\":{\"isInside\":true,\"isVisible\":true,\"position\":\"right\",\"showSingleSeries\":false},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"xTitle\":\"timestamp\",\"yLeftExtent\":{\"mode\":\"dataBounds\"},\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Incoming Records per Stream\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"ca087394-b593-4315-96fc-91d001763436\",\"w\":4,\"x\":0,\"y\":17},\"panelIndex\":\"ca087394-b593-4315-96fc-91d001763436\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":24,\"markdown\":\"Outgoing Data\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Outgoing Data Label\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"cebc0c74-fbe5-4dd3-ab4e-a3957bc27b57\",\"w\":22,\"x\":4,\"y\":17},\"panelIndex\":\"cebc0c74-fbe5-4dd3-ab4e-a3957bc27b57\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-66e326a0-aea7-465a-898e-cf06def52d2f\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"66e326a0-aea7-465a-898e-cf06def52d2f\":{\"columnOrder\":[\"bb8e30f7-7af5-4579-bd1e-df9c334c0ea3\",\"009e02e1-a8eb-483e-90ff-2ad2c265de5e\",\"0c97ef8c-3b1d-48c6-8a99-3dcc7edf0775\"],\"columns\":{\"009e02e1-a8eb-483e-90ff-2ad2c265de5e\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 values of aws.dimensions.StreamName\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0c97ef8c-3b1d-48c6-8a99-3dcc7edf0775\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.dimensions.StreamName\"},\"0c97ef8c-3b1d-48c6-8a99-3dcc7edf0775\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Get Records Bytes per Stream\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}},\"scale\":\"ratio\",\"sourceField\":\"aws.kinesis.metrics.GetRecords_Bytes.avg\"},\"bb8e30f7-7af5-4579-bd1e-df9c334c0ea3\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"0c97ef8c-3b1d-48c6-8a99-3dcc7edf0775\"],\"layerId\":\"66e326a0-aea7-465a-898e-cf06def52d2f\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"009e02e1-a8eb-483e-90ff-2ad2c265de5e\",\"xAccessor\":\"bb8e30f7-7af5-4579-bd1e-df9c334c0ea3\"}],\"legend\":{\"isInside\":true,\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"xTitle\":\"timestamp\",\"yLeftExtent\":{\"mode\":\"dataBounds\"},\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Get Records Bytes per Stream\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"0de4ba03-7578-4e58-a11a-c9a3f189c737\",\"w\":22,\"x\":26,\"y\":17},\"panelIndex\":\"0de4ba03-7578-4e58-a11a-c9a3f189c737\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-a980f50c-c9ba-4fef-a19e-5480d4cabb8e\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a980f50c-c9ba-4fef-a19e-5480d4cabb8e\":{\"columnOrder\":[\"617e16f4-065a-400f-90d9-41e8b23742b3\",\"acbcda73-e162-421c-8189-50dd770b75f2\",\"57f5ba6b-2325-4f5c-bfea-7c03d45f1bf0\"],\"columns\":{\"57f5ba6b-2325-4f5c-bfea-7c03d45f1bf0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Get Records per Stream\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.kinesis.metrics.GetRecords_Records.avg\"},\"617e16f4-065a-400f-90d9-41e8b23742b3\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"acbcda73-e162-421c-8189-50dd770b75f2\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 values of aws.dimensions.StreamName\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"57f5ba6b-2325-4f5c-bfea-7c03d45f1bf0\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.dimensions.StreamName\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"57f5ba6b-2325-4f5c-bfea-7c03d45f1bf0\"],\"layerId\":\"a980f50c-c9ba-4fef-a19e-5480d4cabb8e\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"acbcda73-e162-421c-8189-50dd770b75f2\",\"xAccessor\":\"617e16f4-065a-400f-90d9-41e8b23742b3\"}],\"legend\":{\"isInside\":true,\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"xTitle\":\"timestamp\",\"yLeftExtent\":{\"mode\":\"dataBounds\"},\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Get Records per Stream\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":17,\"i\":\"31b1f250-ed1f-4f0f-a6c1-2b0c3b89f44e\",\"w\":4,\"x\":0,\"y\":28},\"panelIndex\":\"31b1f250-ed1f-4f0f-a6c1-2b0c3b89f44e\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":24,\"markdown\":\"Latency\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"latency label\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":6,\"i\":\"8b7a3327-5e7b-497e-81ad-44c4a79404c1\",\"w\":22,\"x\":4,\"y\":28},\"panelIndex\":\"8b7a3327-5e7b-497e-81ad-44c4a79404c1\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-9b4f8256-163e-4ab3-8a3a-9537e7f6bf6f\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"9b4f8256-163e-4ab3-8a3a-9537e7f6bf6f\":{\"columnOrder\":[\"db6866f3-2c0a-412b-bfda-daabae270aad\"],\"columns\":{\"db6866f3-2c0a-412b-bfda-daabae270aad\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Put Records Latency (ms)\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.kinesis.metrics.PutRecords_Latency.avg\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"db6866f3-2c0a-412b-bfda-daabae270aad\",\"layerId\":\"9b4f8256-163e-4ab3-8a3a-9537e7f6bf6f\",\"layerType\":\"data\",\"size\":\"l\",\"textAlign\":\"center\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":true,\"type\":\"lens\"},\"title\":\"Put Records Latency\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":6,\"i\":\"ba88b57d-1f5f-40f0-8c41-2c0f28840ba3\",\"w\":22,\"x\":26,\"y\":28},\"panelIndex\":\"ba88b57d-1f5f-40f0-8c41-2c0f28840ba3\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-2f27b831-82a8-41b7-a5f7-78e55e47c621\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"2f27b831-82a8-41b7-a5f7-78e55e47c621\":{\"columnOrder\":[\"60129565-3cbe-4dae-8e0c-2dcd8cf28cbb\"],\"columns\":{\"60129565-3cbe-4dae-8e0c-2dcd8cf28cbb\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Get Records Latency (ms)\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.kinesis.metrics.GetRecords_Latency.avg\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"60129565-3cbe-4dae-8e0c-2dcd8cf28cbb\",\"layerId\":\"2f27b831-82a8-41b7-a5f7-78e55e47c621\",\"layerType\":\"data\",\"size\":\"l\",\"textAlign\":\"center\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":true,\"type\":\"lens\"},\"title\":\"Get Records Latency\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"0bc876e8-94df-413b-8297-a6059a876e2c\",\"w\":22,\"x\":4,\"y\":34},\"panelIndex\":\"0bc876e8-94df-413b-8297-a6059a876e2c\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-cc948472-c0b6-4462-85e5-ba342900911c\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"cc948472-c0b6-4462-85e5-ba342900911c\":{\"columnOrder\":[\"3aeb8dc5-7e81-4852-94f8-4a9f8d1edd51\",\"bb117738-24ca-4e6a-aafc-1544b82237f8\",\"405da135-3981-4d0e-9c6e-267b7c942374\"],\"columns\":{\"3aeb8dc5-7e81-4852-94f8-4a9f8d1edd51\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"405da135-3981-4d0e-9c6e-267b7c942374\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"PutRecords Latency\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.kinesis.metrics.PutRecords_Latency.avg\"},\"bb117738-24ca-4e6a-aafc-1544b82237f8\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 3 values of aws.dimensions.StreamName\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"405da135-3981-4d0e-9c6e-267b7c942374\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":3},\"scale\":\"ordinal\",\"sourceField\":\"aws.dimensions.StreamName\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"405da135-3981-4d0e-9c6e-267b7c942374\"],\"layerId\":\"cc948472-c0b6-4462-85e5-ba342900911c\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"bb117738-24ca-4e6a-aafc-1544b82237f8\",\"xAccessor\":\"3aeb8dc5-7e81-4852-94f8-4a9f8d1edd51\"}],\"legend\":{\"isInside\":true,\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"xTitle\":\"timestamp\",\"yLeftExtent\":{\"mode\":\"dataBounds\"},\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Put Records Latency\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"45c140bc-8782-476c-8f2e-8713a1e39dfe\",\"w\":22,\"x\":26,\"y\":34},\"panelIndex\":\"45c140bc-8782-476c-8f2e-8713a1e39dfe\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-3d34bc69-5211-4972-bd41-0a18e9612600\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"3d34bc69-5211-4972-bd41-0a18e9612600\":{\"columnOrder\":[\"979e1cb7-86fc-4d5a-abc0-d96523e80509\",\"d8cd7f5c-a793-4b4e-ac36-c71567f8f86e\",\"d8554dbd-ab0a-477c-969e-b1739d2bd362\"],\"columns\":{\"979e1cb7-86fc-4d5a-abc0-d96523e80509\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"d8554dbd-ab0a-477c-969e-b1739d2bd362\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Get Records Latency\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.kinesis.metrics.GetRecords_Latency.avg\"},\"d8cd7f5c-a793-4b4e-ac36-c71567f8f86e\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 values of aws.dimensions.StreamName\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"d8554dbd-ab0a-477c-969e-b1739d2bd362\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.dimensions.StreamName\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"d8554dbd-ab0a-477c-969e-b1739d2bd362\"],\"layerId\":\"3d34bc69-5211-4972-bd41-0a18e9612600\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"d8cd7f5c-a793-4b4e-ac36-c71567f8f86e\",\"xAccessor\":\"979e1cb7-86fc-4d5a-abc0-d96523e80509\"}],\"legend\":{\"isInside\":true,\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"xTitle\":\"timestamp\",\"yLeftExtent\":{\"mode\":\"dataBounds\"},\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Get Records Latency\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"e4a85e33-bbc8-4476-a845-27b2ac3347ac\",\"w\":44,\"x\":4,\"y\":45},\"panelIndex\":\"e4a85e33-bbc8-4476-a845-27b2ac3347ac\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-44c2780b-de65-4156-91a7-04c4cd5999f4\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"44c2780b-de65-4156-91a7-04c4cd5999f4\":{\"columnOrder\":[\"ee968136-8f62-414e-ac48-1169ca061295\",\"ba2fedb6-b237-4ebe-aafc-49d034ba7270\",\"eb814fb0-7e21-46de-b35c-aaf20617a7cf\"],\"columns\":{\"ba2fedb6-b237-4ebe-aafc-49d034ba7270\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 values of aws.dimensions.StreamName\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"eb814fb0-7e21-46de-b35c-aaf20617a7cf\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.dimensions.StreamName\"},\"eb814fb0-7e21-46de-b35c-aaf20617a7cf\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Get Records Iterator Age (ms)\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.kinesis.metrics.GetRecords_IteratorAgeMilliseconds.avg\"},\"ee968136-8f62-414e-ac48-1169ca061295\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"eb814fb0-7e21-46de-b35c-aaf20617a7cf\"],\"layerId\":\"44c2780b-de65-4156-91a7-04c4cd5999f4\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"ba2fedb6-b237-4ebe-aafc-49d034ba7270\",\"xAccessor\":\"ee968136-8f62-414e-ac48-1169ca061295\"}],\"legend\":{\"isInside\":true,\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"xTitle\":\"timestamp\",\"yLeftExtent\":{\"mode\":\"dataBounds\"},\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Get Records Iterator Age (ms)\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"360ef36d-2399-41e7-8f5a-b3c1406dedc7\",\"w\":4,\"x\":0,\"y\":45},\"panelIndex\":\"360ef36d-2399-41e7-8f5a-b3c1406dedc7\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":24,\"markdown\":\"Iterator Age\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"iterator age label\"}]","timeRestore":false,"title":"[Metrics AWS] Kinesis Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"aws-07d67a60-d872-11eb-8220-c9141cc1b15c","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"84bfd8e4-fcfe-4985-8e80-f840c190787c:indexpattern-datasource-layer-e90bdb01-c733-4cf6-b3ca-7f727eec5d0e","type":"index-pattern"},{"id":"metrics-*","name":"d2561e5f-82df-4c7e-940d-e443263a5761:indexpattern-datasource-layer-85000cbe-652e-4337-81c6-6abb10541e21","type":"index-pattern"},{"id":"metrics-*","name":"d2561e5f-82df-4c7e-940d-e443263a5761:c2983c5b-02c3-4f54-9c89-9bfa1ca0efe8","type":"index-pattern"},{"id":"metrics-*","name":"fe687607-118e-4b28-87d2-770bacc39c16:indexpattern-datasource-layer-fea14ee9-35c1-47b8-b245-010f56ed252e","type":"index-pattern"},{"id":"metrics-*","name":"35950b92-e435-4d8e-939f-729865b86d05:indexpattern-datasource-layer-f364a471-26d4-4349-a977-0852b7c54b72","type":"index-pattern"},{"id":"metrics-*","name":"ef1f9b18-05dd-4dad-aaf4-f0c93363b82a:indexpattern-datasource-layer-ef45f5b2-6ee6-4630-83df-ac21859098ac","type":"index-pattern"},{"id":"metrics-*","name":"cebc0c74-fbe5-4dd3-ab4e-a3957bc27b57:indexpattern-datasource-layer-66e326a0-aea7-465a-898e-cf06def52d2f","type":"index-pattern"},{"id":"metrics-*","name":"0de4ba03-7578-4e58-a11a-c9a3f189c737:indexpattern-datasource-layer-a980f50c-c9ba-4fef-a19e-5480d4cabb8e","type":"index-pattern"},{"id":"metrics-*","name":"8b7a3327-5e7b-497e-81ad-44c4a79404c1:indexpattern-datasource-layer-9b4f8256-163e-4ab3-8a3a-9537e7f6bf6f","type":"index-pattern"},{"id":"metrics-*","name":"ba88b57d-1f5f-40f0-8c41-2c0f28840ba3:indexpattern-datasource-layer-2f27b831-82a8-41b7-a5f7-78e55e47c621","type":"index-pattern"},{"id":"metrics-*","name":"0bc876e8-94df-413b-8297-a6059a876e2c:indexpattern-datasource-layer-cc948472-c0b6-4462-85e5-ba342900911c","type":"index-pattern"},{"id":"metrics-*","name":"45c140bc-8782-476c-8f2e-8713a1e39dfe:indexpattern-datasource-layer-3d34bc69-5211-4972-bd41-0a18e9612600","type":"index-pattern"},{"id":"metrics-*","name":"e4a85e33-bbc8-4476-a845-27b2ac3347ac:indexpattern-datasource-layer-44c2780b-de65-4156-91a7-04c4cd5999f4","type":"index-pattern"},{"id":"metrics-*","name":"controlGroup_55d94407-b21c-49ae-a16e-72640d21a881:optionsListDataView","type":"index-pattern"},{"id":"metrics-*","name":"controlGroup_4240efc9-bf68-427c-8fe3-be4f47247d98:optionsListDataView","type":"index-pattern"},{"id":"metrics-*","name":"controlGroup_7fcde1e0-44fd-48bf-b0b3-13c82f49adf3:optionsListDataView","type":"index-pattern"},{"id":"metrics-*","name":"controlGroup_dd664f97-eec2-4a38-b4a3-a807a5a6e8d5:optionsListDataView","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688154054424,5740],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0ODksMV0="}
-{"attributes":{"description":"Overview of AWS Transit Gateway Metrics","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.transitgateway\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.transitgateway\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"af1453d8-04d3-4b44-a3b0-138111255a23\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"af1453d8-04d3-4b44-a3b0-138111255a23\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloud.account.name\",\"id\":\"1565034367477\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"account name\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloud.region\",\"id\":\"1584478324642\",\"indexPatternRefName\":\"control_1_index_pattern\",\"label\":\"region\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"aws.dimensions.TransitGateway\",\"id\":\"1584479118709\",\"indexPatternRefName\":\"control_2_index_pattern\",\"label\":\"transit gateway\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":true,\"useTimeFilter\":true},\"title\":\"TransitGateway Filters [Metrics AWS]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"filters\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"14555108-559d-4c07-b240-6e6b14254f16\",\"w\":24,\"x\":0,\"y\":5},\"panelIndex\":\"14555108-559d-4c07-b240-6e6b14254f16\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":0,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.transitgateway.metrics.BytesIn.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"3\",\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.TransitGateway\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"Transit Gateway Bytes In [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Bytes In\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"9c605367-60e3-4e9c-8036-a6191dbafe4a\",\"w\":24,\"x\":24,\"y\":5},\"panelIndex\":\"9c605367-60e3-4e9c-8036-a6191dbafe4a\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":0,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.transitgateway.metrics.PacketsIn.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"3\",\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.TransitGateway\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"Transit Gateway Packets In [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Packets In\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"271558e6-b208-4e2c-abfb-0a6b2dbb0c66\",\"w\":24,\"x\":0,\"y\":17},\"panelIndex\":\"271558e6-b208-4e2c-abfb-0a6b2dbb0c66\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":0,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.transitgateway.metrics.BytesOut.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"3\",\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.TransitGateway\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"Transit Gateway Bytes Out [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Bytes Out\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"41002ab1-845b-469e-9283-8a46a90e4662\",\"w\":24,\"x\":24,\"y\":17},\"panelIndex\":\"41002ab1-845b-469e-9283-8a46a90e4662\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":0,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.transitgateway.metrics.PacketsOut.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"3\",\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.TransitGateway\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"Transit Gateway Packets Out [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Packets Out\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"b141f90b-739e-46f3-83c9-9c4661183837\",\"w\":24,\"x\":0,\"y\":29},\"panelIndex\":\"b141f90b-739e-46f3-83c9-9c4661183837\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":0,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.transitgateway.metrics.BytesDropCountNoRoute.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"3\",\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.TransitGateway\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"Transit Gateway Bytes Drop Count No Route [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Bytes Dropped - no route\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"c6a76f92-248b-4cae-a03f-7d34d58098ae\",\"w\":24,\"x\":24,\"y\":29},\"panelIndex\":\"c6a76f92-248b-4cae-a03f-7d34d58098ae\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":0,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.transitgateway.metrics.PacketDropCountNoRoute.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"3\",\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.TransitGateway\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"Transit Gateway Packets Drop Count No Route [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Packets Dropped - no route\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"1d08d3b8-3bd7-4f90-854d-be08cb119273\",\"w\":24,\"x\":0,\"y\":41},\"panelIndex\":\"1d08d3b8-3bd7-4f90-854d-be08cb119273\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":0,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.transitgateway.metrics.BytesDropCountBlackhole.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"3\",\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.TransitGateway\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"Transit Gateway Bytes Drop Count Blackhole [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Bytes Dropped - black hole\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"40e82e50-b30c-40eb-bbee-9bbfc3d3311f\",\"w\":24,\"x\":24,\"y\":41},\"panelIndex\":\"40e82e50-b30c-40eb-bbee-9bbfc3d3311f\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":0,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.transitgateway.metrics.PacketDropCountBlackhole.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"3\",\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.TransitGateway\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"Transit Gateway Packets Drop Count Blackhole [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Packets Dropped - black hole\"}]","timeRestore":false,"title":"[Metrics AWS] TransitGateway Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"aws-0eb5a6a0-694f-11ea-b0ac-95d4ecb1fecd","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"af1453d8-04d3-4b44-a3b0-138111255a23:control_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"af1453d8-04d3-4b44-a3b0-138111255a23:control_1_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"af1453d8-04d3-4b44-a3b0-138111255a23:control_2_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688154054424,5747],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0OTAsMV0="}
-{"attributes":{"columns":["aws.inspector.title","aws.inspector.finding_arn","aws.inspector.type","aws.inspector.status"],"description":"","grid":{},"hideChart":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.inspector\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.inspector\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"sort":[["@timestamp","desc"]],"title":"Findings Essential Details [Logs Inspector]"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"aws-395fef40-5a52-11ed-a807-bd2da8f2e79b","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688154054424,5752],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0OTEsMV0="}
-{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{\"5de52701-f68f-43d6-b708-9ee6215f945a\":{\"order\":0,\"width\":\"large\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"aws.inspector.severity\",\"parentFieldName\":\"aws.inspector.severity\",\"title\":\"AWS Inspector Findings Severity\",\"id\":\"5de52701-f68f-43d6-b708-9ee6215f945a\",\"selectedOptions\":[],\"enhancements\":{}}}}"},"description":"Overview of AWS Inspector Findings logs.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.inspector\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.inspector\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"2c9f6be4-d000-4aae-a20e-3276e296a95a\",\"w\":24,\"x\":24,\"y\":4},\"panelIndex\":\"2c9f6be4-d000-4aae-a20e-3276e296a95a\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-6b39ae60-44af-44ec-89ce-9d0e344b839b\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"6b39ae60-44af-44ec-89ce-9d0e344b839b\":{\"columnOrder\":[\"c57df882-ee88-4a45-bad1-a6e37fd66f0b\",\"8aa1dbfa-dfa6-42c3-af56-1f9540982d76\"],\"columns\":{\"8aa1dbfa-dfa6-42c3-af56-1f9540982d76\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"c57df882-ee88-4a45-bad1-a6e37fd66f0b\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Status\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"8aa1dbfa-dfa6-42c3-af56-1f9540982d76\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.inspector.status\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"6b39ae60-44af-44ec-89ce-9d0e344b839b\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":false,\"primaryGroups\":[\"c57df882-ee88-4a45-bad1-a6e37fd66f0b\"],\"metrics\":[\"8aa1dbfa-dfa6-42c3-af56-1f9540982d76\"]}],\"shape\":\"pie\"}},\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Findings by Status [Logs Inspector]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"e0d79f79-7160-4106-980b-9bfbbd384a48\",\"w\":24,\"x\":0,\"y\":4},\"panelIndex\":\"e0d79f79-7160-4106-980b-9bfbbd384a48\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-1dae6ff8-1a46-42dc-8e3c-7c6f597f71d2\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"1dae6ff8-1a46-42dc-8e3c-7c6f597f71d2\":{\"columnOrder\":[\"80bca2a5-1b67-4964-a5c0-235ce80fb55f\"],\"columns\":{\"80bca2a5-1b67-4964-a5c0-235ce80fb55f\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Total Findings\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"80bca2a5-1b67-4964-a5c0-235ce80fb55f\",\"layerId\":\"1dae6ff8-1a46-42dc-8e3c-7c6f597f71d2\",\"layerType\":\"data\"}},\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Findings Count [Logs Inspector]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"736a3ccc-8ced-4619-a703-b646564b3849\",\"w\":24,\"x\":24,\"y\":19},\"panelIndex\":\"736a3ccc-8ced-4619-a703-b646564b3849\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-6b39ae60-44af-44ec-89ce-9d0e344b839b\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"6b39ae60-44af-44ec-89ce-9d0e344b839b\":{\"columnOrder\":[\"c57df882-ee88-4a45-bad1-a6e37fd66f0b\",\"8aa1dbfa-dfa6-42c3-af56-1f9540982d76\"],\"columns\":{\"8aa1dbfa-dfa6-42c3-af56-1f9540982d76\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"c57df882-ee88-4a45-bad1-a6e37fd66f0b\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"8aa1dbfa-dfa6-42c3-af56-1f9540982d76\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.inspector.type\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"6b39ae60-44af-44ec-89ce-9d0e344b839b\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"legendSize\":\"xlarge\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":false,\"primaryGroups\":[\"c57df882-ee88-4a45-bad1-a6e37fd66f0b\"],\"metrics\":[\"8aa1dbfa-dfa6-42c3-af56-1f9540982d76\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Findings by Type [Logs Inspector]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"6c7ebad2-7916-4969-b4fe-8f26dc3655d9\",\"w\":24,\"x\":0,\"y\":19},\"panelIndex\":\"6c7ebad2-7916-4969-b4fe-8f26dc3655d9\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-330d4bd7-3d50-4661-aaeb-6239e9afbd85\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"330d4bd7-3d50-4661-aaeb-6239e9afbd85\":{\"columnOrder\":[\"7fd0f4ce-5c8b-4f17-aff7-1c68f6e05525\",\"dfba9e56-fb69-439c-841f-84cf8d6b3ea6\"],\"columns\":{\"7fd0f4ce-5c8b-4f17-aff7-1c68f6e05525\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Network Protocol\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"dfba9e56-fb69-439c-841f-84cf8d6b3ea6\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"network.transport\"},\"dfba9e56-fb69-439c-841f-84cf8d6b3ea6\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"330d4bd7-3d50-4661-aaeb-6239e9afbd85\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":false,\"primaryGroups\":[\"7fd0f4ce-5c8b-4f17-aff7-1c68f6e05525\"],\"metrics\":[\"dfba9e56-fb69-439c-841f-84cf8d6b3ea6\"]}],\"shape\":\"pie\"}},\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Findings by Network Protocol [Logs Inspector]\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":15,\"i\":\"a3dbcb3a-e56a-43bb-bf34-e05a3e61e4c0\",\"w\":24,\"x\":24,\"y\":34},\"panelIndex\":\"a3dbcb3a-e56a-43bb-bf34-e05a3e61e4c0\",\"panelRefName\":\"panel_a3dbcb3a-e56a-43bb-bf34-e05a3e61e4c0\",\"type\":\"search\",\"version\":\"8.4.0\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"b7c5bf1e-b774-455f-8fbc-07e2e31f092e\",\"w\":24,\"x\":0,\"y\":34},\"panelIndex\":\"b7c5bf1e-b774-455f-8fbc-07e2e31f092e\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b2cd46b9-b4fd-4940-9d35-567844a01b5f\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b2cd46b9-b4fd-4940-9d35-567844a01b5f\":{\"columnOrder\":[\"8e3a1fa1-a832-4796-beee-c2f6003979aa\",\"e9633195-636f-4935-8348-fac4365bfa5e\"],\"columns\":{\"8e3a1fa1-a832-4796-beee-c2f6003979aa\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Title\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e9633195-636f-4935-8348-fac4365bfa5e\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.inspector.title\"},\"e9633195-636f-4935-8348-fac4365bfa5e\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Inspector Score\",\"operationType\":\"max\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.inspector.inspector_score\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"8e3a1fa1-a832-4796-beee-c2f6003979aa\",\"isTransposed\":false},{\"alignment\":\"left\",\"columnId\":\"e9633195-636f-4935-8348-fac4365bfa5e\",\"isTransposed\":false}],\"layerId\":\"b2cd46b9-b4fd-4940-9d35-567844a01b5f\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top 10 Findings Title with Highest Inspector Score [Logs Inspector]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"76a6efa7-5420-473d-b856-cf972834b31b\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"76a6efa7-5420-473d-b856-cf972834b31b\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":13,\"markdown\":\"[Inspector Inspector Findings Overview Dashboard](#/dashboard/aws-131a1550-5a0b-11ed-a807-bd2da8f2e79b) | [Inspector Severity Dashboard](#/dashboard/aws-60881ab0-63e0-11ed-be08-4b4db5223139) | [Inspector Vulnerabilities Dashboard](#/dashboard/aws-383d4630-63df-11ed-be08-4b4db5223139) | [Inspector Inspector EC2 and ECR Overview Dashboard](#/dashboard/aws-63984b70-63e1-11ed-be08-4b4db5223139)  \",\"openLinksInNewTab\":true},\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Dashboards [Logs Inspector]\"}]","timeRestore":false,"title":"[Logs AWS] Inspector Findings Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"aws-131a1550-5a0b-11ed-a807-bd2da8f2e79b","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"2c9f6be4-d000-4aae-a20e-3276e296a95a:indexpattern-datasource-layer-6b39ae60-44af-44ec-89ce-9d0e344b839b","type":"index-pattern"},{"id":"logs-*","name":"e0d79f79-7160-4106-980b-9bfbbd384a48:indexpattern-datasource-layer-1dae6ff8-1a46-42dc-8e3c-7c6f597f71d2","type":"index-pattern"},{"id":"logs-*","name":"736a3ccc-8ced-4619-a703-b646564b3849:indexpattern-datasource-layer-6b39ae60-44af-44ec-89ce-9d0e344b839b","type":"index-pattern"},{"id":"logs-*","name":"6c7ebad2-7916-4969-b4fe-8f26dc3655d9:indexpattern-datasource-layer-330d4bd7-3d50-4661-aaeb-6239e9afbd85","type":"index-pattern"},{"id":"aws-395fef40-5a52-11ed-a807-bd2da8f2e79b","name":"a3dbcb3a-e56a-43bb-bf34-e05a3e61e4c0:panel_a3dbcb3a-e56a-43bb-bf34-e05a3e61e4c0","type":"search"},{"id":"logs-*","name":"b7c5bf1e-b774-455f-8fbc-07e2e31f092e:indexpattern-datasource-layer-b2cd46b9-b4fd-4940-9d35-567844a01b5f","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_5de52701-f68f-43d6-b708-9ee6215f945a:optionsListDataView","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688154054424,5763],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0OTIsMV0="}
-{"attributes":{"columns":["source.ip","source.port","event.original"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.vpcflow\"},\"type\":\"phrase\",\"value\":\"vpcflow\"},\"query\":{\"match\":{\"data_stream.dataset\":{\"query\":\"aws.vpcflow\",\"type\":\"phrase\"}}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"aws.vpcflow.action\",\"negate\":false,\"params\":{\"query\":\"REJECT\"},\"type\":\"phrase\",\"value\":\"REJECT\"},\"query\":{\"match\":{\"aws.vpcflow.action\":{\"query\":\"REJECT\",\"type\":\"phrase\"}}}}],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"version\":true}"},"sort":[["@timestamp","desc"]],"title":"VPC Flow Reject Logs [Logs AWS]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"aws-c1aee600-4487-11ea-ad63-791a5dc86f10","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688154054424,5769],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0OTMsMV0="}
-{"attributes":{"description":"Logs AWS VPC Flow Log Overview Dashboard","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"c802177f-038c-4a35-a82d-0fa42c857d02\",\"w\":18,\"x\":0,\"y\":0},\"panelIndex\":\"c802177f-038c-4a35-a82d-0fa42c857d02\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"aws.s3.bucket.name\",\"id\":\"1565034367477\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"S3 Bucket Names\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":true,\"useTimeFilter\":true},\"title\":\"S3 Bucket Name Filter [Logs AWS]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"S3 Bucket Filter\"},{\"version\":\"8.7.0\",\"type\":\"map\",\"gridData\":{\"h\":17,\"i\":\"380eed85-225b-4d5d-88bc-1c70a3643ddb\",\"w\":30,\"x\":18,\"y\":0},\"panelIndex\":\"380eed85-225b-4d5d-88bc-1c70a3643ddb\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"layerListJSON\":\"[{\\\"alpha\\\":1,\\\"id\\\":\\\"842c201e-96d7-413d-8688-de5ee4f8a1e0\\\",\\\"label\\\":null,\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"sourceDescriptor\\\":{\\\"isAutoSelect\\\":true,\\\"type\\\":\\\"EMS_TMS\\\",\\\"lightModeDefault\\\":\\\"road_map\\\"},\\\"style\\\":{},\\\"type\\\":\\\"EMS_VECTOR_TILE\\\",\\\"visible\\\":true},{\\\"alpha\\\":0.75,\\\"id\\\":\\\"401944dd-a371-4698-be17-bc4542e9a5d4\\\",\\\"label\\\":\\\"vpc flow action accept\\\",\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"query\\\":{\\\"language\\\":\\\"kuery\\\",\\\"query\\\":\\\"aws.vpcflow.action : \\\\\\\"ACCEPT\\\\\\\" \\\"},\\\"sourceDescriptor\\\":{\\\"applyGlobalQuery\\\":true,\\\"filterByMapBounds\\\":true,\\\"geoField\\\":\\\"destination.geo.location\\\",\\\"id\\\":\\\"97903038-e08d-4451-bbd2-eb92c894bdf5\\\",\\\"indexPatternRefName\\\":\\\"layer_1_source_index_pattern\\\",\\\"scalingType\\\":\\\"LIMIT\\\",\\\"sortField\\\":\\\"@timestamp\\\",\\\"sortOrder\\\":\\\"desc\\\",\\\"tooltipProperties\\\":[],\\\"topHitsSize\\\":1,\\\"type\\\":\\\"ES_SEARCH\\\"},\\\"style\\\":{\\\"properties\\\":{\\\"fillColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#1EA593\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"icon\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"value\\\":\\\"marker\\\"}},\\\"iconOrientation\\\":{\\\"options\\\":{\\\"orientation\\\":0},\\\"type\\\":\\\"STATIC\\\"},\\\"iconSize\\\":{\\\"options\\\":{\\\"size\\\":5},\\\"type\\\":\\\"STATIC\\\"},\\\"lineColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#167a6d\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"lineWidth\\\":{\\\"options\\\":{\\\"size\\\":1},\\\"type\\\":\\\"STATIC\\\"},\\\"symbolizeAs\\\":{\\\"options\\\":{\\\"value\\\":\\\"circle\\\"}}},\\\"type\\\":\\\"VECTOR\\\"},\\\"type\\\":\\\"GEOJSON_VECTOR\\\",\\\"visible\\\":true},{\\\"alpha\\\":0.75,\\\"id\\\":\\\"b1d44a5c-3a04-4c80-8080-57585b02fd48\\\",\\\"label\\\":\\\"vpc flow action reject\\\",\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"query\\\":{\\\"language\\\":\\\"kuery\\\",\\\"query\\\":\\\"aws.vpcflow.action : \\\\\\\"REJECT\\\\\\\" \\\"},\\\"sourceDescriptor\\\":{\\\"applyGlobalQuery\\\":true,\\\"filterByMapBounds\\\":true,\\\"geoField\\\":\\\"source.geo.location\\\",\\\"id\\\":\\\"9c0e7cce-4f21-4bcd-bb50-ae36c0fffffb\\\",\\\"indexPatternRefName\\\":\\\"layer_2_source_index_pattern\\\",\\\"scalingType\\\":\\\"LIMIT\\\",\\\"sortField\\\":\\\"@timestamp\\\",\\\"sortOrder\\\":\\\"desc\\\",\\\"tooltipProperties\\\":[],\\\"topHitsSize\\\":1,\\\"type\\\":\\\"ES_SEARCH\\\"},\\\"style\\\":{\\\"properties\\\":{\\\"fillColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#f00f0b\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"icon\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"value\\\":\\\"marker\\\"}},\\\"iconOrientation\\\":{\\\"options\\\":{\\\"orientation\\\":0},\\\"type\\\":\\\"STATIC\\\"},\\\"iconSize\\\":{\\\"options\\\":{\\\"size\\\":5},\\\"type\\\":\\\"STATIC\\\"},\\\"lineColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#7a1a18\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"lineWidth\\\":{\\\"options\\\":{\\\"size\\\":1},\\\"type\\\":\\\"STATIC\\\"},\\\"symbolizeAs\\\":{\\\"options\\\":{\\\"value\\\":\\\"circle\\\"}}},\\\"type\\\":\\\"VECTOR\\\"},\\\"type\\\":\\\"GEOJSON_VECTOR\\\",\\\"visible\\\":true}]\",\"mapStateJSON\":\"{\\\"center\\\":{\\\"lat\\\":0,\\\"lon\\\":-108.92402},\\\"filters\\\":[],\\\"query\\\":{\\\"language\\\":\\\"kuery\\\",\\\"query\\\":\\\"\\\"},\\\"refreshConfig\\\":{\\\"interval\\\":0,\\\"isPaused\\\":false},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-15d\\\",\\\"to\\\":\\\"now\\\"},\\\"zoom\\\":0.47,\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false}}\",\"title\":\"VPC Flow Action Geo Location[Logs AWS]\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":false,\\\"openTOCDetails\\\":[]}\"},\"isLayerTOCOpen\":true,\"mapCenter\":{\"lat\":12.09237,\"lon\":60.11722,\"zoom\":0.47},\"openTOCDetails\":[],\"type\":\"map\",\"enhancements\":{}},\"title\":\"VPC Flow Action Geo Location\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"3dde08df-2d7e-464e-825d-03179e43e175\",\"w\":18,\"x\":0,\"y\":5},\"panelIndex\":\"3dde08df-2d7e-464e-825d-03179e43e175\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"29527130-3e86-11ea-9067-cf383a4ea3b3\"}],\"bar_color_rules\":[{\"id\":\"cc6d5070-3e85-11ea-9067-cf383a4ea3b3\"}],\"drop_last_bucket\":1,\"gauge_color_rules\":[{\"id\":\"2b29c940-3e86-11ea-9067-cf383a4ea3b3\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"hide_last_value_indicator\":true,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"\",\"isModelInvalid\":false,\"legend_position\":\"bottom\",\"pivot_id\":\"user_agent.original\",\"pivot_type\":\"string\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(115,216,255,1)\",\"color_rules\":[{\"id\":\"42e14220-3e86-11ea-9067-cf383a4ea3b3\"}],\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.vpcflow\\\" \"},\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"IP address\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"},{\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"id\":\"40c52370-3e87-11ea-9067-cf383a4ea3b3\",\"type\":\"cumulative_sum\"}],\"override_index_pattern\":1,\"point_size\":1,\"separate_axis\":0,\"series_drop_last_bucket\":0,\"series_index_pattern\":\"logs-*\",\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"source.ip\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"top_n\",\"use_kibana_indexes\":false},\"title\":\"VPC Flow Top IP Addresses [Logs AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"VPC Flow Top IP Addresses\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"f7c6de04-c771-47ff-a32d-00a7940e414a\",\"w\":48,\"x\":0,\"y\":17},\"panelIndex\":\"f7c6de04-c771-47ff-a32d-00a7940e414a\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color\":\"rgba(255,255,255,1)\",\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"\",\"isModelInvalid\":false,\"legend_position\":\"right\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(211,49,21,1)\",\"fill\":\"0\",\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.vpcflow\\\" and aws.vpcflow.action : \\\"REJECT\\\" \"},\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"REJECT\",\"line_width\":\"2\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"override_index_pattern\":1,\"point_size\":\"3\",\"separate_axis\":0,\"series_drop_last_bucket\":0,\"series_index_pattern\":\"logs-*\",\"series_time_field\":\"@timestamp\",\"split_color_mode\":\"rainbow\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"terms_field\":\"aws.vpcflow.action\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(104,188,0,1)\",\"fill\":\"0\",\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.vpcflow\\\" and aws.vpcflow.action : \\\"ACCEPT\\\"  \"},\"formatter\":\"number\",\"id\":\"7ec99260-4485-11ea-9ee9-2d27e9149ae8\",\"label\":\"ACCEPT\",\"line_width\":\"2\",\"metrics\":[{\"id\":\"7ec99261-4485-11ea-9ee9-2d27e9149ae8\",\"type\":\"count\"}],\"override_index_pattern\":1,\"point_size\":\"3\",\"separate_axis\":0,\"series_drop_last_bucket\":0,\"series_index_pattern\":\"logs-*\",\"series_time_field\":\"@timestamp\",\"split_color_mode\":\"rainbow\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"terms_field\":\"aws.vpcflow.action\",\"terms_order_by\":\"7ec99261-4485-11ea-9ee9-2d27e9149ae8\",\"type\":\"timeseries\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(252,220,0,1)\",\"fill\":\"0\",\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.vpcflow\\\" and aws.vpcflow.action : \\\"-\\\" \"},\"formatter\":\"number\",\"id\":\"8d550580-4485-11ea-9ee9-2d27e9149ae8\",\"label\":\"-\",\"line_width\":\"2\",\"metrics\":[{\"id\":\"8d552c90-4485-11ea-9ee9-2d27e9149ae8\",\"type\":\"count\"}],\"override_index_pattern\":1,\"point_size\":\"3\",\"separate_axis\":0,\"series_drop_last_bucket\":0,\"series_index_pattern\":\"logs-*\",\"series_time_field\":\"@timestamp\",\"split_color_mode\":\"rainbow\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"terms_field\":\"aws.vpcflow.action\",\"terms_order_by\":\"8d552c90-4485-11ea-9ee9-2d27e9149ae8\",\"type\":\"timeseries\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(115,216,255,1)\",\"fill\":\"0.5\",\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.vpcflow\\\"\"},\"formatter\":\"number\",\"id\":\"c8c27df0-4485-11ea-9ee9-2d27e9149ae8\",\"label\":\"Total Requests\",\"line_width\":\"2\",\"metrics\":[{\"id\":\"c8c27df1-4485-11ea-9ee9-2d27e9149ae8\",\"type\":\"count\"}],\"override_index_pattern\":1,\"point_size\":\"3\",\"separate_axis\":0,\"series_drop_last_bucket\":0,\"series_index_pattern\":\"logs-*\",\"series_time_field\":\"@timestamp\",\"split_color_mode\":\"rainbow\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"terms_field\":\"aws.vpcflow.action\",\"terms_order_by\":\"c8c27df1-4485-11ea-9ee9-2d27e9149ae8\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"VPC Flow Total Requests [Logs AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"VPC Flow Total Requests\"},{\"embeddableConfig\":{\"title\":\"VPC Flow Reject Logs\"},\"gridData\":{\"h\":15,\"i\":\"b4dbbe72-0dc0-428b-b21e-91c6cc82745c\",\"w\":48,\"x\":0,\"y\":29},\"panelIndex\":\"b4dbbe72-0dc0-428b-b21e-91c6cc82745c\",\"panelRefName\":\"panel_4\",\"title\":\"VPC Flow Reject Logs\",\"version\":\"7.4.0\"}]","timeRestore":false,"title":"[Logs AWS] VPC Flow Log Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"aws-15503340-4488-11ea-ad63-791a5dc86f10","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"aws-c1aee600-4487-11ea-ad63-791a5dc86f10","name":"panel_4","type":"search"},{"id":"logs-*","name":"c802177f-038c-4a35-a82d-0fa42c857d02:control_0_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"380eed85-225b-4d5d-88bc-1c70a3643ddb:layer_1_source_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"380eed85-225b-4d5d-88bc-1c70a3643ddb:layer_2_source_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688154054424,5776],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0OTQsMV0="}
-{"attributes":{"description":"Overview of AWS SQS Metrics","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.sqs\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.sqs\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"1\",\"w\":12,\"x\":12,\"y\":0},\"panelIndex\":\"1\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"d5b83c70-41e8-11e9-9e94-11d4d21d3f4b\"}],\"bar_color_rules\":[{\"id\":\"d2d14920-41e8-11e9-9e94-11d4d21d3f4b\"}],\"drop_last_bucket\":0,\"gauge_color_rules\":[{\"id\":\"d2163680-41e8-11e9-9e94-11d4d21d3f4b\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"hide_last_value_indicator\":true,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"SQS Message Visible\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.sqs.messages.visible\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.sqs.queue.name\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"terms_size\":\"5\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"top_n\",\"use_kibana_indexes\":false},\"title\":\"SQS Messages Visible [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"SQS Messages Visible\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"2\",\"w\":12,\"x\":36,\"y\":0},\"panelIndex\":\"2\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"bar_color_rules\":[{\"id\":\"3e3d3610-437e-11e9-a35d-972620e4f790\"}],\"drop_last_bucket\":0,\"hide_last_value_indicator\":true,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"AWS SQS Oldest Message Age in Seconds\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.sqs.oldest_message_age.sec\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"max\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.sqs.queue.name\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"terms_size\":\"5\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"top_n\",\"use_kibana_indexes\":false},\"title\":\"SQS Oldest Message Age in Seconds [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"SQS Oldest Message Age in Seconds\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":24,\"x\":0,\"y\":8},\"panelIndex\":\"3\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"1ccb6710-43b3-11e9-8c70-d17a67455a84\"}],\"bar_color_rules\":[{\"id\":\"57cc0200-43b5-11e9-84e9-a97a63579915\"}],\"drop_last_bucket\":0,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.sqs.messages.received\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\"}],\"point_size\":1,\"separate_axis\":0,\"series_drop_last_bucket\":1,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.sqs.queue.name\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"terms_size\":\"5\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"SQS Messages Received [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"SQS Messages Received\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"4\",\"w\":24,\"x\":24,\"y\":8},\"panelIndex\":\"4\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":0,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.sqs.messages.deleted\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.sqs.queue.name\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"terms_size\":\"5\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"SQS Messages Deleted [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"SQS Messages Deleted\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"7\",\"w\":24,\"x\":0,\"y\":16},\"panelIndex\":\"7\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":0,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.sqs.messages.delayed\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.sqs.queue.name\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"terms_size\":\"5\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"SQS Messages Delayed [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"SQS Messages Delayed\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"8\",\"w\":24,\"x\":24,\"y\":16},\"panelIndex\":\"8\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"d95adba0-6b8a-11e9-98b0-9b2c3d14a4c1\"}],\"drop_last_bucket\":0,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.sqs.messages.sent\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.sqs.queue.name\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"terms_size\":\"5\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"SQS Messages Sent [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"SQS Messages Sent\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"9\",\"w\":12,\"x\":0,\"y\":0},\"panelIndex\":\"9\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloud.region\",\"id\":\"1549397251041\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"region\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"aws.sqs.queue.name\",\"id\":\"1549512142947\",\"indexPatternRefName\":\"control_1_index_pattern\",\"label\":\"queue name\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":true,\"useTimeFilter\":false},\"title\":\"SQS Filters [Metrics AWS]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"SQS Filters\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"10\",\"w\":12,\"x\":24,\"y\":0},\"panelIndex\":\"10\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"d95adba0-6b8a-11e9-98b0-9b2c3d14a4c1\"}],\"bar_color_rules\":[{\"id\":\"a7e8c370-6c25-11e9-9cd1-3bdb0c7db024\"}],\"drop_last_bucket\":0,\"gauge_color_rules\":[{\"id\":\"a778eaa0-6c25-11e9-9cd1-3bdb0c7db024\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"hide_last_value_indicator\":true,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.sqs.empty_receives\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"numerator\":\"\",\"percentiles\":[{\"id\":\"74323cf0-6c25-11e9-9cd1-3bdb0c7db024\",\"mode\":\"line\",\"shade\":0.2,\"value\":50}],\"type\":\"avg\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.sqs.queue.name\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"terms_size\":\"5\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"top_n\",\"use_kibana_indexes\":false},\"title\":\"SQS Empty Receives [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"SQS Empty Receives\"}]","timeRestore":false,"title":"[Metrics AWS] SQS Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"aws-234aeda0-43b7-11e9-8697-530f39afc6eb","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"9:control_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"9:control_1_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688154054424,5782],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0OTUsMV0="}
-{"attributes":{"columns":["observer.name","aws.firewall.flow.id","source.ip","source.port","destination.ip","destination.port","event.kind","event.type"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.firewall_logs\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.firewall_logs\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"sort":[["@timestamp","desc"]],"title":"Firewall Logs [Logs AWS]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"aws-f4856850-4d32-11ec-a678-057fce71e8cd","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688154054424,5787],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0OTYsMV0="}
-{"attributes":{"description":"Dashboard providing an overall view of the AWS Network Firewall integration.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.firewall_logs\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.firewall_logs\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"258f7245-5011-4f03-bcd3-cada0180dc7a\",\"w\":13,\"x\":0,\"y\":0},\"panelIndex\":\"258f7245-5011-4f03-bcd3-cada0180dc7a\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"**Navigation**\\n\\n**[Overview (This Page)](/app/dashboards#/view/aws-2ba11b50-4b9d-11ec-8282-5342b8988acc)**  \\n[Alerts](/app/dashboards#/view/aws-dfa76470-4ba1-11ec-8282-5342b8988acc)  \\n[Flows](/app/dashboards#/view/aws-562bdea0-4ba7-11ec-8282-5342b8988acc)  \\n[Metrics](/app/dashboards#/view/aws-3abffe60-4ba9-11ec-8282-5342b8988acc)  \\n\\n[Integrations Page](/app/integrations/detail/aws/overview?integration=firewall)  \\n\\n**Overview**\\n\\nThis dashboard provides an overall view of the AWS Network Firewall integration.\\n\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"2ece3b2b-326d-4856-b537-4de075cb5d5d\",\"w\":35,\"x\":13,\"y\":0},\"panelIndex\":\"2ece3b2b-326d-4856-b537-4de075cb5d5d\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloud.region\",\"id\":\"1637591016076\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"Region\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloud.availability_zone\",\"id\":\"1637591029629\",\"indexPatternRefName\":\"control_1_index_pattern\",\"label\":\"Availability Zone\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"observer.name\",\"id\":\"1637591118622\",\"indexPatternRefName\":\"control_2_index_pattern\",\"label\":\"Firewall\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":false,\"useTimeFilter\":false},\"title\":\"Firewall Filters [Logs AWS]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Firewall Filters\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64\",\"w\":5,\"x\":13,\"y\":7},\"panelIndex\":\"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"775a9e84-2203-42bf-a775-f60ad2cd84ae\"],\"columns\":{\"775a9e84-2203-42bf-a775-f60ad2cd84ae\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Total Alerts\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"filter-index-pattern-0\",\"key\":\"event.kind\",\"negate\":false,\"params\":{\"query\":\"alert\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.kind\":\"alert\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"775a9e84-2203-42bf-a775-f60ad2cd84ae\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Alerts\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"e8d2a7be-bc2a-4ca5-ae71-5273156084b3\",\"w\":5,\"x\":18,\"y\":7},\"panelIndex\":\"e8d2a7be-bc2a-4ca5-ae71-5273156084b3\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"775a9e84-2203-42bf-a775-f60ad2cd84ae\"],\"columns\":{\"775a9e84-2203-42bf-a775-f60ad2cd84ae\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Total Flows\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"filter-index-pattern-0\",\"key\":\"event.kind\",\"negate\":false,\"params\":{\"query\":\"event\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.kind\":\"event\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"775a9e84-2203-42bf-a775-f60ad2cd84ae\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Flows\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"b9d7f8b6-deb6-4d46-ad11-7793dd783012\",\"w\":5,\"x\":23,\"y\":7},\"panelIndex\":\"b9d7f8b6-deb6-4d46-ad11-7793dd783012\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"775a9e84-2203-42bf-a775-f60ad2cd84ae\"],\"columns\":{\"775a9e84-2203-42bf-a775-f60ad2cd84ae\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Destination IPs\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"destination.ip\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"filter-index-pattern-0\",\"key\":\"event.kind\",\"negate\":false,\"params\":{\"query\":\"alert\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.kind\":\"alert\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"775a9e84-2203-42bf-a775-f60ad2cd84ae\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Destination IPs\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"54c39a08-c881-4c64-af1a-8e48867947c3\",\"w\":5,\"x\":28,\"y\":7},\"panelIndex\":\"54c39a08-c881-4c64-af1a-8e48867947c3\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"775a9e84-2203-42bf-a775-f60ad2cd84ae\"],\"columns\":{\"775a9e84-2203-42bf-a775-f60ad2cd84ae\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Source IPs\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"source.ip\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"filter-index-pattern-0\",\"key\":\"event.kind\",\"negate\":false,\"params\":{\"query\":\"alert\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.kind\":\"alert\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"775a9e84-2203-42bf-a775-f60ad2cd84ae\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Source IPs\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"83dde1a0-0605-4c05-9bd2-1f2686cd7007\",\"w\":5,\"x\":33,\"y\":7},\"panelIndex\":\"83dde1a0-0605-4c05-9bd2-1f2686cd7007\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"b6504f22-c6eb-439d-bb4d-a3acc2b5de34\",\"775a9e84-2203-42bf-a775-f60ad2cd84ae\"],\"columns\":{\"775a9e84-2203-42bf-a775-f60ad2cd84ae\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Network Protocols\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"network.protocol\"},\"b6504f22-c6eb-439d-bb4d-a3acc2b5de34\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique count of network.protocol\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"network.protocol\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"filter-index-pattern-0\",\"key\":\"event.kind\",\"negate\":false,\"params\":{\"query\":\"event\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.kind\":\"event\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"775a9e84-2203-42bf-a775-f60ad2cd84ae\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Network Protocols\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"649add0f-9eb6-4cc8-be29-b0911e29827c\",\"w\":5,\"x\":38,\"y\":7},\"panelIndex\":\"649add0f-9eb6-4cc8-be29-b0911e29827c\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"b6504f22-c6eb-439d-bb4d-a3acc2b5de34\",\"775a9e84-2203-42bf-a775-f60ad2cd84ae\"],\"columns\":{\"775a9e84-2203-42bf-a775-f60ad2cd84ae\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Total Bytes\",\"operationType\":\"sum\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}},\"scale\":\"ratio\",\"sourceField\":\"aws.firewall.flow.bytes\"},\"b6504f22-c6eb-439d-bb4d-a3acc2b5de34\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique count of network.protocol\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"network.protocol\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"filter-index-pattern-0\",\"key\":\"event.kind\",\"negate\":false,\"params\":{\"query\":\"event\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.kind\":\"event\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"775a9e84-2203-42bf-a775-f60ad2cd84ae\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Bytes\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"c070e106-ce00-4096-be3d-b528119f0828\",\"w\":5,\"x\":43,\"y\":7},\"panelIndex\":\"c070e106-ce00-4096-be3d-b528119f0828\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"b6504f22-c6eb-439d-bb4d-a3acc2b5de34\",\"775a9e84-2203-42bf-a775-f60ad2cd84ae\"],\"columns\":{\"775a9e84-2203-42bf-a775-f60ad2cd84ae\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Firewalls\",\"operationType\":\"unique_count\",\"params\":{},\"scale\":\"ratio\",\"sourceField\":\"observer.name\"},\"b6504f22-c6eb-439d-bb4d-a3acc2b5de34\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique count of network.protocol\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"network.protocol\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"filter-index-pattern-0\",\"key\":\"event.kind\",\"negate\":false,\"params\":{\"query\":\"event\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.kind\":\"event\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"775a9e84-2203-42bf-a775-f60ad2cd84ae\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Bytes\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":16,\"i\":\"f933435c-1f7d-4cb0-87eb-6c23c6ad6dbb\",\"w\":28,\"x\":0,\"y\":15},\"panelIndex\":\"f933435c-1f7d-4cb0-87eb-6c23c6ad6dbb\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-8c1d8a18-0da5-431f-8faf-f72f028b10de\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"8c1d8a18-0da5-431f-8faf-f72f028b10de\":{\"columnOrder\":[\"995b44f7-a7f2-474a-b080-bc5e61834c85\",\"ac103bf9-1072-42f9-88e1-645355cfab7d\",\"d75176b0-fe18-4834-8be1-876ae441c8f9\"],\"columns\":{\"995b44f7-a7f2-474a-b080-bc5e61834c85\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of event.kind\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"d75176b0-fe18-4834-8be1-876ae441c8f9\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":3},\"scale\":\"ordinal\",\"sourceField\":\"event.kind\"},\"ac103bf9-1072-42f9-88e1-645355cfab7d\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"d75176b0-fe18-4834-8be1-876ae441c8f9\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"d75176b0-fe18-4834-8be1-876ae441c8f9\"],\"layerId\":\"8c1d8a18-0da5-431f-8faf-f72f028b10de\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"995b44f7-a7f2-474a-b080-bc5e61834c85\",\"xAccessor\":\"ac103bf9-1072-42f9-88e1-645355cfab7d\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Events\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":16,\"i\":\"bcfbc5f5-fd40-48e3-937d-965fcb8a5585\",\"w\":20,\"x\":28,\"y\":15},\"panelIndex\":\"bcfbc5f5-fd40-48e3-937d-965fcb8a5585\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b2bc813b-af38-4aac-bf1f-7d3b6f3aa51c\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b2bc813b-af38-4aac-bf1f-7d3b6f3aa51c\":{\"columnOrder\":[\"7ea404e0-e31f-4216-a626-ee830469e97b\",\"de9ad2be-a35d-4e4c-a6ac-4a1b2dcc2c0b\",\"6e93ea29-3bab-47ea-b978-c91480873532\"],\"columns\":{\"6e93ea29-3bab-47ea-b978-c91480873532\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"7ea404e0-e31f-4216-a626-ee830469e97b\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Firewalls\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"6e93ea29-3bab-47ea-b978-c91480873532\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"observer.name\"},\"de9ad2be-a35d-4e4c-a6ac-4a1b2dcc2c0b\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of event.kind\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"6e93ea29-3bab-47ea-b978-c91480873532\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":3},\"scale\":\"ordinal\",\"sourceField\":\"event.kind\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"6e93ea29-3bab-47ea-b978-c91480873532\"],\"layerId\":\"b2bc813b-af38-4aac-bf1f-7d3b6f3aa51c\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"splitAccessor\":\"de9ad2be-a35d-4e4c-a6ac-4a1b2dcc2c0b\",\"xAccessor\":\"7ea404e0-e31f-4216-a626-ee830469e97b\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"bar_horizontal\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Events by Firewall\"},{\"embeddableConfig\":{\"columns\":[\"observer.name\",\"source.ip\",\"source.port\",\"destination.ip\",\"destination.port\",\"network.transport\",\"network.protocol\"],\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":15,\"i\":\"fc5a3028-fdfc-4c3c-ab04-f43123af380b\",\"w\":48,\"x\":0,\"y\":31},\"panelIndex\":\"fc5a3028-fdfc-4c3c-ab04-f43123af380b\",\"panelRefName\":\"panel_fc5a3028-fdfc-4c3c-ab04-f43123af380b\",\"title\":\"Firewall Logs\",\"type\":\"search\",\"version\":\"7.15.1\"}]","timeRestore":false,"title":"[Logs AWS] Firewall Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"aws-2ba11b50-4b9d-11ec-8282-5342b8988acc","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:filter-index-pattern-0","type":"index-pattern"},{"id":"logs-*","name":"e8d2a7be-bc2a-4ca5-ae71-5273156084b3:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"e8d2a7be-bc2a-4ca5-ae71-5273156084b3:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"e8d2a7be-bc2a-4ca5-ae71-5273156084b3:filter-index-pattern-0","type":"index-pattern"},{"id":"logs-*","name":"b9d7f8b6-deb6-4d46-ad11-7793dd783012:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"b9d7f8b6-deb6-4d46-ad11-7793dd783012:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"b9d7f8b6-deb6-4d46-ad11-7793dd783012:filter-index-pattern-0","type":"index-pattern"},{"id":"logs-*","name":"54c39a08-c881-4c64-af1a-8e48867947c3:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"54c39a08-c881-4c64-af1a-8e48867947c3:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"54c39a08-c881-4c64-af1a-8e48867947c3:filter-index-pattern-0","type":"index-pattern"},{"id":"logs-*","name":"83dde1a0-0605-4c05-9bd2-1f2686cd7007:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"83dde1a0-0605-4c05-9bd2-1f2686cd7007:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"83dde1a0-0605-4c05-9bd2-1f2686cd7007:filter-index-pattern-0","type":"index-pattern"},{"id":"logs-*","name":"649add0f-9eb6-4cc8-be29-b0911e29827c:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"649add0f-9eb6-4cc8-be29-b0911e29827c:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"649add0f-9eb6-4cc8-be29-b0911e29827c:filter-index-pattern-0","type":"index-pattern"},{"id":"logs-*","name":"c070e106-ce00-4096-be3d-b528119f0828:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"c070e106-ce00-4096-be3d-b528119f0828:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"c070e106-ce00-4096-be3d-b528119f0828:filter-index-pattern-0","type":"index-pattern"},{"id":"logs-*","name":"f933435c-1f7d-4cb0-87eb-6c23c6ad6dbb:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"f933435c-1f7d-4cb0-87eb-6c23c6ad6dbb:indexpattern-datasource-layer-8c1d8a18-0da5-431f-8faf-f72f028b10de","type":"index-pattern"},{"id":"logs-*","name":"bcfbc5f5-fd40-48e3-937d-965fcb8a5585:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"bcfbc5f5-fd40-48e3-937d-965fcb8a5585:indexpattern-datasource-layer-b2bc813b-af38-4aac-bf1f-7d3b6f3aa51c","type":"index-pattern"},{"id":"aws-f4856850-4d32-11ec-a678-057fce71e8cd","name":"fc5a3028-fdfc-4c3c-ab04-f43123af380b:panel_fc5a3028-fdfc-4c3c-ab04-f43123af380b","type":"search"},{"id":"logs-*","name":"2ece3b2b-326d-4856-b537-4de075cb5d5d:control_0_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"2ece3b2b-326d-4856-b537-4de075cb5d5d:control_1_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"2ece3b2b-326d-4856-b537-4de075cb5d5d:control_2_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688154054424,5820],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0OTcsMV0="}
-{"attributes":{"columns":["user.id","event.provider","aws.cloudtrail.event_type","event.action","event.outcome","source.address","source.geo.region_name"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.cloudtrail\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.cloudtrail\"}}}],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"version\":true}"},"sort":[[]],"title":"CloudTrail Events [Logs AWS]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"aws-30ccde50-7397-11ea-a345-f985c61fe654","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688154054424,5825],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0OTgsMV0="}
-{"attributes":{"description":"Overview of AWS RDS Metrics","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.rds\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.rds\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"1\",\"w\":17,\"x\":7,\"y\":0},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"10bc2760-d978-11e9-aff2-99c15d8b7da1\"}],\"bar_color_rules\":[{\"id\":\"f8196690-921a-11e9-badf-4b42bd1ef543\"}],\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"bar\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"hide_in_legend\":0,\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Database Connections\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.rds.database_connections\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"terms_field\":\"aws.rds.db_instance.identifier\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"metric\",\"use_kibana_indexes\":false},\"title\":\"RDS Database Connections [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Database Connections\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"5\",\"w\":17,\"x\":7,\"y\":7},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"background_color\":\"rgba(164,221,0,1)\",\"id\":\"27aaf910-d978-11e9-aff2-99c15d8b7da1\",\"operator\":\"lte\",\"value\":0},{\"color\":\"rgba(244,78,59,1)\",\"id\":\"3526a9e0-d978-11e9-aff2-99c15d8b7da1\",\"operator\":\"gt\",\"value\":0},{\"background_color\":\"rgba(164,221,0,1)\",\"id\":\"50a46c15-ab5f-41d6-83de-b988ab7f4149\",\"operator\":\"empty\",\"value\":null},{\"background_color\":\"rgba(164,221,0,1)\",\"id\":\"a42d8157-775b-4e45-bf79-b3b572e2235b\",\"operator\":\"empty\",\"value\":null}],\"bar_color_rules\":[{\"bar_color\":\"rgba(211,49,21,1)\",\"id\":\"f8196690-921a-11e9-badf-4b42bd1ef543\",\"operator\":\"gt\",\"value\":0}],\"drilldown_url\":\"\",\"drop_last_bucket\":1,\"filter\":\"\",\"hide_last_value_indicator\":true,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"bar\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"hide_in_legend\":0,\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Transaction Blocked\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.rds.transactions.blocked\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"terms_field\":\"aws.rds.db_instance.identifier\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"metric\",\"use_kibana_indexes\":false},\"title\":\"RDS Transaction Blocked [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Transaction Blocked\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"6\",\"w\":7,\"x\":0,\"y\":0},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloud.region\",\"id\":\"1549397251041\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"region name\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":true,\"useTimeFilter\":false},\"title\":\"AWS Region Filter [Metrics AWS]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"AWS Region Filter\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"4d89e43f-299c-4f43-bde2-0ada0983ff23\",\"w\":24,\"x\":24,\"y\":0},\"panelIndex\":\"4d89e43f-299c-4f43-bde2-0ada0983ff23\",\"embeddableConfig\":{\"attributes\":{\"description\":null,\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-c6ed7acb-d119-41cc-99ce-cca114d1f1cb\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"c6ed7acb-d119-41cc-99ce-cca114d1f1cb\":{\"columnOrder\":[\"1bfe525f-e68d-4504-86bc-e80fb154192c\",\"08fe8b96-3fe0-410f-8ee3-3ca1379bea49\",\"08fe8b96-3fe0-410f-8ee3-3ca1379bea49X0\"],\"columns\":{\"08fe8b96-3fe0-410f-8ee3-3ca1379bea49\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Free Storage Bytes\",\"operationType\":\"formula\",\"params\":{\"formula\":\"average(aws.rds.free_storage.bytes)\",\"isFormulaBroken\":false},\"references\":[\"08fe8b96-3fe0-410f-8ee3-3ca1379bea49X0\"],\"scale\":\"ratio\"},\"08fe8b96-3fe0-410f-8ee3-3ca1379bea49X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of average(aws.rds.free_storage.bytes)\",\"operationType\":\"average\",\"scale\":\"ratio\",\"sourceField\":\"aws.rds.free_storage.bytes\"},\"1bfe525f-e68d-4504-86bc-e80fb154192c\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of aws.rds.db_instance.identifier\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"fallback\":true,\"type\":\"alphabetical\"},\"orderDirection\":\"asc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.rds.db_instance.identifier\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"08fe8b96-3fe0-410f-8ee3-3ca1379bea49\",\"isTransposed\":false},{\"columnId\":\"1bfe525f-e68d-4504-86bc-e80fb154192c\",\"isTransposed\":false}],\"layerId\":\"c6ed7acb-d119-41cc-99ce-cca114d1f1cb\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"RDS Free Storage Bytes [Metrics AWS]\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Free Storage\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"d409ab5d-84b5-4ecc-86ae-1f79a882b626\",\"w\":24,\"x\":0,\"y\":15},\"panelIndex\":\"d409ab5d-84b5-4ecc-86ae-1f79a882b626\",\"embeddableConfig\":{\"attributes\":{\"description\":null,\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-5a1e8135-28e5-4e15-a675-bf9f840fca1c\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"5a1e8135-28e5-4e15-a675-bf9f840fca1c\":{\"columnOrder\":[\"748501ab-c222-4695-9062-93c70e72a864\",\"191b027e-d3d1-41da-b3fb-29315f99f4ee\",\"98446733-f0c0-4666-8491-52b6eae923ed\",\"98446733-f0c0-4666-8491-52b6eae923edX0\"],\"columns\":{\"191b027e-d3d1-41da-b3fb-29315f99f4ee\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"748501ab-c222-4695-9062-93c70e72a864\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of aws.rds.db_instance.identifier\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"fallback\":true,\"type\":\"alphabetical\"},\"orderDirection\":\"asc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.rds.db_instance.identifier\"},\"98446733-f0c0-4666-8491-52b6eae923ed\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Read Latency (Milliseconds)\",\"operationType\":\"formula\",\"params\":{\"formula\":\"average(aws.rds.latency.read)\",\"isFormulaBroken\":false},\"references\":[\"98446733-f0c0-4666-8491-52b6eae923edX0\"],\"scale\":\"ratio\"},\"98446733-f0c0-4666-8491-52b6eae923edX0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of average(aws.rds.latency.read)\",\"operationType\":\"average\",\"scale\":\"ratio\",\"sourceField\":\"aws.rds.latency.read\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"layers\":[{\"accessors\":[\"98446733-f0c0-4666-8491-52b6eae923ed\"],\"layerId\":\"5a1e8135-28e5-4e15-a675-bf9f840fca1c\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"748501ab-c222-4695-9062-93c70e72a864\",\"xAccessor\":\"191b027e-d3d1-41da-b3fb-29315f99f4ee\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"title\":\"RDS Read Latency in Milliseconds [Metrics AWS]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Read Latency\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"1abf12dc-d009-4a02-acd4-463383d32a63\",\"w\":24,\"x\":24,\"y\":15},\"panelIndex\":\"1abf12dc-d009-4a02-acd4-463383d32a63\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-75b24975-5ca3-4da5-bc1a-92013a901a21\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"75b24975-5ca3-4da5-bc1a-92013a901a21\":{\"columnOrder\":[\"bfa06179-6b6f-43e5-a446-f856ff3e51bf\",\"af96ca6c-7ab9-47a3-ad8b-29e1578c0076\",\"6a87f496-b929-4d24-aede-325d54fedfa1\",\"6a87f496-b929-4d24-aede-325d54fedfa1X0\"],\"columns\":{\"6a87f496-b929-4d24-aede-325d54fedfa1\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Write Latency (Milliseconds)\",\"operationType\":\"formula\",\"params\":{\"formula\":\"average(aws.rds.latency.write)\",\"isFormulaBroken\":false},\"references\":[\"6a87f496-b929-4d24-aede-325d54fedfa1X0\"],\"scale\":\"ratio\"},\"6a87f496-b929-4d24-aede-325d54fedfa1X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of average(aws.rds.latency.write)\",\"operationType\":\"average\",\"scale\":\"ratio\",\"sourceField\":\"aws.rds.latency.write\"},\"af96ca6c-7ab9-47a3-ad8b-29e1578c0076\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"bfa06179-6b6f-43e5-a446-f856ff3e51bf\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of aws.rds.db_instance.identifier\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"fallback\":true,\"type\":\"alphabetical\"},\"orderDirection\":\"asc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.rds.db_instance.identifier\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"layers\":[{\"accessors\":[\"6a87f496-b929-4d24-aede-325d54fedfa1\"],\"layerId\":\"75b24975-5ca3-4da5-bc1a-92013a901a21\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"bfa06179-6b6f-43e5-a446-f856ff3e51bf\",\"xAccessor\":\"af96ca6c-7ab9-47a3-ad8b-29e1578c0076\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"title\":\"RDS Write Latency in Milliseconds [Metrics AWS]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Write Latency\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"c5476b0e-6a44-43e5-8bb4-0795c4d097c1\",\"w\":24,\"x\":0,\"y\":30},\"panelIndex\":\"c5476b0e-6a44-43e5-8bb4-0795c4d097c1\",\"embeddableConfig\":{\"attributes\":{\"description\":null,\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-b8d09be0-e20a-4f42-b08e-1da4c3cc8efd\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b8d09be0-e20a-4f42-b08e-1da4c3cc8efd\":{\"columnOrder\":[\"e676afd3-ebd5-434a-85d7-a1a708b9a32f\",\"545fe110-3ab4-4a3d-99d9-9eae69d6ff07\",\"8293fc99-aed6-44a3-83ee-a498d2200a46\"],\"columns\":{\"545fe110-3ab4-4a3d-99d9-9eae69d6ff07\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of aws.rds.db_instance.identifier\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"8293fc99-aed6-44a3-83ee-a498d2200a46\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.rds.db_instance.identifier\"},\"8293fc99-aed6-44a3-83ee-a498d2200a46\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Insert Throughput Count/Second\",\"operationType\":\"average\",\"scale\":\"ratio\",\"sourceField\":\"aws.rds.throughput.insert\"},\"e676afd3-ebd5-434a-85d7-a1a708b9a32f\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"layers\":[{\"accessors\":[\"8293fc99-aed6-44a3-83ee-a498d2200a46\"],\"layerId\":\"b8d09be0-e20a-4f42-b08e-1da4c3cc8efd\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"545fe110-3ab4-4a3d-99d9-9eae69d6ff07\",\"xAccessor\":\"e676afd3-ebd5-434a-85d7-a1a708b9a32f\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"title\":\"RDS Insert Throughput [Metrics AWS]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Insert Throughput\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"bf74bb77-3503-4682-9f0e-6df0994dce5d\",\"w\":24,\"x\":24,\"y\":30},\"panelIndex\":\"bf74bb77-3503-4682-9f0e-6df0994dce5d\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-8682174a-4cff-4d95-b719-1fc306f5b33a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"8682174a-4cff-4d95-b719-1fc306f5b33a\":{\"columnOrder\":[\"bc08fa3e-ce15-4acd-a0fd-c5c5c5452441\",\"f45a0753-4e23-43c4-80f7-4a9aa9548a6e\",\"85980678-0e26-4f77-b735-7ec5ebbc472e\",\"85980678-0e26-4f77-b735-7ec5ebbc472eX0\"],\"columns\":{\"85980678-0e26-4f77-b735-7ec5ebbc472e\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Select Throughput Count/Second\",\"operationType\":\"formula\",\"params\":{\"formula\":\"average(aws.rds.throughput.select)\",\"isFormulaBroken\":false},\"references\":[\"85980678-0e26-4f77-b735-7ec5ebbc472eX0\"],\"scale\":\"ratio\"},\"85980678-0e26-4f77-b735-7ec5ebbc472eX0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Select Throughput Count/Second\",\"operationType\":\"average\",\"scale\":\"ratio\",\"sourceField\":\"aws.rds.throughput.select\"},\"bc08fa3e-ce15-4acd-a0fd-c5c5c5452441\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of aws.rds.db_instance.identifier\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"fallback\":true,\"type\":\"alphabetical\"},\"orderDirection\":\"asc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.rds.db_instance.identifier\"},\"f45a0753-4e23-43c4-80f7-4a9aa9548a6e\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"layers\":[{\"accessors\":[\"85980678-0e26-4f77-b735-7ec5ebbc472e\"],\"layerId\":\"8682174a-4cff-4d95-b719-1fc306f5b33a\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"bc08fa3e-ce15-4acd-a0fd-c5c5c5452441\",\"xAccessor\":\"f45a0753-4e23-43c4-80f7-4a9aa9548a6e\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"title\":\"RDS Select Throughput[Metrics AWS]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Select Throughput\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"249ff0a6-3fd3-4935-85c3-0c3222d3c498\",\"w\":24,\"x\":0,\"y\":45},\"panelIndex\":\"249ff0a6-3fd3-4935-85c3-0c3222d3c498\",\"embeddableConfig\":{\"attributes\":{\"description\":null,\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-dd0a4706-5286-4976-9bc4-f5e7a4964bf6\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"dd0a4706-5286-4976-9bc4-f5e7a4964bf6\":{\"columnOrder\":[\"a2bb9c7a-0ddc-4bf7-ae24-98a535a916cc\",\"103900c0-dcfa-416f-a272-6efa09c84fce\",\"18e6079e-e955-41d0-8196-d2b932cf1fa6\",\"18e6079e-e955-41d0-8196-d2b932cf1fa6X0\"],\"columns\":{\"103900c0-dcfa-416f-a272-6efa09c84fce\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"18e6079e-e955-41d0-8196-d2b932cf1fa6\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\" average(aws.rds.cpu.total.pct)\",\"operationType\":\"formula\",\"params\":{\"formula\":\"average(aws.rds.cpu.total.pct)\",\"isFormulaBroken\":false},\"references\":[\"18e6079e-e955-41d0-8196-d2b932cf1fa6X0\"],\"scale\":\"ratio\"},\"18e6079e-e955-41d0-8196-d2b932cf1fa6X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of  \",\"operationType\":\"average\",\"scale\":\"ratio\",\"sourceField\":\"aws.rds.cpu.total.pct\"},\"a2bb9c7a-0ddc-4bf7-ae24-98a535a916cc\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of aws.rds.db_instance.identifier\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"fallback\":true,\"type\":\"alphabetical\"},\"orderDirection\":\"asc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.rds.db_instance.identifier\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"layers\":[{\"accessors\":[\"18e6079e-e955-41d0-8196-d2b932cf1fa6\"],\"layerId\":\"dd0a4706-5286-4976-9bc4-f5e7a4964bf6\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"a2bb9c7a-0ddc-4bf7-ae24-98a535a916cc\",\"xAccessor\":\"103900c0-dcfa-416f-a272-6efa09c84fce\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"title\":\"RDS CPU Total Pct [Metrics AWS]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"CPU Total Pct\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"c28488ce-a20e-447f-9a68-ba49b542ab0a\",\"w\":24,\"x\":24,\"y\":45},\"panelIndex\":\"c28488ce-a20e-447f-9a68-ba49b542ab0a\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-14d4ba6b-f4e1-4d40-818a-6aa829d90422\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"14d4ba6b-f4e1-4d40-818a-6aa829d90422\":{\"columnOrder\":[\"8954842c-4056-46ef-adfc-29dfc3b0cbd3\",\"40493df1-c805-49eb-8dfa-9ff81f7acd4b\",\"c7c3ebb2-d611-40a5-aab3-491fa36fe729\",\"c7c3ebb2-d611-40a5-aab3-491fa36fe729X0\"],\"columns\":{\"40493df1-c805-49eb-8dfa-9ff81f7acd4b\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"8954842c-4056-46ef-adfc-29dfc3b0cbd3\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of aws.rds.db_instance.identifier\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"fallback\":true,\"type\":\"alphabetical\"},\"orderDirection\":\"asc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.rds.db_instance.identifier\"},\"c7c3ebb2-d611-40a5-aab3-491fa36fe729\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Queue Depth (Count)\",\"operationType\":\"formula\",\"params\":{\"formula\":\"average(aws.rds.disk_queue_depth)\",\"isFormulaBroken\":false},\"references\":[\"c7c3ebb2-d611-40a5-aab3-491fa36fe729X0\"],\"scale\":\"ratio\"},\"c7c3ebb2-d611-40a5-aab3-491fa36fe729X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Queue Depth (Count)\",\"operationType\":\"average\",\"scale\":\"ratio\",\"sourceField\":\"aws.rds.disk_queue_depth\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"layers\":[{\"accessors\":[\"c7c3ebb2-d611-40a5-aab3-491fa36fe729\"],\"layerId\":\"14d4ba6b-f4e1-4d40-818a-6aa829d90422\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"8954842c-4056-46ef-adfc-29dfc3b0cbd3\",\"xAccessor\":\"40493df1-c805-49eb-8dfa-9ff81f7acd4b\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"title\":\"RDS Disk Queue Depth [Metrics AWS]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Disk Queue Depth\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"29549114-6ebf-4047-aa56-bc035f66d3b4\",\"w\":24,\"x\":0,\"y\":60},\"panelIndex\":\"29549114-6ebf-4047-aa56-bc035f66d3b4\",\"embeddableConfig\":{\"attributes\":{\"description\":null,\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-94e6f698-4af3-4acd-a018-867330b4e0de\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"94e6f698-4af3-4acd-a018-867330b4e0de\":{\"columnOrder\":[\"ba1bdf55-b2f8-4bb4-b78c-caab170367e0\",\"98b1c682-acf5-4331-8129-62177616a221\",\"c7534b00-fa2b-4633-84da-83d71de297f8\",\"c7534b00-fa2b-4633-84da-83d71de297f8X0\"],\"columns\":{\"98b1c682-acf5-4331-8129-62177616a221\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of aws.rds.db_instance.identifier\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"fallback\":true,\"type\":\"alphabetical\"},\"orderDirection\":\"asc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.rds.db_instance.identifier\"},\"ba1bdf55-b2f8-4bb4-b78c-caab170367e0\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"c7534b00-fa2b-4633-84da-83d71de297f8\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Write IOPS (Count/Second)\",\"operationType\":\"formula\",\"params\":{\"formula\":\"average(aws.rds.write_io.ops_per_sec)\",\"isFormulaBroken\":false},\"references\":[\"c7534b00-fa2b-4633-84da-83d71de297f8X0\"],\"scale\":\"ratio\"},\"c7534b00-fa2b-4633-84da-83d71de297f8X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Write IOPS (Count/Second)\",\"operationType\":\"average\",\"scale\":\"ratio\",\"sourceField\":\"aws.rds.write_io.ops_per_sec\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"layers\":[{\"accessors\":[\"c7534b00-fa2b-4633-84da-83d71de297f8\"],\"layerId\":\"94e6f698-4af3-4acd-a018-867330b4e0de\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"98b1c682-acf5-4331-8129-62177616a221\",\"xAccessor\":\"ba1bdf55-b2f8-4bb4-b78c-caab170367e0\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"title\":\"RDS Write IOPS [Metrics AWS]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Write IOPS\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"addd441f-fa2b-4725-8015-619ee176ed0a\",\"w\":24,\"x\":24,\"y\":60},\"panelIndex\":\"addd441f-fa2b-4725-8015-619ee176ed0a\",\"embeddableConfig\":{\"attributes\":{\"description\":null,\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-e2611df6-ca73-4d53-b0b5-afd8b718c369\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"e2611df6-ca73-4d53-b0b5-afd8b718c369\":{\"columnOrder\":[\"53a07fa4-b348-44c7-b644-83f3617e5b5c\",\"b9e82720-e098-4dd7-ac5b-f3becccd344a\",\"85528f23-48f2-462f-8075-eaddd94b21f2\"],\"columns\":{\"53a07fa4-b348-44c7-b644-83f3617e5b5c\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Read IOPS (Count/Second)\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"85528f23-48f2-462f-8075-eaddd94b21f2\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.rds.db_instance.identifier\"},\"85528f23-48f2-462f-8075-eaddd94b21f2\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average of aws.rds.read_io.ops_per_sec\",\"operationType\":\"average\",\"scale\":\"ratio\",\"sourceField\":\"aws.rds.read_io.ops_per_sec\"},\"b9e82720-e098-4dd7-ac5b-f3becccd344a\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"layers\":[{\"accessors\":[\"85528f23-48f2-462f-8075-eaddd94b21f2\"],\"layerId\":\"e2611df6-ca73-4d53-b0b5-afd8b718c369\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"53a07fa4-b348-44c7-b644-83f3617e5b5c\",\"xAccessor\":\"b9e82720-e098-4dd7-ac5b-f3becccd344a\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"title\":\"RDS Read IOPS [Metrics AWS]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Read IOPS\"}]","timeRestore":false,"title":"[Metrics AWS] RDS Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"aws-3367c170-921f-11e9-aa19-159bf182e06f","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"1abf12dc-d009-4a02-acd4-463383d32a63:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"1abf12dc-d009-4a02-acd4-463383d32a63:indexpattern-datasource-layer-75b24975-5ca3-4da5-bc1a-92013a901a21","type":"index-pattern"},{"id":"metrics-*","name":"249ff0a6-3fd3-4935-85c3-0c3222d3c498:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"249ff0a6-3fd3-4935-85c3-0c3222d3c498:indexpattern-datasource-layer-dd0a4706-5286-4976-9bc4-f5e7a4964bf6","type":"index-pattern"},{"id":"metrics-*","name":"c28488ce-a20e-447f-9a68-ba49b542ab0a:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"c28488ce-a20e-447f-9a68-ba49b542ab0a:indexpattern-datasource-layer-14d4ba6b-f4e1-4d40-818a-6aa829d90422","type":"index-pattern"},{"id":"metrics-*","name":"addd441f-fa2b-4725-8015-619ee176ed0a:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"addd441f-fa2b-4725-8015-619ee176ed0a:indexpattern-datasource-layer-e2611df6-ca73-4d53-b0b5-afd8b718c369","type":"index-pattern"},{"id":"metrics-*","name":"6:control_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"4d89e43f-299c-4f43-bde2-0ada0983ff23:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"4d89e43f-299c-4f43-bde2-0ada0983ff23:indexpattern-datasource-layer-c6ed7acb-d119-41cc-99ce-cca114d1f1cb","type":"index-pattern"},{"id":"metrics-*","name":"d409ab5d-84b5-4ecc-86ae-1f79a882b626:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"d409ab5d-84b5-4ecc-86ae-1f79a882b626:indexpattern-datasource-layer-5a1e8135-28e5-4e15-a675-bf9f840fca1c","type":"index-pattern"},{"id":"metrics-*","name":"1abf12dc-d009-4a02-acd4-463383d32a63:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"1abf12dc-d009-4a02-acd4-463383d32a63:indexpattern-datasource-layer-75b24975-5ca3-4da5-bc1a-92013a901a21","type":"index-pattern"},{"id":"metrics-*","name":"c5476b0e-6a44-43e5-8bb4-0795c4d097c1:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"c5476b0e-6a44-43e5-8bb4-0795c4d097c1:indexpattern-datasource-layer-b8d09be0-e20a-4f42-b08e-1da4c3cc8efd","type":"index-pattern"},{"id":"metrics-*","name":"bf74bb77-3503-4682-9f0e-6df0994dce5d:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"bf74bb77-3503-4682-9f0e-6df0994dce5d:indexpattern-datasource-layer-8682174a-4cff-4d95-b719-1fc306f5b33a","type":"index-pattern"},{"id":"metrics-*","name":"249ff0a6-3fd3-4935-85c3-0c3222d3c498:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"249ff0a6-3fd3-4935-85c3-0c3222d3c498:indexpattern-datasource-layer-dd0a4706-5286-4976-9bc4-f5e7a4964bf6","type":"index-pattern"},{"id":"metrics-*","name":"c28488ce-a20e-447f-9a68-ba49b542ab0a:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"c28488ce-a20e-447f-9a68-ba49b542ab0a:indexpattern-datasource-layer-14d4ba6b-f4e1-4d40-818a-6aa829d90422","type":"index-pattern"},{"id":"metrics-*","name":"29549114-6ebf-4047-aa56-bc035f66d3b4:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"29549114-6ebf-4047-aa56-bc035f66d3b4:indexpattern-datasource-layer-94e6f698-4af3-4acd-a018-867330b4e0de","type":"index-pattern"},{"id":"metrics-*","name":"addd441f-fa2b-4725-8015-619ee176ed0a:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"addd441f-fa2b-4725-8015-619ee176ed0a:indexpattern-datasource-layer-e2611df6-ca73-4d53-b0b5-afd8b718c369","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688154054424,5856],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ0OTksMV0="}
-{"attributes":{"columns":["vulnerability.id","vulnerability.score.base","aws.inspector.package_vulnerability_details.cvss.source","vulnerability.score.version","aws.inspector.package_vulnerability_details.related_vulnerabilities"],"description":"","grid":{},"hideChart":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.inspector\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.inspector\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"sort":[["@timestamp","desc"]],"title":"Findings Package Vulnerability Essential Details [Logs Inspector]"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"aws-dffd2200-5a52-11ed-a807-bd2da8f2e79b","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688154054424,5861],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1MDAsMV0="}
-{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{\"8c8c8996-6862-4a4d-9726-f4500f1ea571\":{\"order\":0,\"width\":\"large\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"title\":\"AWS Inspector Findings Severity\",\"fieldName\":\"aws.inspector.severity\",\"id\":\"8c8c8996-6862-4a4d-9726-f4500f1ea571\",\"enhancements\":{}}}}"},"description":"Overview of AWS Inspector Vulnerabilities.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.inspector\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.inspector\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"dd29b1be-2713-4758-bef1-9c310b4a8e1a\",\"w\":24,\"x\":0,\"y\":4},\"panelIndex\":\"dd29b1be-2713-4758-bef1-9c310b4a8e1a\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b2cd46b9-b4fd-4940-9d35-567844a01b5f\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b2cd46b9-b4fd-4940-9d35-567844a01b5f\":{\"columnOrder\":[\"8e3a1fa1-a832-4796-beee-c2f6003979aa\",\"e9633195-636f-4935-8348-fac4365bfa5e\"],\"columns\":{\"8e3a1fa1-a832-4796-beee-c2f6003979aa\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"CVSS Source\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e9633195-636f-4935-8348-fac4365bfa5e\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.inspector.package_vulnerability_details.cvss.source\"},\"e9633195-636f-4935-8348-fac4365bfa5e\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"CVSS Score\",\"operationType\":\"max\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"vulnerability.score.base\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"8e3a1fa1-a832-4796-beee-c2f6003979aa\",\"isTransposed\":false},{\"alignment\":\"left\",\"columnId\":\"e9633195-636f-4935-8348-fac4365bfa5e\",\"isTransposed\":false}],\"layerId\":\"b2cd46b9-b4fd-4940-9d35-567844a01b5f\",\"layerType\":\"data\"}},\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Top 10 Vulnerability CVSS Source with Highest CVSS Score [Logs Inspector]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"896a3082-c44b-456c-a144-0ce096c0a213\",\"w\":24,\"x\":24,\"y\":4},\"panelIndex\":\"896a3082-c44b-456c-a144-0ce096c0a213\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-fe831232-3ace-47b6-98d3-668b72da68cf\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"70dabf72-dffc-47df-b5d3-c77b70cf123c\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"fe831232-3ace-47b6-98d3-668b72da68cf\":{\"columnOrder\":[\"e5860e27-801d-4201-bea0-9d6ecf0cc705\",\"4ad63dd7-4578-46a9-aabf-906dbaa93271\",\"6e934db7-c943-41c7-9c68-d52606e5e734\"],\"columns\":{\"4ad63dd7-4578-46a9-aabf-906dbaa93271\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Account ID\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"6e934db7-c943-41c7-9c68-d52606e5e734\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"cloud.account.id\"},\"6e934db7-c943-41c7-9c68-d52606e5e734\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Critical Severity\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.inspector.severity\"},\"e5860e27-801d-4201-bea0-9d6ecf0cc705\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Package Name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"6e934db7-c943-41c7-9c68-d52606e5e734\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.inspector.package_vulnerability_details.vulnerable_packages.name\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"70dabf72-dffc-47df-b5d3-c77b70cf123c\",\"key\":\"aws.inspector.severity\",\"negate\":false,\"params\":{\"query\":\"CRITICAL\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"aws.inspector.severity\":\"CRITICAL\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"e5860e27-801d-4201-bea0-9d6ecf0cc705\",\"isTransposed\":false},{\"columnId\":\"4ad63dd7-4578-46a9-aabf-906dbaa93271\",\"isTransposed\":false},{\"alignment\":\"left\",\"columnId\":\"6e934db7-c943-41c7-9c68-d52606e5e734\",\"isTransposed\":false}],\"layerId\":\"fe831232-3ace-47b6-98d3-668b72da68cf\",\"layerType\":\"data\"}},\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Vulnerabilities Package Name with Most Critical Findings [Logs Inspector]\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":15,\"i\":\"1bd92e14-3902-4a5b-bc32-86952f9fdfb0\",\"w\":48,\"x\":0,\"y\":19},\"panelIndex\":\"1bd92e14-3902-4a5b-bc32-86952f9fdfb0\",\"panelRefName\":\"panel_1bd92e14-3902-4a5b-bc32-86952f9fdfb0\",\"type\":\"search\",\"version\":\"8.4.0\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"858f6288-7c54-4d7a-be33-374a9d79d1e4\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"858f6288-7c54-4d7a-be33-374a9d79d1e4\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":13,\"markdown\":\"[Inspector Inspector Findings Overview Dashboard](#/dashboard/aws-131a1550-5a0b-11ed-a807-bd2da8f2e79b) | [Inspector Severity Dashboard](#/dashboard/aws-60881ab0-63e0-11ed-be08-4b4db5223139) | [Inspector Vulnerabilities Dashboard](#/dashboard/aws-383d4630-63df-11ed-be08-4b4db5223139) | [Inspector Inspector EC2 and ECR Overview Dashboard](#/dashboard/aws-63984b70-63e1-11ed-be08-4b4db5223139)  \",\"openLinksInNewTab\":true},\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Dashboards [Logs Inspector]\"}]","timeRestore":false,"title":"[Logs AWS] Inspector Vulnerabilities","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"aws-383d4630-63df-11ed-be08-4b4db5223139","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"dd29b1be-2713-4758-bef1-9c310b4a8e1a:indexpattern-datasource-layer-b2cd46b9-b4fd-4940-9d35-567844a01b5f","type":"index-pattern"},{"id":"logs-*","name":"896a3082-c44b-456c-a144-0ce096c0a213:indexpattern-datasource-layer-fe831232-3ace-47b6-98d3-668b72da68cf","type":"index-pattern"},{"id":"logs-*","name":"896a3082-c44b-456c-a144-0ce096c0a213:70dabf72-dffc-47df-b5d3-c77b70cf123c","type":"index-pattern"},{"id":"aws-dffd2200-5a52-11ed-a807-bd2da8f2e79b","name":"1bd92e14-3902-4a5b-bc32-86952f9fdfb0:panel_1bd92e14-3902-4a5b-bc32-86952f9fdfb0","type":"search"},{"id":"logs-*","name":"controlGroup_8c8c8996-6862-4a4d-9726-f4500f1ea571:optionsListDataView","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688154054424,5870],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1MDEsMV0="}
-{"attributes":{"description":"Dashboard providing statistics about metrics ingested from the AWS Network Firewall integration.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.firewall_metrics\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.firewall_metrics\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"258f7245-5011-4f03-bcd3-cada0180dc7a\",\"w\":12,\"x\":0,\"y\":0},\"panelIndex\":\"258f7245-5011-4f03-bcd3-cada0180dc7a\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"**Navigation**\\n\\n[Overview](/app/dashboards#/view/aws-2ba11b50-4b9d-11ec-8282-5342b8988acc)  \\n[Alerts](/app/dashboards#/view/aws-dfa76470-4ba1-11ec-8282-5342b8988acc)  \\n[Flows](/app/dashboards#/view/aws-562bdea0-4ba7-11ec-8282-5342b8988acc)  \\n**[Metrics (This Page)](/app/dashboards#/view/aws-3abffe60-4ba9-11ec-8282-5342b8988acc)**  \\n\\n[Integrations Page](/app/integrations/detail/aws/overview?integration=firewall)  \\n\\n**Overview**\\n\\nThis dashboard provides an overall view of AWS Network Firewall metrics.\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"e5c4efbd-603f-419d-a749-aad051e80f87\",\"w\":36,\"x\":12,\"y\":0},\"panelIndex\":\"e5c4efbd-603f-419d-a749-aad051e80f87\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloud.region\",\"id\":\"1637770000708\",\"indexPatternRefName\":\"control_e5c4efbd-603f-419d-a749-aad051e80f87_0_index_pattern\",\"label\":\"Region\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"aws.dimensions.AvailabilityZone\",\"id\":\"1637770011830\",\"indexPatternRefName\":\"control_e5c4efbd-603f-419d-a749-aad051e80f87_1_index_pattern\",\"label\":\"Availability Zone\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"aws.dimensions.FirewallName\",\"id\":\"1637770022274\",\"indexPatternRefName\":\"control_e5c4efbd-603f-419d-a749-aad051e80f87_2_index_pattern\",\"label\":\"Firewall\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":false,\"useTimeFilter\":false},\"title\":\"\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Firewall Filters\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"09caeba8-1f98-4937-b1b8-60debe3e3728\",\"w\":6,\"x\":12,\"y\":7},\"panelIndex\":\"09caeba8-1f98-4937-b1b8-60debe3e3728\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-32700201-1770-46bd-9ee6-64cad8904bdc\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"32700201-1770-46bd-9ee6-64cad8904bdc\":{\"columnOrder\":[\"120709bf-e5a1-4646-9ee7-ae2d5d5f144d\"],\"columns\":{\"120709bf-e5a1-4646-9ee7-ae2d5d5f144d\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Received Packets\",\"operationType\":\"sum\",\"scale\":\"ratio\",\"sourceField\":\"aws.networkfirewall.metrics.ReceivedPackets.sum\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"120709bf-e5a1-4646-9ee7-ae2d5d5f144d\",\"layerId\":\"32700201-1770-46bd-9ee6-64cad8904bdc\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Received Packets\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"77e21d6a-f90b-4bbf-83bc-e226fdf9320c\",\"w\":6,\"x\":18,\"y\":7},\"panelIndex\":\"77e21d6a-f90b-4bbf-83bc-e226fdf9320c\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-32700201-1770-46bd-9ee6-64cad8904bdc\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"32700201-1770-46bd-9ee6-64cad8904bdc\":{\"columnOrder\":[\"120709bf-e5a1-4646-9ee7-ae2d5d5f144d\"],\"columns\":{\"120709bf-e5a1-4646-9ee7-ae2d5d5f144d\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Dropped Packets\",\"operationType\":\"sum\",\"scale\":\"ratio\",\"sourceField\":\"aws.networkfirewall.metrics.DroppedPackets.sum\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"120709bf-e5a1-4646-9ee7-ae2d5d5f144d\",\"layerId\":\"32700201-1770-46bd-9ee6-64cad8904bdc\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Dropped Packets\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"9b88c7db-b335-4517-811d-dfbfbae6efae\",\"w\":6,\"x\":24,\"y\":7},\"panelIndex\":\"9b88c7db-b335-4517-811d-dfbfbae6efae\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-32700201-1770-46bd-9ee6-64cad8904bdc\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"32700201-1770-46bd-9ee6-64cad8904bdc\":{\"columnOrder\":[\"120709bf-e5a1-4646-9ee7-ae2d5d5f144d\"],\"columns\":{\"120709bf-e5a1-4646-9ee7-ae2d5d5f144d\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Passed Packets\",\"operationType\":\"sum\",\"scale\":\"ratio\",\"sourceField\":\"aws.networkfirewall.metrics.PassedPackets.sum\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"120709bf-e5a1-4646-9ee7-ae2d5d5f144d\",\"layerId\":\"32700201-1770-46bd-9ee6-64cad8904bdc\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Passed Packets\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"6d617b1a-a973-4136-8d93-15e5c72c43f2\",\"w\":6,\"x\":30,\"y\":7},\"panelIndex\":\"6d617b1a-a973-4136-8d93-15e5c72c43f2\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"9f99f66f-4762-4030-9704-d215568cce9c\"],\"columns\":{\"9f99f66f-4762-4030-9704-d215568cce9c\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Custom Actions\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"aws.dimensions.CustomAction\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"9f99f66f-4762-4030-9704-d215568cce9c\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Custom Actions\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"7d32001b-b08f-4d1b-9a98-a5aeea986769\",\"w\":6,\"x\":36,\"y\":7},\"panelIndex\":\"7d32001b-b08f-4d1b-9a98-a5aeea986769\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"9fc78ba7-ca2c-41da-8723-8f7c14623b98\"],\"columns\":{\"9fc78ba7-ca2c-41da-8723-8f7c14623b98\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Custom Action Packets\",\"operationType\":\"sum\",\"scale\":\"ratio\",\"sourceField\":\"aws.networkfirewall.metrics.Packets.sum\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"9fc78ba7-ca2c-41da-8723-8f7c14623b98\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Custom Action Packets\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"f125ee00-634b-433e-969f-fd0c0d91bca7\",\"w\":6,\"x\":42,\"y\":7},\"panelIndex\":\"f125ee00-634b-433e-969f-fd0c0d91bca7\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"9fc78ba7-ca2c-41da-8723-8f7c14623b98\"],\"columns\":{\"9fc78ba7-ca2c-41da-8723-8f7c14623b98\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Firewalls\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"aws.dimensions.FirewallName\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"9fc78ba7-ca2c-41da-8723-8f7c14623b98\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Firewalls\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"857f2368-7f1b-40b3-a8a1-dd03e3934bb0\",\"w\":24,\"x\":0,\"y\":15},\"panelIndex\":\"857f2368-7f1b-40b3-a8a1-dd03e3934bb0\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-d4d7d95f-a6e2-43f4-a955-2c01f68a430b\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"d4d7d95f-a6e2-43f4-a955-2c01f68a430b\":{\"columnOrder\":[\"2f62d52a-d84a-4281-9024-b98669686137\",\"062398ba-6a41-4448-9a19-0e59282cc6c6\",\"4fdf8c62-e26b-4826-b375-dfac3f441e15\",\"5d832832-5fbe-4e46-a715-43e27b9c7569\"],\"columns\":{\"062398ba-6a41-4448-9a19-0e59282cc6c6\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Passed Packets\",\"operationType\":\"sum\",\"scale\":\"ratio\",\"sourceField\":\"aws.networkfirewall.metrics.PassedPackets.sum\"},\"2f62d52a-d84a-4281-9024-b98669686137\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"interval\":\"60s\",\"includeEmptyRows\":true},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"4fdf8c62-e26b-4826-b375-dfac3f441e15\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Received Packets\",\"operationType\":\"sum\",\"scale\":\"ratio\",\"sourceField\":\"aws.networkfirewall.metrics.ReceivedPackets.sum\"},\"5d832832-5fbe-4e46-a715-43e27b9c7569\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Dropped Packets\",\"operationType\":\"sum\",\"scale\":\"ratio\",\"sourceField\":\"aws.networkfirewall.metrics.DroppedPackets.sum\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"curveType\":\"LINEAR\",\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"062398ba-6a41-4448-9a19-0e59282cc6c6\",\"4fdf8c62-e26b-4826-b375-dfac3f441e15\",\"5d832832-5fbe-4e46-a715-43e27b9c7569\"],\"layerId\":\"d4d7d95f-a6e2-43f4-a955-2c01f68a430b\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"xAccessor\":\"2f62d52a-d84a-4281-9024-b98669686137\"}],\"legend\":{\"isInside\":false,\"isVisible\":true,\"maxLines\":1,\"position\":\"right\",\"showSingleSeries\":true,\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"valuesInLegend\":false,\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"yTitle\":\"Packets\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Packet Metrics\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"d564a504-e08a-4b14-baf4-d433b66982f9\",\"w\":24,\"x\":24,\"y\":15},\"panelIndex\":\"d564a504-e08a-4b14-baf4-d433b66982f9\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-d4d7d95f-a6e2-43f4-a955-2c01f68a430b\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"d4d7d95f-a6e2-43f4-a955-2c01f68a430b\":{\"columnOrder\":[\"98758a54-1b6c-44ea-8636-2f47da173b6c\",\"2f62d52a-d84a-4281-9024-b98669686137\",\"f3902f27-1f51-4d89-b43d-b17daeb79617\"],\"columns\":{\"2f62d52a-d84a-4281-9024-b98669686137\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"interval\":\"60s\",\"includeEmptyRows\":true},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"98758a54-1b6c-44ea-8636-2f47da173b6c\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of aws.dimensions.CustomAction\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"f3902f27-1f51-4d89-b43d-b17daeb79617\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":3},\"scale\":\"ordinal\",\"sourceField\":\"aws.dimensions.CustomAction\"},\"f3902f27-1f51-4d89-b43d-b17daeb79617\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Median of aws.networkfirewall.metrics.Packets.sum\",\"operationType\":\"median\",\"scale\":\"ratio\",\"sourceField\":\"aws.networkfirewall.metrics.Packets.sum\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"curveType\":\"LINEAR\",\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"f3902f27-1f51-4d89-b43d-b17daeb79617\"],\"layerId\":\"d4d7d95f-a6e2-43f4-a955-2c01f68a430b\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"98758a54-1b6c-44ea-8636-2f47da173b6c\",\"xAccessor\":\"2f62d52a-d84a-4281-9024-b98669686137\"}],\"legend\":{\"isInside\":false,\"isVisible\":true,\"maxLines\":1,\"position\":\"right\",\"showSingleSeries\":true,\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"valuesInLegend\":false,\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"yTitle\":\"Packets\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Custom Action Packet Metrics\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":13,\"i\":\"9609e04b-0043-4b3a-a31b-a2461c1e3dcb\",\"w\":24,\"x\":0,\"y\":30},\"panelIndex\":\"9609e04b-0043-4b3a-a31b-a2461c1e3dcb\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5c93c96-5038-49e1-acca-2e876257c059\":{\"columnOrder\":[\"8da03a08-b8bf-4a47-877f-c72de131de91\",\"615c79b2-fc91-49fd-a7e6-2909afde3d19\",\"a3d1b47c-18ca-4fbb-98f1-ee0b3539a4b8\",\"63e6ca80-a408-4f0d-b9c5-4f2603d95804\"],\"columns\":{\"615c79b2-fc91-49fd-a7e6-2909afde3d19\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Received Packets\",\"operationType\":\"sum\",\"scale\":\"ratio\",\"sourceField\":\"aws.networkfirewall.metrics.ReceivedPackets.sum\"},\"63e6ca80-a408-4f0d-b9c5-4f2603d95804\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Passed Packets\",\"operationType\":\"sum\",\"scale\":\"ratio\",\"sourceField\":\"aws.networkfirewall.metrics.PassedPackets.sum\"},\"8da03a08-b8bf-4a47-877f-c72de131de91\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Firewalls\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"63e6ca80-a408-4f0d-b9c5-4f2603d95804\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.dimensions.FirewallName\"},\"a3d1b47c-18ca-4fbb-98f1-ee0b3539a4b8\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Dropped Packets\",\"operationType\":\"sum\",\"scale\":\"ratio\",\"sourceField\":\"aws.networkfirewall.metrics.DroppedPackets.sum\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"8da03a08-b8bf-4a47-877f-c72de131de91\",\"isTransposed\":false},{\"columnId\":\"63e6ca80-a408-4f0d-b9c5-4f2603d95804\",\"isTransposed\":false},{\"columnId\":\"615c79b2-fc91-49fd-a7e6-2909afde3d19\",\"isTransposed\":false},{\"columnId\":\"a3d1b47c-18ca-4fbb-98f1-ee0b3539a4b8\",\"isTransposed\":false}],\"layerId\":\"a5c93c96-5038-49e1-acca-2e876257c059\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Metrics by Firewall\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":13,\"i\":\"ce8caf3c-c830-4500-a4bf-66a9f354cd49\",\"w\":24,\"x\":24,\"y\":30},\"panelIndex\":\"ce8caf3c-c830-4500-a4bf-66a9f354cd49\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5c93c96-5038-49e1-acca-2e876257c059\":{\"columnOrder\":[\"e1969790-1fa3-4d39-a2a4-a0015b724a3c\",\"d0aca0af-5be4-46f9-9280-13d939f9acf5\"],\"columns\":{\"d0aca0af-5be4-46f9-9280-13d939f9acf5\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Packets\",\"operationType\":\"sum\",\"scale\":\"ratio\",\"sourceField\":\"aws.networkfirewall.metrics.Packets.sum\"},\"e1969790-1fa3-4d39-a2a4-a0015b724a3c\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Custom Actions\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"d0aca0af-5be4-46f9-9280-13d939f9acf5\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.dimensions.CustomAction\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"e1969790-1fa3-4d39-a2a4-a0015b724a3c\",\"isTransposed\":false},{\"columnId\":\"d0aca0af-5be4-46f9-9280-13d939f9acf5\",\"isTransposed\":false}],\"layerId\":\"a5c93c96-5038-49e1-acca-2e876257c059\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Custom Actions\"}]","timeRestore":false,"title":"[Metrics AWS] Firewall Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"aws-3abffe60-4ba9-11ec-8282-5342b8988acc","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"e5c4efbd-603f-419d-a749-aad051e80f87:control_e5c4efbd-603f-419d-a749-aad051e80f87_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"e5c4efbd-603f-419d-a749-aad051e80f87:control_e5c4efbd-603f-419d-a749-aad051e80f87_1_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"e5c4efbd-603f-419d-a749-aad051e80f87:control_e5c4efbd-603f-419d-a749-aad051e80f87_2_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"09caeba8-1f98-4937-b1b8-60debe3e3728:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"09caeba8-1f98-4937-b1b8-60debe3e3728:indexpattern-datasource-layer-32700201-1770-46bd-9ee6-64cad8904bdc","type":"index-pattern"},{"id":"metrics-*","name":"77e21d6a-f90b-4bbf-83bc-e226fdf9320c:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"77e21d6a-f90b-4bbf-83bc-e226fdf9320c:indexpattern-datasource-layer-32700201-1770-46bd-9ee6-64cad8904bdc","type":"index-pattern"},{"id":"metrics-*","name":"9b88c7db-b335-4517-811d-dfbfbae6efae:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"9b88c7db-b335-4517-811d-dfbfbae6efae:indexpattern-datasource-layer-32700201-1770-46bd-9ee6-64cad8904bdc","type":"index-pattern"},{"id":"metrics-*","name":"6d617b1a-a973-4136-8d93-15e5c72c43f2:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"6d617b1a-a973-4136-8d93-15e5c72c43f2:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"metrics-*","name":"7d32001b-b08f-4d1b-9a98-a5aeea986769:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"7d32001b-b08f-4d1b-9a98-a5aeea986769:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"metrics-*","name":"f125ee00-634b-433e-969f-fd0c0d91bca7:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"f125ee00-634b-433e-969f-fd0c0d91bca7:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"metrics-*","name":"857f2368-7f1b-40b3-a8a1-dd03e3934bb0:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"857f2368-7f1b-40b3-a8a1-dd03e3934bb0:indexpattern-datasource-layer-d4d7d95f-a6e2-43f4-a955-2c01f68a430b","type":"index-pattern"},{"id":"metrics-*","name":"d564a504-e08a-4b14-baf4-d433b66982f9:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"d564a504-e08a-4b14-baf4-d433b66982f9:indexpattern-datasource-layer-d4d7d95f-a6e2-43f4-a955-2c01f68a430b","type":"index-pattern"},{"id":"metrics-*","name":"9609e04b-0043-4b3a-a31b-a2461c1e3dcb:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"9609e04b-0043-4b3a-a31b-a2461c1e3dcb:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059","type":"index-pattern"},{"id":"metrics-*","name":"ce8caf3c-c830-4500-a4bf-66a9f354cd49:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"ce8caf3c-c830-4500-a4bf-66a9f354cd49:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688154054424,5897],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1MDIsMV0="}
-{"attributes":{"description":"Logs AWS ELB Access Log Overview Dashboard","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"map\",\"gridData\":{\"h\":14,\"i\":\"2c97b32e-5548-429d-9ce0-1bbc3d2398ac\",\"w\":16,\"x\":0,\"y\":0},\"panelIndex\":\"2c97b32e-5548-429d-9ce0-1bbc3d2398ac\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"layerListJSON\":\"[{\\\"alpha\\\":1,\\\"id\\\":\\\"19047c4c-18d7-4aec-b0ce-98de2828244d\\\",\\\"label\\\":\\\"Hits\\\",\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"sourceDescriptor\\\":{\\\"isAutoSelect\\\":true,\\\"type\\\":\\\"EMS_TMS\\\",\\\"lightModeDefault\\\":\\\"road_map\\\"},\\\"style\\\":{},\\\"type\\\":\\\"EMS_VECTOR_TILE\\\",\\\"visible\\\":true},{\\\"alpha\\\":0.75,\\\"id\\\":\\\"1d457cd4-01be-4f96-95fd-af4ac535ebea\\\",\\\"label\\\":null,\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"sourceDescriptor\\\":{\\\"applyGlobalQuery\\\":true,\\\"geoField\\\":\\\"source.geo.location\\\",\\\"id\\\":\\\"1e82f50f-424a-4718-905b-ad45db14db62\\\",\\\"indexPatternRefName\\\":\\\"layer_1_source_index_pattern\\\",\\\"requestType\\\":\\\"point\\\",\\\"resolution\\\":\\\"COARSE\\\",\\\"type\\\":\\\"ES_GEO_GRID\\\"},\\\"style\\\":{\\\"properties\\\":{\\\"fillColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"Blues\\\",\\\"field\\\":{\\\"label\\\":\\\"count\\\",\\\"name\\\":\\\"doc_count\\\",\\\"origin\\\":\\\"source\\\"},\\\"fieldMetaOptions\\\":{\\\"isEnabled\\\":false,\\\"sigma\\\":3}},\\\"type\\\":\\\"DYNAMIC\\\"},\\\"icon\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"value\\\":\\\"marker\\\"}},\\\"iconOrientation\\\":{\\\"options\\\":{\\\"orientation\\\":0},\\\"type\\\":\\\"STATIC\\\"},\\\"iconSize\\\":{\\\"options\\\":{\\\"field\\\":{\\\"label\\\":\\\"count\\\",\\\"name\\\":\\\"doc_count\\\",\\\"origin\\\":\\\"source\\\"},\\\"fieldMetaOptions\\\":{\\\"isEnabled\\\":false,\\\"sigma\\\":3},\\\"maxSize\\\":32,\\\"minSize\\\":4},\\\"type\\\":\\\"DYNAMIC\\\"},\\\"lineColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#167a6d\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"lineWidth\\\":{\\\"options\\\":{\\\"size\\\":1},\\\"type\\\":\\\"STATIC\\\"},\\\"symbolizeAs\\\":{\\\"options\\\":{\\\"value\\\":\\\"circle\\\"}}},\\\"type\\\":\\\"VECTOR\\\"},\\\"type\\\":\\\"GEOJSON_VECTOR\\\",\\\"visible\\\":true}]\",\"mapStateJSON\":\"{\\\"center\\\":{\\\"lat\\\":50.97903,\\\"lon\\\":13.666},\\\"filters\\\":[{\\\"$state\\\":{\\\"store\\\":\\\"appState\\\"},\\\"meta\\\":{\\\"alias\\\":null,\\\"disabled\\\":false,\\\"index\\\":\\\"logs-*\\\",\\\"key\\\":\\\"data_stream.dataset\\\",\\\"negate\\\":false,\\\"params\\\":{\\\"query\\\":\\\"aws.elb_logs\\\"},\\\"type\\\":\\\"phrase\\\",\\\"value\\\":\\\"elb\\\"},\\\"query\\\":{\\\"match\\\":{\\\"data_stream.dataset\\\":{\\\"query\\\":\\\"aws.elb_logs\\\",\\\"type\\\":\\\"phrase\\\"}}}}],\\\"query\\\":{\\\"language\\\":\\\"kuery\\\",\\\"query\\\":\\\"\\\"},\\\"refreshConfig\\\":{\\\"interval\\\":0,\\\"isPaused\\\":false},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-15m\\\",\\\"to\\\":\\\"now\\\"},\\\"zoom\\\":3.9,\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false}}\",\"title\":\"ELB Requests Geolocation [Logs AWS]\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[]}\"},\"isLayerTOCOpen\":false,\"mapCenter\":{\"lat\":51.63808,\"lon\":17.07232,\"zoom\":3.47},\"openTOCDetails\":[],\"type\":\"map\",\"enhancements\":{}},\"title\":\"ELB Requests Geolocation\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":14,\"i\":\"26ebbde3-ee0c-4b4d-8ab9-404cbe5786a9\",\"w\":16,\"x\":16,\"y\":0},\"panelIndex\":\"26ebbde3-ee0c-4b4d-8ab9-404cbe5786a9\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"\",\"isModelInvalid\":false,\"legend_position\":\"bottom\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(104,204,202,1)\",\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.elb_logs\\\"\"},\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Inbound\",\"line_width\":1,\"metrics\":[{\"field\":\"source.bytes\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.elb.name\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"ELB Inbound Traffic [Logs AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"ELB Inbound Traffic\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":14,\"i\":\"48ecb39f-57a5-4805-a8a9-77385a996d75\",\"w\":16,\"x\":32,\"y\":14},\"panelIndex\":\"48ecb39f-57a5-4805-a8a9-77385a996d75\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"29527130-3e86-11ea-9067-cf383a4ea3b3\"}],\"bar_color_rules\":[{\"id\":\"cc6d5070-3e85-11ea-9067-cf383a4ea3b3\"}],\"drop_last_bucket\":1,\"gauge_color_rules\":[{\"id\":\"2b29c940-3e86-11ea-9067-cf383a4ea3b3\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"hide_last_value_indicator\":true,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"\",\"isModelInvalid\":false,\"legend_position\":\"bottom\",\"pivot_id\":\"user_agent.original\",\"pivot_type\":\"string\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(104,188,0,1)\",\"color_rules\":[{\"id\":\"42e14220-3e86-11ea-9067-cf383a4ea3b3\"}],\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.elb_logs\\\" \"},\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"User Agent\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"},{\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"id\":\"2010cb20-3e87-11ea-9067-cf383a4ea3b3\",\"type\":\"cumulative_sum\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"user_agent.original\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"top_n\",\"use_kibana_indexes\":false},\"title\":\"ELB Top User Agents [Logs AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"ELB Top User Agents\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":14,\"i\":\"9812996e-ba10-41bd-b134-c9705a0973b4\",\"w\":16,\"x\":0,\"y\":14},\"panelIndex\":\"9812996e-ba10-41bd-b134-c9705a0973b4\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"\",\"isModelInvalid\":false,\"legend_position\":\"bottom\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(115,216,255,1)\",\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.elb_logs\\\" \"},\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Total Requests\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.elb.name\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"ELB Total Requests [Logs AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"ELB Total Requests\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":14,\"i\":\"bb25b36e-0787-48fd-aa22-7ba8c08a9c36\",\"w\":16,\"x\":16,\"y\":14},\"panelIndex\":\"bb25b36e-0787-48fd-aa22-7ba8c08a9c36\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"29527130-3e86-11ea-9067-cf383a4ea3b3\"}],\"bar_color_rules\":[{\"id\":\"cc6d5070-3e85-11ea-9067-cf383a4ea3b3\"}],\"drop_last_bucket\":1,\"gauge_color_rules\":[{\"id\":\"2b29c940-3e86-11ea-9067-cf383a4ea3b3\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"hide_last_value_indicator\":true,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"\",\"isModelInvalid\":false,\"legend_position\":\"bottom\",\"pivot_id\":\"user_agent.original\",\"pivot_type\":\"string\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(115,216,255,1)\",\"color_rules\":[{\"id\":\"42e14220-3e86-11ea-9067-cf383a4ea3b3\"}],\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.elb_logs\\\" \"},\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"IP address\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"},{\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"id\":\"40c52370-3e87-11ea-9067-cf383a4ea3b3\",\"type\":\"cumulative_sum\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"source.ip\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"top_n\",\"use_kibana_indexes\":false},\"title\":\"ELB Top IP Addresses [Logs AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"ELB Top IP Addresses\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":14,\"i\":\"bf43580d-cc26-415b-ae36-d678a232b544\",\"w\":16,\"x\":32,\"y\":0},\"panelIndex\":\"bf43580d-cc26-415b-ae36-d678a232b544\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"\",\"isModelInvalid\":false,\"legend_position\":\"bottom\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(253,161,255,1)\",\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.elb_logs\\\"\"},\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Outbound\",\"line_width\":1,\"metrics\":[{\"field\":\"destination.bytes\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.elb.name\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"ELB Outbound Traffic [Logs AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"ELB Outbound Traffic\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":14,\"i\":\"466e825b-6ee2-43c3-b221-21abe27612dd\",\"w\":16,\"x\":0,\"y\":28},\"panelIndex\":\"466e825b-6ee2-43c3-b221-21abe27612dd\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"\",\"isModelInvalid\":false,\"legend_position\":\"bottom\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(164,221,0,1)\",\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.elb_logs\\\" and http.response.status_code >= 200 and http.response.status_code\\t< 300\"},\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"HTTP 2xx\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.elb.name\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"ELB HTTP 2xx [Logs AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"ELB HTTP 2xx\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":14,\"i\":\"d42994a6-922c-4f86-bf99-a46f87ff106d\",\"w\":16,\"x\":16,\"y\":28},\"panelIndex\":\"d42994a6-922c-4f86-bf99-a46f87ff106d\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"\",\"isModelInvalid\":false,\"legend_position\":\"bottom\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(174,161,255,1)\",\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.elb_logs\\\" and http.response.status_code >= 400 and http.response.status_code < 500\"},\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"HTTP 4xx\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.elb.name\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"ELB HTTP 4xx [Logs AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"ELB HTTP 4xx\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":14,\"i\":\"f45aaa2c-c244-4d1a-8ad4-4794130b9827\",\"w\":16,\"x\":32,\"y\":28},\"panelIndex\":\"f45aaa2c-c244-4d1a-8ad4-4794130b9827\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"\",\"isModelInvalid\":false,\"legend_position\":\"bottom\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(244,78,59,1)\",\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.elb_logs\\\" and http.response.status_code >= 500 and http.response.status_code < 600\"},\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"HTTP 5xx\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.elb.name\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"ELB HTTP 5xx [Logs AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"ELB HTTP 5xx\"}]","timeRestore":false,"title":"[Logs AWS] ELB Access Log Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"aws-3af47420-3e7b-11ea-bb0a-69c3ca1d410f","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"2c97b32e-5548-429d-9ce0-1bbc3d2398ac:layer_1_source_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688154054424,5901],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1MDMsMV0="}
-{"attributes":{"description":"Overview of AWS Security Hub Findings Action","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.securityhub_findings\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.securityhub_findings\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"c893ddac-d20f-4dd8-9223-ce8eebec350f\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"c893ddac-d20f-4dd8-9223-ce8eebec350f\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"[Findings and Insights Overview](#/dashboard/aws-cc571400-dc61-11ec-a6e3-1bc5ab0aa1b4) | [Findings Malware, Threat Intelligence Indicator and Network Path Overview](#/dashboard/aws-8fcf4c20-f7a3-11ec-aa7f-c173c0f9e267) | [Summary Dashboard](#/dashboard/aws-c9f103d0-5f63-11ed-bd69-473ce047ef30)\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Dashboards [Logs AWS]\"},{\"version\":\"8.7.0\",\"type\":\"map\",\"gridData\":{\"h\":20,\"i\":\"a170a10e-e4e0-4ea6-8562-336df9f46e2f\",\"w\":48,\"x\":0,\"y\":4},\"panelIndex\":\"a170a10e-e4e0-4ea6-8562-336df9f46e2f\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"layerListJSON\":\"[{\\\"sourceDescriptor\\\":{\\\"type\\\":\\\"EMS_TMS\\\",\\\"isAutoSelect\\\":true,\\\"lightModeDefault\\\":\\\"road_map\\\"},\\\"id\\\":\\\"01ebeac6-0c24-44c1-a59f-774292776002\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":1,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"TILE\\\"},\\\"includeInFitToBounds\\\":true,\\\"type\\\":\\\"EMS_VECTOR_TILE\\\"},{\\\"joins\\\":[{\\\"leftField\\\":\\\"iso2\\\",\\\"right\\\":{\\\"type\\\":\\\"ES_TERM_SOURCE\\\",\\\"id\\\":\\\"39ac4104-7e4f-47fa-a965-035f9ea2d076\\\",\\\"indexPatternTitle\\\":\\\"logs-*\\\",\\\"term\\\":\\\"aws.securityhub_findings.action.aws_api_call.remote_ip.country.code\\\",\\\"metrics\\\":[{\\\"type\\\":\\\"count\\\"}],\\\"applyGlobalQuery\\\":true,\\\"applyGlobalTime\\\":true,\\\"applyForceRefresh\\\":true,\\\"indexPatternRefName\\\":\\\"layer_1_join_0_index_pattern\\\"}}],\\\"sourceDescriptor\\\":{\\\"type\\\":\\\"EMS_FILE\\\",\\\"id\\\":\\\"world_countries\\\",\\\"tooltipProperties\\\":[\\\"iso2\\\"]},\\\"style\\\":{\\\"type\\\":\\\"VECTOR\\\",\\\"properties\\\":{\\\"icon\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"value\\\":\\\"marker\\\"}},\\\"fillColor\\\":{\\\"type\\\":\\\"DYNAMIC\\\",\\\"options\\\":{\\\"color\\\":\\\"Yellow to Red\\\",\\\"colorCategory\\\":\\\"palette_0\\\",\\\"field\\\":{\\\"name\\\":\\\"__kbnjoin__count__39ac4104-7e4f-47fa-a965-035f9ea2d076\\\",\\\"origin\\\":\\\"join\\\"},\\\"fieldMetaOptions\\\":{\\\"isEnabled\\\":true,\\\"sigma\\\":3},\\\"type\\\":\\\"ORDINAL\\\"}},\\\"lineColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#3d3d3d\\\"}},\\\"lineWidth\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":1}},\\\"iconSize\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":6}},\\\"iconOrientation\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"orientation\\\":0}},\\\"labelText\\\":{\\\"type\\\":\\\"DYNAMIC\\\",\\\"options\\\":{\\\"field\\\":{\\\"name\\\":\\\"__kbnjoin__count__39ac4104-7e4f-47fa-a965-035f9ea2d076\\\",\\\"origin\\\":\\\"join\\\"}}},\\\"labelColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#000000\\\"}},\\\"labelSize\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":14}},\\\"labelBorderColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#FFFFFF\\\"}},\\\"symbolizeAs\\\":{\\\"options\\\":{\\\"value\\\":\\\"circle\\\"}},\\\"labelBorderSize\\\":{\\\"options\\\":{\\\"size\\\":\\\"SMALL\\\"}}},\\\"isTimeAware\\\":true},\\\"id\\\":\\\"eaf2779b-e6e6-40d9-89d4-b3f04f536a25\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":0.75,\\\"visible\\\":true,\\\"includeInFitToBounds\\\":true,\\\"type\\\":\\\"GEOJSON_VECTOR\\\"}]\",\"mapStateJSON\":\"{\\\"zoom\\\":1.06,\\\"center\\\":{\\\"lon\\\":0,\\\"lat\\\":19.94277},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-7d/d\\\",\\\"to\\\":\\\"now\\\"},\\\"refreshConfig\\\":{\\\"isPaused\\\":true,\\\"interval\\\":0},\\\"query\\\":{\\\"query\\\":\\\"data_stream.dataset : \\\\\\\"aws.securityhub_findings\\\\\\\" \\\",\\\"language\\\":\\\"kuery\\\"},\\\"filters\\\":[],\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false,\\\"backgroundColor\\\":\\\"#ffffff\\\",\\\"disableInteractive\\\":false,\\\"disableTooltipControl\\\":false,\\\"hideToolbarOverlay\\\":false,\\\"hideLayerControl\\\":false,\\\"hideViewControl\\\":false,\\\"initialLocation\\\":\\\"LAST_SAVED_LOCATION\\\",\\\"fixedLocation\\\":{\\\"lat\\\":0,\\\"lon\\\":0,\\\"zoom\\\":2},\\\"browserLocation\\\":{\\\"zoom\\\":2},\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"showScaleControl\\\":false,\\\"showSpatialFilters\\\":true,\\\"showTimesliderToggleButton\\\":true,\\\"spatialFiltersAlpa\\\":0.3,\\\"spatialFiltersFillColor\\\":\\\"#DA8B45\\\",\\\"spatialFiltersLineColor\\\":\\\"#DA8B45\\\"}}\",\"references\":[{\"id\":\"logs-*\",\"name\":\"layer_1_join_0_index_pattern\",\"type\":\"index-pattern\"}],\"title\":\"AWS API Call by Countries [Logs AWS]\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":false,\\\"openTOCDetails\\\":[]}\"},\"enhancements\":{},\"hiddenLayers\":[],\"isLayerTOCOpen\":false,\"mapBuffer\":{\"maxLat\":66.51326,\"maxLon\":180,\"minLat\":-66.51326,\"minLon\":-180},\"mapCenter\":{\"lat\":19.94277,\"lon\":0,\"zoom\":1.06},\"openTOCDetails\":[],\"type\":\"map\"}},{\"version\":\"8.7.0\",\"type\":\"map\",\"gridData\":{\"h\":21,\"i\":\"d5eeb926-44de-424a-adff-b842fed487f1\",\"w\":48,\"x\":0,\"y\":24},\"panelIndex\":\"d5eeb926-44de-424a-adff-b842fed487f1\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"layerListJSON\":\"[{\\\"sourceDescriptor\\\":{\\\"type\\\":\\\"EMS_TMS\\\",\\\"isAutoSelect\\\":true,\\\"lightModeDefault\\\":\\\"road_map\\\"},\\\"id\\\":\\\"08cfbaf0-8c92-472f-9728-8bce4e663334\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":1,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"TILE\\\"},\\\"includeInFitToBounds\\\":true,\\\"type\\\":\\\"EMS_VECTOR_TILE\\\"},{\\\"joins\\\":[{\\\"leftField\\\":\\\"iso2\\\",\\\"right\\\":{\\\"type\\\":\\\"ES_TERM_SOURCE\\\",\\\"id\\\":\\\"8c509e4c-57b1-4bde-9617-b0159ece3c86\\\",\\\"indexPatternTitle\\\":\\\"logs-*\\\",\\\"term\\\":\\\"aws.securityhub_findings.action.network_connection.remote_ip.country.code\\\",\\\"metrics\\\":[{\\\"type\\\":\\\"count\\\"}],\\\"applyGlobalQuery\\\":true,\\\"applyGlobalTime\\\":true,\\\"applyForceRefresh\\\":true,\\\"indexPatternRefName\\\":\\\"layer_1_join_0_index_pattern\\\"}}],\\\"sourceDescriptor\\\":{\\\"type\\\":\\\"EMS_FILE\\\",\\\"id\\\":\\\"world_countries\\\",\\\"tooltipProperties\\\":[\\\"iso2\\\"]},\\\"style\\\":{\\\"type\\\":\\\"VECTOR\\\",\\\"properties\\\":{\\\"icon\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"value\\\":\\\"marker\\\"}},\\\"fillColor\\\":{\\\"type\\\":\\\"DYNAMIC\\\",\\\"options\\\":{\\\"color\\\":\\\"Yellow to Red\\\",\\\"colorCategory\\\":\\\"palette_0\\\",\\\"field\\\":{\\\"name\\\":\\\"__kbnjoin__count__8c509e4c-57b1-4bde-9617-b0159ece3c86\\\",\\\"origin\\\":\\\"join\\\"},\\\"fieldMetaOptions\\\":{\\\"isEnabled\\\":true,\\\"sigma\\\":3},\\\"type\\\":\\\"ORDINAL\\\"}},\\\"lineColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#3d3d3d\\\"}},\\\"lineWidth\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":1}},\\\"iconSize\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":6}},\\\"iconOrientation\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"orientation\\\":0}},\\\"labelText\\\":{\\\"type\\\":\\\"DYNAMIC\\\",\\\"options\\\":{\\\"field\\\":{\\\"name\\\":\\\"__kbnjoin__count__8c509e4c-57b1-4bde-9617-b0159ece3c86\\\",\\\"origin\\\":\\\"join\\\"}}},\\\"labelColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#000000\\\"}},\\\"labelSize\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":14}},\\\"labelBorderColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#FFFFFF\\\"}},\\\"symbolizeAs\\\":{\\\"options\\\":{\\\"value\\\":\\\"circle\\\"}},\\\"labelBorderSize\\\":{\\\"options\\\":{\\\"size\\\":\\\"SMALL\\\"}}},\\\"isTimeAware\\\":true},\\\"id\\\":\\\"f158a7b9-474b-4846-8b59-bbfea4728396\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":0.75,\\\"visible\\\":true,\\\"includeInFitToBounds\\\":true,\\\"type\\\":\\\"GEOJSON_VECTOR\\\"}]\",\"mapStateJSON\":\"{\\\"zoom\\\":1.33,\\\"center\\\":{\\\"lon\\\":13.80026,\\\"lat\\\":14.52408},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-7d/d\\\",\\\"to\\\":\\\"now\\\"},\\\"refreshConfig\\\":{\\\"isPaused\\\":true,\\\"interval\\\":0},\\\"query\\\":{\\\"query\\\":\\\"data_stream.dataset : \\\\\\\"aws.securityhub_findings\\\\\\\" \\\",\\\"language\\\":\\\"kuery\\\"},\\\"filters\\\":[],\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false,\\\"backgroundColor\\\":\\\"#ffffff\\\",\\\"disableInteractive\\\":false,\\\"disableTooltipControl\\\":false,\\\"hideToolbarOverlay\\\":false,\\\"hideLayerControl\\\":false,\\\"hideViewControl\\\":false,\\\"initialLocation\\\":\\\"LAST_SAVED_LOCATION\\\",\\\"fixedLocation\\\":{\\\"lat\\\":0,\\\"lon\\\":0,\\\"zoom\\\":2},\\\"browserLocation\\\":{\\\"zoom\\\":2},\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"showScaleControl\\\":false,\\\"showSpatialFilters\\\":true,\\\"showTimesliderToggleButton\\\":true,\\\"spatialFiltersAlpa\\\":0.3,\\\"spatialFiltersFillColor\\\":\\\"#DA8B45\\\",\\\"spatialFiltersLineColor\\\":\\\"#DA8B45\\\"}}\",\"references\":[{\"id\":\"logs-*\",\"name\":\"layer_1_join_0_index_pattern\",\"type\":\"index-pattern\"}],\"title\":\"Network Connection by Countries [Logs AWS]\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[]}\"},\"enhancements\":{},\"hiddenLayers\":[],\"isLayerTOCOpen\":true,\"mapBuffer\":{\"maxLat\":85.05113,\"maxLon\":360,\"minLat\":-66.51326,\"minLon\":-360},\"mapCenter\":{\"lat\":19.94277,\"lon\":0,\"zoom\":1.06},\"openTOCDetails\":[],\"type\":\"map\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"ea83392c-bf61-452b-a925-da53a605f15e\",\"w\":24,\"x\":0,\"y\":45},\"panelIndex\":\"ea83392c-bf61-452b-a925-da53a605f15e\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-1d4e4b9a-eafe-4c08-8a88-4ee56a5f196d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"1d4e4b9a-eafe-4c08-8a88-4ee56a5f196d\":{\"columnOrder\":[\"9d4fb7b1-f33f-4818-bed0-7e432f3f757b\",\"2c42f7b4-d1de-4da0-b480-7b84e51df812\"],\"columns\":{\"2c42f7b4-d1de-4da0-b480-7b84e51df812\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"9d4fb7b1-f33f-4818-bed0-7e432f3f757b\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Action Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"2c42f7b4-d1de-4da0-b480-7b84e51df812\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"event.action\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"1d4e4b9a-eafe-4c08-8a88-4ee56a5f196d\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"9d4fb7b1-f33f-4818-bed0-7e432f3f757b\"],\"metrics\":[\"2c42f7b4-d1de-4da0-b480-7b84e51df812\"]}],\"shape\":\"pie\"}},\"title\":\"Distribution of Events by Action Type [Logs AWS]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"058d0f04-1686-4516-80f2-1a83851ea96e\",\"w\":24,\"x\":24,\"y\":45},\"panelIndex\":\"058d0f04-1686-4516-80f2-1a83851ea96e\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a95d4f74-a7e0-4bc7-a9aa-b368816e2ce6\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a95d4f74-a7e0-4bc7-a9aa-b368816e2ce6\":{\"columnOrder\":[\"ac5884ec-c3fa-4b6e-a4af-e49794e71472\",\"5b765bda-f376-4403-8809-8896c3e6bd21\"],\"columns\":{\"5b765bda-f376-4403-8809-8896c3e6bd21\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"ac5884ec-c3fa-4b6e-a4af-e49794e71472\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Network Connection Direction\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"5b765bda-f376-4403-8809-8896c3e6bd21\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.action.network_connection.direction\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"a95d4f74-a7e0-4bc7-a9aa-b368816e2ce6\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"ac5884ec-c3fa-4b6e-a4af-e49794e71472\"],\"metrics\":[\"5b765bda-f376-4403-8809-8896c3e6bd21\"]}],\"shape\":\"pie\"}},\"title\":\"Distribution of Events by Network Connection Direction [Logs AWS]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"bd8c282c-17ad-4104-8fec-bb9581748919\",\"w\":24,\"x\":0,\"y\":60},\"panelIndex\":\"bd8c282c-17ad-4104-8fec-bb9581748919\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-edff9217-fdd3-400b-badf-89f37350f168\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"edff9217-fdd3-400b-badf-89f37350f168\":{\"columnOrder\":[\"b62a89ae-c74a-44aa-87d2-ee9e6606f9f5\",\"1728e561-e7a1-4b7f-a344-8ce508632ecf\"],\"columns\":{\"1728e561-e7a1-4b7f-a344-8ce508632ecf\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"b62a89ae-c74a-44aa-87d2-ee9e6606f9f5\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"AWS API Call Service Name \",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"1728e561-e7a1-4b7f-a344-8ce508632ecf\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.action.aws_api_call.service.name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"1728e561-e7a1-4b7f-a344-8ce508632ecf\"],\"layerId\":\"edff9217-fdd3-400b-badf-89f37350f168\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"b62a89ae-c74a-44aa-87d2-ee9e6606f9f5\"}],\"legend\":{\"isVisible\":true,\"legendSize\":\"auto\",\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"title\":\"Distribution of Events by AWS API Call Action Service Name [Logs AWS]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"54045abd-664a-46da-8e75-c1b52460eda3\",\"w\":24,\"x\":24,\"y\":60},\"panelIndex\":\"54045abd-664a-46da-8e75-c1b52460eda3\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-7bf878d9-be2e-4436-b1b0-14411b106a14\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"7bf878d9-be2e-4436-b1b0-14411b106a14\":{\"columnOrder\":[\"b67d6fee-3664-4292-95db-10d5f740c5d0\",\"ad38b778-54c1-4ec8-b50f-0467530d75ef\"],\"columns\":{\"ad38b778-54c1-4ec8-b50f-0467530d75ef\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"b67d6fee-3664-4292-95db-10d5f740c5d0\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"DNS Request Blocked\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"ad38b778-54c1-4ec8-b50f-0467530d75ef\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.action.dns_request.blocked\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"7bf878d9-be2e-4436-b1b0-14411b106a14\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"b67d6fee-3664-4292-95db-10d5f740c5d0\"],\"metrics\":[\"ad38b778-54c1-4ec8-b50f-0467530d75ef\"]}],\"shape\":\"pie\"}},\"title\":\"Distribution of Events by DNS Request Blocked [Logs AWS]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"1a7df8c6-6da8-451d-a2cf-36cadce30b36\",\"w\":24,\"x\":0,\"y\":75},\"panelIndex\":\"1a7df8c6-6da8-451d-a2cf-36cadce30b36\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-afe9f1d1-b684-48fb-9be7-d916f7c8ad82\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"afe9f1d1-b684-48fb-9be7-d916f7c8ad82\":{\"columnOrder\":[\"c9f9b29b-9d9d-4472-8fa9-6a18da0f13d5\",\"8806c732-d4db-45e0-a14b-c73f8efbc513\"],\"columns\":{\"8806c732-d4db-45e0-a14b-c73f8efbc513\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"c9f9b29b-9d9d-4472-8fa9-6a18da0f13d5\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Port Probe Blocked\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"8806c732-d4db-45e0-a14b-c73f8efbc513\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.action.port_probe.blocked\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"afe9f1d1-b684-48fb-9be7-d916f7c8ad82\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"c9f9b29b-9d9d-4472-8fa9-6a18da0f13d5\"],\"metrics\":[\"8806c732-d4db-45e0-a14b-c73f8efbc513\"]}],\"shape\":\"pie\"}},\"title\":\"Distribution of Events by Port Probe Blocked [Logs AWS]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"ec4c18fe-7102-4ce9-92ad-810a834e3e63\",\"w\":24,\"x\":24,\"y\":75},\"panelIndex\":\"ec4c18fe-7102-4ce9-92ad-810a834e3e63\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-bc5ed209-d33a-4368-8e12-f481b4ed358d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"bc5ed209-d33a-4368-8e12-f481b4ed358d\":{\"columnOrder\":[\"6bd9b2ee-81b5-4cb7-9022-298d885f1d98\",\"2c535e6a-760b-44d4-8060-0b742c9dd26e\"],\"columns\":{\"2c535e6a-760b-44d4-8060-0b742c9dd26e\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"6bd9b2ee-81b5-4cb7-9022-298d885f1d98\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Network Connection Action Blocked\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"2c535e6a-760b-44d4-8060-0b742c9dd26e\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.action.network_connection.blocked\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"bc5ed209-d33a-4368-8e12-f481b4ed358d\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"6bd9b2ee-81b5-4cb7-9022-298d885f1d98\"],\"metrics\":[\"2c535e6a-760b-44d4-8060-0b742c9dd26e\"]}],\"shape\":\"pie\"}},\"title\":\"Distribution of Events by Network Connection Action Blocked [Logs AWS]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"a0109b78-7c58-4956-8d61-12fa00bd53f7\",\"w\":24,\"x\":0,\"y\":90},\"panelIndex\":\"a0109b78-7c58-4956-8d61-12fa00bd53f7\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-cd1ff007-7eb1-4c71-a626-ea5ad9fcb0ba\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"cd1ff007-7eb1-4c71-a626-ea5ad9fcb0ba\":{\"columnOrder\":[\"73da44f6-de88-4c64-b0e6-bccf0117127a\",\"b1b4bb34-c135-4e33-8d0e-3db33c4eaaf4\"],\"columns\":{\"73da44f6-de88-4c64-b0e6-bccf0117127a\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"AWS API Call Caller Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"b1b4bb34-c135-4e33-8d0e-3db33c4eaaf4\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.action.aws_api_call.caller.type\"},\"b1b4bb34-c135-4e33-8d0e-3db33c4eaaf4\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"cd1ff007-7eb1-4c71-a626-ea5ad9fcb0ba\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"73da44f6-de88-4c64-b0e6-bccf0117127a\"],\"metrics\":[\"b1b4bb34-c135-4e33-8d0e-3db33c4eaaf4\"]}],\"shape\":\"pie\"}},\"title\":\"Distribution of Events by AWS API Call Caller Type [Logs AWS]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"46b72e3d-9471-4b3c-8509-bdd8fb4c989c\",\"w\":24,\"x\":24,\"y\":90},\"panelIndex\":\"46b72e3d-9471-4b3c-8509-bdd8fb4c989c\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-f61b43c4-a565-45fc-b2fc-48b276c32f13\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"f61b43c4-a565-45fc-b2fc-48b276c32f13\":{\"columnOrder\":[\"a70fafef-de6e-4e3c-85ad-86b8cb08e404\",\"817e5e5c-9063-497a-a509-ff213c3d8b51\"],\"columns\":{\"817e5e5c-9063-497a-a509-ff213c3d8b51\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"a70fafef-de6e-4e3c-85ad-86b8cb08e404\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Request Domain\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"817e5e5c-9063-497a-a509-ff213c3d8b51\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.action.dns_request.domain\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"a70fafef-de6e-4e3c-85ad-86b8cb08e404\"},{\"columnId\":\"817e5e5c-9063-497a-a509-ff213c3d8b51\"}],\"layerId\":\"f61b43c4-a565-45fc-b2fc-48b276c32f13\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"Top 10 DNS Request Domain [Logs AWS]\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"dc7a8f88-82e6-4fdd-a567-1feae710b3aa\",\"w\":24,\"x\":0,\"y\":105},\"panelIndex\":\"dc7a8f88-82e6-4fdd-a567-1feae710b3aa\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-78886a7e-623a-4494-9ea1-c5fe1bc95184\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"78886a7e-623a-4494-9ea1-c5fe1bc95184\":{\"columnOrder\":[\"5307171c-ada8-477c-b851-6a81b6df6843\",\"02b5ef7f-40e2-47ca-a312-90d247faf0f4\"],\"columns\":{\"02b5ef7f-40e2-47ca-a312-90d247faf0f4\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"5307171c-ada8-477c-b851-6a81b6df6843\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"DNS Request Protocol\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"02b5ef7f-40e2-47ca-a312-90d247faf0f4\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.action.dns_request.protocol\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"78886a7e-623a-4494-9ea1-c5fe1bc95184\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"5307171c-ada8-477c-b851-6a81b6df6843\"],\"metrics\":[\"02b5ef7f-40e2-47ca-a312-90d247faf0f4\"]}],\"shape\":\"pie\"}},\"title\":\"Distribution of Events by DNS Request Protocol [Logs AWS]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"type\":\"lens\"}}]","timeRestore":false,"title":"[Logs AWS] Security Hub Findings Action","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"aws-3d3dbe00-f79f-11ec-aa7f-c173c0f9e267","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"a170a10e-e4e0-4ea6-8562-336df9f46e2f:layer_1_join_0_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"d5eeb926-44de-424a-adff-b842fed487f1:layer_1_join_0_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"ea83392c-bf61-452b-a925-da53a605f15e:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"ea83392c-bf61-452b-a925-da53a605f15e:indexpattern-datasource-layer-1d4e4b9a-eafe-4c08-8a88-4ee56a5f196d","type":"index-pattern"},{"id":"logs-*","name":"058d0f04-1686-4516-80f2-1a83851ea96e:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"058d0f04-1686-4516-80f2-1a83851ea96e:indexpattern-datasource-layer-a95d4f74-a7e0-4bc7-a9aa-b368816e2ce6","type":"index-pattern"},{"id":"logs-*","name":"bd8c282c-17ad-4104-8fec-bb9581748919:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"bd8c282c-17ad-4104-8fec-bb9581748919:indexpattern-datasource-layer-edff9217-fdd3-400b-badf-89f37350f168","type":"index-pattern"},{"id":"logs-*","name":"54045abd-664a-46da-8e75-c1b52460eda3:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"54045abd-664a-46da-8e75-c1b52460eda3:indexpattern-datasource-layer-7bf878d9-be2e-4436-b1b0-14411b106a14","type":"index-pattern"},{"id":"logs-*","name":"1a7df8c6-6da8-451d-a2cf-36cadce30b36:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"1a7df8c6-6da8-451d-a2cf-36cadce30b36:indexpattern-datasource-layer-afe9f1d1-b684-48fb-9be7-d916f7c8ad82","type":"index-pattern"},{"id":"logs-*","name":"ec4c18fe-7102-4ce9-92ad-810a834e3e63:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"ec4c18fe-7102-4ce9-92ad-810a834e3e63:indexpattern-datasource-layer-bc5ed209-d33a-4368-8e12-f481b4ed358d","type":"index-pattern"},{"id":"logs-*","name":"a0109b78-7c58-4956-8d61-12fa00bd53f7:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"a0109b78-7c58-4956-8d61-12fa00bd53f7:indexpattern-datasource-layer-cd1ff007-7eb1-4c71-a626-ea5ad9fcb0ba","type":"index-pattern"},{"id":"logs-*","name":"46b72e3d-9471-4b3c-8509-bdd8fb4c989c:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"46b72e3d-9471-4b3c-8509-bdd8fb4c989c:indexpattern-datasource-layer-f61b43c4-a565-45fc-b2fc-48b276c32f13","type":"index-pattern"},{"id":"logs-*","name":"dc7a8f88-82e6-4fdd-a567-1feae710b3aa:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"dc7a8f88-82e6-4fdd-a567-1feae710b3aa:indexpattern-datasource-layer-78886a7e-623a-4494-9ea1-c5fe1bc95184","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688154054424,5925],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1MDQsMV0="}
-{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{\"dc3d0169-d74f-4562-a5fc-0a3aa3b88a66\":{\"order\":0,\"width\":\"large\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"aws.guardduty.severity.value\",\"parentFieldName\":\"aws.guardduty.severity.value\",\"title\":\"Findings Severity\",\"id\":\"dc3d0169-d74f-4562-a5fc-0a3aa3b88a66\",\"enhancements\":{}}},\"5c292aab-3ebf-4d28-8de8-409c4e8f3964\":{\"order\":1,\"width\":\"large\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"cloud.account.id\",\"title\":\"Cloud Account ID\",\"id\":\"5c292aab-3ebf-4d28-8de8-409c4e8f3964\",\"enhancements\":{}}},\"92f50669-315a-4090-bb9a-6aa4ccd23236\":{\"order\":2,\"width\":\"large\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"cloud.region\",\"title\":\"Cloud Region\",\"id\":\"92f50669-315a-4090-bb9a-6aa4ccd23236\",\"enhancements\":{}}},\"afdfd48f-9238-4bc0-824e-9c24cea54a0d\":{\"order\":3,\"width\":\"large\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"cloud.provider\",\"title\":\"Cloud Provider\",\"id\":\"afdfd48f-9238-4bc0-824e-9c24cea54a0d\",\"enhancements\":{}}}}"},"description":"Overview of Amazon Guardduty Severity.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.guardduty\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.guardduty\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"e5323905-bbca-4cba-9743-62f51e089c4e\",\"w\":24,\"x\":0,\"y\":0},\"panelIndex\":\"e5323905-bbca-4cba-9743-62f51e089c4e\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-e11cbb3d-97ae-40c9-9e40-f22edae179a8\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"12d46c5c-2f5c-4cc8-bbe8-99d02061ca2d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"e11cbb3d-97ae-40c9-9e40-f22edae179a8\":{\"columnOrder\":[\"576fd823-f299-403a-bf8e-50a8907aa24c\"],\"columns\":{\"576fd823-f299-403a-bf8e-50a8907aa24c\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Total Findings Severity\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"12d46c5c-2f5c-4cc8-bbe8-99d02061ca2d\",\"key\":\"aws.guardduty.severity.value\",\"negate\":false,\"type\":\"exists\",\"value\":\"exists\"},\"query\":{\"exists\":{\"field\":\"aws.guardduty.severity.value\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"576fd823-f299-403a-bf8e-50a8907aa24c\",\"layerId\":\"e11cbb3d-97ae-40c9-9e40-f22edae179a8\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Findings Severity [Logs Guardduty]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"9bf4750b-f97a-4cfe-8043-20c060ec0e6b\",\"w\":24,\"x\":24,\"y\":15},\"panelIndex\":\"9bf4750b-f97a-4cfe-8043-20c060ec0e6b\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-cd79dd95-938b-476c-b299-87e08b27babf\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"cd79dd95-938b-476c-b299-87e08b27babf\":{\"columnOrder\":[\"f422e4a2-19b6-43f5-84ab-04c0a1e93884\",\"c8d4b79c-7d41-4961-b026-c98aa675c6a2\"],\"columns\":{\"c8d4b79c-7d41-4961-b026-c98aa675c6a2\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"f422e4a2-19b6-43f5-84ab-04c0a1e93884\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Severity\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"c8d4b79c-7d41-4961-b026-c98aa675c6a2\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.guardduty.severity.value\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"cd79dd95-938b-476c-b299-87e08b27babf\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":false,\"primaryGroups\":[\"f422e4a2-19b6-43f5-84ab-04c0a1e93884\"],\"metrics\":[\"c8d4b79c-7d41-4961-b026-c98aa675c6a2\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Findings by Severity [Logs Guardduty]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"4e6dad73-8053-466e-988f-9d7402bc2296\",\"w\":24,\"x\":0,\"y\":15},\"panelIndex\":\"4e6dad73-8053-466e-988f-9d7402bc2296\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a4a2e3f4-5526-4a49-917d-c0da13a3c59b\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a4a2e3f4-5526-4a49-917d-c0da13a3c59b\":{\"columnOrder\":[\"5802de81-101d-4230-afd8-5cf9b46536b1\",\"e0af7986-42a7-41b4-9c99-8f3f27c91cef\",\"72d33bd8-ee6b-43ea-97e4-bfbc2a75403e\"],\"columns\":{\"5802de81-101d-4230-afd8-5cf9b46536b1\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Resource Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"72d33bd8-ee6b-43ea-97e4-bfbc2a75403e\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.guardduty.resource.type\"},\"72d33bd8-ee6b-43ea-97e4-bfbc2a75403e\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"e0af7986-42a7-41b4-9c99-8f3f27c91cef\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Severity\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"72d33bd8-ee6b-43ea-97e4-bfbc2a75403e\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.guardduty.severity.value\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"accessors\":[\"72d33bd8-ee6b-43ea-97e4-bfbc2a75403e\"],\"layerId\":\"a4a2e3f4-5526-4a49-917d-c0da13a3c59b\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"splitAccessor\":\"e0af7986-42a7-41b4-9c99-8f3f27c91cef\",\"xAccessor\":\"5802de81-101d-4230-afd8-5cf9b46536b1\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false,\"showSingleSeries\":true},\"preferredSeriesType\":\"bar_stacked\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Findings Resource Type by Severity [Logs Guardduty]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"620e666f-80a6-435d-8c05-451cc4638526\",\"w\":24,\"x\":24,\"y\":30},\"panelIndex\":\"620e666f-80a6-435d-8c05-451cc4638526\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-bf5155c0-44e9-4b25-bfcf-5b6519f5642b\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"bf5155c0-44e9-4b25-bfcf-5b6519f5642b\":{\"columnOrder\":[\"b9ce93d0-4d06-4609-b49f-722b3966d8bf\",\"c8bfcf2b-4b66-4c71-8da3-760785897184\",\"bc53461a-e612-48b2-a271-961db2a20a46\"],\"columns\":{\"b9ce93d0-4d06-4609-b49f-722b3966d8bf\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Region\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"bc53461a-e612-48b2-a271-961db2a20a46\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"cloud.region\"},\"bc53461a-e612-48b2-a271-961db2a20a46\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"c8bfcf2b-4b66-4c71-8da3-760785897184\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Severity\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"bc53461a-e612-48b2-a271-961db2a20a46\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.guardduty.severity.value\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"accessors\":[\"bc53461a-e612-48b2-a271-961db2a20a46\"],\"layerId\":\"bf5155c0-44e9-4b25-bfcf-5b6519f5642b\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"splitAccessor\":\"c8bfcf2b-4b66-4c71-8da3-760785897184\",\"xAccessor\":\"b9ce93d0-4d06-4609-b49f-722b3966d8bf\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false,\"showSingleSeries\":true},\"preferredSeriesType\":\"bar_stacked\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Findings Region by Severity [Logs Guardduty]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"8ef41930-65db-4dee-924c-4a05a891729d\",\"w\":24,\"x\":0,\"y\":30},\"panelIndex\":\"8ef41930-65db-4dee-924c-4a05a891729d\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-937499d4-2b05-43ca-9c9b-14cc04d12e59\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"937499d4-2b05-43ca-9c9b-14cc04d12e59\":{\"columnOrder\":[\"5229a27f-0738-40c5-9a85-019fc21dc0e8\",\"601fc88c-dc78-4b52-977e-007e8c241e86\",\"b9e13f4b-8371-4415-acc5-8dec7ae71b46\"],\"columns\":{\"5229a27f-0738-40c5-9a85-019fc21dc0e8\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Severity\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"b9e13f4b-8371-4415-acc5-8dec7ae71b46\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.guardduty.severity.value\"},\"601fc88c-dc78-4b52-977e-007e8c241e86\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"b9e13f4b-8371-4415-acc5-8dec7ae71b46\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique count\",\"operationType\":\"unique_count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"_id\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"accessors\":[\"b9e13f4b-8371-4415-acc5-8dec7ae71b46\"],\"layerId\":\"937499d4-2b05-43ca-9c9b-14cc04d12e59\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"5229a27f-0738-40c5-9a85-019fc21dc0e8\",\"xAccessor\":\"601fc88c-dc78-4b52-977e-007e8c241e86\",\"yConfig\":[{\"axisMode\":\"auto\",\"forAccessor\":\"b9e13f4b-8371-4415-acc5-8dec7ae71b46\"}]}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false,\"showSingleSeries\":true},\"preferredSeriesType\":\"line\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Severity Over Time [Logs Guardduty]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"154adc56-6d50-48ce-8363-fc1227c918c3\",\"w\":24,\"x\":24,\"y\":0},\"panelIndex\":\"154adc56-6d50-48ce-8363-fc1227c918c3\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-bfc64f98-e13e-4bed-9b00-3c73223c5964\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"c68bdca0-e526-4375-92b9-db2c02d55fd1\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"bfc64f98-e13e-4bed-9b00-3c73223c5964\":{\"columnOrder\":[\"72cee35b-e3d2-4b89-93f7-2ff2fc23034f\",\"dabd934c-7800-4ce3-89e6-4be852b387d1\"],\"columns\":{\"72cee35b-e3d2-4b89-93f7-2ff2fc23034f\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Filters\",\"operationType\":\"filters\",\"params\":{\"filters\":[{\"input\":{\"language\":\"kuery\",\"query\":\"aws.guardduty.severity.value : \\\"High\\\" \"},\"label\":\"High\"},{\"input\":{\"language\":\"kuery\",\"query\":\"aws.guardduty.severity.value : Medium\"},\"label\":\"Medium\"},{\"input\":{\"language\":\"kuery\",\"query\":\"aws.guardduty.severity.value : Low\"},\"label\":\"Low\"}]},\"scale\":\"ordinal\"},\"dabd934c-7800-4ce3-89e6-4be852b387d1\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Severity Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"c68bdca0-e526-4375-92b9-db2c02d55fd1\",\"key\":\"aws.guardduty.severity.value\",\"negate\":false,\"type\":\"exists\",\"value\":\"exists\"},\"query\":{\"exists\":{\"field\":\"aws.guardduty.severity.value\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"breakdownByAccessor\":\"72cee35b-e3d2-4b89-93f7-2ff2fc23034f\",\"layerId\":\"bfc64f98-e13e-4bed-9b00-3c73223c5964\",\"layerType\":\"data\",\"maxCols\":3,\"metricAccessor\":\"dabd934c-7800-4ce3-89e6-4be852b387d1\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Findings Count Based on Severity [Logs Guardduty]\"}]","timeRestore":false,"title":"[Logs AWS] Guardduty Findings Severity","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"aws-401261a0-6a39-11ed-b880-2f1b70138655","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"e5323905-bbca-4cba-9743-62f51e089c4e:indexpattern-datasource-layer-e11cbb3d-97ae-40c9-9e40-f22edae179a8","type":"index-pattern"},{"id":"logs-*","name":"e5323905-bbca-4cba-9743-62f51e089c4e:12d46c5c-2f5c-4cc8-bbe8-99d02061ca2d","type":"index-pattern"},{"id":"logs-*","name":"9bf4750b-f97a-4cfe-8043-20c060ec0e6b:indexpattern-datasource-layer-cd79dd95-938b-476c-b299-87e08b27babf","type":"index-pattern"},{"id":"logs-*","name":"4e6dad73-8053-466e-988f-9d7402bc2296:indexpattern-datasource-layer-a4a2e3f4-5526-4a49-917d-c0da13a3c59b","type":"index-pattern"},{"id":"logs-*","name":"620e666f-80a6-435d-8c05-451cc4638526:indexpattern-datasource-layer-bf5155c0-44e9-4b25-bfcf-5b6519f5642b","type":"index-pattern"},{"id":"logs-*","name":"8ef41930-65db-4dee-924c-4a05a891729d:indexpattern-datasource-layer-937499d4-2b05-43ca-9c9b-14cc04d12e59","type":"index-pattern"},{"id":"logs-*","name":"154adc56-6d50-48ce-8363-fc1227c918c3:indexpattern-datasource-layer-bfc64f98-e13e-4bed-9b00-3c73223c5964","type":"index-pattern"},{"id":"logs-*","name":"154adc56-6d50-48ce-8363-fc1227c918c3:c68bdca0-e526-4375-92b9-db2c02d55fd1","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_dc3d0169-d74f-4562-a5fc-0a3aa3b88a66:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_5c292aab-3ebf-4d28-8de8-409c4e8f3964:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_92f50669-315a-4090-bb9a-6aa4ccd23236:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_afdfd48f-9238-4bc0-824e-9c24cea54a0d:optionsListDataView","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688154054424,5941],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1MDUsMV0="}
-{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{\"00dceb34-5141-43da-b731-266e79f7c567\":{\"order\":0,\"width\":\"medium\",\"grow\":false,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"cloud.region\",\"title\":\"AWS Region\",\"id\":\"00dceb34-5141-43da-b731-266e79f7c567\",\"selectedOptions\":[],\"enhancements\":{}}},\"138553b0-cd96-4281-b659-5c181c87725f\":{\"order\":1,\"width\":\"medium\",\"grow\":false,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"aws.dimensions.VolumeId\",\"title\":\"AWS Volume ID\",\"id\":\"138553b0-cd96-4281-b659-5c181c87725f\",\"enhancements\":{}}}}"},"description":"[Metrics AWS] Overview of EBS Metrics","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.ebs\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.ebs\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":10,\"i\":\"81e6e1e4-9723-4ffd-9d87-bfb15043886c\",\"w\":24,\"x\":24,\"y\":10},\"panelIndex\":\"81e6e1e4-9723-4ffd-9d87-bfb15043886c\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-8da59358-bf1a-45d2-be0b-a2ef2a055b58\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"8da59358-bf1a-45d2-be0b-a2ef2a055b58\":{\"columnOrder\":[\"1ebc6615-1b50-4604-b074-5b5b729ed437\",\"267e2665-8afe-44e1-b892-4da143ec22a4\",\"5136662c-0695-4509-bb16-a8a7fc62a499\"],\"columns\":{\"1ebc6615-1b50-4604-b074-5b5b729ed437\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 values of aws.dimensions.VolumeId\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"5136662c-0695-4509-bb16-a8a7fc62a499\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.dimensions.VolumeId\"},\"267e2665-8afe-44e1-b892-4da143ec22a4\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":true,\"interval\":\"5m\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"5136662c-0695-4509-bb16-a8a7fc62a499\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average of aws.ebs.metrics.VolumeWriteOps.avg\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.ebs.metrics.VolumeWriteOps.avg\"}},\"incompleteColumns\":{},\"sampling\":1}}}},\"filters\":[],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"layers\":[{\"accessors\":[\"5136662c-0695-4509-bb16-a8a7fc62a499\"],\"layerId\":\"8da59358-bf1a-45d2-be0b-a2ef2a055b58\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"1ebc6615-1b50-4604-b074-5b5b729ed437\",\"xAccessor\":\"267e2665-8afe-44e1-b892-4da143ec22a4\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\",\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"type\":\"lens\",\"enhancements\":{}},\"title\":\"Volume Write Ops\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":10,\"i\":\"69439d36-0b02-4ba9-adad-2380e77ff8f5\",\"w\":24,\"x\":0,\"y\":10},\"panelIndex\":\"69439d36-0b02-4ba9-adad-2380e77ff8f5\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-e5e87077-5a8a-4fed-b994-2802ebc771ad\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"e5e87077-5a8a-4fed-b994-2802ebc771ad\":{\"columnOrder\":[\"7b5a8129-da0e-49b5-81aa-f14dafa36b82\",\"aa5a250f-ba0d-4fce-9ec0-872309d976ac\",\"a5a6ae4c-3d37-498c-b98f-441169f97136\"],\"columns\":{\"7b5a8129-da0e-49b5-81aa-f14dafa36b82\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 values of aws.dimensions.VolumeId\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"a5a6ae4c-3d37-498c-b98f-441169f97136\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.dimensions.VolumeId\"},\"a5a6ae4c-3d37-498c-b98f-441169f97136\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average of aws.ebs.metrics.VolumeReadOps.avg\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.ebs.metrics.VolumeReadOps.avg\"},\"aa5a250f-ba0d-4fce-9ec0-872309d976ac\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":false,\"interval\":\"5m\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{},\"sampling\":1}}}},\"filters\":[],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"layers\":[{\"accessors\":[\"a5a6ae4c-3d37-498c-b98f-441169f97136\"],\"layerId\":\"e5e87077-5a8a-4fed-b994-2802ebc771ad\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"7b5a8129-da0e-49b5-81aa-f14dafa36b82\",\"xAccessor\":\"aa5a250f-ba0d-4fce-9ec0-872309d976ac\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\",\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"type\":\"lens\",\"enhancements\":{}},\"title\":\"Volume Read Ops\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":10,\"i\":\"1357ca49-a128-460a-afac-f505f659bd32\",\"w\":24,\"x\":24,\"y\":20},\"panelIndex\":\"1357ca49-a128-460a-afac-f505f659bd32\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-cba8ad0a-ad79-41e0-bb71-90e68fdbb66c\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"cba8ad0a-ad79-41e0-bb71-90e68fdbb66c\":{\"columnOrder\":[\"0865498a-2b36-4dcf-8878-5ab4a893f1a7\",\"938cd7ee-c857-4e61-a632-537a0cd42a05\",\"01dac807-7d95-4256-99f9-ac76e46a36af\"],\"columns\":{\"01dac807-7d95-4256-99f9-ac76e46a36af\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average of aws.ebs.metrics.VolumeWriteBytes.avg\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.ebs.metrics.VolumeWriteBytes.avg\"},\"0865498a-2b36-4dcf-8878-5ab4a893f1a7\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 values of aws.dimensions.VolumeId\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"01dac807-7d95-4256-99f9-ac76e46a36af\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.dimensions.VolumeId\"},\"938cd7ee-c857-4e61-a632-537a0cd42a05\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":false,\"interval\":\"5m\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{},\"sampling\":1}}}},\"filters\":[],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"layers\":[{\"accessors\":[\"01dac807-7d95-4256-99f9-ac76e46a36af\"],\"layerId\":\"cba8ad0a-ad79-41e0-bb71-90e68fdbb66c\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"0865498a-2b36-4dcf-8878-5ab4a893f1a7\",\"xAccessor\":\"938cd7ee-c857-4e61-a632-537a0cd42a05\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\",\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"type\":\"lens\",\"enhancements\":{}},\"title\":\"Volume Write Bytes\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":10,\"i\":\"afbe92c6-fbc6-42fa-83fc-56cc2dc8bc65\",\"w\":24,\"x\":0,\"y\":20},\"panelIndex\":\"afbe92c6-fbc6-42fa-83fc-56cc2dc8bc65\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-55761a89-32d6-46f8-9df5-8ccf0bfb7d39\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"55761a89-32d6-46f8-9df5-8ccf0bfb7d39\":{\"columnOrder\":[\"24510e19-3ab5-4ff1-8742-1911a273cb9f\",\"621b6b76-2d17-4e22-9d54-96ade363c53d\",\"26862a19-bc82-4805-9502-837885281296\"],\"columns\":{\"24510e19-3ab5-4ff1-8742-1911a273cb9f\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 values of aws.dimensions.VolumeId\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"26862a19-bc82-4805-9502-837885281296\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.dimensions.VolumeId\"},\"26862a19-bc82-4805-9502-837885281296\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average of aws.ebs.metrics.VolumeReadBytes.avg\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.ebs.metrics.VolumeReadBytes.avg\"},\"621b6b76-2d17-4e22-9d54-96ade363c53d\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":false,\"interval\":\"5m\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{},\"sampling\":1}}}},\"filters\":[],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"layers\":[{\"accessors\":[\"26862a19-bc82-4805-9502-837885281296\"],\"layerId\":\"55761a89-32d6-46f8-9df5-8ccf0bfb7d39\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"24510e19-3ab5-4ff1-8742-1911a273cb9f\",\"xAccessor\":\"621b6b76-2d17-4e22-9d54-96ade363c53d\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\",\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"type\":\"lens\",\"enhancements\":{}},\"title\":\"Volume Read Bytes\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":10,\"i\":\"04d7b02f-79fd-4c2a-b7a8-b47857d8b76e\",\"w\":24,\"x\":0,\"y\":0},\"panelIndex\":\"04d7b02f-79fd-4c2a-b7a8-b47857d8b76e\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-2a4e13d6-c5c4-4fe2-a493-dd518ab17832\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"2a4e13d6-c5c4-4fe2-a493-dd518ab17832\":{\"columnOrder\":[\"bdbd408a-23d4-44cc-a003-381b118767ce\",\"42144647-3383-4f5c-95f0-fecfc3c2776d\",\"618e9ed2-caf9-4da1-9e2d-e7131299ce30\"],\"columns\":{\"42144647-3383-4f5c-95f0-fecfc3c2776d\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":true,\"interval\":\"5m\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"618e9ed2-caf9-4da1-9e2d-e7131299ce30\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average of aws.ebs.metrics.VolumeQueueLength.avg\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.ebs.metrics.VolumeQueueLength.avg\"},\"bdbd408a-23d4-44cc-a003-381b118767ce\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 values of aws.dimensions.VolumeId\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"618e9ed2-caf9-4da1-9e2d-e7131299ce30\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.dimensions.VolumeId\"}},\"incompleteColumns\":{},\"sampling\":1}}}},\"filters\":[],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"layers\":[{\"accessors\":[\"618e9ed2-caf9-4da1-9e2d-e7131299ce30\"],\"layerId\":\"2a4e13d6-c5c4-4fe2-a493-dd518ab17832\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"bdbd408a-23d4-44cc-a003-381b118767ce\",\"xAccessor\":\"42144647-3383-4f5c-95f0-fecfc3c2776d\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\",\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Volume Queue Length\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":10,\"i\":\"25ff071b-993c-4846-9fa5-94a46fcdc8e2\",\"w\":24,\"x\":24,\"y\":30},\"panelIndex\":\"25ff071b-993c-4846-9fa5-94a46fcdc8e2\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-6156362a-fc13-448b-82a4-e7f32ba7b2b3\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"6156362a-fc13-448b-82a4-e7f32ba7b2b3\":{\"columnOrder\":[\"a46bc6aa-b391-4838-9649-e504593256cd\",\"9e80a182-49b4-4cb4-ac2b-62a704718ade\",\"4de1d282-ed78-4717-af51-3dd6b33d0b02\"],\"columns\":{\"4de1d282-ed78-4717-af51-3dd6b33d0b02\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average of aws.ebs.metrics.VolumeTotalWriteTime.sum\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.ebs.metrics.VolumeTotalWriteTime.sum\"},\"9e80a182-49b4-4cb4-ac2b-62a704718ade\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":false,\"interval\":\"5m\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"a46bc6aa-b391-4838-9649-e504593256cd\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 values of aws.dimensions.VolumeId\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"4de1d282-ed78-4717-af51-3dd6b33d0b02\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.dimensions.VolumeId\"}},\"incompleteColumns\":{},\"sampling\":1}}}},\"filters\":[],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"layers\":[{\"accessors\":[\"4de1d282-ed78-4717-af51-3dd6b33d0b02\"],\"layerId\":\"6156362a-fc13-448b-82a4-e7f32ba7b2b3\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"a46bc6aa-b391-4838-9649-e504593256cd\",\"xAccessor\":\"9e80a182-49b4-4cb4-ac2b-62a704718ade\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\",\"yTitle\":\"\"}},\"title\":\"Volume Total Write Time\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"type\":\"lens\",\"enhancements\":{}},\"title\":\"Volume Total Write Time\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":10,\"i\":\"f654e59e-f814-4af0-80ac-28fbbaea26ee\",\"w\":24,\"x\":0,\"y\":30},\"panelIndex\":\"f654e59e-f814-4af0-80ac-28fbbaea26ee\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-ba7be616-8ef0-476a-9372-e29771f47c20\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"ba7be616-8ef0-476a-9372-e29771f47c20\":{\"columnOrder\":[\"537c12ea-0228-4230-bb83-4df9d1c4d42d\",\"12ed787d-8560-4b4a-8d31-391d8aea44fb\",\"1117748f-4bb7-4b7c-a0df-bf332a10a734\"],\"columns\":{\"1117748f-4bb7-4b7c-a0df-bf332a10a734\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average of aws.ebs.metrics.VolumeTotalReadTime.sum\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.ebs.metrics.VolumeTotalReadTime.sum\"},\"12ed787d-8560-4b4a-8d31-391d8aea44fb\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":false,\"interval\":\"5m\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"537c12ea-0228-4230-bb83-4df9d1c4d42d\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 values of aws.dimensions.VolumeId\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"1117748f-4bb7-4b7c-a0df-bf332a10a734\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.dimensions.VolumeId\"}},\"incompleteColumns\":{},\"sampling\":1}}}},\"filters\":[],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"layers\":[{\"accessors\":[\"1117748f-4bb7-4b7c-a0df-bf332a10a734\"],\"layerId\":\"ba7be616-8ef0-476a-9372-e29771f47c20\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"537c12ea-0228-4230-bb83-4df9d1c4d42d\",\"xAccessor\":\"12ed787d-8560-4b4a-8d31-391d8aea44fb\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\",\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"type\":\"lens\",\"enhancements\":{}},\"title\":\"Volume Total Read Time\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":10,\"i\":\"e4d793ca-e781-403c-a791-63b3bb66e7ab\",\"w\":24,\"x\":24,\"y\":0},\"panelIndex\":\"e4d793ca-e781-403c-a791-63b3bb66e7ab\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-bae8cf43-f049-469b-830a-8bf08b579318\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"bae8cf43-f049-469b-830a-8bf08b579318\":{\"columnOrder\":[\"83c71090-bc35-495b-9981-310bfe9fc3e5\",\"f12b6ba8-f90c-4caa-ae04-5b189b70d381\",\"2975ad52-5399-4410-91bf-15a25e56b4a1\"],\"columns\":{\"2975ad52-5399-4410-91bf-15a25e56b4a1\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average of aws.ebs.metrics.VolumeIdleTime.sum\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.ebs.metrics.VolumeIdleTime.sum\"},\"83c71090-bc35-495b-9981-310bfe9fc3e5\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 values of aws.dimensions.VolumeId\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"2975ad52-5399-4410-91bf-15a25e56b4a1\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.dimensions.VolumeId\"},\"f12b6ba8-f90c-4caa-ae04-5b189b70d381\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":true,\"interval\":\"5m\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{},\"sampling\":1}}}},\"filters\":[],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"layers\":[{\"accessors\":[\"2975ad52-5399-4410-91bf-15a25e56b4a1\"],\"layerId\":\"bae8cf43-f049-469b-830a-8bf08b579318\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"83c71090-bc35-495b-9981-310bfe9fc3e5\",\"xAccessor\":\"f12b6ba8-f90c-4caa-ae04-5b189b70d381\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\",\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Volume Idle Time\"}]","timeRestore":false,"title":"[Metrics AWS] EBS Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"aws-44ce4680-b7ba-11e9-8349-f15f850c5cd0","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"04d7b02f-79fd-4c2a-b7a8-b47857d8b76e:indexpattern-datasource-layer-2a4e13d6-c5c4-4fe2-a493-dd518ab17832","type":"index-pattern"},{"id":"metrics-*","name":"e4d793ca-e781-403c-a791-63b3bb66e7ab:indexpattern-datasource-layer-bae8cf43-f049-469b-830a-8bf08b579318","type":"index-pattern"},{"id":"metrics-*","name":"69439d36-0b02-4ba9-adad-2380e77ff8f5:indexpattern-datasource-layer-e5e87077-5a8a-4fed-b994-2802ebc771ad","type":"index-pattern"},{"id":"metrics-*","name":"81e6e1e4-9723-4ffd-9d87-bfb15043886c:indexpattern-datasource-layer-8da59358-bf1a-45d2-be0b-a2ef2a055b58","type":"index-pattern"},{"id":"metrics-*","name":"afbe92c6-fbc6-42fa-83fc-56cc2dc8bc65:indexpattern-datasource-layer-55761a89-32d6-46f8-9df5-8ccf0bfb7d39","type":"index-pattern"},{"id":"metrics-*","name":"1357ca49-a128-460a-afac-f505f659bd32:indexpattern-datasource-layer-cba8ad0a-ad79-41e0-bb71-90e68fdbb66c","type":"index-pattern"},{"id":"metrics-*","name":"f654e59e-f814-4af0-80ac-28fbbaea26ee:indexpattern-datasource-layer-ba7be616-8ef0-476a-9372-e29771f47c20","type":"index-pattern"},{"id":"metrics-*","name":"25ff071b-993c-4846-9fa5-94a46fcdc8e2:indexpattern-datasource-layer-6156362a-fc13-448b-82a4-e7f32ba7b2b3","type":"index-pattern"},{"id":"metrics-*","name":"controlGroup_00dceb34-5141-43da-b731-266e79f7c567:optionsListDataView","type":"index-pattern"},{"id":"metrics-*","name":"controlGroup_138553b0-cd96-4281-b659-5c181c87725f:optionsListDataView","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688154054424,5955],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1MDYsMV0="}
-{"attributes":{"columns":["aws.s3access.http_status","aws.s3access.error_code","aws.s3access.operation","aws.s3access.request_uri"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"aws.s3access.http_status\",\"negate\":true,\"params\":{\"query\":\"200\"},\"type\":\"phrase\",\"value\":\"200\"},\"query\":{\"match\":{\"aws.s3access.http_status\":{\"query\":\"200\",\"type\":\"phrase\"}}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.s3access\"},\"type\":\"phrase\",\"value\":\"s3access\"},\"query\":{\"match\":{\"data_stream.dataset\":{\"query\":\"aws.s3access\",\"type\":\"phrase\"}}}}],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"version\":true}"},"sort":[["@timestamp","desc"]],"title":"Error Logs [Logs AWS]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"aws-5e5a3c90-bac0-11e9-9f70-1f7bda85a5eb","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688154054424,5961],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1MDcsMV0="}
-{"attributes":{"description":"Logs AWS S3 Server Access Log Overview Dashboard","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"1\",\"w\":24,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Request Uri\",\"field\":\"aws.s3access.request_uri\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"split\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"HTTP Status\",\"field\":\"aws.s3access.http_status\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"dimensions\":{\"buckets\":[{\"accessor\":2,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metric\":{\"accessor\":3,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}},\"splitColumn\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}]},\"distinctColors\":true,\"isDonut\":false,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"row\":false,\"type\":\"pie\",\"legendSize\":\"auto\"},\"title\":\"Top URLs [Logs AWS]\",\"type\":\"pie\",\"uiState\":{\"vis\":{\"colors\":{\"404\":\"#EAB839\"}}}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Top URLs\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"2\",\"w\":24,\"x\":24,\"y\":0},\"panelIndex\":\"2\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"filter\":{\"language\":\"lucene\",\"query\":\"data_stream.dataset:aws.s3access\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"auto\",\"legend_position\":\"bottom\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"bar\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Http Status\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_filters\":[{\"color\":\"#68BC00\",\"filter\":{\"language\":\"kuery\",\"query\":\"aws.s3access.http_status < 300 and aws.s3access.http_status >= 200\"},\"id\":\"5acdc750-a29d-11e7-a062-a1c3587f4874\",\"label\":\"200s\"},{\"color\":\"rgba(252,196,0,1)\",\"filter\":{\"language\":\"kuery\",\"query\":\"aws.s3access.http_status < 400 and aws.s3access.http_status >= 300\"},\"id\":\"6efd2ae0-a29d-11e7-a062-a1c3587f4874\",\"label\":\"300s\"},{\"color\":\"rgba(211,49,21,1)\",\"filter\":{\"language\":\"kuery\",\"query\":\"aws.s3access.http_status < 500 and aws.s3access.http_status >= 400\"},\"id\":\"76089a90-a29d-11e7-a062-a1c3587f4874\",\"label\":\"400s\"},{\"color\":\"rgba(171,20,158,1)\",\"filter\":{\"language\":\"kuery\",\"query\":\"aws.s3access.http_status < 600 and aws.s3access.http_status >= 500\"},\"id\":\"7c7929d0-a29d-11e7-a062-a1c3587f4874\",\"label\":\"500s\"}],\"split_mode\":\"filters\",\"stacked\":\"stacked\",\"terms_field\":\"http.response.status_code\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"Http Status over time [Logs AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Http Status over time\"},{\"embeddableConfig\":{\"title\":\"Error Logs\"},\"gridData\":{\"h\":15,\"i\":\"3\",\"w\":48,\"x\":0,\"y\":15},\"panelIndex\":\"3\",\"panelRefName\":\"panel_2\",\"title\":\"Error Logs\",\"version\":\"7.4.0\"}]","timeRestore":false,"title":"[Logs AWS] S3 Server Access Log Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"aws-4746e000-bacd-11e9-9f70-1f7bda85a5eb","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"aws-5e5a3c90-bac0-11e9-9f70-1f7bda85a5eb","name":"panel_2","type":"search"},{"id":"logs-*","name":"1:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688154054424,5966],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1MDgsMV0="}
-{"attributes":{"columns":["aws.inspector.resources.details.aws.ec2_instance.key_name","aws.inspector.resources.details.aws.ec2_instance.launched_at","aws.inspector.resources.details.aws.ec2_instance.platform","aws.inspector.resources.details.aws.ec2_instance.subnet_id","aws.inspector.resources.details.aws.ec2_instance.type","aws.inspector.resources.details.aws.ec2_instance.vpc_id"],"description":"","grid":{},"hideChart":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.inspector\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.inspector\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"sort":[["@timestamp","desc"]],"title":"Findings AWS EC2 Instance Essential Details [Logs Inspector]"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"aws-47d3ed50-5a53-11ed-a807-bd2da8f2e79b","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688154054424,5971],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1MDksMV0="}
-{"attributes":{"description":"Dashboard providing statistics about flows ingested from the AWS Network Firewall integration.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.firewall_logs\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.firewall_logs\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"event.kind\",\"negate\":false,\"params\":{\"query\":\"event\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.kind\":\"event\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"258f7245-5011-4f03-bcd3-cada0180dc7a\",\"w\":12,\"x\":0,\"y\":0},\"panelIndex\":\"258f7245-5011-4f03-bcd3-cada0180dc7a\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"**Navigation**\\n\\n[Overview](/app/dashboards#/view/aws-2ba11b50-4b9d-11ec-8282-5342b8988acc)  \\n[Alerts](/app/dashboards#/view/aws-dfa76470-4ba1-11ec-8282-5342b8988acc)  \\n**[Flows (This Page)](/app/dashboards#/view/aws-562bdea0-4ba7-11ec-8282-5342b8988acc)**  \\n[Metrics](/app/dashboards#/view/aws-3abffe60-4ba9-11ec-8282-5342b8988acc)  \\n\\n[Integrations Page](/app/integrations/detail/aws/overview?integration=firewall)  \\n\\n**Overview**\\n\\nThis dashboard provides an overall view of AWS Network Firewall flow logs.\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"9acd5716-4bce-498a-9a4e-4d4fd81dfdc2\",\"w\":36,\"x\":12,\"y\":0},\"panelIndex\":\"9acd5716-4bce-498a-9a4e-4d4fd81dfdc2\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloud.region\",\"id\":\"1637591016076\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"Region\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloud.availability_zone\",\"id\":\"1637591029629\",\"indexPatternRefName\":\"control_1_index_pattern\",\"label\":\"Availability Zone\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"observer.name\",\"id\":\"1637591118622\",\"indexPatternRefName\":\"control_2_index_pattern\",\"label\":\"Firewall\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":false,\"useTimeFilter\":false},\"title\":\"Firewall Filters [Logs AWS]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Firewall Filters\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"09caeba8-1f98-4937-b1b8-60debe3e3728\",\"w\":6,\"x\":12,\"y\":7},\"panelIndex\":\"09caeba8-1f98-4937-b1b8-60debe3e3728\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Flows\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(aws.firewall.flow.id)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Unique Rules\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"aws.firewall.flow.id\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Flows\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"4c85d573-baea-49ca-bb9e-4013a0373da7\",\"w\":6,\"x\":18,\"y\":7},\"panelIndex\":\"4c85d573-baea-49ca-bb9e-4013a0373da7\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Destination IPs\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(destination.ip)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Unique Source IPs\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"destination.ip\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Destination IPs\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64\",\"w\":6,\"x\":24,\"y\":7},\"panelIndex\":\"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Source IPs\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(source.ip)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of unique_count(source.ip)\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"source.ip\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Source IPs\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"6d617b1a-a973-4136-8d93-15e5c72c43f2\",\"w\":6,\"x\":30,\"y\":7},\"panelIndex\":\"6d617b1a-a973-4136-8d93-15e5c72c43f2\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Transport Protocols\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(network.transport)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Unique Network Protocols\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"network.transport\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Network Protocols\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"673dd2b3-e271-4ad9-9b86-83e4e1070647\",\"w\":6,\"x\":36,\"y\":7},\"panelIndex\":\"673dd2b3-e271-4ad9-9b86-83e4e1070647\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Network Protocols\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(network.protocol)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Unique Rules\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"network.protocol\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Network Protocols\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"77a70f50-9523-45f0-bbf6-cd6628d2ef53\",\"w\":6,\"x\":42,\"y\":7},\"panelIndex\":\"77a70f50-9523-45f0-bbf6-cd6628d2ef53\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe2e527e-c274-42c2-8d95-0c5955356eb8\"],\"columns\":{\"fe2e527e-c274-42c2-8d95-0c5955356eb8\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Total Bytes\",\"operationType\":\"sum\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}},\"scale\":\"ratio\",\"sourceField\":\"aws.firewall.flow.bytes\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe2e527e-c274-42c2-8d95-0c5955356eb8\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Bytes\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"227abb53-ab6c-40f9-af63-6c6ac41d6855\",\"w\":12,\"x\":0,\"y\":15},\"panelIndex\":\"227abb53-ab6c-40f9-af63-6c6ac41d6855\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"77c8c7dc-b073-4d7c-8403-b25ee4647152\":{\"columnOrder\":[\"4c3d3741-afe6-403d-bc83-7f90196c291a\",\"1d64873d-37af-48f4-b6ec-911b6e0243cd\",\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"],\"columns\":{\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"1d64873d-37af-48f4-b6ec-911b6e0243cd\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of network.protocol\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":3},\"scale\":\"ordinal\",\"sourceField\":\"network.protocol\"},\"4c3d3741-afe6-403d-bc83-7f90196c291a\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of network.transport\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"network.transport\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"legendSize\":\"auto\",\"primaryGroups\":[\"4c3d3741-afe6-403d-bc83-7f90196c291a\",\"1d64873d-37af-48f4-b6ec-911b6e0243cd\"],\"metrics\":[\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"]}],\"shape\":\"donut\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Protocols\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"2148efa5-f130-4751-909d-6a79eed2e16b\",\"w\":12,\"x\":12,\"y\":15},\"panelIndex\":\"2148efa5-f130-4751-909d-6a79eed2e16b\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"77c8c7dc-b073-4d7c-8403-b25ee4647152\":{\"columnOrder\":[\"f49ff962-9e8a-4170-a0d8-54cee9438651\",\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"],\"columns\":{\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"f49ff962-9e8a-4170-a0d8-54cee9438651\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of source.geo.country_name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"source.geo.country_name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"legendSize\":\"auto\",\"primaryGroups\":[\"f49ff962-9e8a-4170-a0d8-54cee9438651\"],\"metrics\":[\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Source Countries\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"6790d45f-4fa9-4a70-b0e1-a3e10682c852\",\"w\":12,\"x\":24,\"y\":15},\"panelIndex\":\"6790d45f-4fa9-4a70-b0e1-a3e10682c852\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"77c8c7dc-b073-4d7c-8403-b25ee4647152\":{\"columnOrder\":[\"f49ff962-9e8a-4170-a0d8-54cee9438651\",\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"],\"columns\":{\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"f49ff962-9e8a-4170-a0d8-54cee9438651\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of destination.geo.country_name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"destination.geo.country_name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"legendSize\":\"auto\",\"primaryGroups\":[\"f49ff962-9e8a-4170-a0d8-54cee9438651\"],\"metrics\":[\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Destination Countries\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"cdab9d28-4b3b-4228-8e3a-6e3d29022815\",\"w\":12,\"x\":36,\"y\":15},\"panelIndex\":\"cdab9d28-4b3b-4228-8e3a-6e3d29022815\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"77c8c7dc-b073-4d7c-8403-b25ee4647152\":{\"columnOrder\":[\"b6083b5e-5207-4632-9f23-e76872d504e4\",\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"],\"columns\":{\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"b6083b5e-5207-4632-9f23-e76872d504e4\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of observer.name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"observer.name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"legendSize\":\"auto\",\"primaryGroups\":[\"b6083b5e-5207-4632-9f23-e76872d504e4\"],\"metrics\":[\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Firewalls\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"9609e04b-0043-4b3a-a31b-a2461c1e3dcb\",\"w\":12,\"x\":12,\"y\":30},\"panelIndex\":\"9609e04b-0043-4b3a-a31b-a2461c1e3dcb\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5c93c96-5038-49e1-acca-2e876257c059\":{\"columnOrder\":[\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"915adad5-4455-40d4-a9cd-0702da79189c\"],\"columns\":{\"63e483b4-0ce2-4f05-92a2-8e699650d64c\":{\"customLabel\":true,\"dataType\":\"ip\",\"isBucketed\":true,\"label\":\"Source IP\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"source.ip\"},\"915adad5-4455-40d4-a9cd-0702da79189c\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"isTransposed\":false},{\"columnId\":\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"isTransposed\":false}],\"layerId\":\"a5c93c96-5038-49e1-acca-2e876257c059\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Source IPs\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"dae8d2e7-7949-4023-9926-58af14895e11\",\"w\":12,\"x\":24,\"y\":30},\"panelIndex\":\"dae8d2e7-7949-4023-9926-58af14895e11\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5c93c96-5038-49e1-acca-2e876257c059\":{\"columnOrder\":[\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"915adad5-4455-40d4-a9cd-0702da79189c\"],\"columns\":{\"63e483b4-0ce2-4f05-92a2-8e699650d64c\":{\"customLabel\":true,\"dataType\":\"ip\",\"isBucketed\":true,\"label\":\"Destination IP\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"destination.ip\"},\"915adad5-4455-40d4-a9cd-0702da79189c\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"isTransposed\":false},{\"columnId\":\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"isTransposed\":false}],\"layerId\":\"a5c93c96-5038-49e1-acca-2e876257c059\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Destination IPs\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"ce8caf3c-c830-4500-a4bf-66a9f354cd49\",\"w\":12,\"x\":36,\"y\":30},\"panelIndex\":\"ce8caf3c-c830-4500-a4bf-66a9f354cd49\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5c93c96-5038-49e1-acca-2e876257c059\":{\"columnOrder\":[\"bcad6771-9620-48eb-b728-c5548423a150\",\"915adad5-4455-40d4-a9cd-0702da79189c\"],\"columns\":{\"915adad5-4455-40d4-a9cd-0702da79189c\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"bcad6771-9620-48eb-b728-c5548423a150\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Firewalls\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"observer.name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"bcad6771-9620-48eb-b728-c5548423a150\",\"isTransposed\":false},{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"isTransposed\":false}],\"layerId\":\"a5c93c96-5038-49e1-acca-2e876257c059\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Firewalls\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"29627829-7a4d-4fc3-9ee4-c9af667dd941\",\"w\":12,\"x\":0,\"y\":30},\"panelIndex\":\"29627829-7a4d-4fc3-9ee4-c9af667dd941\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5c93c96-5038-49e1-acca-2e876257c059\":{\"columnOrder\":[\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"915adad5-4455-40d4-a9cd-0702da79189c\"],\"columns\":{\"63e483b4-0ce2-4f05-92a2-8e699650d64c\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Source IP\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"network.protocol\"},\"915adad5-4455-40d4-a9cd-0702da79189c\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"isTransposed\":false},{\"columnId\":\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"isTransposed\":false}],\"layerId\":\"a5c93c96-5038-49e1-acca-2e876257c059\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Protocols\"},{\"embeddableConfig\":{\"columns\":[\"observer.name\",\"aws.firewall.flow.id\",\"source.ip\",\"source.port\",\"destination.ip\",\"destination.port\",\"network.transport\",\"network.protocol\"],\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":14,\"i\":\"0de2176d-e3ab-4911-933e-fb0f46ca6700\",\"w\":48,\"x\":0,\"y\":41},\"panelIndex\":\"0de2176d-e3ab-4911-933e-fb0f46ca6700\",\"panelRefName\":\"panel_0de2176d-e3ab-4911-933e-fb0f46ca6700\",\"title\":\"Firewall Logs\",\"type\":\"search\",\"version\":\"7.15.1\"}]","timeRestore":false,"title":"[Logs AWS] Firewall Flows","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"aws-562bdea0-4ba7-11ec-8282-5342b8988acc","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"logs-*","name":"09caeba8-1f98-4937-b1b8-60debe3e3728:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"09caeba8-1f98-4937-b1b8-60debe3e3728:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"4c85d573-baea-49ca-bb9e-4013a0373da7:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"4c85d573-baea-49ca-bb9e-4013a0373da7:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"6d617b1a-a973-4136-8d93-15e5c72c43f2:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"6d617b1a-a973-4136-8d93-15e5c72c43f2:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"673dd2b3-e271-4ad9-9b86-83e4e1070647:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"673dd2b3-e271-4ad9-9b86-83e4e1070647:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"77a70f50-9523-45f0-bbf6-cd6628d2ef53:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"77a70f50-9523-45f0-bbf6-cd6628d2ef53:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"227abb53-ab6c-40f9-af63-6c6ac41d6855:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"227abb53-ab6c-40f9-af63-6c6ac41d6855:indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152","type":"index-pattern"},{"id":"logs-*","name":"2148efa5-f130-4751-909d-6a79eed2e16b:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"2148efa5-f130-4751-909d-6a79eed2e16b:indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152","type":"index-pattern"},{"id":"logs-*","name":"6790d45f-4fa9-4a70-b0e1-a3e10682c852:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"6790d45f-4fa9-4a70-b0e1-a3e10682c852:indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152","type":"index-pattern"},{"id":"logs-*","name":"cdab9d28-4b3b-4228-8e3a-6e3d29022815:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"cdab9d28-4b3b-4228-8e3a-6e3d29022815:indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152","type":"index-pattern"},{"id":"logs-*","name":"9609e04b-0043-4b3a-a31b-a2461c1e3dcb:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"9609e04b-0043-4b3a-a31b-a2461c1e3dcb:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059","type":"index-pattern"},{"id":"logs-*","name":"dae8d2e7-7949-4023-9926-58af14895e11:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"dae8d2e7-7949-4023-9926-58af14895e11:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059","type":"index-pattern"},{"id":"logs-*","name":"ce8caf3c-c830-4500-a4bf-66a9f354cd49:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"ce8caf3c-c830-4500-a4bf-66a9f354cd49:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059","type":"index-pattern"},{"id":"logs-*","name":"29627829-7a4d-4fc3-9ee4-c9af667dd941:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"29627829-7a4d-4fc3-9ee4-c9af667dd941:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059","type":"index-pattern"},{"id":"aws-f4856850-4d32-11ec-a678-057fce71e8cd","name":"0de2176d-e3ab-4911-933e-fb0f46ca6700:panel_0de2176d-e3ab-4911-933e-fb0f46ca6700","type":"search"},{"id":"logs-*","name":"9acd5716-4bce-498a-9a4e-4d4fd81dfdc2:control_0_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"9acd5716-4bce-498a-9a4e-4d4fd81dfdc2:control_1_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"9acd5716-4bce-498a-9a4e-4d4fd81dfdc2:control_2_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688154054424,6008],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1MTAsMV0="}
-{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{\"971955cf-ae41-4e9f-b609-63362a1fc426\":{\"order\":0,\"width\":\"large\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"aws.inspector.severity\",\"title\":\"AWS Inspector Findings Severity\",\"id\":\"971955cf-ae41-4e9f-b609-63362a1fc426\",\"enhancements\":{}}}}"},"description":"Overview of AWS Inspector Severity.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.inspector\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.inspector\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"19eb0a1a-2960-4826-91ea-a8711065cb25\",\"w\":24,\"x\":0,\"y\":19},\"panelIndex\":\"19eb0a1a-2960-4826-91ea-a8711065cb25\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-4157dbfd-2795-4386-9327-b3b761a2017d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"4157dbfd-2795-4386-9327-b3b761a2017d\":{\"columnOrder\":[\"f750dc8d-8f68-4863-bc9a-d3ff5837fbf4\",\"447f2d3e-fb46-4fa2-842d-d42d953c84cb\"],\"columns\":{\"447f2d3e-fb46-4fa2-842d-d42d953c84cb\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"f750dc8d-8f68-4863-bc9a-d3ff5837fbf4\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Severity\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"447f2d3e-fb46-4fa2-842d-d42d953c84cb\",\"type\":\"column\"},\"orderDirection\":\"asc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.inspector.severity\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"accessors\":[\"447f2d3e-fb46-4fa2-842d-d42d953c84cb\"],\"layerId\":\"4157dbfd-2795-4386-9327-b3b761a2017d\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"f750dc8d-8f68-4863-bc9a-d3ff5837fbf4\",\"yConfig\":[{\"color\":\"#d36086\",\"forAccessor\":\"447f2d3e-fb46-4fa2-842d-d42d953c84cb\"}]}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false,\"showSingleSeries\":true},\"preferredSeriesType\":\"bar_stacked\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\"}},\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Distribution of Findings by Severity [Logs Inspector]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"f19fbe19-a0b6-4087-8a2f-2958445284db\",\"w\":24,\"x\":0,\"y\":4},\"panelIndex\":\"f19fbe19-a0b6-4087-8a2f-2958445284db\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-1dae6ff8-1a46-42dc-8e3c-7c6f597f71d2\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"1dae6ff8-1a46-42dc-8e3c-7c6f597f71d2\":{\"columnOrder\":[\"80bca2a5-1b67-4964-a5c0-235ce80fb55f\"],\"columns\":{\"80bca2a5-1b67-4964-a5c0-235ce80fb55f\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Total Findings\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"80bca2a5-1b67-4964-a5c0-235ce80fb55f\",\"layerId\":\"1dae6ff8-1a46-42dc-8e3c-7c6f597f71d2\",\"layerType\":\"data\"}},\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Total Findings Count [Logs Inspector]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"f2c0402b-207d-4224-b880-eef8a291794b\",\"w\":24,\"x\":24,\"y\":4},\"panelIndex\":\"f2c0402b-207d-4224-b880-eef8a291794b\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-88835441-4a5d-4649-9749-cd763eb4f724\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"88835441-4a5d-4649-9749-cd763eb4f724\":{\"columnOrder\":[\"e5624e5d-9781-429f-b38d-a3776efbd387\",\"85005515-84ae-44fc-85cc-e77cef81d715\"],\"columns\":{\"85005515-84ae-44fc-85cc-e77cef81d715\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Severity Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"e5624e5d-9781-429f-b38d-a3776efbd387\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Filters\",\"operationType\":\"filters\",\"params\":{\"filters\":[{\"input\":{\"language\":\"kuery\",\"query\":\"aws.inspector.severity : \\\"CRITICAL\\\" \"},\"label\":\"CRITICAL\"},{\"input\":{\"language\":\"kuery\",\"query\":\"aws.inspector.severity : \\\"HIGH\\\" \"},\"label\":\"HIGH\"},{\"input\":{\"language\":\"kuery\",\"query\":\"aws.inspector.severity : \\\"MEDIUM\\\" \"},\"label\":\"MEDIUM\"},{\"input\":{\"language\":\"kuery\",\"query\":\"aws.inspector.severity : \\\"LOW\\\" \"},\"label\":\"LOW\"},{\"input\":{\"language\":\"kuery\",\"query\":\"aws.inspector.severity : \\\"INFORMATIONAL\\\" \"},\"label\":\"INFORMATIONAL\"},{\"input\":{\"language\":\"kuery\",\"query\":\"aws.inspector.severity : \\\"UNTRIAGED\\\" \"},\"label\":\"UNTRIAGED\"}]},\"scale\":\"ordinal\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"breakdownByAccessor\":\"e5624e5d-9781-429f-b38d-a3776efbd387\",\"layerId\":\"88835441-4a5d-4649-9749-cd763eb4f724\",\"layerType\":\"data\",\"maxCols\":3,\"metricAccessor\":\"85005515-84ae-44fc-85cc-e77cef81d715\"}},\"visualizationType\":\"lnsMetric\"},\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Total Findings Count Based on Severity [Logs Inspector]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"a9c4fbfa-ee9c-42ee-8dcb-40e44e3207ea\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"a9c4fbfa-ee9c-42ee-8dcb-40e44e3207ea\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":13,\"markdown\":\"[Inspector Inspector Findings Overview Dashboard](#/dashboard/aws-131a1550-5a0b-11ed-a807-bd2da8f2e79b) | [Inspector Severity Dashboard](#/dashboard/aws-60881ab0-63e0-11ed-be08-4b4db5223139) | [Inspector Vulnerabilities Dashboard](#/dashboard/aws-383d4630-63df-11ed-be08-4b4db5223139) | [Inspector Inspector EC2 and ECR Overview Dashboard](#/dashboard/aws-63984b70-63e1-11ed-be08-4b4db5223139)  \",\"openLinksInNewTab\":true},\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Dashboards [Logs Inspector]\"}]","timeRestore":false,"title":"[Logs AWS] Inspector Severity","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"aws-60881ab0-63e0-11ed-be08-4b4db5223139","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"19eb0a1a-2960-4826-91ea-a8711065cb25:indexpattern-datasource-layer-4157dbfd-2795-4386-9327-b3b761a2017d","type":"index-pattern"},{"id":"logs-*","name":"f19fbe19-a0b6-4087-8a2f-2958445284db:indexpattern-datasource-layer-1dae6ff8-1a46-42dc-8e3c-7c6f597f71d2","type":"index-pattern"},{"id":"logs-*","name":"f2c0402b-207d-4224-b880-eef8a291794b:indexpattern-datasource-layer-88835441-4a5d-4649-9749-cd763eb4f724","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_971955cf-ae41-4e9f-b609-63362a1fc426:optionsListDataView","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688154054424,6016],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1MTEsMV0="}
-{"attributes":{"columns":["aws.inspector.resources.id","aws.inspector.resources.partition","cloud.region","aws.inspector.resources.type"],"description":"","grid":{},"hideChart":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.inspector\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.inspector\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : aws.inspector\"}}"},"sort":[["@timestamp","desc"]],"title":"Findings Resource Essential Details [Logs Inspector]"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"aws-839e3db0-5a51-11ed-a807-bd2da8f2e79b","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688154054424,6021],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1MTIsMV0="}
-{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{\"1aecf3ba-3e1b-44dd-b81c-7d8a0206a0a7\":{\"order\":0,\"width\":\"large\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"aws.inspector.severity\",\"title\":\"AWS Inspector Findings Severity\",\"id\":\"1aecf3ba-3e1b-44dd-b81c-7d8a0206a0a7\",\"enhancements\":{}}}}"},"description":"Overview of AWS Inspector EC2 and ECR logs.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.inspector\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.inspector\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"51d94661-24f5-47be-b7fc-dd3fdc9f08ef\",\"w\":24,\"x\":0,\"y\":4},\"panelIndex\":\"51d94661-24f5-47be-b7fc-dd3fdc9f08ef\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b2cd46b9-b4fd-4940-9d35-567844a01b5f\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b2cd46b9-b4fd-4940-9d35-567844a01b5f\":{\"columnOrder\":[\"8e3a1fa1-a832-4796-beee-c2f6003979aa\",\"e9633195-636f-4935-8348-fac4365bfa5e\"],\"columns\":{\"8e3a1fa1-a832-4796-beee-c2f6003979aa\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"EC2 Instance ARN\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e9633195-636f-4935-8348-fac4365bfa5e\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.inspector.resources.details.aws.ec2_instance.iam_instance_profile_arn\"},\"e9633195-636f-4935-8348-fac4365bfa5e\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Inspector Score\",\"operationType\":\"max\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.inspector.inspector_score\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"8e3a1fa1-a832-4796-beee-c2f6003979aa\",\"isTransposed\":false},{\"alignment\":\"left\",\"columnId\":\"e9633195-636f-4935-8348-fac4365bfa5e\",\"isTransposed\":false}],\"layerId\":\"b2cd46b9-b4fd-4940-9d35-567844a01b5f\",\"layerType\":\"data\"}},\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Top 10 EC2 Instances ARN with Highest Inspector Score [Logs Inspector]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"b05740f5-92dc-4b79-a77f-ded634bf1e95\",\"w\":24,\"x\":24,\"y\":4},\"panelIndex\":\"b05740f5-92dc-4b79-a77f-ded634bf1e95\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-1c04a2bf-b8c8-4e7f-a3c4-587a41a23ab5\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"2e42f416-b581-4b4e-9213-1f48bc549bd2\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"1c04a2bf-b8c8-4e7f-a3c4-587a41a23ab5\":{\"columnOrder\":[\"a883a4d2-c2a8-4759-a5bf-a17b4e64c17e\",\"d48c34d4-ed57-4677-b743-c33c9c8aa328\",\"8e192b04-395d-4fb5-a07a-3610e3c0cfad\"],\"columns\":{\"8e192b04-395d-4fb5-a07a-3610e3c0cfad\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Critical Severity\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.inspector.severity\"},\"a883a4d2-c2a8-4759-a5bf-a17b4e64c17e\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Repository Name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"8e192b04-395d-4fb5-a07a-3610e3c0cfad\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.inspector.resources.details.aws.ecr_container_image.repository_name\"},\"d48c34d4-ed57-4677-b743-c33c9c8aa328\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Account ID\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"8e192b04-395d-4fb5-a07a-3610e3c0cfad\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"cloud.account.id\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"2e42f416-b581-4b4e-9213-1f48bc549bd2\",\"key\":\"aws.inspector.severity\",\"negate\":false,\"params\":{\"query\":\"CRITICAL\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"aws.inspector.severity\":\"CRITICAL\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"a883a4d2-c2a8-4759-a5bf-a17b4e64c17e\",\"isTransposed\":false},{\"columnId\":\"d48c34d4-ed57-4677-b743-c33c9c8aa328\",\"isTransposed\":false},{\"alignment\":\"left\",\"columnId\":\"8e192b04-395d-4fb5-a07a-3610e3c0cfad\",\"hidden\":false,\"isTransposed\":false}],\"layerId\":\"1c04a2bf-b8c8-4e7f-a3c4-587a41a23ab5\",\"layerType\":\"data\"}},\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"type\":\"lens\"},\"title\":\"ECR Repositories with Most Critical Findings [Logs Inspector]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"53b2e8c1-11e8-482f-b0e6-3d1c77cfe83a\",\"w\":24,\"x\":0,\"y\":19},\"panelIndex\":\"53b2e8c1-11e8-482f-b0e6-3d1c77cfe83a\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b15502e7-1811-4354-bcb0-1ab7116c85dd\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"8b9e1ddc-c314-4ebf-a4fe-9f80280130a9\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b15502e7-1811-4354-bcb0-1ab7116c85dd\":{\"columnOrder\":[\"c4bf119f-6b3a-4809-87b2-6d0f68354c73\",\"a9d12d22-0399-462a-8f75-8d5bc0715788\",\"a51da86e-8105-437b-988f-62102fb01a00\",\"e19ddb1a-db67-42d5-8d58-cfc28c421e17\",\"ddb5a4e8-f8ae-47de-8fef-ddb7d0f99f83\"],\"columns\":{\"a51da86e-8105-437b-988f-62102fb01a00\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Repository Name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"ddb5a4e8-f8ae-47de-8fef-ddb7d0f99f83\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.inspector.resources.details.aws.ecr_container_image.repository_name\"},\"a9d12d22-0399-462a-8f75-8d5bc0715788\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Image Tag\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"ddb5a4e8-f8ae-47de-8fef-ddb7d0f99f83\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.inspector.resources.details.aws.ecr_container_image.image.tags\"},\"c4bf119f-6b3a-4809-87b2-6d0f68354c73\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Image ID\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"ddb5a4e8-f8ae-47de-8fef-ddb7d0f99f83\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.inspector.resources.details.aws.ec2_instance.image_id\"},\"ddb5a4e8-f8ae-47de-8fef-ddb7d0f99f83\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Critical Severity \",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.inspector.severity\"},\"e19ddb1a-db67-42d5-8d58-cfc28c421e17\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Account ID\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"ddb5a4e8-f8ae-47de-8fef-ddb7d0f99f83\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"cloud.account.id\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"8b9e1ddc-c314-4ebf-a4fe-9f80280130a9\",\"key\":\"aws.inspector.severity\",\"negate\":false,\"params\":{\"query\":\"CRITICAL\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"aws.inspector.severity\":\"CRITICAL\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"c4bf119f-6b3a-4809-87b2-6d0f68354c73\",\"isTransposed\":false},{\"columnId\":\"a9d12d22-0399-462a-8f75-8d5bc0715788\",\"isTransposed\":false},{\"columnId\":\"a51da86e-8105-437b-988f-62102fb01a00\",\"isTransposed\":false},{\"columnId\":\"e19ddb1a-db67-42d5-8d58-cfc28c421e17\",\"isTransposed\":false},{\"alignment\":\"left\",\"columnId\":\"ddb5a4e8-f8ae-47de-8fef-ddb7d0f99f83\",\"isTransposed\":false}],\"layerId\":\"b15502e7-1811-4354-bcb0-1ab7116c85dd\",\"layerType\":\"data\"}},\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"type\":\"lens\"},\"title\":\"ECR Container Images with Most Critical Findings [Logs Inspector]\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":15,\"i\":\"84425027-b170-4b3f-951d-3e7b11336b64\",\"w\":24,\"x\":24,\"y\":19},\"panelIndex\":\"84425027-b170-4b3f-951d-3e7b11336b64\",\"panelRefName\":\"panel_84425027-b170-4b3f-951d-3e7b11336b64\",\"type\":\"search\",\"version\":\"8.4.0\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":16,\"i\":\"a3d319b1-7214-43d9-a6a9-a61910734dc5\",\"w\":48,\"x\":0,\"y\":34},\"panelIndex\":\"a3d319b1-7214-43d9-a6a9-a61910734dc5\",\"panelRefName\":\"panel_a3d319b1-7214-43d9-a6a9-a61910734dc5\",\"type\":\"search\",\"version\":\"8.4.0\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"bee46158-c3a2-4295-9dbd-e008d057af6c\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"bee46158-c3a2-4295-9dbd-e008d057af6c\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":13,\"markdown\":\"[Inspector Inspector Findings Overview Dashboard](#/dashboard/aws-131a1550-5a0b-11ed-a807-bd2da8f2e79b) | [Inspector Severity Dashboard](#/dashboard/aws-60881ab0-63e0-11ed-be08-4b4db5223139) | [Inspector Vulnerabilities Dashboard](#/dashboard/aws-383d4630-63df-11ed-be08-4b4db5223139) | [Inspector Inspector EC2 and ECR Overview Dashboard](#/dashboard/aws-63984b70-63e1-11ed-be08-4b4db5223139)  \",\"openLinksInNewTab\":true},\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Dashboards [Logs Inspector]\"}]","timeRestore":false,"title":"[Logs AWS] Inspector EC2 and ECR Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"aws-63984b70-63e1-11ed-be08-4b4db5223139","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"51d94661-24f5-47be-b7fc-dd3fdc9f08ef:indexpattern-datasource-layer-b2cd46b9-b4fd-4940-9d35-567844a01b5f","type":"index-pattern"},{"id":"logs-*","name":"b05740f5-92dc-4b79-a77f-ded634bf1e95:indexpattern-datasource-layer-1c04a2bf-b8c8-4e7f-a3c4-587a41a23ab5","type":"index-pattern"},{"id":"logs-*","name":"b05740f5-92dc-4b79-a77f-ded634bf1e95:2e42f416-b581-4b4e-9213-1f48bc549bd2","type":"index-pattern"},{"id":"logs-*","name":"53b2e8c1-11e8-482f-b0e6-3d1c77cfe83a:indexpattern-datasource-layer-b15502e7-1811-4354-bcb0-1ab7116c85dd","type":"index-pattern"},{"id":"logs-*","name":"53b2e8c1-11e8-482f-b0e6-3d1c77cfe83a:8b9e1ddc-c314-4ebf-a4fe-9f80280130a9","type":"index-pattern"},{"id":"aws-839e3db0-5a51-11ed-a807-bd2da8f2e79b","name":"84425027-b170-4b3f-951d-3e7b11336b64:panel_84425027-b170-4b3f-951d-3e7b11336b64","type":"search"},{"id":"aws-47d3ed50-5a53-11ed-a807-bd2da8f2e79b","name":"a3d319b1-7214-43d9-a6a9-a61910734dc5:panel_a3d319b1-7214-43d9-a6a9-a61910734dc5","type":"search"},{"id":"logs-*","name":"controlGroup_1aecf3ba-3e1b-44dd-b81c-7d8a0206a0a7:optionsListDataView","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688154054424,6033],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1MTMsMV0="}
-{"attributes":{"description":"Overview of AWS VPN Metrics","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.vpn\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.vpn\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":14,\"i\":\"8ef52400-6eac-417b-936e-dce159dd5e89\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"8ef52400-6eac-417b-936e-dce159dd5e89\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloud.account.name\",\"id\":\"1565034367477\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"account name\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloud.region\",\"id\":\"1584478324642\",\"indexPatternRefName\":\"control_1_index_pattern\",\"label\":\"region\",\"options\":{\"dynamicOptions\":false,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"aws.dimensions.VpnId\",\"id\":\"1584552913938\",\"indexPatternRefName\":\"control_2_index_pattern\",\"label\":\"VPN ID\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"aws.dimensions.TunnelIpAddress\",\"id\":\"1584552958445\",\"indexPatternRefName\":\"control_3_index_pattern\",\"label\":\"Tunnel IP\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":true,\"useTimeFilter\":true},\"title\":\"VPN Filters [Metrics AWS]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Filters\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":14,\"i\":\"eb78041b-afc4-458e-af92-0951b1d0cadd\",\"w\":20,\"x\":8,\"y\":0},\"panelIndex\":\"eb78041b-afc4-458e-af92-0951b1d0cadd\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"05e19c00-693b-11ea-8bb6-25461aeac3d5\"}],\"bar_color_rules\":[{\"id\":\"fdd5ac40-693a-11ea-8bb6-25461aeac3d5\"}],\"drop_last_bucket\":0,\"hide_last_value_indicator\":true,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.vpn.metrics.TunnelState.avg\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"3\",\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.VpnId\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"top_n\",\"use_kibana_indexes\":false},\"title\":\"VPN Tunnel Data State [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Tunnel State Per VPN ID\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":14,\"i\":\"39a9be08-98c6-470c-b76b-312a57e11e2d\",\"w\":20,\"x\":28,\"y\":0},\"panelIndex\":\"39a9be08-98c6-470c-b76b-312a57e11e2d\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"05e19c00-693b-11ea-8bb6-25461aeac3d5\"}],\"bar_color_rules\":[{\"id\":\"fdd5ac40-693a-11ea-8bb6-25461aeac3d5\"}],\"drop_last_bucket\":0,\"hide_last_value_indicator\":true,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.vpn.metrics.TunnelState.avg\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"3\",\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.TunnelIpAddress\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"top_n\",\"use_kibana_indexes\":false},\"title\":\"VPN Tunnel Data State Per Tunnel IP [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Tunnel State Per Tunnel IP\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"5c8122a2-fbf0-4404-918e-249bf6fd7f07\",\"w\":24,\"x\":0,\"y\":14},\"panelIndex\":\"5c8122a2-fbf0-4404-918e-249bf6fd7f07\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":0,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.vpn.metrics.TunnelDataIn.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"3\",\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.VpnId\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"VPN Tunnel Data In Per VPN ID [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Tunnel Data In Per VPN ID\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"8ecd0f73-146f-4aed-bfd1-5c236c5dfe8c\",\"w\":24,\"x\":24,\"y\":14},\"panelIndex\":\"8ecd0f73-146f-4aed-bfd1-5c236c5dfe8c\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":0,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.vpn.metrics.TunnelDataIn.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"3\",\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.TunnelIpAddress\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"VPN Tunnel Data In [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Tunnel Data In Per Tunnel IP\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"eb10ea7d-ffc9-4c51-9386-6f63be6322aa\",\"w\":24,\"x\":0,\"y\":29},\"panelIndex\":\"eb10ea7d-ffc9-4c51-9386-6f63be6322aa\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":0,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.vpn.metrics.TunnelDataOut.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"3\",\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.VpnId\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"VPN Tunnel Data Out Per VPN ID [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Tunnel Data Out Per VPN ID\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"3b01a7e9-eb8b-43bb-977d-53d8bc9d21b7\",\"w\":24,\"x\":24,\"y\":29},\"panelIndex\":\"3b01a7e9-eb8b-43bb-977d-53d8bc9d21b7\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":0,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.vpn.metrics.TunnelDataOut.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"3\",\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.TunnelIpAddress\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"VPN Tunnel Data Out [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Tunnel Data Out Per Tunnel IP\"}]","timeRestore":false,"title":"[Metrics AWS] VPN Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"aws-67c9f900-693e-11ea-b0ac-95d4ecb1fecd","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"8ef52400-6eac-417b-936e-dce159dd5e89:control_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"8ef52400-6eac-417b-936e-dce159dd5e89:control_1_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"8ef52400-6eac-417b-936e-dce159dd5e89:control_2_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"8ef52400-6eac-417b-936e-dce159dd5e89:control_3_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688154054424,6041],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1MTQsMV0="}
-{"attributes":{"description":"Overview of DynamoDB AWS Cloudwatch metrics","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.dynamodb\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.dynamodb\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"9642fcd0-464b-46ea-815c-cd2d9efc056d\",\"w\":10,\"x\":0,\"y\":0},\"panelIndex\":\"9642fcd0-464b-46ea-815c-cd2d9efc056d\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloud.region\",\"id\":\"1549397251041\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"region\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloud.account.name\",\"id\":\"1549512126406\",\"indexPatternRefName\":\"control_1_index_pattern\",\"label\":\"account name\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":true,\"useTimeFilter\":false},\"title\":\"Region/Account Filters [Metrics AWS]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Region/Account Filters\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"bb4b0cfa-7d6f-48e3-913e-2713c5aa3fe0\",\"w\":14,\"x\":10,\"y\":0},\"panelIndex\":\"bb4b0cfa-7d6f-48e3-913e-2713c5aa3fe0\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"43e58670-7b05-11ea-8ef8-01625a2f68ac\"}],\"bar_color_rules\":[{\"id\":\"3c733ea0-7b05-11ea-8ef8-01625a2f68ac\"}],\"drop_last_bucket\":1,\"gauge_color_rules\":[{\"id\":\"499c62a0-7b05-11ea-8ef8-01625a2f68ac\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\">=1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0.1\",\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Consumed Read Capacity Units\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.dynamodb.metrics.ConsumedReadCapacityUnits.avg\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"offset_time\":\"\",\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"steps\":0,\"terms_field\":\"aws.dimensions.TableName\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"DynamoDB Consumed Read Capacity Units [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Consumed Read Capacity Units\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"09bdf20b-43b4-47a3-a113-d34ef3b2596c\",\"w\":14,\"x\":24,\"y\":0},\"panelIndex\":\"09bdf20b-43b4-47a3-a113-d34ef3b2596c\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"43e58670-7b05-11ea-8ef8-01625a2f68ac\"}],\"bar_color_rules\":[{\"id\":\"3c733ea0-7b05-11ea-8ef8-01625a2f68ac\"}],\"drop_last_bucket\":1,\"gauge_color_rules\":[{\"id\":\"499c62a0-7b05-11ea-8ef8-01625a2f68ac\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\">=1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0.1\",\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Consumed Write Capacity Units\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.dynamodb.metrics.ConsumedWriteCapacityUnits.avg\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"offset_time\":\"\",\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"steps\":0,\"terms_field\":\"aws.dimensions.TableName\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"DynamoDB Consumed Write Capacity Units [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Consumed Write Capacity Units\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"1bd7141d-b410-4ca0-8550-f8f645d97983\",\"w\":10,\"x\":38,\"y\":0},\"panelIndex\":\"1bd7141d-b410-4ca0-8550-f8f645d97983\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Reads\",\"field\":\"aws.dynamodb.metrics.AccountMaxReads.max\"},\"schema\":\"metric\",\"type\":\"max\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Table Reads\",\"field\":\"aws.dynamodb.metrics.AccountMaxTableLevelReads.max\"},\"schema\":\"metric\",\"type\":\"max\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Writes\",\"field\":\"aws.dynamodb.metrics.AccountMaxWrites.max\"},\"schema\":\"metric\",\"type\":\"max\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Table Writes\",\"field\":\"aws.dynamodb.metrics.AccountMaxTableLevelWrites.max\"},\"schema\":\"metric\",\"type\":\"max\"}],\"searchSource\":{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"detailedTooltip\":true,\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":0,\"aggType\":\"max\",\"format\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"basePath\":\"\",\"origin\":\"http://localhost:5601\",\"pathname\":\"/app/kibana\"}}},\"label\":\"Reads\",\"params\":{}},{\"accessor\":1,\"aggType\":\"max\",\"format\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"basePath\":\"\",\"origin\":\"http://localhost:5601\",\"pathname\":\"/app/kibana\"}}},\"label\":\"Table Reads\",\"params\":{}},{\"accessor\":2,\"aggType\":\"max\",\"format\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"basePath\":\"\",\"origin\":\"http://localhost:5601\",\"pathname\":\"/app/kibana\"}}},\"label\":\"Writes\",\"params\":{}}]},\"grid\":{\"categoryLines\":false},\"isVislibVis\":true,\"labels\":{\"show\":false},\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"seriesParams\":[{\"circlesRadius\":1,\"data\":{\"id\":\"1\",\"label\":\"Reads\"},\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"},{\"circlesRadius\":1,\"data\":{\"id\":\"2\",\"label\":\"Table Reads\"},\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"},{\"circlesRadius\":1,\"data\":{\"id\":\"3\",\"label\":\"Writes\"},\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"},{\"circlesRadius\":1,\"data\":{\"id\":\"4\",\"label\":\"Table Writes\"},\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Account Max Reads\"},\"type\":\"value\"}],\"legendSize\":\"auto\"},\"title\":\"DynamoDB Max Read/Write Account Limits [Metrics AWS]\",\"type\":\"histogram\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Max Read/Write Account Limits\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"073302ad-0e44-4cd1-b16d-58f017a71816\",\"w\":17,\"x\":0,\"y\":9},\"panelIndex\":\"073302ad-0e44-4cd1-b16d-58f017a71816\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"43e58670-7b05-11ea-8ef8-01625a2f68ac\"}],\"bar_color_rules\":[{\"id\":\"3c733ea0-7b05-11ea-8ef8-01625a2f68ac\"}],\"drop_last_bucket\":1,\"gauge_color_rules\":[{\"id\":\"499c62a0-7b05-11ea-8ef8-01625a2f68ac\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\">=1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0.1\",\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Successful Request Latency\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.dynamodb.metrics.SuccessfulRequestLatency.avg\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"offset_time\":\"\",\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"steps\":0,\"terms_field\":\"aws.dimensions.TableName\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"DynamoDB Successful Request Latency [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Successful Request Latency\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"ddcbc858-d2a0-42c3-8074-74f7d08ecb60\",\"w\":16,\"x\":17,\"y\":9},\"panelIndex\":\"ddcbc858-d2a0-42c3-8074-74f7d08ecb60\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\">=1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0.1\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Read Throttle Events\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.dynamodb.metrics.ReadThrottleEvents.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"max\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.TableName\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"DynamoDB Read Throttle Events [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Read Throttle Events\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"95ffd42d-b28d-4f40-b3cb-6a6ac52943e1\",\"w\":15,\"x\":33,\"y\":9},\"panelIndex\":\"95ffd42d-b28d-4f40-b3cb-6a6ac52943e1\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\">=1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0.1\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Throttled Requests\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.dynamodb.metrics.ThrottledRequests.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"max\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.TableName\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"DynamoDB Throttle Requests [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Throttle Requests\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"0a588a08-997a-422f-a5db-e56728bc6702\",\"w\":17,\"x\":0,\"y\":19},\"panelIndex\":\"0a588a08-997a-422f-a5db-e56728bc6702\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\">=1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0.1\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Max Request Latency Per Operation\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.dynamodb.metrics.SuccessfulRequestLatency.max\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"max\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.Operation\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"DynamoDB Max Request Latency Per Operation [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Max Request Latency Per Operation\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"897ae224-d367-4fe0-aa23-5bb13165cc67\",\"w\":16,\"x\":17,\"y\":19},\"panelIndex\":\"897ae224-d367-4fe0-aa23-5bb13165cc67\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\">=1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0.1\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Write Throttle Events\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.dynamodb.metrics.WriteThrottleEvents.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"max\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.TableName\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"DynamoDB Write Throttle Events [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Write Throttle Events\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"e81e9817-c971-454b-881a-09cec10da0e9\",\"w\":15,\"x\":33,\"y\":19},\"panelIndex\":\"e81e9817-c971-454b-881a-09cec10da0e9\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Write Utilization\",\"field\":\"aws.dynamodb.metrics.AccountProvisionedWriteCapacityUtilization.avg\"},\"schema\":\"metric\",\"type\":\"max\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"scaleMetricValues\":false,\"timeRange\":{\"from\":\"now-15m\",\"to\":\"now\"},\"useNormalizedEsInterval\":true},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Read Utilization\",\"field\":\"aws.dynamodb.metrics.AccountProvisionedReadCapacityUtilization.avg\"},\"schema\":\"metric\",\"type\":\"max\"}],\"searchSource\":{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"detailedTooltip\":true,\"dimensions\":{\"x\":{\"accessor\":0,\"aggType\":\"date_histogram\",\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm:ss\"}},\"label\":\"@timestamp per 30 seconds\",\"params\":{\"bounds\":{\"max\":\"2020-04-10T10:29:58.462Z\",\"min\":\"2020-04-10T10:14:58.462Z\"},\"date\":true,\"format\":\"HH:mm:ss\",\"interval\":\"PT30S\",\"intervalESUnit\":\"s\",\"intervalESValue\":30}},\"y\":[{\"accessor\":1,\"aggType\":\"max\",\"format\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"basePath\":\"\",\"origin\":\"http://localhost:5601\",\"pathname\":\"/app/kibana\"}}},\"label\":\"Write Utilization\",\"params\":{}},{\"accessor\":2,\"aggType\":\"max\",\"format\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"basePath\":\"\",\"origin\":\"http://localhost:5601\",\"pathname\":\"/app/kibana\"}}},\"label\":\"Read Utilization\",\"params\":{}}]},\"fittingFunction\":\"linear\",\"grid\":{\"categoryLines\":false},\"isVislibVis\":true,\"labels\":{},\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"seriesParams\":[{\"circlesRadius\":1,\"data\":{\"id\":\"1\",\"label\":\"Write Utilization\"},\"drawLinesBetweenPoints\":true,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"},{\"circlesRadius\":1,\"data\":{\"id\":\"3\",\"label\":\"Read Utilization\"},\"drawLinesBetweenPoints\":true,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#34130C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Write Utilization\"},\"type\":\"value\"}],\"legendSize\":\"auto\"},\"title\":\"DynamoDB Account Provisioned Capacity Utilization [Metrics AWS]\",\"type\":\"line\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Account Provisioned Write Capacity Utilization\"}]","timeRestore":false,"title":"[Metrics AWS] DynamoDB Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"aws-68ba7bd0-20b6-11ea-8f72-2f8d21e50b0c","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"9642fcd0-464b-46ea-815c-cd2d9efc056d:control_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"9642fcd0-464b-46ea-815c-cd2d9efc056d:control_1_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"1bd7141d-b410-4ca0-8550-f8f645d97983:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"metrics-*","name":"e81e9817-c971-454b-881a-09cec10da0e9:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688154054424,6049],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1MTUsMV0="}
-{"attributes":{"description":"Overview of AWS Lambda Metrics","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.lambda\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.lambda\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"8f2d1b8f-fef3-4a9a-9cc8-7f0e2c65e35a\",\"w\":14,\"x\":0,\"y\":0},\"panelIndex\":\"8f2d1b8f-fef3-4a9a-9cc8-7f0e2c65e35a\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloud.account.name\",\"id\":\"1549397251041\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"account name\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":true,\"useTimeFilter\":false},\"title\":\"AWS Account Filter [Metrics AWS]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"AWS Account Filter\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"443a9699-3451-44f7-8415-99a16c3f45b3\",\"w\":34,\"x\":14,\"y\":0},\"panelIndex\":\"443a9699-3451-44f7-8415-99a16c3f45b3\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":0,\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"fbf0eac0-28d0-11ea-8789-f72e3366fb25\"}],\"bar_color_rules\":[{\"id\":\"f679afa0-28d0-11ea-8789-f72e3366fb25\"}],\"drop_last_bucket\":1,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"gauge_color_rules\":[{\"id\":\"3eabbde0-28d1-11ea-8789-f72e3366fb25\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"id\":\"ca2e4c60-28cd-11ea-822d-3ba2c0089081\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#3185FC\",\"fill\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"formatter\":\"number\",\"id\":\"ca2e4c61-28cd-11ea-822d-3ba2c0089081\",\"label\":\"avg(aws.metrics.Duration.avg)\",\"line_width\":2,\"metrics\":[{\"field\":\"aws.lambda.metrics.Errors.avg\",\"id\":\"ca2e4c62-28cd-11ea-822d-3ba2c0089081\",\"type\":\"max\"}],\"point_size\":\"4\",\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.FunctionName\",\"terms_order_by\":\"ca2e4c62-28cd-11ea-822d-3ba2c0089081\",\"type\":\"timeseries\",\"value_template\":\"{{value}}\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"Lambda Top Errors [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Top Errors\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"60a16bf0-2979-467a-b30e-05ea29547b41\",\"w\":14,\"x\":0,\"y\":5},\"panelIndex\":\"60a16bf0-2979-467a-b30e-05ea29547b41\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloud.region\",\"id\":\"1549397251041\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"region name\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":true,\"useTimeFilter\":false},\"title\":\"AWS Region Filter [Metrics AWS]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"AWS Region Filter\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":14,\"i\":\"349ef0d1-fea1-4b91-b95d-7a668914e10b\",\"w\":48,\"x\":0,\"y\":10},\"panelIndex\":\"349ef0d1-fea1-4b91-b95d-7a668914e10b\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":0,\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"id\":\"ca2e4c60-28cd-11ea-822d-3ba2c0089081\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#3185FC\",\"fill\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"formatter\":\"number\",\"id\":\"ca2e4c61-28cd-11ea-822d-3ba2c0089081\",\"label\":\"avg(aws.metrics.Duration.avg)\",\"line_width\":2,\"metrics\":[{\"field\":\"aws.lambda.metrics.Duration.avg\",\"id\":\"ca2e4c62-28cd-11ea-822d-3ba2c0089081\",\"type\":\"avg\"}],\"point_size\":\"4\",\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.FunctionName\",\"terms_order_by\":\"ca2e4c62-28cd-11ea-822d-3ba2c0089081\",\"type\":\"timeseries\",\"value_template\":\"{{value}}\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"Lambda Duration in Milliseconds [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Lambda Function Duration in Milliseconds\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"048b1577-5aed-48e5-8f90-147aa3d56c1a\",\"w\":24,\"x\":0,\"y\":24},\"panelIndex\":\"048b1577-5aed-48e5-8f90-147aa3d56c1a\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":0,\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"fbf0eac0-28d0-11ea-8789-f72e3366fb25\"}],\"bar_color_rules\":[{\"id\":\"f679afa0-28d0-11ea-8789-f72e3366fb25\"}],\"drop_last_bucket\":1,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"hide_last_value_indicator\":true,\"id\":\"ca2e4c60-28cd-11ea-822d-3ba2c0089081\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#3185FC\",\"fill\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"formatter\":\"number\",\"id\":\"ca2e4c61-28cd-11ea-822d-3ba2c0089081\",\"label\":\"avg(aws.metrics.Duration.avg)\",\"line_width\":2,\"metrics\":[{\"field\":\"aws.lambda.metrics.Invocations.avg\",\"id\":\"ca2e4c62-28cd-11ea-822d-3ba2c0089081\",\"type\":\"max\"}],\"point_size\":\"4\",\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.FunctionName\",\"terms_order_by\":\"ca2e4c62-28cd-11ea-822d-3ba2c0089081\",\"type\":\"timeseries\",\"value_template\":\"{{value}}\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"top_n\",\"use_kibana_indexes\":false},\"title\":\"Lambda Top Invoked Functions [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Top Invoked Lambda Functions\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"4c8e471c-45da-47be-a866-c5bfc6d28a05\",\"w\":24,\"x\":24,\"y\":24},\"panelIndex\":\"4c8e471c-45da-47be-a866-c5bfc6d28a05\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":0,\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"fbf0eac0-28d0-11ea-8789-f72e3366fb25\"}],\"bar_color_rules\":[{\"id\":\"f679afa0-28d0-11ea-8789-f72e3366fb25\"}],\"drop_last_bucket\":1,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"gauge_color_rules\":[{\"id\":\"3eabbde0-28d1-11ea-8789-f72e3366fb25\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"hide_last_value_indicator\":true,\"id\":\"ca2e4c60-28cd-11ea-822d-3ba2c0089081\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#3185FC\",\"fill\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"formatter\":\"number\",\"id\":\"ca2e4c61-28cd-11ea-822d-3ba2c0089081\",\"label\":\"avg(aws.metrics.Duration.avg)\",\"line_width\":2,\"metrics\":[{\"field\":\"aws.lambda.metrics.Duration.avg\",\"id\":\"ca2e4c62-28cd-11ea-822d-3ba2c0089081\",\"type\":\"max\"}],\"point_size\":\"4\",\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.FunctionName\",\"terms_order_by\":\"ca2e4c62-28cd-11ea-822d-3ba2c0089081\",\"type\":\"timeseries\",\"value_template\":\"{{value}}\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"top_n\",\"use_kibana_indexes\":false},\"title\":\"Lambda Top Throttles [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Top Throttled Lambda Functions\"}]","timeRestore":false,"title":"[Metrics AWS] Lambda Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"aws-7ac8e1d0-28d2-11ea-ba6c-49a884eb104f","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"8f2d1b8f-fef3-4a9a-9cc8-7f0e2c65e35a:control_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"60a16bf0-2979-467a-b30e-05ea29547b41:control_0_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688154054424,6055],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1MTYsMV0="}
-{"attributes":{"description":"Overview of AWS S3 Storage Lens Metrics","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.s3_storage_lens\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.s3_storage_lens\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"0b61b236-11aa-4040-abf9-7b8eb4db1e31\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"0b61b236-11aa-4040-abf9-7b8eb4db1e31\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":16,\"markdown\":\"Daily Overview\",\"openLinksInNewTab\":false},\"title\":\"S3 Storage Lens Daily Overview Markdown [AWS Metrics]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"9b8691d3-9f30-4776-bf5c-342900818a80\",\"w\":8,\"x\":0,\"y\":4},\"panelIndex\":\"9b8691d3-9f30-4776-bf5c-342900818a80\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"aws.dimensions.aws_account_number\",\"id\":\"1636497293904\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"Account\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"aws.dimensions.aws_region\",\"id\":\"1549397251041\",\"indexPatternRefName\":\"control_1_index_pattern\",\"label\":\"Region\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"aws.dimensions.bucket_name\",\"id\":\"1549512142947\",\"indexPatternRefName\":\"control_2_index_pattern\",\"label\":\"S3 Bucket Name\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":true,\"useTimeFilter\":false},\"title\":\"S3 Storage Lens Filters [Metrics AWS]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Filters\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"3fc410ab-c8ca-4a7d-9566-c9921f7f3323\",\"w\":8,\"x\":8,\"y\":4},\"panelIndex\":\"3fc410ab-c8ca-4a7d-9566-c9921f7f3323\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"65c0c4b0-42a2-11ec-afe1-bb42ec488e9b\"}],\"drop_last_bucket\":0,\"id\":\"142ea8b7-6859-4f47-a442-71e4c5995e8d\",\"index_pattern_ref_name\":\"metrics_0_index_pattern\",\"interval\":\"\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\" \"},\"formatter\":\"bytes\",\"id\":\"de4a05bf-2a2d-422d-98ba-49350f7442d9\",\"label\":\"Total Storage\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.s3_storage_lens.metrics.StorageBytes.avg\",\"id\":\"cf9f8d20-f581-4036-8f5f-07748b6f9533\",\"type\":\"sum\"}],\"override_index_pattern\":1,\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"point_size\":1,\"separate_axis\":0,\"series_index_pattern_ref_name\":\"metrics_1_index_pattern\",\"series_interval\":\"3d\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"time_range_mode\":\"last_value\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"metric\",\"use_kibana_indexes\":true},\"title\":\"S3 Storage Lens Total Storage [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"6d7c0316-d2fa-4e3c-9028-fc7f109a7337\",\"w\":8,\"x\":16,\"y\":4},\"panelIndex\":\"6d7c0316-d2fa-4e3c-9028-fc7f109a7337\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"66732f50-42a3-11ec-afe1-bb42ec488e9b\"}],\"drop_last_bucket\":0,\"id\":\"c9efe17d-a8ee-4317-8eaa-e00070f8c4f4\",\"index_pattern_ref_name\":\"metrics_0_index_pattern\",\"interval\":\"\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\" \"},\"formatter\":\"number\",\"id\":\"de4a05bf-2a2d-422d-98ba-49350f7442d9\",\"label\":\"Object Count\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.s3_storage_lens.metrics.ObjectCount.avg\",\"id\":\"cf9f8d20-f581-4036-8f5f-07748b6f9533\",\"type\":\"sum\"}],\"override_index_pattern\":1,\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"point_size\":1,\"separate_axis\":0,\"series_index_pattern_ref_name\":\"metrics_1_index_pattern\",\"series_interval\":\"3d\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"metric\",\"use_kibana_indexes\":true},\"title\":\"S3 Storage Lens Object Count [AWS Metrics]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"90e351eb-70b7-4a7b-b113-b399adf6ff28\",\"w\":8,\"x\":24,\"y\":4},\"panelIndex\":\"90e351eb-70b7-4a7b-b113-b399adf6ff28\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"65c0c4b0-42a2-11ec-afe1-bb42ec488e9b\"}],\"drop_last_bucket\":0,\"id\":\"142ea8b7-6859-4f47-a442-71e4c5995e8d\",\"index_pattern_ref_name\":\"metrics_0_index_pattern\",\"interval\":\"\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\" \"},\"formatter\":\"bytes\",\"id\":\"de4a05bf-2a2d-422d-98ba-49350f7442d9\",\"label\":\"Average Object Size\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.s3_storage_lens.metrics.ObjectCount.avg\",\"id\":\"4074b470-42a5-11ec-9ec9-3315b0d7914c\",\"type\":\"sum\"},{\"field\":\"aws.s3_storage_lens.metrics.StorageBytes.avg\",\"id\":\"cf9f8d20-f581-4036-8f5f-07748b6f9533\",\"type\":\"sum\"},{\"id\":\"568cd530-42a5-11ec-9ec9-3315b0d7914c\",\"script\":\"divide(params.TotalStorage, params.ObjectCount)\",\"type\":\"math\",\"variables\":[{\"field\":\"cf9f8d20-f581-4036-8f5f-07748b6f9533\",\"id\":\"59e1cc90-42a5-11ec-9ec9-3315b0d7914c\",\"name\":\"TotalStorage\"},{\"field\":\"4074b470-42a5-11ec-9ec9-3315b0d7914c\",\"id\":\"64d21790-42a5-11ec-9ec9-3315b0d7914c\",\"name\":\"ObjectCount\"}]}],\"override_index_pattern\":1,\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"point_size\":1,\"separate_axis\":0,\"series_index_pattern_ref_name\":\"metrics_1_index_pattern\",\"series_interval\":\"3d\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"time_range_mode\":\"last_value\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"metric\",\"use_kibana_indexes\":true},\"title\":\"S3 Storage Lens Average Object Size[Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"f5ccf3a7-2922-43ff-bc79-1cd7d56e89a0\",\"w\":8,\"x\":32,\"y\":4},\"panelIndex\":\"f5ccf3a7-2922-43ff-bc79-1cd7d56e89a0\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"6479f000-42a6-11ec-afe1-bb42ec488e9b\"}],\"drop_last_bucket\":0,\"id\":\"2e804eee-436c-4e36-917b-7400ea5e5f89\",\"index_pattern_ref_name\":\"metrics_0_index_pattern\",\"interval\":\"\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"not aws.dimensions.storage_class : \\\"-\\\" \"},\"formatter\":\"number\",\"id\":\"de4a05bf-2a2d-422d-98ba-49350f7442d9\",\"label\":\"Active Buckets\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.dimensions.bucket_name\",\"id\":\"cf9f8d20-f581-4036-8f5f-07748b6f9533\",\"type\":\"cardinality\"}],\"override_index_pattern\":1,\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"point_size\":1,\"separate_axis\":0,\"series_index_pattern_ref_name\":\"metrics_1_index_pattern\",\"series_interval\":\"3d\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"metric\",\"use_kibana_indexes\":true},\"title\":\"S3 Storage Lens Active Buckets [AWS Metrics]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"03a07a48-e7e7-4aad-9b3f-74617467c739\",\"w\":8,\"x\":40,\"y\":4},\"panelIndex\":\"03a07a48-e7e7-4aad-9b3f-74617467c739\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"6479f000-42a6-11ec-afe1-bb42ec488e9b\"}],\"drop_last_bucket\":0,\"id\":\"2e804eee-436c-4e36-917b-7400ea5e5f89\",\"index_pattern_ref_name\":\"metrics_0_index_pattern\",\"interval\":\"\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"not aws.dimensions.storage_class : \\\"-\\\" \"},\"formatter\":\"number\",\"id\":\"de4a05bf-2a2d-422d-98ba-49350f7442d9\",\"label\":\"Accounts\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.dimensions.aws_account_number\",\"id\":\"cf9f8d20-f581-4036-8f5f-07748b6f9533\",\"type\":\"cardinality\"}],\"override_index_pattern\":1,\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"point_size\":1,\"separate_axis\":0,\"series_index_pattern_ref_name\":\"metrics_1_index_pattern\",\"series_interval\":\"3d\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"metric\",\"use_kibana_indexes\":true},\"title\":\"S3 Storage Lens Accounts [AWS Metrics]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"82b50202-e42d-49fb-9db7-2213216350f9\",\"w\":24,\"x\":0,\"y\":15},\"panelIndex\":\"82b50202-e42d-49fb-9db7-2213216350f9\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"88f52970-42a8-11ec-afe1-bb42ec488e9b\"}],\"bar_color_rules\":[{\"id\":\"5fac2960-42a8-11ec-afe1-bb42ec488e9b\"}],\"drop_last_bucket\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\" \"},\"gauge_color_rules\":[{\"id\":\"864db020-42a8-11ec-afe1-bb42ec488e9b\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"id\":\"c08f117f-f0e8-4d10-ace7-5d2a5aab35c0\",\"index_pattern_ref_name\":\"metrics_0_index_pattern\",\"interval\":\"3d\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"left\",\"chart_type\":\"bar\",\"color\":\"rgba(96,146,192,1)\",\"fill\":\"1\",\"formatter\":\"bytes\",\"id\":\"de4a05bf-2a2d-422d-98ba-49350f7442d9\",\"label\":\"Total Storage\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.s3_storage_lens.metrics.StorageBytes.avg\",\"id\":\"cf9f8d20-f581-4036-8f5f-07748b6f9533\",\"type\":\"sum\"}],\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"point_size\":1,\"separate_axis\":1,\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.aws_region\",\"terms_order_by\":\"cf9f8d20-f581-4036-8f5f-07748b6f9533\",\"terms_size\":\"5\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"last_value\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"top_n\",\"use_kibana_indexes\":true},\"title\":\"S3 Storage Lens Total Storage Region Distribution [AWS Metrics]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Total Storage Region Distribution\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"048f0020-8699-459c-bbb3-33a5597798f9\",\"w\":24,\"x\":24,\"y\":15},\"panelIndex\":\"048f0020-8699-459c-bbb3-33a5597798f9\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"88f52970-42a8-11ec-afe1-bb42ec488e9b\"}],\"bar_color_rules\":[{\"id\":\"5fac2960-42a8-11ec-afe1-bb42ec488e9b\"}],\"drop_last_bucket\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"gauge_color_rules\":[{\"id\":\"864db020-42a8-11ec-afe1-bb42ec488e9b\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"id\":\"c08f117f-f0e8-4d10-ace7-5d2a5aab35c0\",\"index_pattern_ref_name\":\"metrics_0_index_pattern\",\"interval\":\"3d\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"left\",\"chart_type\":\"bar\",\"color\":\"rgba(96,146,192,1)\",\"fill\":\"1\",\"filter\":{\"language\":\"kuery\",\"query\":\"aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\"\"},\"formatter\":\"bytes\",\"id\":\"de4a05bf-2a2d-422d-98ba-49350f7442d9\",\"label\":\"Total Storage\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.s3_storage_lens.metrics.StorageBytes.avg\",\"id\":\"cf9f8d20-f581-4036-8f5f-07748b6f9533\",\"type\":\"sum\"}],\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"point_size\":1,\"separate_axis\":1,\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.storage_class\",\"terms_order_by\":\"cf9f8d20-f581-4036-8f5f-07748b6f9533\",\"terms_size\":\"5\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"last_value\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"top_n\",\"use_kibana_indexes\":true},\"title\":\"S3 Storage Lens Total Storage Class Distribution [AWS Metrics]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Total Storage Class Distribution\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"939563b6-0601-45ef-86fc-bc18fb7fa474\",\"w\":24,\"x\":0,\"y\":22},\"panelIndex\":\"939563b6-0601-45ef-86fc-bc18fb7fa474\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"88f52970-42a8-11ec-afe1-bb42ec488e9b\"}],\"bar_color_rules\":[{\"id\":\"5fac2960-42a8-11ec-afe1-bb42ec488e9b\"}],\"drop_last_bucket\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\" \"},\"gauge_color_rules\":[{\"id\":\"864db020-42a8-11ec-afe1-bb42ec488e9b\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"id\":\"c08f117f-f0e8-4d10-ace7-5d2a5aab35c0\",\"index_pattern_ref_name\":\"metrics_0_index_pattern\",\"interval\":\"3d\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"left\",\"chart_type\":\"bar\",\"color\":\"rgba(231,102,76,1)\",\"fill\":\"1\",\"formatter\":\"number\",\"id\":\"de4a05bf-2a2d-422d-98ba-49350f7442d9\",\"label\":\"Object Count\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.s3_storage_lens.metrics.ObjectCount.avg\",\"id\":\"cf9f8d20-f581-4036-8f5f-07748b6f9533\",\"type\":\"sum\"}],\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"point_size\":1,\"separate_axis\":1,\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.aws_region\",\"terms_order_by\":\"cf9f8d20-f581-4036-8f5f-07748b6f9533\",\"terms_size\":\"5\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"last_value\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"top_n\",\"use_kibana_indexes\":true},\"title\":\"S3 Storage Lens Object Count Region Distribution [AWS Metrics]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Object Count Region Distribution\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"283f4fe8-710f-4f21-b024-ecb77d1933ab\",\"w\":24,\"x\":24,\"y\":22},\"panelIndex\":\"283f4fe8-710f-4f21-b024-ecb77d1933ab\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"88f52970-42a8-11ec-afe1-bb42ec488e9b\"}],\"bar_color_rules\":[{\"id\":\"5fac2960-42a8-11ec-afe1-bb42ec488e9b\"}],\"drop_last_bucket\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\" \"},\"gauge_color_rules\":[{\"id\":\"864db020-42a8-11ec-afe1-bb42ec488e9b\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"id\":\"c08f117f-f0e8-4d10-ace7-5d2a5aab35c0\",\"index_pattern_ref_name\":\"metrics_0_index_pattern\",\"interval\":\"3d\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"left\",\"chart_type\":\"bar\",\"color\":\"rgba(231,102,76,1)\",\"fill\":\"1\",\"formatter\":\"number\",\"id\":\"de4a05bf-2a2d-422d-98ba-49350f7442d9\",\"label\":\"Object Count\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.s3_storage_lens.metrics.ObjectCount.avg\",\"id\":\"cf9f8d20-f581-4036-8f5f-07748b6f9533\",\"type\":\"sum\"}],\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"point_size\":1,\"separate_axis\":1,\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.storage_class\",\"terms_order_by\":\"cf9f8d20-f581-4036-8f5f-07748b6f9533\",\"terms_size\":\"5\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"last_value\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"top_n\",\"use_kibana_indexes\":true},\"title\":\"S3 Storage Lens Object Count Class Distribution [AWS Metrics]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Object Count Class Distribution\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"826b9a1d-3ff4-4792-a833-e274f1a39c46\",\"w\":48,\"x\":0,\"y\":30},\"panelIndex\":\"826b9a1d-3ff4-4792-a833-e274f1a39c46\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":16,\"markdown\":\"Trends\",\"openLinksInNewTab\":false},\"title\":\"S3 Storage Lens Trends Markdown [AWS Metrics]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":14,\"i\":\"02d4d942-8c9a-4cb4-b3a3-18aacc0b2493\",\"w\":48,\"x\":0,\"y\":34},\"panelIndex\":\"02d4d942-8c9a-4cb4-b3a3-18aacc0b2493\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-eab1960c-2b9a-4e4a-9380-c29e91cbb47f\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"eab1960c-2b9a-4e4a-9380-c29e91cbb47f\":{\"columnOrder\":[\"e9704a86-fb68-4316-b885-42328390c6c0\",\"a80c40e7-af1b-4ac9-ba2e-baa7c13a729a\",\"d3578c4c-8e60-4bb8-9295-72b90c88d168\",\"a80c40e7-af1b-4ac9-ba2e-baa7c13a729aX0\",\"d3578c4c-8e60-4bb8-9295-72b90c88d168X0\"],\"columns\":{\"a80c40e7-af1b-4ac9-ba2e-baa7c13a729a\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Total Storage\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}},\"formula\":\"sum(aws.s3_storage_lens.metrics.StorageBytes.avg, kql='aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\" ')\",\"isFormulaBroken\":false},\"references\":[\"a80c40e7-af1b-4ac9-ba2e-baa7c13a729aX0\"],\"scale\":\"ratio\"},\"a80c40e7-af1b-4ac9-ba2e-baa7c13a729aX0\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\" \"},\"isBucketed\":false,\"label\":\"Part of Total Storage\",\"operationType\":\"sum\",\"scale\":\"ratio\",\"sourceField\":\"aws.s3_storage_lens.metrics.StorageBytes.avg\"},\"d3578c4c-8e60-4bb8-9295-72b90c88d168\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Storage Count\",\"operationType\":\"formula\",\"params\":{\"formula\":\"sum(aws.s3_storage_lens.metrics.ObjectCount.avg, kql='aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\" ')\",\"isFormulaBroken\":false},\"references\":[\"d3578c4c-8e60-4bb8-9295-72b90c88d168X0\"],\"scale\":\"ratio\"},\"d3578c4c-8e60-4bb8-9295-72b90c88d168X0\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\" \"},\"isBucketed\":false,\"label\":\"Part of Storage Count\",\"operationType\":\"sum\",\"scale\":\"ratio\",\"sourceField\":\"aws.s3_storage_lens.metrics.ObjectCount.avg\"},\"e9704a86-fb68-4316-b885-42328390c6c0\":{\"customLabel\":false,\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"interval\":\"1d\",\"includeEmptyRows\":true},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"filter-index-pattern-0\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.s3_storage_lens\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.s3_storage_lens\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"a80c40e7-af1b-4ac9-ba2e-baa7c13a729a\",\"d3578c4c-8e60-4bb8-9295-72b90c88d168\"],\"layerId\":\"eab1960c-2b9a-4e4a-9380-c29e91cbb47f\",\"layerType\":\"data\",\"seriesType\":\"line\",\"xAccessor\":\"e9704a86-fb68-4316-b885-42328390c6c0\",\"yConfig\":[{\"axisMode\":\"auto\",\"forAccessor\":\"d3578c4c-8e60-4bb8-9295-72b90c88d168\"},{\"axisMode\":\"auto\",\"color\":\"#e7664c\",\"forAccessor\":\"a80c40e7-af1b-4ac9-ba2e-baa7c13a729a\"}]}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"dataBounds\"},\"yRightExtent\":{\"mode\":\"dataBounds\"}}},\"title\":\"S3 Storage Lens Total Storage and Object Count [Metrics AWS]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Storage and Object Count\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"45489a96-fc7f-4c8f-b037-2a6a7fa37316\",\"w\":48,\"x\":0,\"y\":48},\"panelIndex\":\"45489a96-fc7f-4c8f-b037-2a6a7fa37316\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":14,\"markdown\":\"Cost Efficiency\",\"openLinksInNewTab\":false},\"title\":\"S3 Storage Lens Cost Efficiency Markdown [AWS Metrics]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":16,\"i\":\"d77a360f-abbd-41cb-8c72-ac1848168dbc\",\"w\":6,\"x\":0,\"y\":52},\"panelIndex\":\"d77a360f-abbd-41cb-8c72-ac1848168dbc\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"66732f50-42a3-11ec-afe1-bb42ec488e9b\"}],\"drop_last_bucket\":0,\"id\":\"c9efe17d-a8ee-4317-8eaa-e00070f8c4f4\",\"index_pattern_ref_name\":\"metrics_0_index_pattern\",\"interval\":\"\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\" \"},\"formatter\":\"number\",\"id\":\"de4a05bf-2a2d-422d-98ba-49350f7442d9\",\"label\":\"Delete Marker Object Count\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.s3_storage_lens.metrics.DeleteMarkerObjectCount.avg\",\"id\":\"cf9f8d20-f581-4036-8f5f-07748b6f9533\",\"type\":\"sum\"}],\"override_index_pattern\":1,\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"point_size\":1,\"separate_axis\":0,\"series_index_pattern_ref_name\":\"metrics_1_index_pattern\",\"series_interval\":\"3d\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"metric\",\"use_kibana_indexes\":true},\"title\":\"S3 Storage Lens Delete Marker Object Count [AWS Metrics]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":16,\"i\":\"4a0a8cb0-acce-4b4f-8635-d19b33a5b7c7\",\"w\":21,\"x\":6,\"y\":52},\"panelIndex\":\"4a0a8cb0-acce-4b4f-8635-d19b33a5b7c7\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-af6bd20f-099d-4817-a951-99bcba7e1752\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"af6bd20f-099d-4817-a951-99bcba7e1752\":{\"columnOrder\":[\"6af18f84-7f98-4aec-88d2-51eb0e177fa7\",\"f13847d9-f404-41a8-8e17-12b47d683bd0\",\"f13847d9-f404-41a8-8e17-12b47d683bd0X0\",\"f13847d9-f404-41a8-8e17-12b47d683bd0X1\",\"f13847d9-f404-41a8-8e17-12b47d683bd0X2\"],\"columns\":{\"6af18f84-7f98-4aec-88d2-51eb0e177fa7\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"interval\":\"1d\",\"includeEmptyRows\":true},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"f13847d9-f404-41a8-8e17-12b47d683bd0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"% Current Version Bytes\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":2}},\"formula\":\"divide(sum(aws.s3_storage_lens.metrics.CurrentVersionStorageBytes.avg, kql='aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\" '), sum(aws.s3_storage_lens.metrics.StorageBytes.avg, kql='aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\" '))\",\"isFormulaBroken\":false},\"references\":[\"f13847d9-f404-41a8-8e17-12b47d683bd0X2\"],\"scale\":\"ratio\"},\"f13847d9-f404-41a8-8e17-12b47d683bd0X0\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\" \"},\"isBucketed\":false,\"label\":\"Part of % Current Version Bytes\",\"operationType\":\"sum\",\"scale\":\"ratio\",\"sourceField\":\"aws.s3_storage_lens.metrics.CurrentVersionStorageBytes.avg\"},\"f13847d9-f404-41a8-8e17-12b47d683bd0X1\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\" \"},\"isBucketed\":false,\"label\":\"Part of % Current Version Bytes\",\"operationType\":\"sum\",\"scale\":\"ratio\",\"sourceField\":\"aws.s3_storage_lens.metrics.StorageBytes.avg\"},\"f13847d9-f404-41a8-8e17-12b47d683bd0X2\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of % Current Version Bytes\",\"operationType\":\"math\",\"params\":{\"tinymathAst\":{\"args\":[\"f13847d9-f404-41a8-8e17-12b47d683bd0X0\",\"f13847d9-f404-41a8-8e17-12b47d683bd0X1\"],\"location\":{\"max\":302,\"min\":0},\"name\":\"divide\",\"text\":\"divide(sum(aws.s3_storage_lens.metrics.CurrentVersionStorageBytes.avg, kql='aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\" '), sum(aws.s3_storage_lens.metrics.StorageBytes.avg, kql='aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\" '))\",\"type\":\"function\"}},\"references\":[\"f13847d9-f404-41a8-8e17-12b47d683bd0X0\",\"f13847d9-f404-41a8-8e17-12b47d683bd0X1\"],\"scale\":\"ratio\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"filter-index-pattern-0\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.s3_storage_lens\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.s3_storage_lens\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"f13847d9-f404-41a8-8e17-12b47d683bd0\"],\"layerId\":\"af6bd20f-099d-4817-a951-99bcba7e1752\",\"layerType\":\"data\",\"seriesType\":\"line\",\"xAccessor\":\"6af18f84-7f98-4aec-88d2-51eb0e177fa7\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"title\":\"S3 Storage Lens Percentage Current Version Bytes [AWS Metrics]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Current Version Bytes Percentage\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":16,\"i\":\"f4087f7c-4714-430d-9fce-9232215efcea\",\"w\":21,\"x\":27,\"y\":52},\"panelIndex\":\"f4087f7c-4714-430d-9fce-9232215efcea\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-af6bd20f-099d-4817-a951-99bcba7e1752\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"af6bd20f-099d-4817-a951-99bcba7e1752\":{\"columnOrder\":[\"e959c162-4cf1-42f8-bcc7-e08698adc162\",\"f13847d9-f404-41a8-8e17-12b47d683bd0\",\"f13847d9-f404-41a8-8e17-12b47d683bd0X0\",\"f13847d9-f404-41a8-8e17-12b47d683bd0X1\",\"f13847d9-f404-41a8-8e17-12b47d683bd0X2\"],\"columns\":{\"e959c162-4cf1-42f8-bcc7-e08698adc162\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"interval\":\"1d\",\"includeEmptyRows\":true},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"f13847d9-f404-41a8-8e17-12b47d683bd0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"% incomplete MPU bytes\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":2}},\"formula\":\"divide(sum(aws.s3_storage_lens.metrics.IncompleteMultipartUploadStorageBytes.avg, kql='aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\" '), sum(aws.s3_storage_lens.metrics.StorageBytes.avg, kql='aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\" '))\",\"isFormulaBroken\":false},\"references\":[\"f13847d9-f404-41a8-8e17-12b47d683bd0X2\"],\"scale\":\"ratio\"},\"f13847d9-f404-41a8-8e17-12b47d683bd0X0\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\" \"},\"isBucketed\":false,\"label\":\"Part of % incomplete MPU bytes\",\"operationType\":\"sum\",\"scale\":\"ratio\",\"sourceField\":\"aws.s3_storage_lens.metrics.IncompleteMultipartUploadStorageBytes.avg\"},\"f13847d9-f404-41a8-8e17-12b47d683bd0X1\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\" \"},\"isBucketed\":false,\"label\":\"Part of % incomplete MPU bytes\",\"operationType\":\"sum\",\"scale\":\"ratio\",\"sourceField\":\"aws.s3_storage_lens.metrics.StorageBytes.avg\"},\"f13847d9-f404-41a8-8e17-12b47d683bd0X2\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of % incomplete MPU bytes\",\"operationType\":\"math\",\"params\":{\"tinymathAst\":{\"args\":[\"f13847d9-f404-41a8-8e17-12b47d683bd0X0\",\"f13847d9-f404-41a8-8e17-12b47d683bd0X1\"],\"location\":{\"max\":313,\"min\":0},\"name\":\"divide\",\"text\":\"divide(sum(aws.s3_storage_lens.metrics.IncompleteMultipartUploadStorageBytes.avg, kql='aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\" '), sum(aws.s3_storage_lens.metrics.StorageBytes.avg, kql='aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\" '))\",\"type\":\"function\"}},\"references\":[\"f13847d9-f404-41a8-8e17-12b47d683bd0X0\",\"f13847d9-f404-41a8-8e17-12b47d683bd0X1\"],\"scale\":\"ratio\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"f13847d9-f404-41a8-8e17-12b47d683bd0\"],\"layerId\":\"af6bd20f-099d-4817-a951-99bcba7e1752\",\"layerType\":\"data\",\"seriesType\":\"line\",\"xAccessor\":\"e959c162-4cf1-42f8-bcc7-e08698adc162\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"title\":\"S3 Storage Lens Percentage incomplete MPU bytes [AWS Metrics]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Incomplete MPU bytes Percentage\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"2dbf68cd-48be-4e1f-a526-a47ec24f8359\",\"w\":48,\"x\":0,\"y\":68},\"panelIndex\":\"2dbf68cd-48be-4e1f-a526-a47ec24f8359\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":14,\"markdown\":\"Data Protection\",\"openLinksInNewTab\":false},\"title\":\"S3 Storage Lens Data Protection Markdown [AWS Metrics]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"b21580ab-7ec7-47fe-9449-14b1d617fd63\",\"w\":17,\"x\":0,\"y\":72},\"panelIndex\":\"b21580ab-7ec7-47fe-9449-14b1d617fd63\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"8d0ce9b0-42aa-11ec-93b6-03cae606ce61\"}],\"bar_color_rules\":[{\"id\":\"ddaf4ed0-42aa-11ec-a5a1-73d3b46a933e\"}],\"drop_last_bucket\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\" \"},\"gauge_color_rules\":[{\"id\":\"0d38a660-42ab-11ec-a5a1-73d3b46a933e\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"id\":\"7c0ba441-be60-42ec-9d68-6959f1c1e709\",\"index_pattern_ref_name\":\"metrics_0_index_pattern\",\"interval\":\"\",\"isModelInvalid\":false,\"markdown\":\"test\\t{{ object_lock_bytes_percentage.last.raw }}\",\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"percent\",\"id\":\"4e7561ec-a29c-4558-9d40-d8f378c85daf\",\"label\":\"Object Locked\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.s3_storage_lens.metrics.ObjectLockEnabledStorageBytes.avg\",\"id\":\"5e067d85-0dfc-4208-a72b-75279b58b2b2\",\"type\":\"sum\"},{\"field\":\"aws.s3_storage_lens.metrics.StorageBytes.avg\",\"id\":\"66645e10-42aa-11ec-93b6-03cae606ce61\",\"type\":\"sum\"},{\"id\":\"707b8720-42aa-11ec-93b6-03cae606ce61\",\"script\":\"divide(params.ObjectLock, params.StorageBytes)\",\"type\":\"math\",\"variables\":[{\"field\":\"5e067d85-0dfc-4208-a72b-75279b58b2b2\",\"id\":\"73b2bd50-42aa-11ec-93b6-03cae606ce61\",\"name\":\"ObjectLock\"},{\"field\":\"66645e10-42aa-11ec-93b6-03cae606ce61\",\"id\":\"7c32cba0-42aa-11ec-93b6-03cae606ce61\",\"name\":\"StorageBytes\"}]}],\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"point_size\":1,\"separate_axis\":0,\"split_mode\":\"everything\",\"stacked\":\"none\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"metric\",\"use_kibana_indexes\":true},\"title\":\"S3 Storage Lens Object Lock Bytes Percentage [AWS Metrics]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Object Lock Bytes Percentage\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"ba2bd05a-ad1c-4d35-8396-89febc950636\",\"w\":16,\"x\":17,\"y\":72},\"panelIndex\":\"ba2bd05a-ad1c-4d35-8396-89febc950636\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"8d0ce9b0-42aa-11ec-93b6-03cae606ce61\"}],\"bar_color_rules\":[{\"id\":\"ddaf4ed0-42aa-11ec-a5a1-73d3b46a933e\"}],\"drop_last_bucket\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\" \"},\"gauge_color_rules\":[{\"id\":\"0d38a660-42ab-11ec-a5a1-73d3b46a933e\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"id\":\"7c0ba441-be60-42ec-9d68-6959f1c1e709\",\"index_pattern_ref_name\":\"metrics_0_index_pattern\",\"interval\":\"\",\"isModelInvalid\":false,\"markdown\":\"test\\t{{ object_lock_bytes_percentage.last.raw }}\",\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"percent\",\"id\":\"4e7561ec-a29c-4558-9d40-d8f378c85daf\",\"label\":\"Replicated\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.s3_storage_lens.metrics.ReplicatedStorageBytes.avg\",\"id\":\"5e067d85-0dfc-4208-a72b-75279b58b2b2\",\"type\":\"sum\"},{\"field\":\"aws.s3_storage_lens.metrics.StorageBytes.avg\",\"id\":\"66645e10-42aa-11ec-93b6-03cae606ce61\",\"type\":\"sum\"},{\"id\":\"707b8720-42aa-11ec-93b6-03cae606ce61\",\"script\":\"divide(params.Replicated, params.StorageBytes)\",\"type\":\"math\",\"variables\":[{\"field\":\"5e067d85-0dfc-4208-a72b-75279b58b2b2\",\"id\":\"73b2bd50-42aa-11ec-93b6-03cae606ce61\",\"name\":\"Replicated\"},{\"field\":\"66645e10-42aa-11ec-93b6-03cae606ce61\",\"id\":\"7c32cba0-42aa-11ec-93b6-03cae606ce61\",\"name\":\"StorageBytes\"}]}],\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"point_size\":1,\"separate_axis\":0,\"split_mode\":\"everything\",\"stacked\":\"none\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"metric\",\"use_kibana_indexes\":true},\"title\":\"S3 Storage Lens Replicated Bytes Percentage [AWS Metrics]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Replicated Bytes Percentage\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"c8ab3a47-5316-495a-bb9e-a78fb867b059\",\"w\":15,\"x\":33,\"y\":72},\"panelIndex\":\"c8ab3a47-5316-495a-bb9e-a78fb867b059\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"8d0ce9b0-42aa-11ec-93b6-03cae606ce61\"}],\"bar_color_rules\":[{\"id\":\"ddaf4ed0-42aa-11ec-a5a1-73d3b46a933e\"}],\"drop_last_bucket\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\" \"},\"gauge_color_rules\":[{\"id\":\"0d38a660-42ab-11ec-a5a1-73d3b46a933e\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"id\":\"7c0ba441-be60-42ec-9d68-6959f1c1e709\",\"index_pattern_ref_name\":\"metrics_0_index_pattern\",\"interval\":\"\",\"isModelInvalid\":false,\"markdown\":\"test\\t{{ object_lock_bytes_percentage.last.raw }}\",\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(96,146,192,1)\",\"fill\":0.5,\"formatter\":\"percent\",\"id\":\"4e7561ec-a29c-4558-9d40-d8f378c85daf\",\"label\":\"Encrypted\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.s3_storage_lens.metrics.EncryptedStorageBytes.avg\",\"id\":\"5e067d85-0dfc-4208-a72b-75279b58b2b2\",\"type\":\"sum\"},{\"field\":\"aws.s3_storage_lens.metrics.StorageBytes.avg\",\"id\":\"66645e10-42aa-11ec-93b6-03cae606ce61\",\"type\":\"sum\"},{\"id\":\"707b8720-42aa-11ec-93b6-03cae606ce61\",\"script\":\"divide(params.Encrypted, params.StorageBytes)\",\"type\":\"math\",\"variables\":[{\"field\":\"5e067d85-0dfc-4208-a72b-75279b58b2b2\",\"id\":\"73b2bd50-42aa-11ec-93b6-03cae606ce61\",\"name\":\"Encrypted\"},{\"field\":\"66645e10-42aa-11ec-93b6-03cae606ce61\",\"id\":\"7c32cba0-42aa-11ec-93b6-03cae606ce61\",\"name\":\"StorageBytes\"}]}],\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"point_size\":1,\"separate_axis\":0,\"split_mode\":\"everything\",\"stacked\":\"none\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"metric\",\"use_kibana_indexes\":true},\"title\":\"S3 Storage Lens Encrypted Bytes Percentage [AWS Metrics]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Encrypted Bytes Percentage\"}]","timeRestore":false,"title":"[Metrics AWS] S3 Storage Lens Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"aws-80ed1380-41a6-11ec-a605-bff67d9b7872","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"3fc410ab-c8ca-4a7d-9566-c9921f7f3323:metrics_3fc410ab-c8ca-4a7d-9566-c9921f7f3323_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"3fc410ab-c8ca-4a7d-9566-c9921f7f3323:metrics_3fc410ab-c8ca-4a7d-9566-c9921f7f3323_1_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"82b50202-e42d-49fb-9db7-2213216350f9:metrics_82b50202-e42d-49fb-9db7-2213216350f9_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"9b8691d3-9f30-4776-bf5c-342900818a80:control_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"9b8691d3-9f30-4776-bf5c-342900818a80:control_1_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"9b8691d3-9f30-4776-bf5c-342900818a80:control_2_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"3fc410ab-c8ca-4a7d-9566-c9921f7f3323:metrics_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"3fc410ab-c8ca-4a7d-9566-c9921f7f3323:metrics_1_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"6d7c0316-d2fa-4e3c-9028-fc7f109a7337:metrics_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"6d7c0316-d2fa-4e3c-9028-fc7f109a7337:metrics_1_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"90e351eb-70b7-4a7b-b113-b399adf6ff28:metrics_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"90e351eb-70b7-4a7b-b113-b399adf6ff28:metrics_1_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"f5ccf3a7-2922-43ff-bc79-1cd7d56e89a0:metrics_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"f5ccf3a7-2922-43ff-bc79-1cd7d56e89a0:metrics_1_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"03a07a48-e7e7-4aad-9b3f-74617467c739:metrics_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"03a07a48-e7e7-4aad-9b3f-74617467c739:metrics_1_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"82b50202-e42d-49fb-9db7-2213216350f9:metrics_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"048f0020-8699-459c-bbb3-33a5597798f9:metrics_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"939563b6-0601-45ef-86fc-bc18fb7fa474:metrics_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"283f4fe8-710f-4f21-b024-ecb77d1933ab:metrics_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"02d4d942-8c9a-4cb4-b3a3-18aacc0b2493:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"02d4d942-8c9a-4cb4-b3a3-18aacc0b2493:indexpattern-datasource-layer-eab1960c-2b9a-4e4a-9380-c29e91cbb47f","type":"index-pattern"},{"id":"metrics-*","name":"02d4d942-8c9a-4cb4-b3a3-18aacc0b2493:filter-index-pattern-0","type":"index-pattern"},{"id":"metrics-*","name":"d77a360f-abbd-41cb-8c72-ac1848168dbc:metrics_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"d77a360f-abbd-41cb-8c72-ac1848168dbc:metrics_1_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"4a0a8cb0-acce-4b4f-8635-d19b33a5b7c7:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"4a0a8cb0-acce-4b4f-8635-d19b33a5b7c7:indexpattern-datasource-layer-af6bd20f-099d-4817-a951-99bcba7e1752","type":"index-pattern"},{"id":"metrics-*","name":"4a0a8cb0-acce-4b4f-8635-d19b33a5b7c7:filter-index-pattern-0","type":"index-pattern"},{"id":"metrics-*","name":"f4087f7c-4714-430d-9fce-9232215efcea:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"f4087f7c-4714-430d-9fce-9232215efcea:indexpattern-datasource-layer-af6bd20f-099d-4817-a951-99bcba7e1752","type":"index-pattern"},{"id":"metrics-*","name":"b21580ab-7ec7-47fe-9449-14b1d617fd63:metrics_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"ba2bd05a-ad1c-4d35-8396-89febc950636:metrics_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"c8ab3a47-5316-495a-bb9e-a78fb867b059:metrics_0_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688154054424,6092],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1MTcsMV0="}
-{"attributes":{"description":"Overview of Amazon Redshift metrics","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.redshift\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.redshift\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":true,\"useMargins\":false}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":6,\"i\":\"88b83992-1fc4-4509-b89d-2de22163f92c\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"88b83992-1fc4-4509-b89d-2de22163f92c\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloud.account.name\",\"id\":\"1549397251041\",\"indexPatternRefName\":\"control_88b83992-1fc4-4509-b89d-2de22163f92c_0_index_pattern\",\"label\":\"account name\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"aws.dimensions.ClusterIdentifier\",\"id\":\"1655371342369\",\"indexPatternRefName\":\"control_88b83992-1fc4-4509-b89d-2de22163f92c_1_index_pattern\",\"label\":\"cluster identifier\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":true,\"useTimeFilter\":false},\"title\":\"\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"AWS Account and Redshift Cluster Filters\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"dffd1329-1668-441d-907d-c04a5cee3fcc\",\"w\":48,\"x\":0,\"y\":6},\"panelIndex\":\"dffd1329-1668-441d-907d-c04a5cee3fcc\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"## Cluster monitoring\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"500e407a-5b1e-4963-b229-f14024f7678d\",\"w\":24,\"x\":0,\"y\":11},\"panelIndex\":\"500e407a-5b1e-4963-b229-f14024f7678d\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-f26f3fa9-c910-4463-917a-a5190e20d8cc\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"f26f3fa9-c910-4463-917a-a5190e20d8cc\":{\"columnOrder\":[\"bd14bb61-5b34-4c10-82e1-d5257330293c\",\"64a0425b-0eb6-425b-b8de-e2e13f77a408\"],\"columns\":{\"64a0425b-0eb6-425b-b8de-e2e13f77a408\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Median of aws.redshift.metrics.HealthStatus.avg\",\"operationType\":\"median\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.redshift.metrics.HealthStatus.avg\"},\"bd14bb61-5b34-4c10-82e1-d5257330293c\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":true,\"ignoreTimeRange\":false,\"includeEmptyRows\":true,\"interval\":\"5m\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"curveType\":\"CURVE_MONOTONE_X\",\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"64a0425b-0eb6-425b-b8de-e2e13f77a408\"],\"layerId\":\"f26f3fa9-c910-4463-917a-a5190e20d8cc\",\"layerType\":\"data\",\"seriesType\":\"line\",\"xAccessor\":\"bd14bb61-5b34-4c10-82e1-d5257330293c\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Health Status\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"cdb8dc8b-e920-459d-b55e-462059dd148c\",\"w\":24,\"x\":24,\"y\":11},\"panelIndex\":\"cdb8dc8b-e920-459d-b55e-462059dd148c\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-63ac4267-da50-47f2-a95d-f210ac96e7be\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"63ac4267-da50-47f2-a95d-f210ac96e7be\":{\"columnOrder\":[\"e6191554-4017-4820-953d-db002484bda8\",\"eb938638-2ee8-4e13-aa43-dfd479ebb210\"],\"columns\":{\"e6191554-4017-4820-953d-db002484bda8\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":true,\"ignoreTimeRange\":false,\"includeEmptyRows\":true,\"interval\":\"5m\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"eb938638-2ee8-4e13-aa43-dfd479ebb210\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Median of aws.redshift.metrics.MaintenanceMode.avg\",\"operationType\":\"median\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.redshift.metrics.MaintenanceMode.avg\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"eb938638-2ee8-4e13-aa43-dfd479ebb210\"],\"layerId\":\"63ac4267-da50-47f2-a95d-f210ac96e7be\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"xAccessor\":\"e6191554-4017-4820-953d-db002484bda8\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"yLeftExtent\":{\"lowerBound\":0,\"mode\":\"custom\",\"upperBound\":1}}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Maintenance mode\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":12,\"i\":\"e1952ece-22a7-4d9e-a96d-035e49e48e89\",\"w\":15,\"x\":0,\"y\":26},\"panelIndex\":\"e1952ece-22a7-4d9e-a96d-035e49e48e89\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-07d0e5df-2cdd-4f7d-89a5-79cd6faf96d2\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"07d0e5df-2cdd-4f7d-89a5-79cd6faf96d2\":{\"columnOrder\":[\"9dc06753-8051-4a65-8122-bd693491cf43\"],\"columns\":{\"9dc06753-8051-4a65-8122-bd693491cf43\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Database connections (Average)\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":1}}},\"scale\":\"ratio\",\"sourceField\":\"aws.redshift.metrics.DatabaseConnections.avg\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"9dc06753-8051-4a65-8122-bd693491cf43\",\"layerId\":\"07d0e5df-2cdd-4f7d-89a5-79cd6faf96d2\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":true,\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":12,\"i\":\"a2c1cf3b-86a2-4a9f-9f5f-99c51d536a5a\",\"w\":33,\"x\":15,\"y\":26},\"panelIndex\":\"a2c1cf3b-86a2-4a9f-9f5f-99c51d536a5a\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-95dadc13-e250-40e4-8ae8-9c612d40d8b5\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"95dadc13-e250-40e4-8ae8-9c612d40d8b5\":{\"columnOrder\":[\"bdfde3b8-4241-4177-9a45-d30e28c6710e\",\"0379c1a5-31f8-4b73-86ac-4107d3e157a6\"],\"columns\":{\"0379c1a5-31f8-4b73-86ac-4107d3e157a6\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average of aws.redshift.metrics.DatabaseConnections.avg\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.redshift.metrics.DatabaseConnections.avg\"},\"bdfde3b8-4241-4177-9a45-d30e28c6710e\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":true,\"ignoreTimeRange\":false,\"includeEmptyRows\":true,\"interval\":\"5m\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"curveType\":\"CURVE_MONOTONE_X\",\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"0379c1a5-31f8-4b73-86ac-4107d3e157a6\"],\"layerId\":\"95dadc13-e250-40e4-8ae8-9c612d40d8b5\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"xAccessor\":\"bdfde3b8-4241-4177-9a45-d30e28c6710e\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Database connections\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"c150200d-1645-49be-a3f6-103da488bc4e\",\"w\":48,\"x\":0,\"y\":38},\"panelIndex\":\"c150200d-1645-49be-a3f6-103da488bc4e\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"## Resource Usage\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":14,\"i\":\"818689c7-efe0-4c41-9fa7-640b9281d4d8\",\"w\":15,\"x\":0,\"y\":43},\"panelIndex\":\"818689c7-efe0-4c41-9fa7-640b9281d4d8\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-e8f1122f-78fe-4db5-b05e-e87553c61237\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"e8f1122f-78fe-4db5-b05e-e87553c61237\":{\"columnOrder\":[\"4a9dedca-ac19-47ac-a001-0b305e74202b\"],\"columns\":{\"4a9dedca-ac19-47ac-a001-0b305e74202b\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"CPU Utilization (Average)\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":2,\"suffix\":\"%\"}}},\"scale\":\"ratio\",\"sourceField\":\"aws.redshift.metrics.CPUUtilization.avg\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"4a9dedca-ac19-47ac-a001-0b305e74202b\",\"colorMode\":\"Background\",\"layerId\":\"e8f1122f-78fe-4db5-b05e-e87553c61237\",\"layerType\":\"data\",\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#209280\",\"stop\":0},{\"color\":\"#d6bf57\",\"stop\":70},{\"color\":\"#cc5642\",\"stop\":85}],\"continuity\":\"above\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":0,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#209280\",\"stop\":70},{\"color\":\"#d6bf57\",\"stop\":85},{\"color\":\"#cc5642\",\"stop\":86}]},\"type\":\"palette\"},\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":true,\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":14,\"i\":\"860dc77f-8d28-4af7-8c04-baf0ad10e402\",\"w\":33,\"x\":15,\"y\":43},\"panelIndex\":\"860dc77f-8d28-4af7-8c04-baf0ad10e402\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-27acbd7b-a2c6-4116-989a-ec58fc9d0e29\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"27acbd7b-a2c6-4116-989a-ec58fc9d0e29\":{\"columnOrder\":[\"c92564d1-e6d7-42e7-94dc-7fcd5519a510\",\"aa557c3c-0775-42da-a96f-32db7e70b349\",\"01231ec4-aedf-47ff-8b7f-ac7a913c5aa7\"],\"columns\":{\"01231ec4-aedf-47ff-8b7f-ac7a913c5aa7\":{\"customLabel\":false,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average of aws.redshift.metrics.CPUUtilization.avg\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":2,\"suffix\":\"%\"}}},\"scale\":\"ratio\",\"sourceField\":\"aws.redshift.metrics.CPUUtilization.avg\"},\"aa557c3c-0775-42da-a96f-32db7e70b349\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":true,\"ignoreTimeRange\":false,\"includeEmptyRows\":true,\"interval\":\"5m\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"c92564d1-e6d7-42e7-94dc-7fcd5519a510\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 3 values of aws.dimensions.NodeID\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"01231ec4-aedf-47ff-8b7f-ac7a913c5aa7\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":3},\"scale\":\"ordinal\",\"sourceField\":\"aws.dimensions.NodeID\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"curveType\":\"CURVE_MONOTONE_X\",\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"01231ec4-aedf-47ff-8b7f-ac7a913c5aa7\"],\"layerId\":\"27acbd7b-a2c6-4116-989a-ec58fc9d0e29\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"c92564d1-e6d7-42e7-94dc-7fcd5519a510\",\"xAccessor\":\"aa557c3c-0775-42da-a96f-32db7e70b349\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"showSingleSeries\":false,\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"valuesInLegend\":false,\"yLeftExtent\":{\"mode\":\"full\"}}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"CPU Utilization per Node\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"2ce96451-53a0-4fb7-90a4-0ef0d09b9aa3\",\"w\":24,\"x\":0,\"y\":57},\"panelIndex\":\"2ce96451-53a0-4fb7-90a4-0ef0d09b9aa3\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-2a63294f-c73c-4822-bf57-5ceebef529f4\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"2a63294f-c73c-4822-bf57-5ceebef529f4\":{\"columnOrder\":[\"5e9f7406-154a-45fd-89f8-02c1d4a1bf2a\",\"58514e8d-e8b8-440a-b7c3-b5b9d523f274\"],\"columns\":{\"58514e8d-e8b8-440a-b7c3-b5b9d523f274\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Median of aws.redshift.metrics.ReadThroughput.avg\",\"operationType\":\"median\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.redshift.metrics.ReadThroughput.avg\"},\"5e9f7406-154a-45fd-89f8-02c1d4a1bf2a\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":true,\"ignoreTimeRange\":false,\"includeEmptyRows\":true,\"interval\":\"5m\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"curveType\":\"CURVE_MONOTONE_X\",\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"58514e8d-e8b8-440a-b7c3-b5b9d523f274\"],\"layerId\":\"2a63294f-c73c-4822-bf57-5ceebef529f4\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"xAccessor\":\"5e9f7406-154a-45fd-89f8-02c1d4a1bf2a\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Disk Read Throughput\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"1289046b-48c1-4506-a473-cebc26cc5a1c\",\"w\":24,\"x\":24,\"y\":57},\"panelIndex\":\"1289046b-48c1-4506-a473-cebc26cc5a1c\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-115b9c0c-4ad8-44df-b8ed-2771d89a23d2\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"115b9c0c-4ad8-44df-b8ed-2771d89a23d2\":{\"columnOrder\":[\"0e4ecc03-bbd1-45a0-b17b-5da860a46495\",\"e48879bc-a9b6-4511-942d-494e00e61f54\"],\"columns\":{\"0e4ecc03-bbd1-45a0-b17b-5da860a46495\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":true,\"ignoreTimeRange\":false,\"includeEmptyRows\":true,\"interval\":\"5m\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"e48879bc-a9b6-4511-942d-494e00e61f54\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Median of aws.redshift.metrics.WriteThroughput.avg\",\"operationType\":\"median\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.redshift.metrics.WriteThroughput.avg\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"curveType\":\"CURVE_MONOTONE_X\",\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"e48879bc-a9b6-4511-942d-494e00e61f54\"],\"layerId\":\"115b9c0c-4ad8-44df-b8ed-2771d89a23d2\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"xAccessor\":\"0e4ecc03-bbd1-45a0-b17b-5da860a46495\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Storage Write Throughput\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"464712cc-51aa-4e6f-a520-f7b528c17793\",\"w\":24,\"x\":0,\"y\":72},\"panelIndex\":\"464712cc-51aa-4e6f-a520-f7b528c17793\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-4ebcdab6-4f10-4f42-9f61-e4aec03c380e\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"4ebcdab6-4f10-4f42-9f61-e4aec03c380e\":{\"columnOrder\":[\"4f8a9048-f9fc-4062-af60-a21fb6eb6058\",\"8a570e69-c039-420e-b0bf-549356e5f0af\"],\"columns\":{\"4f8a9048-f9fc-4062-af60-a21fb6eb6058\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":true,\"ignoreTimeRange\":false,\"includeEmptyRows\":true,\"interval\":\"5m\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"8a570e69-c039-420e-b0bf-549356e5f0af\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Median of aws.redshift.metrics.ReadLatency.avg\",\"operationType\":\"median\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.redshift.metrics.ReadLatency.avg\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"8a570e69-c039-420e-b0bf-549356e5f0af\"],\"layerId\":\"4ebcdab6-4f10-4f42-9f61-e4aec03c380e\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"xAccessor\":\"4f8a9048-f9fc-4062-af60-a21fb6eb6058\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Storage Read Latency\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"fd92a37e-9ba8-4134-ac5d-71c1a0d1d0bc\",\"w\":24,\"x\":24,\"y\":72},\"panelIndex\":\"fd92a37e-9ba8-4134-ac5d-71c1a0d1d0bc\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-9b073139-c687-4094-aa13-d20f79b9f550\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"9b073139-c687-4094-aa13-d20f79b9f550\":{\"columnOrder\":[\"3d815a64-22e8-473e-a5e7-b8c37d844182\",\"cc81814f-2f77-4896-bf20-5b9b97158a9e\"],\"columns\":{\"3d815a64-22e8-473e-a5e7-b8c37d844182\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":true,\"ignoreTimeRange\":false,\"includeEmptyRows\":true,\"interval\":\"5m\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"cc81814f-2f77-4896-bf20-5b9b97158a9e\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Median of aws.redshift.metrics.WriteLatency.avg\",\"operationType\":\"median\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.redshift.metrics.WriteLatency.avg\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"cc81814f-2f77-4896-bf20-5b9b97158a9e\"],\"layerId\":\"9b073139-c687-4094-aa13-d20f79b9f550\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"xAccessor\":\"3d815a64-22e8-473e-a5e7-b8c37d844182\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Storage Write Latency\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"aa0f68cd-7a8e-4b27-9ec1-b8e288039cca\",\"w\":15,\"x\":0,\"y\":102},\"panelIndex\":\"aa0f68cd-7a8e-4b27-9ec1-b8e288039cca\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-1fddbb42-ef13-4a93-8b4a-d4e28866916e\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"1fddbb42-ef13-4a93-8b4a-d4e28866916e\":{\"columnOrder\":[\"e5fe73e2-9e8b-49e0-9737-cc72b60143f4\"],\"columns\":{\"e5fe73e2-9e8b-49e0-9737-cc72b60143f4\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Percentage of storage used (Average)\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":2,\"suffix\":\"%\"}}},\"scale\":\"ratio\",\"sourceField\":\"aws.redshift.metrics.PercentageDiskSpaceUsed.avg\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"e5fe73e2-9e8b-49e0-9737-cc72b60143f4\",\"colorMode\":\"Background\",\"layerId\":\"1fddbb42-ef13-4a93-8b4a-d4e28866916e\",\"layerType\":\"data\",\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#209280\",\"stop\":0},{\"color\":\"#d6bf57\",\"stop\":70},{\"color\":\"#cc5642\",\"stop\":85}],\"continuity\":\"above\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":0,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#209280\",\"stop\":70},{\"color\":\"#d6bf57\",\"stop\":85},{\"color\":\"#cc5642\",\"stop\":86}]},\"type\":\"palette\"},\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":true,\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"9c5ba303-08c6-455c-a1e0-9a85327682ca\",\"w\":33,\"x\":15,\"y\":102},\"panelIndex\":\"9c5ba303-08c6-455c-a1e0-9a85327682ca\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-84cfb763-392e-4bb7-9c83-ee13166710ef\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"84cfb763-392e-4bb7-9c83-ee13166710ef\":{\"columnOrder\":[\"96f763b1-bfcd-4bfc-a2cf-f0673d1edd24\",\"ab71bda3-a341-4321-8945-fc0950d6c336\"],\"columns\":{\"96f763b1-bfcd-4bfc-a2cf-f0673d1edd24\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":true,\"ignoreTimeRange\":false,\"includeEmptyRows\":true,\"interval\":\"5m\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"ab71bda3-a341-4321-8945-fc0950d6c336\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average of aws.redshift.metrics.PercentageDiskSpaceUsed.avg\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":2,\"suffix\":\"%\"}}},\"scale\":\"ratio\",\"sourceField\":\"aws.redshift.metrics.PercentageDiskSpaceUsed.avg\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"curveType\":\"CURVE_MONOTONE_X\",\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"ab71bda3-a341-4321-8945-fc0950d6c336\"],\"layerId\":\"84cfb763-392e-4bb7-9c83-ee13166710ef\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"xAccessor\":\"96f763b1-bfcd-4bfc-a2cf-f0673d1edd24\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"}}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Percentage of disk space used\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"be4f09e7-c419-435e-987f-98c491928001\",\"w\":48,\"x\":0,\"y\":117},\"panelIndex\":\"be4f09e7-c419-435e-987f-98c491928001\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"## Query Performance\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"3a0afa56-f307-4f5f-9668-81ed9c6de56f\",\"w\":24,\"x\":0,\"y\":122},\"panelIndex\":\"3a0afa56-f307-4f5f-9668-81ed9c6de56f\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-58906b59-5f5e-431d-a8a1-61210e31d56c\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"58906b59-5f5e-431d-a8a1-61210e31d56c\":{\"columnOrder\":[\"4ac0d578-d53a-4f26-9fad-f45f5b7cd20e\",\"1b86ed78-f99b-4478-898f-698358bdd726\",\"582538a1-ed91-4eb5-a447-e0e2af69c31d\"],\"columns\":{\"1b86ed78-f99b-4478-898f-698358bdd726\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":true,\"ignoreTimeRange\":false,\"includeEmptyRows\":true,\"interval\":\"5m\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"4ac0d578-d53a-4f26-9fad-f45f5b7cd20e\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 3 values of aws.dimensions.latency\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"582538a1-ed91-4eb5-a447-e0e2af69c31d\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":3},\"scale\":\"ordinal\",\"sourceField\":\"aws.dimensions.latency\"},\"582538a1-ed91-4eb5-a447-e0e2af69c31d\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Median of aws.redshift.metrics.QueryDuration.avg\",\"operationType\":\"median\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.redshift.metrics.QueryDuration.avg\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"curveType\":\"CURVE_MONOTONE_X\",\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"582538a1-ed91-4eb5-a447-e0e2af69c31d\"],\"layerId\":\"58906b59-5f5e-431d-a8a1-61210e31d56c\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"4ac0d578-d53a-4f26-9fad-f45f5b7cd20e\",\"xAccessor\":\"1b86ed78-f99b-4478-898f-698358bdd726\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Query Duration by latency range\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"8f853d89-2901-48a8-823d-affb864f1078\",\"w\":24,\"x\":24,\"y\":122},\"panelIndex\":\"8f853d89-2901-48a8-823d-affb864f1078\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-98a1fb8e-6416-4a46-9545-176a7b58e607\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"98a1fb8e-6416-4a46-9545-176a7b58e607\":{\"columnOrder\":[\"d73cc3ad-dad0-4758-be0f-20b66e8fc2a8\",\"24d49488-bc84-428f-a7b0-0833ed08769e\",\"234171f0-e345-4bc3-ba33-b89a82a4251a\"],\"columns\":{\"234171f0-e345-4bc3-ba33-b89a82a4251a\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Median of aws.redshift.metrics.WLMQueryDuration.avg\",\"operationType\":\"median\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.redshift.metrics.WLMQueryDuration.avg\"},\"24d49488-bc84-428f-a7b0-0833ed08769e\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":true,\"ignoreTimeRange\":false,\"includeEmptyRows\":true,\"interval\":\"5m\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"d73cc3ad-dad0-4758-be0f-20b66e8fc2a8\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 100 values of aws.dimensions.wlmid\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"234171f0-e345-4bc3-ba33-b89a82a4251a\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":100},\"scale\":\"ordinal\",\"sourceField\":\"aws.dimensions.wlmid\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"234171f0-e345-4bc3-ba33-b89a82a4251a\"],\"layerId\":\"98a1fb8e-6416-4a46-9545-176a7b58e607\",\"layerType\":\"data\",\"seriesType\":\"line\",\"splitAccessor\":\"d73cc3ad-dad0-4758-be0f-20b66e8fc2a8\",\"xAccessor\":\"24d49488-bc84-428f-a7b0-0833ed08769e\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Query duration by WLM queue\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"90e8066a-f9fb-405f-85ba-c0456fcd055a\",\"w\":24,\"x\":0,\"y\":87},\"panelIndex\":\"90e8066a-f9fb-405f-85ba-c0456fcd055a\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-0a5a3c92-22e8-4794-b07c-78477920697f\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"0a5a3c92-22e8-4794-b07c-78477920697f\":{\"columnOrder\":[\"9b9ce2ec-ec40-48ff-894c-04d739967317\",\"27c6cf85-54c5-450f-aae1-f7d67111e032\"],\"columns\":{\"27c6cf85-54c5-450f-aae1-f7d67111e032\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Median of aws.redshift.metrics.NetworkReceiveThroughput.avg\",\"operationType\":\"median\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.redshift.metrics.NetworkReceiveThroughput.avg\"},\"9b9ce2ec-ec40-48ff-894c-04d739967317\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":true,\"ignoreTimeRange\":false,\"includeEmptyRows\":true,\"interval\":\"5m\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"curveType\":\"CURVE_MONOTONE_X\",\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"27c6cf85-54c5-450f-aae1-f7d67111e032\"],\"layerId\":\"0a5a3c92-22e8-4794-b07c-78477920697f\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"xAccessor\":\"9b9ce2ec-ec40-48ff-894c-04d739967317\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Network Receive Throughput\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"83d380db-07a5-45e7-bd97-661c06da0455\",\"w\":24,\"x\":24,\"y\":87},\"panelIndex\":\"83d380db-07a5-45e7-bd97-661c06da0455\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-b5db7d5d-7e7c-413c-b691-4481bc1ec5e3\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b5db7d5d-7e7c-413c-b691-4481bc1ec5e3\":{\"columnOrder\":[\"23a5e3cb-f2f4-4ba0-bde0-8c102ff73cbb\",\"0d130c43-606c-4563-8c0a-ab1d22480940\"],\"columns\":{\"0d130c43-606c-4563-8c0a-ab1d22480940\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Median of aws.redshift.metrics.NetworkTransmitThroughput.avg\",\"operationType\":\"median\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.redshift.metrics.NetworkTransmitThroughput.avg\"},\"23a5e3cb-f2f4-4ba0-bde0-8c102ff73cbb\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":true,\"ignoreTimeRange\":false,\"includeEmptyRows\":true,\"interval\":\"5m\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"curveType\":\"CURVE_MONOTONE_X\",\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"0d130c43-606c-4563-8c0a-ab1d22480940\"],\"layerId\":\"b5db7d5d-7e7c-413c-b691-4481bc1ec5e3\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"xAccessor\":\"23a5e3cb-f2f4-4ba0-bde0-8c102ff73cbb\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Network Transmit Throughput\"}]","timeRestore":false,"title":"[Metrics AWS] Redshift metrics overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"aws-81f2c980-e743-11ec-93f6-9b98f71110cd","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"88b83992-1fc4-4509-b89d-2de22163f92c:control_88b83992-1fc4-4509-b89d-2de22163f92c_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"88b83992-1fc4-4509-b89d-2de22163f92c:control_88b83992-1fc4-4509-b89d-2de22163f92c_1_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"500e407a-5b1e-4963-b229-f14024f7678d:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"500e407a-5b1e-4963-b229-f14024f7678d:indexpattern-datasource-layer-f26f3fa9-c910-4463-917a-a5190e20d8cc","type":"index-pattern"},{"id":"metrics-*","name":"cdb8dc8b-e920-459d-b55e-462059dd148c:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"cdb8dc8b-e920-459d-b55e-462059dd148c:indexpattern-datasource-layer-63ac4267-da50-47f2-a95d-f210ac96e7be","type":"index-pattern"},{"id":"metrics-*","name":"e1952ece-22a7-4d9e-a96d-035e49e48e89:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"e1952ece-22a7-4d9e-a96d-035e49e48e89:indexpattern-datasource-layer-07d0e5df-2cdd-4f7d-89a5-79cd6faf96d2","type":"index-pattern"},{"id":"metrics-*","name":"a2c1cf3b-86a2-4a9f-9f5f-99c51d536a5a:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"a2c1cf3b-86a2-4a9f-9f5f-99c51d536a5a:indexpattern-datasource-layer-95dadc13-e250-40e4-8ae8-9c612d40d8b5","type":"index-pattern"},{"id":"metrics-*","name":"818689c7-efe0-4c41-9fa7-640b9281d4d8:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"818689c7-efe0-4c41-9fa7-640b9281d4d8:indexpattern-datasource-layer-e8f1122f-78fe-4db5-b05e-e87553c61237","type":"index-pattern"},{"id":"metrics-*","name":"860dc77f-8d28-4af7-8c04-baf0ad10e402:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"860dc77f-8d28-4af7-8c04-baf0ad10e402:indexpattern-datasource-layer-27acbd7b-a2c6-4116-989a-ec58fc9d0e29","type":"index-pattern"},{"id":"metrics-*","name":"2ce96451-53a0-4fb7-90a4-0ef0d09b9aa3:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"2ce96451-53a0-4fb7-90a4-0ef0d09b9aa3:indexpattern-datasource-layer-2a63294f-c73c-4822-bf57-5ceebef529f4","type":"index-pattern"},{"id":"metrics-*","name":"1289046b-48c1-4506-a473-cebc26cc5a1c:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"1289046b-48c1-4506-a473-cebc26cc5a1c:indexpattern-datasource-layer-115b9c0c-4ad8-44df-b8ed-2771d89a23d2","type":"index-pattern"},{"id":"metrics-*","name":"464712cc-51aa-4e6f-a520-f7b528c17793:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"464712cc-51aa-4e6f-a520-f7b528c17793:indexpattern-datasource-layer-4ebcdab6-4f10-4f42-9f61-e4aec03c380e","type":"index-pattern"},{"id":"metrics-*","name":"fd92a37e-9ba8-4134-ac5d-71c1a0d1d0bc:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"fd92a37e-9ba8-4134-ac5d-71c1a0d1d0bc:indexpattern-datasource-layer-9b073139-c687-4094-aa13-d20f79b9f550","type":"index-pattern"},{"id":"metrics-*","name":"aa0f68cd-7a8e-4b27-9ec1-b8e288039cca:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"aa0f68cd-7a8e-4b27-9ec1-b8e288039cca:indexpattern-datasource-layer-1fddbb42-ef13-4a93-8b4a-d4e28866916e","type":"index-pattern"},{"id":"metrics-*","name":"9c5ba303-08c6-455c-a1e0-9a85327682ca:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"9c5ba303-08c6-455c-a1e0-9a85327682ca:indexpattern-datasource-layer-84cfb763-392e-4bb7-9c83-ee13166710ef","type":"index-pattern"},{"id":"metrics-*","name":"3a0afa56-f307-4f5f-9668-81ed9c6de56f:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"3a0afa56-f307-4f5f-9668-81ed9c6de56f:indexpattern-datasource-layer-58906b59-5f5e-431d-a8a1-61210e31d56c","type":"index-pattern"},{"id":"metrics-*","name":"8f853d89-2901-48a8-823d-affb864f1078:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"8f853d89-2901-48a8-823d-affb864f1078:indexpattern-datasource-layer-98a1fb8e-6416-4a46-9545-176a7b58e607","type":"index-pattern"},{"id":"metrics-*","name":"90e8066a-f9fb-405f-85ba-c0456fcd055a:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"90e8066a-f9fb-405f-85ba-c0456fcd055a:indexpattern-datasource-layer-0a5a3c92-22e8-4794-b07c-78477920697f","type":"index-pattern"},{"id":"metrics-*","name":"83d380db-07a5-45e7-bd97-661c06da0455:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"83d380db-07a5-45e7-bd97-661c06da0455:indexpattern-datasource-layer-b5db7d5d-7e7c-413c-b691-4481bc1ec5e3","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688154054424,6130],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1MTgsMV0="}
-{"attributes":{"description":"Overview of AWS Security Hub Findings Malware, Threat Intelligence Indicator and Network Path","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"33863c95-e6d3-4329-9542-6e9217835667\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"33863c95-e6d3-4329-9542-6e9217835667\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"[Findings and Insights Overview](#/dashboard/aws-cc571400-dc61-11ec-a6e3-1bc5ab0aa1b4) | [Findings Action Overview](#/dashboard/aws-3d3dbe00-f79f-11ec-aa7f-c173c0f9e267) | [Summary Dashboard](#/dashboard/aws-c9f103d0-5f63-11ed-bd69-473ce047ef30)\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Dashboards [Logs AWS]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"69aa2695-1a0d-4880-a442-78b49526c18f\",\"w\":24,\"x\":0,\"y\":4},\"panelIndex\":\"69aa2695-1a0d-4880-a442-78b49526c18f\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-97ae45f9-914d-400a-a0ff-a552929da066\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"97ae45f9-914d-400a-a0ff-a552929da066\":{\"columnOrder\":[\"197371a3-1954-4de8-8cfc-23d0a50d6397\",\"0d3af6a4-596e-4883-aeee-f44a2b42837b\"],\"columns\":{\"0d3af6a4-596e-4883-aeee-f44a2b42837b\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"197371a3-1954-4de8-8cfc-23d0a50d6397\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Malware Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0d3af6a4-596e-4883-aeee-f44a2b42837b\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.malware.type\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"97ae45f9-914d-400a-a0ff-a552929da066\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"197371a3-1954-4de8-8cfc-23d0a50d6397\"],\"metrics\":[\"0d3af6a4-596e-4883-aeee-f44a2b42837b\"]}],\"shape\":\"pie\"}},\"title\":\"Distribution of Events by Malware Type [Logs AWS]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"6837f195-98b9-4779-b57f-9c5e07ff792a\",\"w\":24,\"x\":24,\"y\":4},\"panelIndex\":\"6837f195-98b9-4779-b57f-9c5e07ff792a\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-ec821de0-e8d0-46f4-8e63-1388b7c57265\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"ec821de0-e8d0-46f4-8e63-1388b7c57265\":{\"columnOrder\":[\"07ec2df6-4405-4d5b-9eba-0e06202a1d06\",\"4f0675c0-0d2b-4e6c-b51f-385a8d21cae7\"],\"columns\":{\"07ec2df6-4405-4d5b-9eba-0e06202a1d06\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Malware Name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"4f0675c0-0d2b-4e6c-b51f-385a8d21cae7\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.malware.name\"},\"4f0675c0-0d2b-4e6c-b51f-385a8d21cae7\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"ec821de0-e8d0-46f4-8e63-1388b7c57265\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"07ec2df6-4405-4d5b-9eba-0e06202a1d06\"],\"metrics\":[\"4f0675c0-0d2b-4e6c-b51f-385a8d21cae7\"]}],\"shape\":\"pie\"}},\"title\":\"Distribution of Events by Malware Name [Logs AWS]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"52ad6981-7a3f-4e9c-af24-518e29ffe56d\",\"w\":24,\"x\":0,\"y\":19},\"panelIndex\":\"52ad6981-7a3f-4e9c-af24-518e29ffe56d\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-ec5625d1-6a47-4ead-a7c4-6e369d0fb4e7\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"ec5625d1-6a47-4ead-a7c4-6e369d0fb4e7\":{\"columnOrder\":[\"6a5480e3-e770-443f-8e46-49d5b0d6e937\",\"1360be01-4532-4723-be1b-4fe11a715f5c\"],\"columns\":{\"1360be01-4532-4723-be1b-4fe11a715f5c\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"6a5480e3-e770-443f-8e46-49d5b0d6e937\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Malware State\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"1360be01-4532-4723-be1b-4fe11a715f5c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.malware.state\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"1360be01-4532-4723-be1b-4fe11a715f5c\"],\"layerId\":\"ec5625d1-6a47-4ead-a7c4-6e369d0fb4e7\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"6a5480e3-e770-443f-8e46-49d5b0d6e937\"}],\"legend\":{\"isVisible\":true,\"legendSize\":\"auto\",\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"title\":\"Distribution of Events by Malware State [Logs AWS]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"5cd7295e-838e-4f5c-80de-a9dd230c526c\",\"w\":24,\"x\":24,\"y\":19},\"panelIndex\":\"5cd7295e-838e-4f5c-80de-a9dd230c526c\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-8eb34878-735f-482c-b58b-0bcfd9f11ed1\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"8eb34878-735f-482c-b58b-0bcfd9f11ed1\":{\"columnOrder\":[\"0bd238d4-8fa8-46cf-8a18-c69c7c8ee1ea\",\"9591a475-adab-45fc-892a-911080cd07a7\"],\"columns\":{\"0bd238d4-8fa8-46cf-8a18-c69c7c8ee1ea\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Network Path Component Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"9591a475-adab-45fc-892a-911080cd07a7\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.network_path.component.type\"},\"9591a475-adab-45fc-892a-911080cd07a7\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"8eb34878-735f-482c-b58b-0bcfd9f11ed1\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"0bd238d4-8fa8-46cf-8a18-c69c7c8ee1ea\"],\"metrics\":[\"9591a475-adab-45fc-892a-911080cd07a7\"]}],\"shape\":\"pie\"}},\"title\":\"Distribution of Events by Network Path Component Type [Logs AWS]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"56982ba0-3da7-46bc-8ce6-61c1bb1e0820\",\"w\":24,\"x\":0,\"y\":34},\"panelIndex\":\"56982ba0-3da7-46bc-8ce6-61c1bb1e0820\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-4a40b1d8-5f8b-442d-a352-5bf66b4f364f\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"4a40b1d8-5f8b-442d-a352-5bf66b4f364f\":{\"columnOrder\":[\"dcf34ccb-9682-4f73-a3ca-8d630092f8d9\",\"51b15243-b996-40c3-85ab-be8c8081abaf\"],\"columns\":{\"51b15243-b996-40c3-85ab-be8c8081abaf\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"dcf34ccb-9682-4f73-a3ca-8d630092f8d9\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Ingress Protocol\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"51b15243-b996-40c3-85ab-be8c8081abaf\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.network_path.ingress.protocol\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"dcf34ccb-9682-4f73-a3ca-8d630092f8d9\"},{\"columnId\":\"51b15243-b996-40c3-85ab-be8c8081abaf\"}],\"layerId\":\"4a40b1d8-5f8b-442d-a352-5bf66b4f364f\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"Top 10 Ingress Protocol [Logs AWS]\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"2b7f73cd-2ada-421b-84a5-35d2982c3e1d\",\"w\":24,\"x\":24,\"y\":34},\"panelIndex\":\"2b7f73cd-2ada-421b-84a5-35d2982c3e1d\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-6ef8ab89-3684-480c-af93-3fad3b718174\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"6ef8ab89-3684-480c-af93-3fad3b718174\":{\"columnOrder\":[\"5e1a60f9-5f4f-46a1-974f-bae2fbd4c458\",\"dce3a466-6e6c-40b7-bc3a-4f574550ade1\"],\"columns\":{\"5e1a60f9-5f4f-46a1-974f-bae2fbd4c458\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Egress Protocol\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"dce3a466-6e6c-40b7-bc3a-4f574550ade1\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.network_path.egress.protocol\"},\"dce3a466-6e6c-40b7-bc3a-4f574550ade1\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"5e1a60f9-5f4f-46a1-974f-bae2fbd4c458\"},{\"columnId\":\"dce3a466-6e6c-40b7-bc3a-4f574550ade1\"}],\"layerId\":\"6ef8ab89-3684-480c-af93-3fad3b718174\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"Top 10 Egress Protocol [Logs AWS]\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"2c62f9a1-c269-4a3b-b62d-526c2e174a6c\",\"w\":24,\"x\":0,\"y\":49},\"panelIndex\":\"2c62f9a1-c269-4a3b-b62d-526c2e174a6c\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-3a11fcb2-1821-437a-91ef-48d8338f7ba2\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"3a11fcb2-1821-437a-91ef-48d8338f7ba2\":{\"columnOrder\":[\"ef7d92b1-db24-49eb-adaa-a05684e881a1\",\"67719af2-f662-4ffd-91d2-f875af400840\"],\"columns\":{\"67719af2-f662-4ffd-91d2-f875af400840\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"ef7d92b1-db24-49eb-adaa-a05684e881a1\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Threat Intelligence Indicator Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"67719af2-f662-4ffd-91d2-f875af400840\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"threat.indicator.type\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"3a11fcb2-1821-437a-91ef-48d8338f7ba2\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"ef7d92b1-db24-49eb-adaa-a05684e881a1\"],\"metrics\":[\"67719af2-f662-4ffd-91d2-f875af400840\"]}],\"shape\":\"pie\"}},\"title\":\"Distribution of Events by Threat Intelligence Indicator Type [Logs AWS]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"00a582c1-01a0-4e9f-817e-b79a7937c42c\",\"w\":24,\"x\":24,\"y\":49},\"panelIndex\":\"00a582c1-01a0-4e9f-817e-b79a7937c42c\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-5f1e82af-15cf-4d2c-aff7-447ac521d7f8\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"5f1e82af-15cf-4d2c-aff7-447ac521d7f8\":{\"columnOrder\":[\"bc1e8902-547d-4243-a66d-36067c1507e3\",\"248d6591-7c85-4edd-aaa6-cd0242a86384\"],\"columns\":{\"248d6591-7c85-4edd-aaa6-cd0242a86384\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"bc1e8902-547d-4243-a66d-36067c1507e3\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Threat Intelligence Indicator Source\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"248d6591-7c85-4edd-aaa6-cd0242a86384\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.threat_intel_indicators.source\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"5f1e82af-15cf-4d2c-aff7-447ac521d7f8\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"bc1e8902-547d-4243-a66d-36067c1507e3\"],\"metrics\":[\"248d6591-7c85-4edd-aaa6-cd0242a86384\"]}],\"shape\":\"pie\"}},\"title\":\"Distribution of Events by Threat Intelligence Indicator Source [Logs AWS]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"97fc0cf4-15d3-4e5c-a1a5-943fc892b0c4\",\"w\":24,\"x\":0,\"y\":64},\"panelIndex\":\"97fc0cf4-15d3-4e5c-a1a5-943fc892b0c4\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-fae68851-ba41-4905-ac89-ca3c4a38e39f\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"fae68851-ba41-4905-ac89-ca3c4a38e39f\":{\"columnOrder\":[\"6a71130a-c336-4454-8f15-83fde3a5e0a8\",\"115799f5-6e44-4786-ad84-90989e5274a7\"],\"columns\":{\"115799f5-6e44-4786-ad84-90989e5274a7\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"6a71130a-c336-4454-8f15-83fde3a5e0a8\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Threat Intelligence Indicator Category\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"115799f5-6e44-4786-ad84-90989e5274a7\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.threat_intel_indicators.category\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"fae68851-ba41-4905-ac89-ca3c4a38e39f\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"6a71130a-c336-4454-8f15-83fde3a5e0a8\"],\"metrics\":[\"115799f5-6e44-4786-ad84-90989e5274a7\"]}],\"shape\":\"pie\"}},\"title\":\"Distribution of Events by Threat Intelligence Indicator Category [Logs AWS]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"type\":\"lens\"}}]","timeRestore":false,"title":"[Logs AWS] Security Hub Findings Malware, Threat Intelligence Indicator and Network Path","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"aws-8fcf4c20-f7a3-11ec-aa7f-c173c0f9e267","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"69aa2695-1a0d-4880-a442-78b49526c18f:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"69aa2695-1a0d-4880-a442-78b49526c18f:indexpattern-datasource-layer-97ae45f9-914d-400a-a0ff-a552929da066","type":"index-pattern"},{"id":"logs-*","name":"6837f195-98b9-4779-b57f-9c5e07ff792a:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"6837f195-98b9-4779-b57f-9c5e07ff792a:indexpattern-datasource-layer-ec821de0-e8d0-46f4-8e63-1388b7c57265","type":"index-pattern"},{"id":"logs-*","name":"52ad6981-7a3f-4e9c-af24-518e29ffe56d:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"52ad6981-7a3f-4e9c-af24-518e29ffe56d:indexpattern-datasource-layer-ec5625d1-6a47-4ead-a7c4-6e369d0fb4e7","type":"index-pattern"},{"id":"logs-*","name":"5cd7295e-838e-4f5c-80de-a9dd230c526c:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"5cd7295e-838e-4f5c-80de-a9dd230c526c:indexpattern-datasource-layer-8eb34878-735f-482c-b58b-0bcfd9f11ed1","type":"index-pattern"},{"id":"logs-*","name":"56982ba0-3da7-46bc-8ce6-61c1bb1e0820:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"56982ba0-3da7-46bc-8ce6-61c1bb1e0820:indexpattern-datasource-layer-4a40b1d8-5f8b-442d-a352-5bf66b4f364f","type":"index-pattern"},{"id":"logs-*","name":"2b7f73cd-2ada-421b-84a5-35d2982c3e1d:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"2b7f73cd-2ada-421b-84a5-35d2982c3e1d:indexpattern-datasource-layer-6ef8ab89-3684-480c-af93-3fad3b718174","type":"index-pattern"},{"id":"logs-*","name":"2c62f9a1-c269-4a3b-b62d-526c2e174a6c:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"2c62f9a1-c269-4a3b-b62d-526c2e174a6c:indexpattern-datasource-layer-3a11fcb2-1821-437a-91ef-48d8338f7ba2","type":"index-pattern"},{"id":"logs-*","name":"00a582c1-01a0-4e9f-817e-b79a7937c42c:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"00a582c1-01a0-4e9f-817e-b79a7937c42c:indexpattern-datasource-layer-5f1e82af-15cf-4d2c-aff7-447ac521d7f8","type":"index-pattern"},{"id":"logs-*","name":"97fc0cf4-15d3-4e5c-a1a5-943fc892b0c4:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"97fc0cf4-15d3-4e5c-a1a5-943fc892b0c4:indexpattern-datasource-layer-fae68851-ba41-4905-ac89-ca3c4a38e39f","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688154054424,6151],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1MTksMV0="}
-{"attributes":{"description":"Overview of AWS Usage Metrics","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.usage\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.usage\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"2ea7bd59-d748-4e4a-889d-f7e2ca1cfe36\",\"w\":9,\"x\":0,\"y\":0},\"panelIndex\":\"2ea7bd59-d748-4e4a-889d-f7e2ca1cfe36\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloud.region\",\"id\":\"1549397251041\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"region name\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":true,\"useTimeFilter\":false},\"title\":\"AWS Region Filter [Metrics AWS]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"AWS Region Filter\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"00c2b1f6-3367-4b6f-ac01-7e48b76c262a\",\"w\":20,\"x\":9,\"y\":0},\"panelIndex\":\"00c2b1f6-3367-4b6f-ac01-7e48b76c262a\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"field\":\"aws.usage.metrics.ResourceCount.sum\"},\"schema\":\"metric\",\"type\":\"sum\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"filters\":[{\"input\":{\"language\":\"kuery\",\"query\":\"aws.dimensions.Type : \\\"Resource\\\" \"},\"label\":\"\"}],\"row\":true},\"schema\":\"split\",\"type\":\"filters\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"aws.dimensions.Service\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"field\":\"aws.dimensions.Resource\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"dimensions\":{\"buckets\":[{\"accessor\":2,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":4,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metric\":{\"accessor\":3,\"aggType\":\"sum\",\"format\":{\"id\":\"number\"},\"params\":{}},\"splitRow\":[{\"accessor\":0,\"aggType\":\"filters\",\"format\":{},\"params\":{}}]},\"distinctColors\":true,\"isDonut\":true,\"labels\":{\"last_level\":false,\"show\":true,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"type\":\"pie\",\"legendSize\":\"auto\"},\"title\":\"Usage ResourceCount [Metrics AWS]\",\"type\":\"pie\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Usage Resource Count\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"fecfe5d4-ef1c-4f38-954a-a2506d72bc5b\",\"w\":18,\"x\":30,\"y\":0},\"panelIndex\":\"fecfe5d4-ef1c-4f38-954a-a2506d72bc5b\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"field\":\"aws.usage.metrics.CallCount.sum\"},\"schema\":\"metric\",\"type\":\"sum\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"filters\":[{\"input\":{\"language\":\"kuery\",\"query\":\"aws.dimensions.Type : \\\"API\\\" \"},\"label\":\"\"}],\"row\":true},\"schema\":\"split\",\"type\":\"filters\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"aws.dimensions.Service\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"field\":\"aws.dimensions.Resource\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"dimensions\":{\"buckets\":[{\"accessor\":2,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":4,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metric\":{\"accessor\":3,\"aggType\":\"sum\",\"format\":{\"id\":\"number\"},\"params\":{}},\"splitRow\":[{\"accessor\":0,\"aggType\":\"filters\",\"format\":{},\"params\":{}}]},\"distinctColors\":true,\"isDonut\":true,\"labels\":{\"last_level\":false,\"show\":true,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"type\":\"pie\",\"legendSize\":\"auto\"},\"title\":\"Usage CallCount [Metrics AWS]\",\"type\":\"pie\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Usage API Call Count\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"69ce7461-36ad-4e7c-b541-c6a1601bf089\",\"w\":9,\"x\":0,\"y\":5},\"panelIndex\":\"69ce7461-36ad-4e7c-b541-c6a1601bf089\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloud.account.name\",\"id\":\"1549397251041\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"account name\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":true,\"useTimeFilter\":false},\"title\":\"AWS Account Filter [Metrics AWS]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"AWS Account Filter\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"62e86407-6ae3-47d3-9136-dd61bdf3267a\",\"w\":9,\"x\":0,\"y\":10},\"panelIndex\":\"62e86407-6ae3-47d3-9136-dd61bdf3267a\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"aws.dimensions.Service\",\"id\":\"1549397251041\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"service name\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":true,\"useTimeFilter\":false},\"title\":\"AWS Service Filter [Metrics AWS]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"AWS Service Filter\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"196a044c-5c20-4417-8aa0-f60fc502e46c\",\"w\":48,\"x\":0,\"y\":15},\"panelIndex\":\"196a044c-5c20-4417-8aa0-f60fc502e46c\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"filter\":{\"language\":\"kuery\",\"query\":\"aws.dimensions.Type : \\\"Resource\\\" \"},\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.usage.metrics.ResourceCount.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\"}],\"point_size\":\"4\",\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.Service\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"Usage Resource Count Per Service [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Usage Resource Count Per Service\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"022941b7-01a1-4570-86e9-d03451d4e102\",\"w\":48,\"x\":0,\"y\":25},\"panelIndex\":\"022941b7-01a1-4570-86e9-d03451d4e102\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"filter\":{\"language\":\"kuery\",\"query\":\"aws.dimensions.Type : \\\"API\\\"  \"},\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.usage.metrics.CallCount.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\"}],\"point_size\":\"4\",\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.Service\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"Usage Call Count Per Service [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Usage API Call Count Per Service\"}]","timeRestore":false,"title":"[Metrics AWS] Usage Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"aws-917a07b0-178e-11ea-8650-fb606deb5be4","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"2ea7bd59-d748-4e4a-889d-f7e2ca1cfe36:control_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"00c2b1f6-3367-4b6f-ac01-7e48b76c262a:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"metrics-*","name":"fecfe5d4-ef1c-4f38-954a-a2506d72bc5b:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"metrics-*","name":"69ce7461-36ad-4e7c-b541-c6a1601bf089:control_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"62e86407-6ae3-47d3-9136-dd61bdf3267a:control_0_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688154054424,6160],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1MjAsMV0="}
-{"attributes":{"description":"Summary of events from AWS CloudTrail.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.cloudtrail\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.cloudtrail\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"map\",\"gridData\":{\"h\":15,\"i\":\"85d26d9a-2a71-4b98-a026-5f513094d6e5\",\"w\":24,\"x\":0,\"y\":0},\"panelIndex\":\"85d26d9a-2a71-4b98-a026-5f513094d6e5\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"layerListJSON\":\"[{\\\"alpha\\\":1,\\\"id\\\":\\\"2c7b49fb-3fb5-4e18-b27f-fabe930971f3\\\",\\\"label\\\":null,\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"sourceDescriptor\\\":{\\\"isAutoSelect\\\":true,\\\"type\\\":\\\"EMS_TMS\\\",\\\"lightModeDefault\\\":\\\"road_map\\\"},\\\"style\\\":{},\\\"type\\\":\\\"EMS_VECTOR_TILE\\\",\\\"visible\\\":true},{\\\"alpha\\\":0.75,\\\"id\\\":\\\"a10fa758-30ad-4e2a-bf9d-472e133a7f17\\\",\\\"joins\\\":[],\\\"label\\\":\\\"CloudTrail Soure Location\\\",\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"query\\\":{\\\"language\\\":\\\"kuery\\\",\\\"query\\\":\\\"data_stream.dataset:aws.cloudtrail\\\"},\\\"sourceDescriptor\\\":{\\\"applyGlobalQuery\\\":true,\\\"filterByMapBounds\\\":true,\\\"geoField\\\":\\\"source.geo.location\\\",\\\"id\\\":\\\"7bfe2df9-9398-4f1a-8cf7-b57aa5f3f31e\\\",\\\"indexPatternRefName\\\":\\\"layer_1_source_index_pattern\\\",\\\"scalingType\\\":\\\"LIMIT\\\",\\\"sortField\\\":\\\"\\\",\\\"sortOrder\\\":\\\"desc\\\",\\\"tooltipProperties\\\":[],\\\"topHitsSize\\\":1,\\\"type\\\":\\\"ES_SEARCH\\\"},\\\"style\\\":{\\\"isTimeAware\\\":true,\\\"properties\\\":{\\\"fillColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#54B399\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"icon\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"value\\\":\\\"marker\\\"}},\\\"iconOrientation\\\":{\\\"options\\\":{\\\"orientation\\\":0},\\\"type\\\":\\\"STATIC\\\"},\\\"iconSize\\\":{\\\"options\\\":{\\\"size\\\":6},\\\"type\\\":\\\"STATIC\\\"},\\\"labelBorderColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#FFFFFF\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"labelBorderSize\\\":{\\\"options\\\":{\\\"size\\\":\\\"SMALL\\\"}},\\\"labelColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#000000\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"labelSize\\\":{\\\"options\\\":{\\\"size\\\":14},\\\"type\\\":\\\"STATIC\\\"},\\\"labelText\\\":{\\\"options\\\":{\\\"value\\\":\\\"\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"lineColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#41937c\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"lineWidth\\\":{\\\"options\\\":{\\\"size\\\":1},\\\"type\\\":\\\"STATIC\\\"},\\\"symbolizeAs\\\":{\\\"options\\\":{\\\"value\\\":\\\"circle\\\"}}},\\\"type\\\":\\\"VECTOR\\\"},\\\"type\\\":\\\"GEOJSON_VECTOR\\\",\\\"visible\\\":true}]\",\"mapStateJSON\":\"{\\\"center\\\":{\\\"lat\\\":19.94277,\\\"lon\\\":0},\\\"filters\\\":[],\\\"query\\\":{\\\"language\\\":\\\"kuery\\\",\\\"query\\\":\\\"\\\"},\\\"refreshConfig\\\":{\\\"interval\\\":0,\\\"isPaused\\\":false},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-15m\\\",\\\"to\\\":\\\"now\\\"},\\\"zoom\\\":1.97,\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false}}\",\"title\":\"CloudTrail Source Location [Logs AWS]\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[]}\"},\"hiddenLayers\":[],\"isLayerTOCOpen\":false,\"mapCenter\":{\"lat\":17.90562,\"lon\":-12.20429,\"zoom\":0.97},\"openTOCDetails\":[],\"type\":\"map\",\"enhancements\":{}}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"6b3eff90-3071-451e-a827-ca569e0ac10b\",\"w\":24,\"x\":24,\"y\":0},\"panelIndex\":\"6b3eff90-3071-451e-a827-ca569e0ac10b\",\"embeddableConfig\":{\"colors\":{\"failure\":\"#E24D42\"},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"scaleMetricValues\":false,\"timeRange\":{\"from\":\"now-24h\",\"to\":\"now\"},\"useNormalizedEsInterval\":true},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"event.outcome\",\"missingBucket\":true,\"missingBucketLabel\":\"[unknown]\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"group\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"detailedTooltip\":true,\"fittingFunction\":\"linear\",\"grid\":{\"categoryLines\":false},\"isVislibVis\":true,\"labels\":{},\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"seriesParams\":[{\"circlesRadius\":1,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"stacked\",\"show\":true,\"showCircles\":true,\"type\":\"area\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"type\":\"area\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"legendSize\":\"auto\"},\"title\":\"CloudTrail Event Outcome over time [Logs AWS]\",\"type\":\"area\",\"uiState\":{}},\"vis\":{\"colors\":{\"failure\":\"#E24D42\",\"success\":\"#629E51\"}},\"type\":\"visualization\",\"enhancements\":{}}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":13,\"i\":\"952e456a-e9ae-4606-b838-e16019375336\",\"w\":12,\"x\":0,\"y\":15},\"panelIndex\":\"952e456a-e9ae-4606-b838-e16019375336\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"event.provider\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"event.action\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"event.action values separated by event.provider.\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"distinctColors\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"type\":\"pie\",\"legendSize\":\"auto\"},\"title\":\"CloudTrail Actions [Logs AWS]\",\"type\":\"pie\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":13,\"i\":\"802ad09d-5883-4e41-99ac-6c356144d24d\",\"w\":12,\"x\":12,\"y\":15},\"panelIndex\":\"802ad09d-5883-4e41-99ac-6c356144d24d\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"CloudTrail Event Type\",\"field\":\"aws.cloudtrail.event_type\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"distinctColors\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"type\":\"pie\",\"legendSize\":\"auto\"},\"title\":\"CloudTrail Event Type [Logs AWS]\",\"type\":\"pie\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":13,\"i\":\"3e617d87-3acf-4203-b03b-c907c9145fce\",\"w\":12,\"x\":24,\"y\":15},\"panelIndex\":\"3e617d87-3acf-4203-b03b-c907c9145fce\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"user_agent.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"distinctColors\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"type\":\"pie\",\"legendSize\":\"auto\"},\"title\":\"CloudTrail User Agents [Logs AWS]\",\"type\":\"pie\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":13,\"i\":\"d6f03440-c717-4f5e-928c-72ae9d450318\",\"w\":12,\"x\":36,\"y\":15},\"panelIndex\":\"d6f03440-c717-4f5e-928c-72ae9d450318\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"aws.cloudtrail.error_code\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":20},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"distinctColors\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"type\":\"pie\",\"legendSize\":\"auto\"},\"title\":\"CloudTrail Error Code [Logs AWS]\",\"type\":\"pie\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}}},{\"embeddableConfig\":{},\"gridData\":{\"h\":13,\"i\":\"2b82a2c9-3809-447c-8e95-52125acccb42\",\"w\":30,\"x\":0,\"y\":28},\"panelIndex\":\"2b82a2c9-3809-447c-8e95-52125acccb42\",\"panelRefName\":\"panel_6\",\"version\":\"8.0.0-SNAPSHOT\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":13,\"i\":\"40f0a89b-7ce5-498f-a0f0-5c7edf7f8b50\",\"w\":18,\"x\":30,\"y\":28},\"panelIndex\":\"40f0a89b-7ce5-498f-a0f0-5c7edf7f8b50\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Event Count\"},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"User ID\",\"field\":\"user.id\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":25},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"CloudTrail Top User IDs [Logs AWS]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\",\"enhancements\":{}}}]","timeRestore":false,"title":"[Logs AWS] CloudTrail","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"aws-9c09cd20-7399-11ea-a345-f985c61fe654","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"aws-30ccde50-7397-11ea-a345-f985c61fe654","name":"panel_6","type":"search"},{"id":"logs-*","name":"85d26d9a-2a71-4b98-a026-5f513094d6e5:layer_1_source_index_pattern","type":"index-pattern"},{"id":"aws-30ccde50-7397-11ea-a345-f985c61fe654","name":"6b3eff90-3071-451e-a827-ca569e0ac10b:search_0","type":"search"},{"id":"aws-30ccde50-7397-11ea-a345-f985c61fe654","name":"952e456a-e9ae-4606-b838-e16019375336:search_0","type":"search"},{"id":"aws-30ccde50-7397-11ea-a345-f985c61fe654","name":"802ad09d-5883-4e41-99ac-6c356144d24d:search_0","type":"search"},{"id":"aws-30ccde50-7397-11ea-a345-f985c61fe654","name":"3e617d87-3acf-4203-b03b-c907c9145fce:search_0","type":"search"},{"id":"aws-30ccde50-7397-11ea-a345-f985c61fe654","name":"d6f03440-c717-4f5e-928c-72ae9d450318:search_0","type":"search"},{"id":"aws-30ccde50-7397-11ea-a345-f985c61fe654","name":"40f0a89b-7ce5-498f-a0f0-5c7edf7f8b50:search_0","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688154054424,6172],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1MjEsMV0="}
-{"attributes":{"columns":["cloud.account.id","cloud.provider","cloud.region","event.action","event.id"],"description":"","grid":{},"hideChart":false,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.guardduty\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.guardduty\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"sort":[["@timestamp","desc"]],"title":"Findings Essential Details [Logs Guardduty]"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"aws-df758050-6a49-11ed-b880-2f1b70138655","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688154054424,6177],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1MjIsMV0="}
-{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{\"50ad3275-2e9f-4fb5-86f7-2abb13053d60\":{\"order\":0,\"width\":\"large\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"aws.guardduty.severity.value\",\"parentFieldName\":\"aws.guardduty.severity.value\",\"title\":\"Findings Severity\",\"id\":\"50ad3275-2e9f-4fb5-86f7-2abb13053d60\",\"enhancements\":{},\"selectedOptions\":[]}},\"b1defe1a-26e0-4ec4-86fe-9506c27734a9\":{\"order\":1,\"width\":\"large\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"cloud.account.id\",\"title\":\"Cloud Account ID\",\"id\":\"b1defe1a-26e0-4ec4-86fe-9506c27734a9\",\"enhancements\":{}}},\"cee8fa25-e40b-43d6-be3f-4fa1d86da1ef\":{\"order\":2,\"width\":\"large\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"cloud.region\",\"title\":\"Cloud Region\",\"id\":\"cee8fa25-e40b-43d6-be3f-4fa1d86da1ef\",\"enhancements\":{}}},\"77b15205-772d-492d-9a35-1311d1b95bd2\":{\"order\":3,\"width\":\"large\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"cloud.provider\",\"title\":\"Cloud Provider\",\"id\":\"77b15205-772d-492d-9a35-1311d1b95bd2\",\"enhancements\":{},\"selectedOptions\":[]}}}"},"description":"Overview of Amazon Guardduty Findings logs.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.guardduty\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.guardduty\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"e54ffa6b-51d6-4d63-a5fe-6e0ccd3e38c5\",\"w\":24,\"x\":0,\"y\":0},\"panelIndex\":\"e54ffa6b-51d6-4d63-a5fe-6e0ccd3e38c5\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-38c44a96-07c8-4b58-99a2-e29ae95408e4\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"38c44a96-07c8-4b58-99a2-e29ae95408e4\":{\"columnOrder\":[\"c09646ef-de2b-4763-9a8c-5d638e7e87ca\",\"8552a4c3-4a33-4b7f-a6a1-37ea256ed0e7\"],\"columns\":{\"8552a4c3-4a33-4b7f-a6a1-37ea256ed0e7\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"c09646ef-de2b-4763-9a8c-5d638e7e87ca\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Action Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"8552a4c3-4a33-4b7f-a6a1-37ea256ed0e7\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"event.action\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"accessors\":[\"8552a4c3-4a33-4b7f-a6a1-37ea256ed0e7\"],\"layerId\":\"38c44a96-07c8-4b58-99a2-e29ae95408e4\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"c09646ef-de2b-4763-9a8c-5d638e7e87ca\",\"yConfig\":[{\"axisMode\":\"auto\",\"forAccessor\":\"8552a4c3-4a33-4b7f-a6a1-37ea256ed0e7\"}]}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false,\"showSingleSeries\":true},\"preferredSeriesType\":\"bar_stacked\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Findings by Action Type [Logs Guardduty]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"dddf31a0-8b26-4bb6-b226-6ca4aeb0c8de\",\"w\":24,\"x\":24,\"y\":0},\"panelIndex\":\"dddf31a0-8b26-4bb6-b226-6ca4aeb0c8de\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-d3e3da2f-07a4-42fe-b7cb-c95949158b5d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"d3e3da2f-07a4-42fe-b7cb-c95949158b5d\":{\"columnOrder\":[\"be6d076f-1f09-4396-a1cc-c0c008fb2cf4\",\"329a84e3-c949-45e6-9087-0b3703d5c17c\"],\"columns\":{\"329a84e3-c949-45e6-9087-0b3703d5c17c\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"be6d076f-1f09-4396-a1cc-c0c008fb2cf4\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Account ID\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"329a84e3-c949-45e6-9087-0b3703d5c17c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"cloud.account.id\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"be6d076f-1f09-4396-a1cc-c0c008fb2cf4\",\"isTransposed\":false},{\"alignment\":\"left\",\"columnId\":\"329a84e3-c949-45e6-9087-0b3703d5c17c\",\"isTransposed\":false}],\"layerId\":\"d3e3da2f-07a4-42fe-b7cb-c95949158b5d\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top 10 Account ID [Logs Guardduty]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"affec3f3-1392-4022-8ef4-2c9205b410de\",\"w\":24,\"x\":0,\"y\":15},\"panelIndex\":\"affec3f3-1392-4022-8ef4-2c9205b410de\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-d3e3da2f-07a4-42fe-b7cb-c95949158b5d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"d3e3da2f-07a4-42fe-b7cb-c95949158b5d\":{\"columnOrder\":[\"be6d076f-1f09-4396-a1cc-c0c008fb2cf4\",\"329a84e3-c949-45e6-9087-0b3703d5c17c\"],\"columns\":{\"329a84e3-c949-45e6-9087-0b3703d5c17c\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"be6d076f-1f09-4396-a1cc-c0c008fb2cf4\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"329a84e3-c949-45e6-9087-0b3703d5c17c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"rule.name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"be6d076f-1f09-4396-a1cc-c0c008fb2cf4\",\"isTransposed\":false},{\"alignment\":\"left\",\"columnId\":\"329a84e3-c949-45e6-9087-0b3703d5c17c\",\"isTransposed\":false}],\"layerId\":\"d3e3da2f-07a4-42fe-b7cb-c95949158b5d\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top 10 Highest Findings by Type [Logs Guardduty]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"14a16e94-f5b1-403c-9087-d90b8891acf5\",\"w\":24,\"x\":24,\"y\":15},\"panelIndex\":\"14a16e94-f5b1-403c-9087-d90b8891acf5\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-d3e3da2f-07a4-42fe-b7cb-c95949158b5d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"d3e3da2f-07a4-42fe-b7cb-c95949158b5d\":{\"columnOrder\":[\"be6d076f-1f09-4396-a1cc-c0c008fb2cf4\",\"329a84e3-c949-45e6-9087-0b3703d5c17c\"],\"columns\":{\"329a84e3-c949-45e6-9087-0b3703d5c17c\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Confidence Score\",\"operationType\":\"max\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.guardduty.confidence\"},\"be6d076f-1f09-4396-a1cc-c0c008fb2cf4\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Findings ARN\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"329a84e3-c949-45e6-9087-0b3703d5c17c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.guardduty.arn\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"be6d076f-1f09-4396-a1cc-c0c008fb2cf4\",\"isTransposed\":false},{\"alignment\":\"left\",\"columnId\":\"329a84e3-c949-45e6-9087-0b3703d5c17c\",\"isTransposed\":false}],\"layerId\":\"d3e3da2f-07a4-42fe-b7cb-c95949158b5d\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top 10 Findings ARN with Highest Confidence Score [Logs Guardduty]\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":15,\"i\":\"8c9bbda7-ee27-43a2-b815-656ae730bb01\",\"w\":48,\"x\":0,\"y\":30},\"panelIndex\":\"8c9bbda7-ee27-43a2-b815-656ae730bb01\",\"panelRefName\":\"panel_8c9bbda7-ee27-43a2-b815-656ae730bb01\",\"type\":\"search\",\"version\":\"8.4.0\"}]","timeRestore":false,"title":"[Logs AWS] Guardduty Findings Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"aws-9d21f520-6a36-11ed-b880-2f1b70138655","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"e54ffa6b-51d6-4d63-a5fe-6e0ccd3e38c5:indexpattern-datasource-layer-38c44a96-07c8-4b58-99a2-e29ae95408e4","type":"index-pattern"},{"id":"logs-*","name":"dddf31a0-8b26-4bb6-b226-6ca4aeb0c8de:indexpattern-datasource-layer-d3e3da2f-07a4-42fe-b7cb-c95949158b5d","type":"index-pattern"},{"id":"logs-*","name":"affec3f3-1392-4022-8ef4-2c9205b410de:indexpattern-datasource-layer-d3e3da2f-07a4-42fe-b7cb-c95949158b5d","type":"index-pattern"},{"id":"logs-*","name":"14a16e94-f5b1-403c-9087-d90b8891acf5:indexpattern-datasource-layer-d3e3da2f-07a4-42fe-b7cb-c95949158b5d","type":"index-pattern"},{"id":"aws-df758050-6a49-11ed-b880-2f1b70138655","name":"8c9bbda7-ee27-43a2-b815-656ae730bb01:panel_8c9bbda7-ee27-43a2-b815-656ae730bb01","type":"search"},{"id":"logs-*","name":"controlGroup_50ad3275-2e9f-4fb5-86f7-2abb13053d60:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_b1defe1a-26e0-4ec4-86fe-9506c27734a9:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_cee8fa25-e40b-43d6-be3f-4fa1d86da1ef:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_77b15205-772d-492d-9a35-1311d1b95bd2:optionsListDataView","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688154054424,6190],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1MjMsMV0="}
-{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{\"d842e601-78ae-4001-8c73-0c6131832238\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"cloud.account.name\",\"title\":\"Account Names\",\"id\":\"d842e601-78ae-4001-8c73-0c6131832238\",\"enhancements\":{}}},\"426ffa24-3e19-4e20-9a9e-e1eedcaf8051\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"cloud.region\",\"title\":\"Regions\",\"id\":\"426ffa24-3e19-4e20-9a9e-e1eedcaf8051\",\"enhancements\":{}}},\"d7c787c2-569d-4885-ad67-769c15f96470\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"cloud.availability_zone\",\"title\":\"Availability Zones\",\"id\":\"d7c787c2-569d-4885-ad67-769c15f96470\",\"enhancements\":{}}},\"72cc9b12-4e22-4766-bc89-a7d9e8897123\":{\"order\":3,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"aws.s3.bucket.name\",\"title\":\"Bucket Names\",\"id\":\"72cc9b12-4e22-4766-bc89-a7d9e8897123\",\"enhancements\":{}}}}"},"description":"Overview of AWS S3 Metrics","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"38c1f878-ea80-4442-a455-9b669bd9b08f\",\"w\":4,\"x\":0,\"y\":0},\"panelIndex\":\"38c1f878-ea80-4442-a455-9b669bd9b08f\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-3a6b5560-57cf-4d5a-ab7c-fa2fc2911ed1\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"3a6b5560-57cf-4d5a-ab7c-fa2fc2911ed1\":{\"columnOrder\":[\"e962b376-5889-4a57-8628-dcac9f4208cc\",\"e962b376-5889-4a57-8628-dcac9f4208ccX0\"],\"columns\":{\"e962b376-5889-4a57-8628-dcac9f4208cc\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Total S3 Bucket Size\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}},\"formula\":\"sum(aws.s3_daily_storage.bucket.size.bytes)\",\"isFormulaBroken\":false},\"references\":[\"e962b376-5889-4a57-8628-dcac9f4208ccX0\"],\"scale\":\"ratio\"},\"e962b376-5889-4a57-8628-dcac9f4208ccX0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Total S3 Bucket Size\",\"operationType\":\"sum\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"aws.s3_daily_storage.bucket.size.bytes\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"e962b376-5889-4a57-8628-dcac9f4208cc\",\"layerId\":\"3a6b5560-57cf-4d5a-ab7c-fa2fc2911ed1\",\"layerType\":\"data\",\"size\":\"l\",\"textAlign\":\"center\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":true,\"timeRange\":{\"from\":\"now-2d\",\"to\":\"now-1d\"},\"type\":\"lens\"},\"title\":\"Total S3 Bucket Size\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"9044e628-dfdd-48c2-8a8e-0bfbfe5d1f95\",\"w\":4,\"x\":4,\"y\":0},\"panelIndex\":\"9044e628-dfdd-48c2-8a8e-0bfbfe5d1f95\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-0efc887f-76bc-499e-b51b-23780b4b7075\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"0efc887f-76bc-499e-b51b-23780b4b7075\":{\"columnOrder\":[\"c85259ee-d33a-4b01-b0be-aa137d07fcb8\"],\"columns\":{\"c85259ee-d33a-4b01-b0be-aa137d07fcb8\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"aws.s3_daily_storage.number_of_objects: *\"},\"isBucketed\":false,\"label\":\"Total Number of Objects\",\"operationType\":\"sum\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.s3_daily_storage.number_of_objects\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"c85259ee-d33a-4b01-b0be-aa137d07fcb8\",\"layerId\":\"0efc887f-76bc-499e-b51b-23780b4b7075\",\"layerType\":\"data\",\"size\":\"l\",\"textAlign\":\"center\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":true,\"timeRange\":{\"from\":\"now-2d\",\"to\":\"now-1d\"},\"type\":\"lens\"},\"title\":\"Total number of objects\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"e0b784e3-242b-4690-9bc6-287a3fe6c950\",\"w\":19,\"x\":8,\"y\":0},\"panelIndex\":\"e0b784e3-242b-4690-9bc6-287a3fe6c950\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-1c30a386-39ac-4525-a832-15cc8031dad8\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"1c30a386-39ac-4525-a832-15cc8031dad8\":{\"columnOrder\":[\"9f70a78c-036c-4959-9551-86149f5d42bb\",\"5d688be2-3ff8-48ec-a4af-97f6a0ea881e\"],\"columns\":{\"5d688be2-3ff8-48ec-a4af-97f6a0ea881e\":{\"customLabel\":false,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"aws.s3_daily_storage.bucket.size.bytes: *\"},\"isBucketed\":false,\"label\":\"Last value of aws.s3_daily_storage.bucket.size.bytes\",\"operationType\":\"last_value\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}},\"showArrayValues\":false,\"sortField\":\"@timestamp\"},\"scale\":\"ratio\",\"sourceField\":\"aws.s3_daily_storage.bucket.size.bytes\"},\"9f70a78c-036c-4959-9551-86149f5d42bb\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 values of aws.s3.bucket.name\",\"operationType\":\"terms\",\"params\":{\"accuracyMode\":true,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"5d688be2-3ff8-48ec-a4af-97f6a0ea881e\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.s3.bucket.name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"5d688be2-3ff8-48ec-a4af-97f6a0ea881e\"],\"layerId\":\"1c30a386-39ac-4525-a832-15cc8031dad8\",\"layerType\":\"data\",\"seriesType\":\"bar_horizontal\",\"xAccessor\":\"9f70a78c-036c-4959-9551-86149f5d42bb\"}],\"legend\":{\"isInside\":false,\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_horizontal\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"xTitle\":\"\",\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"timeRange\":{\"from\":\"now-2d\",\"to\":\"now-1d\"},\"type\":\"lens\"},\"title\":\"Top 10 Bucket Size in Bytes\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"504a187a-f1db-4b84-8f31-d502238e64c2\",\"w\":21,\"x\":27,\"y\":0},\"panelIndex\":\"504a187a-f1db-4b84-8f31-d502238e64c2\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-af61dbed-5160-44f1-9926-68ce33152b0d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"af61dbed-5160-44f1-9926-68ce33152b0d\":{\"columnOrder\":[\"0c368248-8555-434d-b8bc-7fc51eef527e\",\"9745c0a5-3ede-4010-8f70-e961503850c6\"],\"columns\":{\"0c368248-8555-434d-b8bc-7fc51eef527e\":{\"customLabel\":false,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 values of aws.s3.bucket.name\",\"operationType\":\"terms\",\"params\":{\"accuracyMode\":true,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"9745c0a5-3ede-4010-8f70-e961503850c6\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.s3.bucket.name\"},\"9745c0a5-3ede-4010-8f70-e961503850c6\":{\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"aws.s3_daily_storage.number_of_objects: *\"},\"isBucketed\":false,\"label\":\"Last value of aws.s3_daily_storage.number_of_objects\",\"operationType\":\"last_value\",\"params\":{\"sortField\":\"@timestamp\"},\"scale\":\"ratio\",\"sourceField\":\"aws.s3_daily_storage.number_of_objects\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"9745c0a5-3ede-4010-8f70-e961503850c6\"],\"layerId\":\"af61dbed-5160-44f1-9926-68ce33152b0d\",\"layerType\":\"data\",\"seriesType\":\"bar_horizontal\",\"xAccessor\":\"0c368248-8555-434d-b8bc-7fc51eef527e\"}],\"legend\":{\"isInside\":true,\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_horizontal\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"xTitle\":\"\",\"yLeftExtent\":{\"mode\":\"dataBounds\"},\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"timeRange\":{\"from\":\"now-2d\",\"to\":\"now-1d\"},\"type\":\"lens\"},\"title\":\"Top 10 Number of Objects\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":12,\"i\":\"06d123df-0904-4a9f-ab84-a542273ffb46\",\"w\":24,\"x\":0,\"y\":8},\"panelIndex\":\"06d123df-0904-4a9f-ab84-a542273ffb46\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-190281eb-58c9-469f-b75e-c9ba458b570c\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"190281eb-58c9-469f-b75e-c9ba458b570c\":{\"columnOrder\":[\"b255fdcd-4a88-4e26-ad95-f96d5fa71f56\",\"f2ac53f6-a4db-4519-86bf-280d76d25c5d\",\"673d465d-234b-46b0-9cb1-3bd22817c3d7\"],\"columns\":{\"673d465d-234b-46b0-9cb1-3bd22817c3d7\":{\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"aws.s3_daily_storage.bucket.size.bytes: *\"},\"isBucketed\":false,\"label\":\"Last value of aws.s3_daily_storage.bucket.size.bytes\",\"operationType\":\"last_value\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}},\"showArrayValues\":false,\"sortField\":\"@timestamp\"},\"scale\":\"ratio\",\"sourceField\":\"aws.s3_daily_storage.bucket.size.bytes\"},\"b255fdcd-4a88-4e26-ad95-f96d5fa71f56\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 5 values of aws.s3.bucket.name\",\"operationType\":\"terms\",\"params\":{\"accuracyMode\":true,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"673d465d-234b-46b0-9cb1-3bd22817c3d7\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.s3.bucket.name\"},\"f2ac53f6-a4db-4519-86bf-280d76d25c5d\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":false,\"interval\":\"d\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"curveType\":\"CURVE_MONOTONE_X\",\"endValue\":\"Nearest\",\"fittingFunction\":\"Linear\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"673d465d-234b-46b0-9cb1-3bd22817c3d7\"],\"layerId\":\"190281eb-58c9-469f-b75e-c9ba458b570c\",\"layerType\":\"data\",\"seriesType\":\"line\",\"splitAccessor\":\"b255fdcd-4a88-4e26-ad95-f96d5fa71f56\",\"xAccessor\":\"f2ac53f6-a4db-4519-86bf-280d76d25c5d\"}],\"legend\":{\"isInside\":true,\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"xTitle\":\"\",\"yLeftExtent\":{\"mode\":\"dataBounds\"},\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"timeRange\":{\"from\":\"now-7d\",\"to\":\"now\"},\"type\":\"lens\"},\"title\":\"Bucket Size\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":12,\"i\":\"1e851b43-a868-431b-a1a3-f1a05b3a743f\",\"w\":24,\"x\":24,\"y\":8},\"panelIndex\":\"1e851b43-a868-431b-a1a3-f1a05b3a743f\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-d2ed9ebb-b73f-4b8d-a214-1d03704a8b60\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"d2ed9ebb-b73f-4b8d-a214-1d03704a8b60\":{\"columnOrder\":[\"f4f5900c-06e2-4f02-a147-657036931d2d\",\"8526b422-9f2d-4482-8be9-80be6308a159\",\"02a5b22e-865f-4b85-826f-11b3ca347035\"],\"columns\":{\"02a5b22e-865f-4b85-826f-11b3ca347035\":{\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"aws.s3_daily_storage.number_of_objects: *\"},\"isBucketed\":false,\"label\":\"Last value of aws.s3_daily_storage.number_of_objects\",\"operationType\":\"last_value\",\"params\":{\"sortField\":\"@timestamp\"},\"scale\":\"ratio\",\"sourceField\":\"aws.s3_daily_storage.number_of_objects\"},\"8526b422-9f2d-4482-8be9-80be6308a159\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 5 values of aws.s3.bucket.name\",\"operationType\":\"terms\",\"params\":{\"accuracyMode\":true,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"02a5b22e-865f-4b85-826f-11b3ca347035\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.s3.bucket.name\"},\"f4f5900c-06e2-4f02-a147-657036931d2d\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":false,\"interval\":\"d\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"curveType\":\"CURVE_MONOTONE_X\",\"endValue\":\"Nearest\",\"fittingFunction\":\"Linear\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"02a5b22e-865f-4b85-826f-11b3ca347035\"],\"layerId\":\"d2ed9ebb-b73f-4b8d-a214-1d03704a8b60\",\"layerType\":\"data\",\"seriesType\":\"line\",\"splitAccessor\":\"8526b422-9f2d-4482-8be9-80be6308a159\",\"xAccessor\":\"f4f5900c-06e2-4f02-a147-657036931d2d\"}],\"legend\":{\"isInside\":true,\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"xTitle\":\"\",\"yLeftExtent\":{\"mode\":\"dataBounds\"},\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"timeRange\":{\"from\":\"now-7d\",\"to\":\"now\"},\"type\":\"lens\"},\"title\":\"Number of Objects\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"1e4a9ad9-15c1-4788-a1fb-80637edf7b95\",\"w\":48,\"x\":0,\"y\":20},\"panelIndex\":\"1e4a9ad9-15c1-4788-a1fb-80637edf7b95\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"Note: visualizations below rely on S3 request metrics to be enabled in AWS first. Please see how to [enable request metrics](https://docs.aws.amazon.com/AmazonS3/latest/userguide/configure-request-metrics-bucket.html) for more details.\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"s3_request_note\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":38,\"i\":\"6f4152e8-0944-4149-941a-0b58e69b8ecd\",\"w\":4,\"x\":0,\"y\":24},\"panelIndex\":\"6f4152e8-0944-4149-941a-0b58e69b8ecd\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"Requests\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"requests title\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":5,\"i\":\"ffbba1de-c2a3-4d55-97c4-ef47b26973e2\",\"w\":8,\"x\":4,\"y\":24},\"panelIndex\":\"ffbba1de-c2a3-4d55-97c4-ef47b26973e2\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-0ccf08d3-d668-4ec7-8ef3-e4de412e7d05\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"0ccf08d3-d668-4ec7-8ef3-e4de412e7d05\":{\"columnOrder\":[\"9670cf93-ad58-473b-bb4b-7f03d919d5f9\"],\"columns\":{\"9670cf93-ad58-473b-bb4b-7f03d919d5f9\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"aws.s3_request.latency.total_request.ms: *\"},\"isBucketed\":false,\"label\":\"Average Total Request Latency (ms)\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":2}}},\"scale\":\"ratio\",\"sourceField\":\"aws.s3_request.latency.total_request.ms\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"9670cf93-ad58-473b-bb4b-7f03d919d5f9\",\"layerId\":\"0ccf08d3-d668-4ec7-8ef3-e4de412e7d05\",\"layerType\":\"data\",\"size\":\"l\",\"textAlign\":\"center\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":true,\"type\":\"lens\"},\"title\":\"Average Total Request Latency\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":5,\"i\":\"1244972a-2e1f-4dbd-9db0-f56a79dcdfba\",\"w\":8,\"x\":12,\"y\":24},\"panelIndex\":\"1244972a-2e1f-4dbd-9db0-f56a79dcdfba\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-b7b988d0-8a23-4f66-8aa0-e73e0b453026\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b7b988d0-8a23-4f66-8aa0-e73e0b453026\":{\"columnOrder\":[\"85e36aab-a782-4b29-a2a3-3c0735c1104d\"],\"columns\":{\"85e36aab-a782-4b29-a2a3-3c0735c1104d\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"aws.s3_request.requests.total: *\"},\"isBucketed\":false,\"label\":\"Total HTTP Requests\",\"operationType\":\"sum\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.s3_request.requests.total\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"85e36aab-a782-4b29-a2a3-3c0735c1104d\",\"layerId\":\"b7b988d0-8a23-4f66-8aa0-e73e0b453026\",\"layerType\":\"data\",\"size\":\"l\",\"textAlign\":\"center\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":true,\"type\":\"lens\"},\"title\":\"Total HTTP Requests\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":5,\"i\":\"3816e81e-b2f9-46bf-8870-fc0b300f5550\",\"w\":7,\"x\":20,\"y\":24},\"panelIndex\":\"3816e81e-b2f9-46bf-8870-fc0b300f5550\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-fc38c622-e1d2-42a4-ae60-6508f677868b\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"fc38c622-e1d2-42a4-ae60-6508f677868b\":{\"columnOrder\":[\"2b81b770-436c-4374-b89a-53dbb8905020\"],\"columns\":{\"2b81b770-436c-4374-b89a-53dbb8905020\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average Download per Request\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}},\"scale\":\"ratio\",\"sourceField\":\"aws.s3_request.downloaded.bytes\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"2b81b770-436c-4374-b89a-53dbb8905020\",\"layerId\":\"fc38c622-e1d2-42a4-ae60-6508f677868b\",\"layerType\":\"data\",\"size\":\"l\",\"textAlign\":\"center\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":true,\"type\":\"lens\"},\"title\":\"Average Download Bytes per Request\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":5,\"i\":\"23e3c7f4-7fdf-421c-b461-e5ae21f10a5c\",\"w\":7,\"x\":27,\"y\":24},\"panelIndex\":\"23e3c7f4-7fdf-421c-b461-e5ae21f10a5c\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-61c0910a-1394-4414-9de9-00a2c4c1df99\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"61c0910a-1394-4414-9de9-00a2c4c1df99\":{\"columnOrder\":[\"8949b8fd-522d-4242-bbff-739d10bba463\"],\"columns\":{\"8949b8fd-522d-4242-bbff-739d10bba463\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average Upload per Request\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}},\"scale\":\"ratio\",\"sourceField\":\"aws.s3_request.uploaded.bytes\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"8949b8fd-522d-4242-bbff-739d10bba463\",\"layerId\":\"61c0910a-1394-4414-9de9-00a2c4c1df99\",\"layerType\":\"data\",\"size\":\"l\",\"textAlign\":\"center\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":true,\"type\":\"lens\"},\"title\":\"Average Upload Bytes per Request\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":5,\"i\":\"4507cadf-b442-4d6b-b397-9fc047f7e4ed\",\"w\":7,\"x\":34,\"y\":24},\"panelIndex\":\"4507cadf-b442-4d6b-b397-9fc047f7e4ed\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-e4780eff-c9b6-4e7c-81d4-000f9e618ee8\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"e4780eff-c9b6-4e7c-81d4-000f9e618ee8\":{\"columnOrder\":[\"d0036bf5-11c8-40b4-875c-c15443ea5999\",\"d0036bf5-11c8-40b4-875c-c15443ea5999X0\"],\"columns\":{\"d0036bf5-11c8-40b4-875c-c15443ea5999\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Bytes per Period Downloaded\",\"operationType\":\"formula\",\"params\":{\"formula\":\"average(aws.s3_request.downloaded.bytes_per_period)\",\"isFormulaBroken\":false},\"references\":[\"d0036bf5-11c8-40b4-875c-c15443ea5999X0\"],\"scale\":\"ratio\"},\"d0036bf5-11c8-40b4-875c-c15443ea5999X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Bytes per Period Downloaded\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"aws.s3_request.downloaded.bytes_per_period\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"d0036bf5-11c8-40b4-875c-c15443ea5999\",\"layerId\":\"e4780eff-c9b6-4e7c-81d4-000f9e618ee8\",\"layerType\":\"data\",\"size\":\"l\",\"textAlign\":\"center\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":true,\"type\":\"lens\"},\"title\":\"Bytes per Period Downloaded\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":5,\"i\":\"1bbf9bfb-10a5-406c-b7b1-0a8dc332280a\",\"w\":7,\"x\":41,\"y\":24},\"panelIndex\":\"1bbf9bfb-10a5-406c-b7b1-0a8dc332280a\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-aadc60fc-e93e-437e-9209-4b4df243c3db\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"aadc60fc-e93e-437e-9209-4b4df243c3db\":{\"columnOrder\":[\"3572bcd6-9a91-4ab6-82d1-80116c8ff17c\"],\"columns\":{\"3572bcd6-9a91-4ab6-82d1-80116c8ff17c\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Bytes per Period Uploaded\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.s3_request.uploaded.bytes_per_period\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"3572bcd6-9a91-4ab6-82d1-80116c8ff17c\",\"layerId\":\"aadc60fc-e93e-437e-9209-4b4df243c3db\",\"layerType\":\"data\",\"size\":\"l\",\"textAlign\":\"center\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":true,\"type\":\"lens\"},\"title\":\"Bytes per Period Uploaded\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"3dea49df-7a75-470f-bd28-79c54e6eb9cd\",\"w\":22,\"x\":4,\"y\":29},\"panelIndex\":\"3dea49df-7a75-470f-bd28-79c54e6eb9cd\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-5bc892ab-f3cc-4395-a9a4-1c24f055b210\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"5bc892ab-f3cc-4395-a9a4-1c24f055b210\":{\"columnOrder\":[\"10209ab6-019a-49e8-ae29-e3404c6fdc96\",\"f736b9f9-d6da-4e2d-b50d-843eaa0f7a1a\",\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\"],\"columns\":{\"10209ab6-019a-49e8-ae29-e3404c6fdc96\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 5 values of aws.s3.bucket.name\",\"operationType\":\"terms\",\"params\":{\"accuracyMode\":true,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\",\"type\":\"column\"},\"orderDirection\":\"asc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.s3.bucket.name\"},\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average of aws.s3_request.requests.total\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.s3_request.requests.total\"},\"f736b9f9-d6da-4e2d-b50d-843eaa0f7a1a\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"curveType\":\"CURVE_MONOTONE_X\",\"fittingFunction\":\"Linear\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\"],\"layerId\":\"5bc892ab-f3cc-4395-a9a4-1c24f055b210\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"splitAccessor\":\"10209ab6-019a-49e8-ae29-e3404c6fdc96\",\"xAccessor\":\"f736b9f9-d6da-4e2d-b50d-843eaa0f7a1a\"}],\"legend\":{\"isInside\":true,\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"xTitle\":\"\",\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"All Requests\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"b080b2b1-d252-4b0c-ac0f-9031f73fd009\",\"w\":22,\"x\":26,\"y\":29},\"panelIndex\":\"b080b2b1-d252-4b0c-ac0f-9031f73fd009\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-5bc892ab-f3cc-4395-a9a4-1c24f055b210\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"5bc892ab-f3cc-4395-a9a4-1c24f055b210\":{\"columnOrder\":[\"10209ab6-019a-49e8-ae29-e3404c6fdc96\",\"f736b9f9-d6da-4e2d-b50d-843eaa0f7a1a\",\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\"],\"columns\":{\"10209ab6-019a-49e8-ae29-e3404c6fdc96\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 5 values of aws.s3.bucket.name\",\"operationType\":\"terms\",\"params\":{\"accuracyMode\":true,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\",\"type\":\"column\"},\"orderDirection\":\"asc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.s3.bucket.name\"},\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average of aws.s3_request.requests.get\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.s3_request.requests.get\"},\"f736b9f9-d6da-4e2d-b50d-843eaa0f7a1a\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"curveType\":\"CURVE_MONOTONE_X\",\"fittingFunction\":\"Linear\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\"],\"layerId\":\"5bc892ab-f3cc-4395-a9a4-1c24f055b210\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"splitAccessor\":\"10209ab6-019a-49e8-ae29-e3404c6fdc96\",\"xAccessor\":\"f736b9f9-d6da-4e2d-b50d-843eaa0f7a1a\"}],\"legend\":{\"isInside\":true,\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"xTitle\":\"\",\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Get Requests\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"17a9a6ad-c32c-41a8-8184-791d434bb504\",\"w\":22,\"x\":4,\"y\":40},\"panelIndex\":\"17a9a6ad-c32c-41a8-8184-791d434bb504\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-5bc892ab-f3cc-4395-a9a4-1c24f055b210\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"5bc892ab-f3cc-4395-a9a4-1c24f055b210\":{\"columnOrder\":[\"10209ab6-019a-49e8-ae29-e3404c6fdc96\",\"f736b9f9-d6da-4e2d-b50d-843eaa0f7a1a\",\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\"],\"columns\":{\"10209ab6-019a-49e8-ae29-e3404c6fdc96\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 5 values of aws.s3.bucket.name\",\"operationType\":\"terms\",\"params\":{\"accuracyMode\":true,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\",\"type\":\"column\"},\"orderDirection\":\"asc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.s3.bucket.name\"},\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average of aws.s3_request.requests.put\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.s3_request.requests.put\"},\"f736b9f9-d6da-4e2d-b50d-843eaa0f7a1a\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"curveType\":\"CURVE_MONOTONE_X\",\"fittingFunction\":\"Linear\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\"],\"layerId\":\"5bc892ab-f3cc-4395-a9a4-1c24f055b210\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"splitAccessor\":\"10209ab6-019a-49e8-ae29-e3404c6fdc96\",\"xAccessor\":\"f736b9f9-d6da-4e2d-b50d-843eaa0f7a1a\"}],\"legend\":{\"isInside\":true,\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"xTitle\":\"\",\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Put Requests\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"b56599a0-8704-4474-9b1f-def104f812a1\",\"w\":22,\"x\":26,\"y\":40},\"panelIndex\":\"b56599a0-8704-4474-9b1f-def104f812a1\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-5bc892ab-f3cc-4395-a9a4-1c24f055b210\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"5bc892ab-f3cc-4395-a9a4-1c24f055b210\":{\"columnOrder\":[\"10209ab6-019a-49e8-ae29-e3404c6fdc96\",\"f736b9f9-d6da-4e2d-b50d-843eaa0f7a1a\",\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\"],\"columns\":{\"10209ab6-019a-49e8-ae29-e3404c6fdc96\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 5 values of aws.s3.bucket.name\",\"operationType\":\"terms\",\"params\":{\"accuracyMode\":true,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\",\"type\":\"column\"},\"orderDirection\":\"asc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.s3.bucket.name\"},\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average of aws.s3_request.requests.head\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.s3_request.requests.head\"},\"f736b9f9-d6da-4e2d-b50d-843eaa0f7a1a\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"curveType\":\"CURVE_MONOTONE_X\",\"fittingFunction\":\"Linear\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\"],\"layerId\":\"5bc892ab-f3cc-4395-a9a4-1c24f055b210\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"splitAccessor\":\"10209ab6-019a-49e8-ae29-e3404c6fdc96\",\"xAccessor\":\"f736b9f9-d6da-4e2d-b50d-843eaa0f7a1a\"}],\"legend\":{\"isInside\":true,\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"xTitle\":\"\",\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Head Requests\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"0ba2d2dc-a517-484a-8838-30d42e11203a\",\"w\":22,\"x\":4,\"y\":51},\"panelIndex\":\"0ba2d2dc-a517-484a-8838-30d42e11203a\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-5bc892ab-f3cc-4395-a9a4-1c24f055b210\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"5bc892ab-f3cc-4395-a9a4-1c24f055b210\":{\"columnOrder\":[\"10209ab6-019a-49e8-ae29-e3404c6fdc96\",\"f736b9f9-d6da-4e2d-b50d-843eaa0f7a1a\",\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\"],\"columns\":{\"10209ab6-019a-49e8-ae29-e3404c6fdc96\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 5 values of aws.s3.bucket.name\",\"operationType\":\"terms\",\"params\":{\"accuracyMode\":true,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\",\"type\":\"column\"},\"orderDirection\":\"asc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.s3.bucket.name\"},\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average of aws.s3_request.errors.4xx\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.s3_request.errors.4xx\"},\"f736b9f9-d6da-4e2d-b50d-843eaa0f7a1a\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"curveType\":\"CURVE_MONOTONE_X\",\"fittingFunction\":\"Linear\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\"],\"layerId\":\"5bc892ab-f3cc-4395-a9a4-1c24f055b210\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"splitAccessor\":\"10209ab6-019a-49e8-ae29-e3404c6fdc96\",\"xAccessor\":\"f736b9f9-d6da-4e2d-b50d-843eaa0f7a1a\"}],\"legend\":{\"isInside\":true,\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"xTitle\":\"\",\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Average 4xx Errors per Request\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"6870d13b-f0e5-4083-94d7-aa9083985ea9\",\"w\":22,\"x\":26,\"y\":51},\"panelIndex\":\"6870d13b-f0e5-4083-94d7-aa9083985ea9\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-5bc892ab-f3cc-4395-a9a4-1c24f055b210\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"5bc892ab-f3cc-4395-a9a4-1c24f055b210\":{\"columnOrder\":[\"10209ab6-019a-49e8-ae29-e3404c6fdc96\",\"f736b9f9-d6da-4e2d-b50d-843eaa0f7a1a\",\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\"],\"columns\":{\"10209ab6-019a-49e8-ae29-e3404c6fdc96\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 5 values of aws.s3.bucket.name\",\"operationType\":\"terms\",\"params\":{\"accuracyMode\":true,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\",\"type\":\"column\"},\"orderDirection\":\"asc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.s3.bucket.name\"},\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average of aws.s3_request.errors.5xx\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.s3_request.errors.5xx\"},\"f736b9f9-d6da-4e2d-b50d-843eaa0f7a1a\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"curveType\":\"CURVE_MONOTONE_X\",\"fittingFunction\":\"Linear\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\"],\"layerId\":\"5bc892ab-f3cc-4395-a9a4-1c24f055b210\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"splitAccessor\":\"10209ab6-019a-49e8-ae29-e3404c6fdc96\",\"xAccessor\":\"f736b9f9-d6da-4e2d-b50d-843eaa0f7a1a\"}],\"legend\":{\"isInside\":true,\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"xTitle\":\"\",\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Average 5xx Errors per Request\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"8b7777c6-c8ba-4768-87db-2c0bb53a7d86\",\"w\":4,\"x\":0,\"y\":62},\"panelIndex\":\"8b7777c6-c8ba-4768-87db-2c0bb53a7d86\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"Downloads and Uploads\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"downloads and uploads title\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"bc8539c4-dc85-4742-911f-220091b082eb\",\"w\":22,\"x\":4,\"y\":62},\"panelIndex\":\"bc8539c4-dc85-4742-911f-220091b082eb\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-5bc892ab-f3cc-4395-a9a4-1c24f055b210\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"5bc892ab-f3cc-4395-a9a4-1c24f055b210\":{\"columnOrder\":[\"10209ab6-019a-49e8-ae29-e3404c6fdc96\",\"f736b9f9-d6da-4e2d-b50d-843eaa0f7a1a\",\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\"],\"columns\":{\"10209ab6-019a-49e8-ae29-e3404c6fdc96\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 5 values of aws.s3.bucket.name\",\"operationType\":\"terms\",\"params\":{\"accuracyMode\":true,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\",\"type\":\"column\"},\"orderDirection\":\"asc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.s3.bucket.name\"},\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average of aws.s3_request.downloaded.bytes\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}},\"scale\":\"ratio\",\"sourceField\":\"aws.s3_request.downloaded.bytes\"},\"f736b9f9-d6da-4e2d-b50d-843eaa0f7a1a\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"curveType\":\"CURVE_MONOTONE_X\",\"fittingFunction\":\"Linear\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\"],\"layerId\":\"5bc892ab-f3cc-4395-a9a4-1c24f055b210\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"splitAccessor\":\"10209ab6-019a-49e8-ae29-e3404c6fdc96\",\"xAccessor\":\"f736b9f9-d6da-4e2d-b50d-843eaa0f7a1a\"}],\"legend\":{\"isInside\":true,\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"xTitle\":\"\",\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Downloaded Bytes per Request\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"81e65dcf-8ce4-4bdd-923d-199f54f7ef74\",\"w\":22,\"x\":26,\"y\":62},\"panelIndex\":\"81e65dcf-8ce4-4bdd-923d-199f54f7ef74\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-5bc892ab-f3cc-4395-a9a4-1c24f055b210\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"5bc892ab-f3cc-4395-a9a4-1c24f055b210\":{\"columnOrder\":[\"10209ab6-019a-49e8-ae29-e3404c6fdc96\",\"f736b9f9-d6da-4e2d-b50d-843eaa0f7a1a\",\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\"],\"columns\":{\"10209ab6-019a-49e8-ae29-e3404c6fdc96\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 5 values of aws.s3.bucket.name\",\"operationType\":\"terms\",\"params\":{\"accuracyMode\":true,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\",\"type\":\"column\"},\"orderDirection\":\"asc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.s3.bucket.name\"},\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average of aws.s3_request.uploaded.bytes\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}},\"scale\":\"ratio\",\"sourceField\":\"aws.s3_request.uploaded.bytes\"},\"f736b9f9-d6da-4e2d-b50d-843eaa0f7a1a\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"curveType\":\"CURVE_MONOTONE_X\",\"fittingFunction\":\"Linear\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\"],\"layerId\":\"5bc892ab-f3cc-4395-a9a4-1c24f055b210\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"splitAccessor\":\"10209ab6-019a-49e8-ae29-e3404c6fdc96\",\"xAccessor\":\"f736b9f9-d6da-4e2d-b50d-843eaa0f7a1a\"}],\"legend\":{\"isInside\":true,\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"xTitle\":\"\",\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Uploaded Bytes per Request\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"e6e94705-0ae9-4c7c-8b93-c46fe0ebcf61\",\"w\":4,\"x\":0,\"y\":73},\"panelIndex\":\"e6e94705-0ae9-4c7c-8b93-c46fe0ebcf61\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"Latency\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"latency label\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"0bd1714a-bd98-4f66-a280-4ca934795c7f\",\"w\":22,\"x\":4,\"y\":73},\"panelIndex\":\"0bd1714a-bd98-4f66-a280-4ca934795c7f\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-190281eb-58c9-469f-b75e-c9ba458b570c\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"190281eb-58c9-469f-b75e-c9ba458b570c\":{\"columnOrder\":[\"f2ac53f6-a4db-4519-86bf-280d76d25c5d\",\"b255fdcd-4a88-4e26-ad95-f96d5fa71f56\",\"673d465d-234b-46b0-9cb1-3bd22817c3d7\"],\"columns\":{\"673d465d-234b-46b0-9cb1-3bd22817c3d7\":{\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"aws.s3_request.latency.first_byte.ms: *\"},\"isBucketed\":false,\"label\":\"Average of aws.s3_request.latency.total_request.ms\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.s3_request.latency.total_request.ms\"},\"b255fdcd-4a88-4e26-ad95-f96d5fa71f56\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 5 values of aws.s3.bucket.name\",\"operationType\":\"terms\",\"params\":{\"accuracyMode\":true,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"673d465d-234b-46b0-9cb1-3bd22817c3d7\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.s3.bucket.name\"},\"f2ac53f6-a4db-4519-86bf-280d76d25c5d\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":false,\"interval\":\"d\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"curveType\":\"CURVE_MONOTONE_X\",\"fittingFunction\":\"Linear\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"673d465d-234b-46b0-9cb1-3bd22817c3d7\"],\"layerId\":\"190281eb-58c9-469f-b75e-c9ba458b570c\",\"layerType\":\"data\",\"seriesType\":\"line\",\"splitAccessor\":\"b255fdcd-4a88-4e26-ad95-f96d5fa71f56\",\"xAccessor\":\"f2ac53f6-a4db-4519-86bf-280d76d25c5d\"}],\"legend\":{\"isInside\":true,\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"xTitle\":\"\",\"yLeftExtent\":{\"mode\":\"dataBounds\"},\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Request Latency (ms)\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"953c200c-289d-4594-b238-5b851a9a8b00\",\"w\":22,\"x\":26,\"y\":73},\"panelIndex\":\"953c200c-289d-4594-b238-5b851a9a8b00\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-190281eb-58c9-469f-b75e-c9ba458b570c\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"190281eb-58c9-469f-b75e-c9ba458b570c\":{\"columnOrder\":[\"f2ac53f6-a4db-4519-86bf-280d76d25c5d\",\"b255fdcd-4a88-4e26-ad95-f96d5fa71f56\",\"673d465d-234b-46b0-9cb1-3bd22817c3d7\"],\"columns\":{\"673d465d-234b-46b0-9cb1-3bd22817c3d7\":{\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"aws.s3_request.latency.first_byte.ms: *\"},\"isBucketed\":false,\"label\":\"Average of aws.s3_request.latency.first_byte.ms\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.s3_request.latency.first_byte.ms\"},\"b255fdcd-4a88-4e26-ad95-f96d5fa71f56\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 5 values of aws.s3.bucket.name\",\"operationType\":\"terms\",\"params\":{\"accuracyMode\":true,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"673d465d-234b-46b0-9cb1-3bd22817c3d7\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.s3.bucket.name\"},\"f2ac53f6-a4db-4519-86bf-280d76d25c5d\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":false,\"interval\":\"d\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"curveType\":\"CURVE_MONOTONE_X\",\"endValue\":\"Nearest\",\"fittingFunction\":\"Linear\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"673d465d-234b-46b0-9cb1-3bd22817c3d7\"],\"layerId\":\"190281eb-58c9-469f-b75e-c9ba458b570c\",\"layerType\":\"data\",\"seriesType\":\"line\",\"splitAccessor\":\"b255fdcd-4a88-4e26-ad95-f96d5fa71f56\",\"xAccessor\":\"f2ac53f6-a4db-4519-86bf-280d76d25c5d\"}],\"legend\":{\"isInside\":true,\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"xTitle\":\"\",\"yLeftExtent\":{\"mode\":\"dataBounds\"},\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"First Byte Latency (ms)\"}]","refreshInterval":{"pause":true,"value":0},"timeFrom":"now-8d","timeRestore":true,"timeTo":"now","title":"[Metrics AWS] S3 Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"aws-a096b830-4762-11e9-8062-c98a86cb6f94","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"metrics-*","name":"38c1f878-ea80-4442-a455-9b669bd9b08f:indexpattern-datasource-layer-3a6b5560-57cf-4d5a-ab7c-fa2fc2911ed1","type":"index-pattern"},{"id":"metrics-*","name":"9044e628-dfdd-48c2-8a8e-0bfbfe5d1f95:indexpattern-datasource-layer-0efc887f-76bc-499e-b51b-23780b4b7075","type":"index-pattern"},{"id":"metrics-*","name":"e0b784e3-242b-4690-9bc6-287a3fe6c950:indexpattern-datasource-layer-1c30a386-39ac-4525-a832-15cc8031dad8","type":"index-pattern"},{"id":"metrics-*","name":"504a187a-f1db-4b84-8f31-d502238e64c2:indexpattern-datasource-layer-af61dbed-5160-44f1-9926-68ce33152b0d","type":"index-pattern"},{"id":"metrics-*","name":"06d123df-0904-4a9f-ab84-a542273ffb46:indexpattern-datasource-layer-190281eb-58c9-469f-b75e-c9ba458b570c","type":"index-pattern"},{"id":"metrics-*","name":"1e851b43-a868-431b-a1a3-f1a05b3a743f:indexpattern-datasource-layer-d2ed9ebb-b73f-4b8d-a214-1d03704a8b60","type":"index-pattern"},{"id":"metrics-*","name":"ffbba1de-c2a3-4d55-97c4-ef47b26973e2:indexpattern-datasource-layer-0ccf08d3-d668-4ec7-8ef3-e4de412e7d05","type":"index-pattern"},{"id":"metrics-*","name":"1244972a-2e1f-4dbd-9db0-f56a79dcdfba:indexpattern-datasource-layer-b7b988d0-8a23-4f66-8aa0-e73e0b453026","type":"index-pattern"},{"id":"metrics-*","name":"3816e81e-b2f9-46bf-8870-fc0b300f5550:indexpattern-datasource-layer-fc38c622-e1d2-42a4-ae60-6508f677868b","type":"index-pattern"},{"id":"metrics-*","name":"23e3c7f4-7fdf-421c-b461-e5ae21f10a5c:indexpattern-datasource-layer-61c0910a-1394-4414-9de9-00a2c4c1df99","type":"index-pattern"},{"id":"metrics-*","name":"4507cadf-b442-4d6b-b397-9fc047f7e4ed:indexpattern-datasource-layer-e4780eff-c9b6-4e7c-81d4-000f9e618ee8","type":"index-pattern"},{"id":"metrics-*","name":"1bbf9bfb-10a5-406c-b7b1-0a8dc332280a:indexpattern-datasource-layer-aadc60fc-e93e-437e-9209-4b4df243c3db","type":"index-pattern"},{"id":"metrics-*","name":"3dea49df-7a75-470f-bd28-79c54e6eb9cd:indexpattern-datasource-layer-5bc892ab-f3cc-4395-a9a4-1c24f055b210","type":"index-pattern"},{"id":"metrics-*","name":"b080b2b1-d252-4b0c-ac0f-9031f73fd009:indexpattern-datasource-layer-5bc892ab-f3cc-4395-a9a4-1c24f055b210","type":"index-pattern"},{"id":"metrics-*","name":"17a9a6ad-c32c-41a8-8184-791d434bb504:indexpattern-datasource-layer-5bc892ab-f3cc-4395-a9a4-1c24f055b210","type":"index-pattern"},{"id":"metrics-*","name":"b56599a0-8704-4474-9b1f-def104f812a1:indexpattern-datasource-layer-5bc892ab-f3cc-4395-a9a4-1c24f055b210","type":"index-pattern"},{"id":"metrics-*","name":"0ba2d2dc-a517-484a-8838-30d42e11203a:indexpattern-datasource-layer-5bc892ab-f3cc-4395-a9a4-1c24f055b210","type":"index-pattern"},{"id":"metrics-*","name":"6870d13b-f0e5-4083-94d7-aa9083985ea9:indexpattern-datasource-layer-5bc892ab-f3cc-4395-a9a4-1c24f055b210","type":"index-pattern"},{"id":"metrics-*","name":"bc8539c4-dc85-4742-911f-220091b082eb:indexpattern-datasource-layer-5bc892ab-f3cc-4395-a9a4-1c24f055b210","type":"index-pattern"},{"id":"metrics-*","name":"81e65dcf-8ce4-4bdd-923d-199f54f7ef74:indexpattern-datasource-layer-5bc892ab-f3cc-4395-a9a4-1c24f055b210","type":"index-pattern"},{"id":"metrics-*","name":"0bd1714a-bd98-4f66-a280-4ca934795c7f:indexpattern-datasource-layer-190281eb-58c9-469f-b75e-c9ba458b570c","type":"index-pattern"},{"id":"metrics-*","name":"953c200c-289d-4594-b238-5b851a9a8b00:indexpattern-datasource-layer-190281eb-58c9-469f-b75e-c9ba458b570c","type":"index-pattern"},{"id":"metrics-*","name":"controlGroup_d842e601-78ae-4001-8c73-0c6131832238:optionsListDataView","type":"index-pattern"},{"id":"metrics-*","name":"controlGroup_426ffa24-3e19-4e20-9a9e-e1eedcaf8051:optionsListDataView","type":"index-pattern"},{"id":"metrics-*","name":"controlGroup_d7c787c2-569d-4885-ad67-769c15f96470:optionsListDataView","type":"index-pattern"},{"id":"metrics-*","name":"controlGroup_72cc9b12-4e22-4766-bc89-a7d9e8897123:optionsListDataView","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688154054424,6219],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1MjQsMV0="}
-{"attributes":{"columns":[],"description":"","grid":{},"hideChart":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\" or data_stream.dataset : \\\"aws.securityhub_insights\\\" \"}}"},"sort":[["@timestamp","desc"]],"title":"Security Hub - Raw Events [Logs AWS]"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"aws-b111d3a0-5f3e-11ed-b2ee-f91fa284c4b5","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688154054424,6223],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1MjUsMV0="}
-{"attributes":{"columns":["aws.guardduty.service.evidence.threat_intelligence_details.threat.names","aws.guardduty.resource.type","cloud.account.id","cloud.region","message"],"description":"","grid":{},"hideChart":false,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.guardduty\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.guardduty\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"aws.guardduty.severity.value\",\"negate\":false,\"params\":{\"query\":\"High\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"aws.guardduty.severity.value\":\"High\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"sort":[["@timestamp","desc"]],"title":"High Severity Threat Details [Logs Guardduty]"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"aws-b3169d70-6a38-11ed-b880-2f1b70138655","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688154054424,6229],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1MjYsMV0="}
-{"attributes":{"description":"Overview of AWS NAT Gateway Metrics","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.natgateway\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.natgateway\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"346ce7bf-e1af-4e0d-856b-5aa412903167\",\"w\":7,\"x\":0,\"y\":0},\"panelIndex\":\"346ce7bf-e1af-4e0d-856b-5aa412903167\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloud.account.name\",\"id\":\"1565034367477\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"account name\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloud.region\",\"id\":\"1584478324642\",\"indexPatternRefName\":\"control_1_index_pattern\",\"label\":\"region\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"aws.dimensions.NatGatewayId\",\"id\":\"1584479118709\",\"indexPatternRefName\":\"control_2_index_pattern\",\"label\":\"NATGateway ID\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":true,\"useTimeFilter\":true},\"title\":\"NATGateway Filters [Metrics AWS]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Filters\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"19a9f053-a548-4e9d-a257-45932c3b73a5\",\"w\":8,\"x\":7,\"y\":0},\"panelIndex\":\"19a9f053-a548-4e9d-a257-45932c3b73a5\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"688b0480-688d-11ea-8b7d-fd9d15a13cd0\",\"value\":0}],\"bar_color_rules\":[{\"id\":\"6b6b1a00-688d-11ea-8b7d-fd9d15a13cd0\"}],\"drop_last_bucket\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"hide_last_value_indicator\":true,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Total Error of Port Allocation\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.natgateway.metrics.ErrorPortAllocation.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\"}],\"point_size\":\"3\",\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.NatGatewayId\",\"terms_order_by\":\"_count\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"last_value\",\"type\":\"metric\",\"use_kibana_indexes\":false},\"title\":\"NATGateway Error Port Allocation [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Error Port Allocation\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"a7a70775-f4ad-4323-b13c-9c9a3bf1bdf3\",\"w\":8,\"x\":15,\"y\":0},\"panelIndex\":\"a7a70775-f4ad-4323-b13c-9c9a3bf1bdf3\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"688b0480-688d-11ea-8b7d-fd9d15a13cd0\",\"value\":0}],\"bar_color_rules\":[{\"id\":\"6b6b1a00-688d-11ea-8b7d-fd9d15a13cd0\"}],\"drop_last_bucket\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"hide_last_value_indicator\":true,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"formatter\":\"number\",\"id\":\"f444c0e0-688f-11ea-8b7d-fd9d15a13cd0\",\"label\":\"Total Packets Drop\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.natgateway.metrics.PacketsDropCount.sum\",\"id\":\"f444c0e1-688f-11ea-8b7d-fd9d15a13cd0\",\"type\":\"sum\"}],\"point_size\":\"3\",\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.NatGatewayId\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"last_value\",\"type\":\"metric\",\"use_kibana_indexes\":false},\"title\":\"NATGateway Packet Drop [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Packets Drop\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"b5fe853e-d5b0-4918-93ec-8be70f2881a8\",\"w\":8,\"x\":23,\"y\":0},\"panelIndex\":\"b5fe853e-d5b0-4918-93ec-8be70f2881a8\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"688b0480-688d-11ea-8b7d-fd9d15a13cd0\",\"value\":0}],\"bar_color_rules\":[{\"id\":\"6b6b1a00-688d-11ea-8b7d-fd9d15a13cd0\"}],\"drop_last_bucket\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"hide_last_value_indicator\":true,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"formatter\":\"number\",\"id\":\"f444c0e0-688f-11ea-8b7d-fd9d15a13cd0\",\"label\":\"Total Connections Established\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.natgateway.metrics.ConnectionEstablishedCount.sum\",\"id\":\"f444c0e1-688f-11ea-8b7d-fd9d15a13cd0\",\"type\":\"sum\"}],\"point_size\":\"3\",\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.NatGatewayId\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"last_value\",\"type\":\"metric\",\"use_kibana_indexes\":false},\"title\":\"NATGateway Connection Established [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Total Connection Established\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"33663eae-1bc3-47d4-a9fc-3cd2b43c66ef\",\"w\":17,\"x\":31,\"y\":0},\"panelIndex\":\"33663eae-1bc3-47d4-a9fc-3cd2b43c66ef\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"688b0480-688d-11ea-8b7d-fd9d15a13cd0\"}],\"bar_color_rules\":[{\"id\":\"6b6b1a00-688d-11ea-8b7d-fd9d15a13cd0\"}],\"drop_last_bucket\":0,\"hide_last_value_indicator\":true,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"\",\"line_width\":\"3\",\"metrics\":[{\"field\":\"aws.natgateway.metrics.ActiveConnectionCount.max\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"2\",\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.NatGatewayId\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"last_value\",\"type\":\"top_n\",\"use_kibana_indexes\":false},\"title\":\"NATGateway Active Connection Count Top10 [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Active Connection Count\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":13,\"i\":\"4e454740-281a-43b1-92f4-8dd2e37e184f\",\"w\":24,\"x\":0,\"y\":11},\"panelIndex\":\"4e454740-281a-43b1-92f4-8dd2e37e184f\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"688b0480-688d-11ea-8b7d-fd9d15a13cd0\"}],\"bar_color_rules\":[{\"id\":\"6b6b1a00-688d-11ea-8b7d-fd9d15a13cd0\"}],\"drop_last_bucket\":0,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.natgateway.metrics.BytesInFromDestination.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"3\",\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.NatGatewayId\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"last_value\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"NATGateway Bytes In From Destination [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Bytes In From Destination\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":13,\"i\":\"f40587a4-47f1-494a-b8b9-33365ce34d2f\",\"w\":24,\"x\":24,\"y\":11},\"panelIndex\":\"f40587a4-47f1-494a-b8b9-33365ce34d2f\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"688b0480-688d-11ea-8b7d-fd9d15a13cd0\"}],\"bar_color_rules\":[{\"id\":\"6b6b1a00-688d-11ea-8b7d-fd9d15a13cd0\"}],\"drop_last_bucket\":0,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.natgateway.metrics.BytesInFromSource.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"3\",\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.NatGatewayId\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"last_value\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"NATGateway Bytes In From Source [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Bytes In From Source\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":13,\"i\":\"00075068-bf27-49e1-8beb-d5572500205b\",\"w\":24,\"x\":0,\"y\":24},\"panelIndex\":\"00075068-bf27-49e1-8beb-d5572500205b\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"688b0480-688d-11ea-8b7d-fd9d15a13cd0\"}],\"bar_color_rules\":[{\"id\":\"6b6b1a00-688d-11ea-8b7d-fd9d15a13cd0\"}],\"drop_last_bucket\":0,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.natgateway.metrics.BytesOutToDestination.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"3\",\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.NatGatewayId\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"last_value\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"NATGateway Bytes Out To Destination [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Bytes Out To Destination\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":13,\"i\":\"c95ab156-9118-4c3c-94ee-55b4c9f5589c\",\"w\":24,\"x\":24,\"y\":24},\"panelIndex\":\"c95ab156-9118-4c3c-94ee-55b4c9f5589c\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"688b0480-688d-11ea-8b7d-fd9d15a13cd0\"}],\"bar_color_rules\":[{\"id\":\"6b6b1a00-688d-11ea-8b7d-fd9d15a13cd0\"}],\"drop_last_bucket\":0,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.natgateway.metrics.BytesOutToSource.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"3\",\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.NatGatewayId\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"last_value\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"NATGateway Bytes Out To Source [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Bytes Out To Source\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":13,\"i\":\"f7c6e3f7-419d-43ff-a2bb-d5931371f347\",\"w\":24,\"x\":0,\"y\":37},\"panelIndex\":\"f7c6e3f7-419d-43ff-a2bb-d5931371f347\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"688b0480-688d-11ea-8b7d-fd9d15a13cd0\",\"value\":0}],\"bar_color_rules\":[{\"id\":\"6b6b1a00-688d-11ea-8b7d-fd9d15a13cd0\"}],\"drop_last_bucket\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"formatter\":\"number\",\"id\":\"f444c0e0-688f-11ea-8b7d-fd9d15a13cd0\",\"label\":\"\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.natgateway.metrics.PacketsInFromDestination.sum\",\"id\":\"f444c0e1-688f-11ea-8b7d-fd9d15a13cd0\",\"type\":\"avg\"}],\"point_size\":\"3\",\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.NatGatewayId\",\"terms_order_by\":\"f444c0e1-688f-11ea-8b7d-fd9d15a13cd0\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"last_value\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"NATGateway Packet In From Destination [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Packets In From Destination\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":13,\"i\":\"dcc56438-240a-45a4-81ec-a54be3d27c43\",\"w\":24,\"x\":24,\"y\":37},\"panelIndex\":\"dcc56438-240a-45a4-81ec-a54be3d27c43\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"688b0480-688d-11ea-8b7d-fd9d15a13cd0\",\"value\":0}],\"bar_color_rules\":[{\"id\":\"6b6b1a00-688d-11ea-8b7d-fd9d15a13cd0\"}],\"drop_last_bucket\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"formatter\":\"number\",\"id\":\"f444c0e0-688f-11ea-8b7d-fd9d15a13cd0\",\"label\":\"\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.natgateway.metrics.PacketsInFromSource.sum\",\"id\":\"f444c0e1-688f-11ea-8b7d-fd9d15a13cd0\",\"type\":\"avg\"}],\"point_size\":\"3\",\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.NatGatewayId\",\"terms_order_by\":\"f444c0e1-688f-11ea-8b7d-fd9d15a13cd0\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"last_value\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"NATGateway Packet In From Source [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Packets In From Source\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":13,\"i\":\"db77d690-f343-4dc2-8695-d45a03361e01\",\"w\":24,\"x\":0,\"y\":50},\"panelIndex\":\"db77d690-f343-4dc2-8695-d45a03361e01\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"688b0480-688d-11ea-8b7d-fd9d15a13cd0\",\"value\":0}],\"bar_color_rules\":[{\"id\":\"6b6b1a00-688d-11ea-8b7d-fd9d15a13cd0\"}],\"drop_last_bucket\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"formatter\":\"number\",\"id\":\"f444c0e0-688f-11ea-8b7d-fd9d15a13cd0\",\"label\":\"\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.natgateway.metrics.PacketsOutToDestination.sum\",\"id\":\"f444c0e1-688f-11ea-8b7d-fd9d15a13cd0\",\"type\":\"avg\"}],\"point_size\":\"3\",\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.NatGatewayId\",\"terms_order_by\":\"f444c0e1-688f-11ea-8b7d-fd9d15a13cd0\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"last_value\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"NATGateway Packet Out To Destination [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Packets Out To Destination\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":13,\"i\":\"d882a862-87aa-4169-9dc3-0591252fa736\",\"w\":24,\"x\":24,\"y\":50},\"panelIndex\":\"d882a862-87aa-4169-9dc3-0591252fa736\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"688b0480-688d-11ea-8b7d-fd9d15a13cd0\",\"value\":0}],\"bar_color_rules\":[{\"id\":\"6b6b1a00-688d-11ea-8b7d-fd9d15a13cd0\"}],\"drop_last_bucket\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"formatter\":\"number\",\"id\":\"f444c0e0-688f-11ea-8b7d-fd9d15a13cd0\",\"label\":\"\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.natgateway.metrics.PacketsOutToSource.sum\",\"id\":\"f444c0e1-688f-11ea-8b7d-fd9d15a13cd0\",\"type\":\"avg\"}],\"point_size\":\"3\",\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.NatGatewayId\",\"terms_order_by\":\"f444c0e1-688f-11ea-8b7d-fd9d15a13cd0\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"last_value\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"NATGateway Packet Out To Source [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Packets Out To Source\"}]","timeRestore":false,"title":"[Metrics AWS] NATGateway Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"aws-c2b1cbc0-6891-11ea-b0ac-95d4ecb1fecd","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"346ce7bf-e1af-4e0d-856b-5aa412903167:control_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"346ce7bf-e1af-4e0d-856b-5aa412903167:control_1_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"346ce7bf-e1af-4e0d-856b-5aa412903167:control_2_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688154054424,6236],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1MjcsMV0="}
-{"attributes":{"description":"Overview of AWS EC2 Metrics","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"3\",\"w\":24,\"x\":24,\"y\":27},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"annotations\":[],\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"23428b30-f7f2-11e8-bff8-21537b07dd44\"}],\"bar_color_rules\":[{\"id\":\"2592bcc0-f7f2-11e8-bff8-21537b07dd44\"}],\"drop_last_bucket\":1,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.ec2_metrics\\\" \"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\">=5m\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(104,188,0,1)\",\"fill\":\"0\",\"filter\":\"\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"AWS EC2 DiskIO Write Bytes\",\"line_width\":1,\"metrics\":[{\"field\":\"host.disk.write.bytes\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"max\"}],\"point_size\":1,\"separate_axis\":0,\"series_drop_last_bucket\":1,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"steps\":0,\"terms_field\":\"cloud.instance.id\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"terms_size\":\"5\",\"time_range_mode\":\"entire_time_range\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"EC2 DiskIO Write Bytes [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"EC2 DiskIO Write Bytes\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"5\",\"w\":12,\"x\":36,\"y\":0},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"d13f6b50-f7f6-11e8-bff8-21537b07dd44\"}],\"bar_color_rules\":[{\"id\":\"ad6d62d0-f7f7-11e8-bff8-21537b07dd44\"}],\"drop_last_bucket\":1,\"gauge_color_rules\":[{\"id\":\"b0c5b590-f7f7-11e8-bff8-21537b07dd44\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"hide_last_value_indicator\":true,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"EC2 Status Check Failed\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.ec2.status.check_failed\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"terms_field\":\"cloud.instance.id\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\",\"use_kibana_indexes\":false},\"title\":\"EC2 Status Check Failed [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"EC2 Status Check Failed\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"11\",\"w\":24,\"x\":0,\"y\":42},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"annotations\":[],\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"23428b30-f7f2-11e8-bff8-21537b07dd44\"}],\"bar_color_rules\":[{\"id\":\"2592bcc0-f7f2-11e8-bff8-21537b07dd44\"}],\"drop_last_bucket\":1,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.ec2_metrics\\\" \"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\">=5m\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(104,188,0,1)\",\"fill\":\"0\",\"filter\":\"\",\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"AWS EC2 Network In Bytes\",\"line_width\":1,\"metrics\":[{\"field\":\"host.network.ingress.bytes\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"max\"}],\"point_size\":1,\"separate_axis\":0,\"series_drop_last_bucket\":1,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"steps\":0,\"terms_field\":\"cloud.instance.id\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"terms_size\":\"5\",\"time_range_mode\":\"entire_time_range\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"EC2 Network In Bytes [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"EC2 Network In Bytes\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"12\",\"w\":24,\"x\":24,\"y\":42},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"annotations\":[],\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"23428b30-f7f2-11e8-bff8-21537b07dd44\"}],\"bar_color_rules\":[{\"id\":\"2592bcc0-f7f2-11e8-bff8-21537b07dd44\"}],\"drop_last_bucket\":1,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.ec2_metrics\\\" \"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\">=5m\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(104,188,0,1)\",\"fill\":\"0\",\"filter\":\"\",\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"AWS EC2 Network Out Bytes\",\"line_width\":1,\"metrics\":[{\"field\":\"host.network.egress.bytes\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"max\"}],\"point_size\":1,\"separate_axis\":0,\"series_drop_last_bucket\":1,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"steps\":0,\"terms_field\":\"cloud.instance.id\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"terms_size\":\"5\",\"time_range_mode\":\"entire_time_range\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"EC2 Network Out Bytes [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"EC2 Network Out Bytes\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"15\",\"w\":24,\"x\":0,\"y\":27},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"annotations\":[],\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"23428b30-f7f2-11e8-bff8-21537b07dd44\"}],\"bar_color_rules\":[{\"id\":\"2592bcc0-f7f2-11e8-bff8-21537b07dd44\"}],\"drop_last_bucket\":1,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.ec2_metrics\\\" \"},\"gauge_color_rules\":[{\"id\":\"dcc75b70-2328-11ed-8313-17cbcb322386\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\">=5m\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(104,188,0,1)\",\"fill\":\"0\",\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"AWS EC2 DiskIO Read Bytes\",\"line_width\":1,\"metrics\":[{\"field\":\"host.disk.read.bytes\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"max\"}],\"point_size\":1,\"separate_axis\":0,\"series_drop_last_bucket\":1,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"steps\":0,\"terms_field\":\"cloud.instance.id\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"terms_size\":\"5\",\"time_range_mode\":\"entire_time_range\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"EC2 DiskIO Read Bytes [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"EC2 DiskIO Read Bytes\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"17\",\"w\":48,\"x\":0,\"y\":12},\"panelIndex\":\"17\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"annotations\":[],\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"23428b30-f7f2-11e8-bff8-21537b07dd44\"}],\"bar_color_rules\":[{\"id\":\"2592bcc0-f7f2-11e8-bff8-21537b07dd44\"}],\"drop_last_bucket\":1,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.ec2_metrics\\\" \"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\">=5m\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(104,188,0,1)\",\"fill\":\"0\",\"filter\":\"\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"AWS EC2 CPU Utilization\",\"line_width\":1,\"metrics\":[{\"field\":\"host.cpu.usage\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"max\"}],\"point_size\":1,\"separate_axis\":0,\"series_drop_last_bucket\":1,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"steps\":0,\"terms_field\":\"cloud.instance.id\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"terms_size\":\"5\",\"time_range_mode\":\"entire_time_range\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"EC2 CPU Utilization [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"EC2 CPU Utilization\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"18\",\"w\":17,\"x\":0,\"y\":0},\"panelIndex\":\"18\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloud.account.name\",\"id\":\"1549397251041\",\"indexPatternRefName\":\"control_18_0_index_pattern\",\"label\":\"account name\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":true,\"useTimeFilter\":false},\"title\":\"AWS Account Filter [Metrics AWS]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"AWS Account Filter\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"19\",\"w\":19,\"x\":17,\"y\":0},\"panelIndex\":\"19\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"EC2 Instance State\"},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"\",\"field\":\"aws.ec2.instance.state.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"distinctColors\":true,\"isDonut\":false,\"labels\":{\"last_level\":true,\"show\":true,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"legendSize\":\"auto\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"type\":\"pie\"},\"title\":\"EC2 Instance State [Metrics AWS]\",\"type\":\"pie\",\"uiState\":{\"vis\":{\"colors\":{\"16\":\"#629E51\",\"80\":\"#E24D42\",\"272\":\"#DEDAF7\",\"running\":\"#7EB26D\",\"stopped\":\"#E24D42\"},\"legendOpen\":true}}},\"type\":\"visualization\"},\"title\":\"EC2 Instance State\"}]","timeRestore":false,"title":"[Metrics AWS] EC2 Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"aws-c5846400-f7fb-11e8-af03-c999c9dea608","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"metrics-*","name":"18:control_18_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"19:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688154054424,6241],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1MjgsMV0="}
-{"attributes":{"columns":["cloud.account.id","event.module","rule.name","source.ip","source.geo.country_name","cloud.instance.id","user.id","user.name"],"description":"","grid":{},"hideChart":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\" or data_stream.dataset : \\\"aws.securityhub_insights\\\" \"}}"},"sort":[["@timestamp","desc"]],"title":"Essential Details - Security Hub [Logs AWS]"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"aws-cc2e2cf0-5f3f-11ed-b2ee-f91fa284c4b5","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688154054424,6245],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1MjksMV0="}
-{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{\"d620f0d7-381f-456f-8660-a6e6838e34fc\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"data_stream.dataset\",\"title\":\"Integrations\",\"id\":\"d620f0d7-381f-456f-8660-a6e6838e34fc\",\"enhancements\":{},\"selectedOptions\":[]}},\"f7d8c037-280e-4387-84e2-fa76ee6124da\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"aws.securityhub_findings.region\",\"title\":\"Region\",\"id\":\"f7d8c037-280e-4387-84e2-fa76ee6124da\",\"enhancements\":{},\"selectedOptions\":[]}},\"c819da49-49e8-4460-8329-8521d7f8ac8a\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"cloud.account.id\",\"title\":\"Account\",\"id\":\"c819da49-49e8-4460-8329-8521d7f8ac8a\",\"enhancements\":{},\"selectedOptions\":[]}}}"},"description":"AWS Security Hub Findings Summary","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.module\",\"negate\":false,\"params\":{\"query\":\"aws\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.module\":\"aws\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":3,\"i\":\"cc027475-1e31-4ccf-bdd7-9655809a1c30\",\"w\":48,\"x\":0,\"y\":4},\"panelIndex\":\"cc027475-1e31-4ccf-bdd7-9655809a1c30\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"# AWS Security Hub Finding summary\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"146c2ac6-d83d-4fcb-808a-d24c2762f45c\",\"w\":24,\"x\":0,\"y\":7},\"panelIndex\":\"146c2ac6-d83d-4fcb-808a-d24c2762f45c\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-4b9a3fe3-f262-48c5-97cd-3f32f2264fdb\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"4b9a3fe3-f262-48c5-97cd-3f32f2264fdb\":{\"columnOrder\":[\"fb8cd887-3cd0-45c3-8aed-262a64d6b8b3\",\"7bcad210-7a5d-4afe-94ea-942f04dc5e68\"],\"columns\":{\"7bcad210-7a5d-4afe-94ea-942f04dc5e68\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"fb8cd887-3cd0-45c3-8aed-262a64d6b8b3\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Cloud Account Id\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"7bcad210-7a5d-4afe-94ea-942f04dc5e68\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"cloud.account.id\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"4b9a3fe3-f262-48c5-97cd-3f32f2264fdb\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"fb8cd887-3cd0-45c3-8aed-262a64d6b8b3\"],\"metrics\":[\"7bcad210-7a5d-4afe-94ea-942f04dc5e68\"]}],\"shape\":\"donut\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Events by Account [Logs AWS]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"2aeb6bda-8e7f-40bf-a8b3-ea8fdee8dea7\",\"w\":24,\"x\":24,\"y\":7},\"panelIndex\":\"2aeb6bda-8e7f-40bf-a8b3-ea8fdee8dea7\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-45c33cba-b3b0-45a4-91f3-a13600dbfdcc\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"45c33cba-b3b0-45a4-91f3-a13600dbfdcc\":{\"columnOrder\":[\"6d202975-b109-4e8b-a047-019162160e00\",\"25539159-d53b-4507-9e4b-e5aa60e46960\"],\"columns\":{\"25539159-d53b-4507-9e4b-e5aa60e46960\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"6d202975-b109-4e8b-a047-019162160e00\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Region\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"25539159-d53b-4507-9e4b-e5aa60e46960\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.region\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"45c33cba-b3b0-45a4-91f3-a13600dbfdcc\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"6d202975-b109-4e8b-a047-019162160e00\"],\"metrics\":[\"25539159-d53b-4507-9e4b-e5aa60e46960\"]}],\"shape\":\"donut\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Events by Region [Logs AWS]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"7a319626-d1c2-4728-9611-3bbea3c850d4\",\"w\":24,\"x\":0,\"y\":22},\"panelIndex\":\"7a319626-d1c2-4728-9611-3bbea3c850d4\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-abc2e8dc-c832-4535-bdf4-d39175c25d2e\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"abc2e8dc-c832-4535-bdf4-d39175c25d2e\":{\"columnOrder\":[\"4472ff1b-db62-487f-a6e3-749c5f62befd\",\"3774d612-21ea-4250-92b8-a2fe326e024c\"],\"columns\":{\"3774d612-21ea-4250-92b8-a2fe326e024c\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Findings\",\"operationType\":\"unique_count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"event.id\"},\"4472ff1b-db62-487f-a6e3-749c5f62befd\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Severity Label\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"3774d612-21ea-4250-92b8-a2fe326e024c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.severity.label\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"breakdownByAccessor\":\"4472ff1b-db62-487f-a6e3-749c5f62befd\",\"layerId\":\"abc2e8dc-c832-4535-bdf4-d39175c25d2e\",\"layerType\":\"data\",\"metricAccessor\":\"3774d612-21ea-4250-92b8-a2fe326e024c\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Count by Severity [Logs AWS]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"7cb13a54-c41f-4653-be22-340b99b6d83c\",\"w\":24,\"x\":24,\"y\":22},\"panelIndex\":\"7cb13a54-c41f-4653-be22-340b99b6d83c\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-cc8f028d-adf1-46a8-a162-aa6ba2cb8406\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"cc8f028d-adf1-46a8-a162-aa6ba2cb8406\":{\"columnOrder\":[\"4b241e3b-e550-4cc9-b68b-c47ba8b8cec3\",\"29f0109a-96df-439a-ae1c-a5dc3f53ff5c\"],\"columns\":{\"29f0109a-96df-439a-ae1c-a5dc3f53ff5c\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Findings\",\"operationType\":\"unique_count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"event.id\"},\"4b241e3b-e550-4cc9-b68b-c47ba8b8cec3\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Product Name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"29f0109a-96df-439a-ae1c-a5dc3f53ff5c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.product.name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"breakdownByAccessor\":\"4b241e3b-e550-4cc9-b68b-c47ba8b8cec3\",\"layerId\":\"cc8f028d-adf1-46a8-a162-aa6ba2cb8406\",\"layerType\":\"data\",\"metricAccessor\":\"29f0109a-96df-439a-ae1c-a5dc3f53ff5c\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":9,\"i\":\"7c5505a3-f4e0-43af-8e25-260e9e7e8473\",\"w\":48,\"x\":0,\"y\":30},\"panelIndex\":\"7c5505a3-f4e0-43af-8e25-260e9e7e8473\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-abc2e8dc-c832-4535-bdf4-d39175c25d2e\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"abc2e8dc-c832-4535-bdf4-d39175c25d2e\":{\"columnOrder\":[\"fed4a1c5-b8c0-4d90-a3b2-ab4f7703b784\",\"c2e3c0d5-8616-4909-ad4c-6c3438beb81c\",\"4900fbee-6544-4c05-9996-8d4ff192713f\"],\"columns\":{\"4900fbee-6544-4c05-9996-8d4ff192713f\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"c2e3c0d5-8616-4909-ad4c-6c3438beb81c\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"fed4a1c5-b8c0-4d90-a3b2-ab4f7703b784\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 5 values of aws.securityhub_findings.severity.label\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"4900fbee-6544-4c05-9996-8d4ff192713f\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.severity.label\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\" or data_stream.dataset : \\\"aws.securityhub_insights\\\" \"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"4900fbee-6544-4c05-9996-8d4ff192713f\"],\"layerId\":\"abc2e8dc-c832-4535-bdf4-d39175c25d2e\",\"layerType\":\"data\",\"seriesType\":\"bar_stacked\",\"splitAccessor\":\"fed4a1c5-b8c0-4d90-a3b2-ab4f7703b784\",\"xAccessor\":\"c2e3c0d5-8616-4909-ad4c-6c3438beb81c\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Finding's Severity Over Time [Logs AWS]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"d296bb5b-a63d-4931-84aa-d3a2d0fa754d\",\"w\":11,\"x\":0,\"y\":39},\"panelIndex\":\"d296bb5b-a63d-4931-84aa-d3a2d0fa754d\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Count\",\"emptyAsNull\":false,\"field\":\"event.id\"},\"schema\":\"metric\",\"type\":\"cardinality\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Instance ID \",\"excludeIsRegex\":true,\"field\":\"cloud.instance.id\",\"includeIsRegex\":true,\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10000},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\" or data_stream.dataset : \\\"aws.securityhub_insights\\\" \"}}},\"description\":\"\",\"params\":{\"autoFitRowToContent\":false,\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"},\"title\":\"Security Hub - Affected Instance ID [Logs AWS]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":16,\"i\":\"933df910-8ae4-4a4b-9af7-87b30a92d952\",\"w\":37,\"x\":11,\"y\":39},\"panelIndex\":\"933df910-8ae4-4a4b-9af7-87b30a92d952\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Finding Type\",\"excludeIsRegex\":true,\"field\":\"aws.securityhub_findings.types\",\"includeIsRegex\":true,\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Severity Label\",\"excludeIsRegex\":true,\"field\":\"aws.securityhub_findings.severity.label\",\"includeIsRegex\":true,\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\" or data_stream.dataset : \\\"aws.securityhub_insights\\\" \"}}},\"description\":\"\",\"params\":{\"autoFitRowToContent\":false,\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"colWidth\":[{\"colIndex\":0,\"width\":650},{\"colIndex\":1,\"width\":556}],\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}},\"type\":\"visualization\"},\"title\":\"Security Hub - Finding Types [Logs AWS]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"a4cba719-5f51-4090-910f-12e39dc01239\",\"w\":11,\"x\":0,\"y\":47},\"panelIndex\":\"a4cba719-5f51-4090-910f-12e39dc01239\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Count\",\"emptyAsNull\":false,\"field\":\"event.id\"},\"schema\":\"metric\",\"type\":\"cardinality\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"excludeIsRegex\":true,\"field\":\"network.direction\",\"includeIsRegex\":true,\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":6},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\" or data_stream.dataset : \\\"aws.securityhub_insights\\\" \"}}},\"description\":\"\",\"params\":{\"autoFitRowToContent\":false,\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"},\"title\":\"Security Hub - Network Direction [Logs AWS]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":18,\"i\":\"5c3b2b5f-b097-4b2e-adae-a4d9149e808f\",\"w\":48,\"x\":0,\"y\":55},\"panelIndex\":\"5c3b2b5f-b097-4b2e-adae-a4d9149e808f\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"aggregate\":\"concat\",\"customLabel\":\"Workflow\",\"field\":\"aws.securityhub_findings.workflow.status\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\"},\"schema\":\"metric\",\"type\":\"top_hits\"},{\"enabled\":true,\"id\":\"5\",\"params\":{\"customLabel\":\"Severity\",\"excludeIsRegex\":true,\"field\":\"aws.securityhub_findings.severity.normalized\",\"includeIsRegex\":true,\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":1000},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"6\",\"params\":{\"customLabel\":\"Label\",\"excludeIsRegex\":true,\"field\":\"aws.securityhub_findings.severity.label\",\"includeIsRegex\":true,\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10000},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Account\",\"excludeIsRegex\":true,\"field\":\"cloud.account.id\",\"includeIsRegex\":true,\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10000},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Region\",\"excludeIsRegex\":true,\"field\":\"aws.securityhub_findings.region\",\"includeIsRegex\":true,\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10000},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Product\",\"excludeIsRegex\":true,\"field\":\"aws.securityhub_findings.product.name\",\"includeIsRegex\":true,\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10000},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"7\",\"params\":{\"aggregate\":\"concat\",\"customLabel\":\"Record State\",\"field\":\"aws.securityhub_findings.record_state\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\"},\"schema\":\"metric\",\"type\":\"top_hits\"},{\"enabled\":true,\"id\":\"8\",\"params\":{\"customLabel\":\"Timestamp\",\"field\":\"@timestamp\"},\"schema\":\"metric\",\"type\":\"max\"},{\"enabled\":true,\"id\":\"10\",\"params\":{\"customLabel\":\"ID\",\"excludeIsRegex\":true,\"field\":\"event.id\",\"includeIsRegex\":true,\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10000},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\" or data_stream.dataset : \\\"aws.securityhub_insights\\\" \"}}},\"description\":\"\",\"params\":{\"autoFitRowToContent\":false,\"perPage\":20,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"},\"title\":\"Security Hub - Findings [Logs AWS]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":3,\"i\":\"7a8bdb96-e4c4-4e63-bc80-14fbd4b97c2f\",\"w\":48,\"x\":0,\"y\":73},\"panelIndex\":\"7a8bdb96-e4c4-4e63-bc80-14fbd4b97c2f\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":24,\"markdown\":\"Security Standards and Controls\",\"openLinksInNewTab\":false},\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":17,\"i\":\"9c9ea523-c04c-4783-9737-494bb8a1d068\",\"w\":48,\"x\":0,\"y\":76},\"panelIndex\":\"9c9ea523-c04c-4783-9737-494bb8a1d068\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"aggregate\":\"concat\",\"customLabel\":\"Workflow\",\"field\":\"aws.securityhub_findings.workflow.status\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\"},\"schema\":\"metric\",\"type\":\"top_hits\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Account\",\"excludeIsRegex\":true,\"field\":\"cloud.account.id\",\"includeIsRegex\":true,\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderAgg\":{\"enabled\":true,\"id\":\"2-orderAgg\",\"params\":{\"emptyAsNull\":false},\"schema\":\"orderAgg\",\"type\":\"count\"},\"orderBy\":\"custom\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10000},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Region\",\"excludeIsRegex\":true,\"field\":\"aws.securityhub_findings.region\",\"includeIsRegex\":true,\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10000},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"7\",\"params\":{\"customLabel\":\"Generator Id\",\"excludeIsRegex\":true,\"field\":\"aws.securityhub_findings.generator.id\",\"includeIsRegex\":true,\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"asc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10000},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Id\",\"excludeIsRegex\":true,\"field\":\"event.id\",\"includeIsRegex\":true,\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"5\",\"params\":{\"aggregate\":\"concat\",\"customLabel\":\"Compliance\",\"field\":\"aws.securityhub_findings.compliance.status\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\"},\"schema\":\"metric\",\"type\":\"top_hits\"},{\"enabled\":true,\"id\":\"6\",\"params\":{\"aggregate\":\"concat\",\"customLabel\":\"Record State\",\"field\":\"aws.securityhub_findings.record_state\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\"},\"schema\":\"metric\",\"type\":\"top_hits\"},{\"enabled\":true,\"id\":\"8\",\"params\":{\"customLabel\":\"Timestamp\",\"field\":\"@timestamp\"},\"schema\":\"metric\",\"type\":\"max\"}],\"searchSource\":{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\" or data_stream.dataset : \\\"aws.securityhub_insights\\\" \"}}},\"description\":\"\",\"params\":{\"autoFitRowToContent\":false,\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"},\"title\":\"\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":3,\"i\":\"a22c199d-3314-4dc0-9c99-79d7dad12c6c\",\"w\":48,\"x\":0,\"y\":93},\"panelIndex\":\"a22c199d-3314-4dc0-9c99-79d7dad12c6c\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":24,\"markdown\":\"Details\",\"openLinksInNewTab\":false},\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":16,\"i\":\"7fad8ba7-c80b-45f5-ace4-0757caa63766\",\"w\":48,\"x\":0,\"y\":96},\"panelIndex\":\"7fad8ba7-c80b-45f5-ace4-0757caa63766\",\"panelRefName\":\"panel_7fad8ba7-c80b-45f5-ace4-0757caa63766\",\"type\":\"search\",\"version\":\"8.4.0\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":16,\"i\":\"d730fda4-95c3-4c8f-9236-6dd187a9f63c\",\"w\":48,\"x\":0,\"y\":112},\"panelIndex\":\"d730fda4-95c3-4c8f-9236-6dd187a9f63c\",\"panelRefName\":\"panel_d730fda4-95c3-4c8f-9236-6dd187a9f63c\",\"type\":\"search\",\"version\":\"8.4.0\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"d5280fe0-536d-45b0-87c4-1fb9c41065fd\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"d5280fe0-536d-45b0-87c4-1fb9c41065fd\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"[Findings Action Overview](#/dashboard/aws-3d3dbe00-f79f-11ec-aa7f-c173c0f9e267) | [Findings Malware, Threat Intelligence Indicator and Network Path Overview](#/dashboard/aws-8fcf4c20-f7a3-11ec-aa7f-c173c0f9e267) | [Findings and Insights Overview](#/dashboard/aws-cc571400-dc61-11ec-a6e3-1bc5ab0aa1b4)\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Dashboards [Logs AWS]\"}]","timeRestore":false,"title":"[Logs AWS] Security Hub Summary Dashboard","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"aws-c9f103d0-5f63-11ed-bd69-473ce047ef30","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"146c2ac6-d83d-4fcb-808a-d24c2762f45c:indexpattern-datasource-layer-4b9a3fe3-f262-48c5-97cd-3f32f2264fdb","type":"index-pattern"},{"id":"logs-*","name":"2aeb6bda-8e7f-40bf-a8b3-ea8fdee8dea7:indexpattern-datasource-layer-45c33cba-b3b0-45a4-91f3-a13600dbfdcc","type":"index-pattern"},{"id":"logs-*","name":"7a319626-d1c2-4728-9611-3bbea3c850d4:indexpattern-datasource-layer-abc2e8dc-c832-4535-bdf4-d39175c25d2e","type":"index-pattern"},{"id":"logs-*","name":"7cb13a54-c41f-4653-be22-340b99b6d83c:indexpattern-datasource-layer-cc8f028d-adf1-46a8-a162-aa6ba2cb8406","type":"index-pattern"},{"id":"logs-*","name":"7c5505a3-f4e0-43af-8e25-260e9e7e8473:indexpattern-datasource-layer-abc2e8dc-c832-4535-bdf4-d39175c25d2e","type":"index-pattern"},{"id":"logs-*","name":"d296bb5b-a63d-4931-84aa-d3a2d0fa754d:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"933df910-8ae4-4a4b-9af7-87b30a92d952:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"a4cba719-5f51-4090-910f-12e39dc01239:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"5c3b2b5f-b097-4b2e-adae-a4d9149e808f:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"9c9ea523-c04c-4783-9737-494bb8a1d068:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"aws-b111d3a0-5f3e-11ed-b2ee-f91fa284c4b5","name":"7fad8ba7-c80b-45f5-ace4-0757caa63766:panel_7fad8ba7-c80b-45f5-ace4-0757caa63766","type":"search"},{"id":"aws-cc2e2cf0-5f3f-11ed-b2ee-f91fa284c4b5","name":"d730fda4-95c3-4c8f-9236-6dd187a9f63c:panel_d730fda4-95c3-4c8f-9236-6dd187a9f63c","type":"search"},{"id":"logs-*","name":"controlGroup_d620f0d7-381f-456f-8660-a6e6838e34fc:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_f7d8c037-280e-4387-84e2-fa76ee6124da:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_c819da49-49e8-4460-8329-8521d7f8ac8a:optionsListDataView","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688154054424,6264],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1MzAsMV0="}
-{"attributes":{"description":"Overview of AWS Security Hub Findings and Insights","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\" or data_stream.dataset : \\\"aws.securityhub_insights\\\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"4668ee49-067c-4cfc-a1d4-a3ab08c226b3\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"4668ee49-067c-4cfc-a1d4-a3ab08c226b3\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"[Findings Action Overview](#/dashboard/aws-3d3dbe00-f79f-11ec-aa7f-c173c0f9e267) | [Findings Malware, Threat Intelligence Indicator and Network Path Overview](#/dashboard/aws-8fcf4c20-f7a3-11ec-aa7f-c173c0f9e267) | [Summary Dashboard](#/dashboard/aws-c9f103d0-5f63-11ed-bd69-473ce047ef30) \",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Dashboards [Logs AWS]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"172b1706-6063-4239-92f8-3b8467011451\",\"w\":24,\"x\":24,\"y\":4},\"panelIndex\":\"172b1706-6063-4239-92f8-3b8467011451\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-0e162cf0-664f-4e61-811a-53b6647439eb\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"0e162cf0-664f-4e61-811a-53b6647439eb\":{\"columnOrder\":[\"fe5c1f4e-c9e8-4f5a-af66-097da74ee739\",\"30d0d102-8112-43c2-b002-2da63701c0cd\"],\"columns\":{\"30d0d102-8112-43c2-b002-2da63701c0cd\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"fe5c1f4e-c9e8-4f5a-af66-097da74ee739\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Network Protocols\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"30d0d102-8112-43c2-b002-2da63701c0cd\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"network.protocol\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"fe5c1f4e-c9e8-4f5a-af66-097da74ee739\"},{\"columnId\":\"30d0d102-8112-43c2-b002-2da63701c0cd\"}],\"layerId\":\"0e162cf0-664f-4e61-811a-53b6647439eb\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top 10 Network Protocols [Logs AWS]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"97721563-8afc-4ff2-b30d-a309a6673b09\",\"w\":24,\"x\":0,\"y\":4},\"panelIndex\":\"97721563-8afc-4ff2-b30d-a309a6673b09\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-4a594fbf-8dbd-4a05-b3e0-3fbbad5b9935\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"4a594fbf-8dbd-4a05-b3e0-3fbbad5b9935\":{\"columnOrder\":[\"13ac5e44-4247-4cd7-ba24-485bab02c205\",\"5438dbe3-f3f6-4def-8a4a-3584628557c7\"],\"columns\":{\"13ac5e44-4247-4cd7-ba24-485bab02c205\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Network Direction\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"5438dbe3-f3f6-4def-8a4a-3584628557c7\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"network.direction\"},\"5438dbe3-f3f6-4def-8a4a-3584628557c7\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"4a594fbf-8dbd-4a05-b3e0-3fbbad5b9935\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"13ac5e44-4247-4cd7-ba24-485bab02c205\"],\"metrics\":[\"5438dbe3-f3f6-4def-8a4a-3584628557c7\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Events by Network Direction [Logs AWS]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"40ab8dcf-a27a-4c38-b007-9d089e826939\",\"w\":24,\"x\":24,\"y\":19},\"panelIndex\":\"40ab8dcf-a27a-4c38-b007-9d089e826939\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a2993a77-e691-4f3b-8924-14a76108ce95\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a2993a77-e691-4f3b-8924-14a76108ce95\":{\"columnOrder\":[\"24c75e40-cfec-4583-8dec-ba92430ae1d6\",\"ade3e20e-e041-490f-a414-098dee0435ef\"],\"columns\":{\"24c75e40-cfec-4583-8dec-ba92430ae1d6\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Patch Summary Operation\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"ade3e20e-e041-490f-a414-098dee0435ef\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.patch_summary.operation.type\"},\"ade3e20e-e041-490f-a414-098dee0435ef\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"ade3e20e-e041-490f-a414-098dee0435ef\"],\"layerId\":\"a2993a77-e691-4f3b-8924-14a76108ce95\",\"layerType\":\"data\",\"seriesType\":\"bar_stacked\",\"xAccessor\":\"24c75e40-cfec-4583-8dec-ba92430ae1d6\"}],\"legend\":{\"isVisible\":true,\"legendSize\":\"auto\",\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Events by Patch Summary Operation [Logs AWS]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"ab35d746-7e18-49e8-b7e0-f7d9d2ade580\",\"w\":24,\"x\":0,\"y\":19},\"panelIndex\":\"ab35d746-7e18-49e8-b7e0-f7d9d2ade580\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-474374c1-eb7e-4000-908b-730e850b8860\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"474374c1-eb7e-4000-908b-730e850b8860\":{\"columnOrder\":[\"256717a7-0674-4a1b-92d9-54aa940245b3\",\"2cf6c73d-46f7-4acd-82d9-249f323a5499\"],\"columns\":{\"256717a7-0674-4a1b-92d9-54aa940245b3\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Severity Label\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"2cf6c73d-46f7-4acd-82d9-249f323a5499\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.severity.label\"},\"2cf6c73d-46f7-4acd-82d9-249f323a5499\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"474374c1-eb7e-4000-908b-730e850b8860\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"256717a7-0674-4a1b-92d9-54aa940245b3\"],\"metrics\":[\"2cf6c73d-46f7-4acd-82d9-249f323a5499\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Events by Severity Label [Logs AWS]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"6d092e76-fd08-4a90-a79d-f4a6d7c0539a\",\"w\":24,\"x\":24,\"y\":34},\"panelIndex\":\"6d092e76-fd08-4a90-a79d-f4a6d7c0539a\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-f338c401-cb0d-4b88-b79a-331e97840ec7\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"f338c401-cb0d-4b88-b79a-331e97840ec7\":{\"columnOrder\":[\"f90394f0-f268-40db-b0df-1fc66f92f3dd\",\"70f96d67-909a-4954-b3b1-2baa7ed05c5a\"],\"columns\":{\"70f96d67-909a-4954-b3b1-2baa7ed05c5a\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"f90394f0-f268-40db-b0df-1fc66f92f3dd\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Workflow Status\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"70f96d67-909a-4954-b3b1-2baa7ed05c5a\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.workflow.status\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"f338c401-cb0d-4b88-b79a-331e97840ec7\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"f90394f0-f268-40db-b0df-1fc66f92f3dd\"],\"metrics\":[\"70f96d67-909a-4954-b3b1-2baa7ed05c5a\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Events by Workflow Status [Logs AWS]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"d73afd74-7fb1-467f-a1a3-2758d228d350\",\"w\":24,\"x\":0,\"y\":34},\"panelIndex\":\"d73afd74-7fb1-467f-a1a3-2758d228d350\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-24f9158d-6500-4033-9d0a-e5e66e628cd4\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"24f9158d-6500-4033-9d0a-e5e66e628cd4\":{\"columnOrder\":[\"a6b636e0-9986-49ba-ab84-80e3e3e466f1\",\"e9a0408a-e93b-4457-acc0-abe894aa8c0a\"],\"columns\":{\"a6b636e0-9986-49ba-ab84-80e3e3e466f1\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Process Name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e9a0408a-e93b-4457-acc0-abe894aa8c0a\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"process.name\"},\"e9a0408a-e93b-4457-acc0-abe894aa8c0a\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"a6b636e0-9986-49ba-ab84-80e3e3e466f1\"},{\"columnId\":\"e9a0408a-e93b-4457-acc0-abe894aa8c0a\"}],\"layerId\":\"24f9158d-6500-4033-9d0a-e5e66e628cd4\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top 10 Process Name [Logs AWS]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"7a63107d-cb62-4206-bd3b-23f9d492d158\",\"w\":24,\"x\":24,\"y\":49},\"panelIndex\":\"7a63107d-cb62-4206-bd3b-23f9d492d158\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-121c4faf-2de3-4bca-9a64-a1f1c5a0a8f0\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"121c4faf-2de3-4bca-9a64-a1f1c5a0a8f0\":{\"columnOrder\":[\"3d8e7c68-095e-4e40-bfe8-2199305ddfc6\",\"5ebd8b37-0d00-4eef-9733-2c122890207c\"],\"columns\":{\"3d8e7c68-095e-4e40-bfe8-2199305ddfc6\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Patch Summary Reboot Option \",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"5ebd8b37-0d00-4eef-9733-2c122890207c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.patch_summary.reboot_option\"},\"5ebd8b37-0d00-4eef-9733-2c122890207c\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"121c4faf-2de3-4bca-9a64-a1f1c5a0a8f0\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"3d8e7c68-095e-4e40-bfe8-2199305ddfc6\"],\"metrics\":[\"5ebd8b37-0d00-4eef-9733-2c122890207c\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Events by Patch Summary Reboot Option [Logs AWS]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"615635af-0004-4e26-984b-e35cf9b65678\",\"w\":24,\"x\":0,\"y\":49},\"panelIndex\":\"615635af-0004-4e26-984b-e35cf9b65678\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-70c66cc2-30b9-462d-9581-705567e5cdcc\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"70c66cc2-30b9-462d-9581-705567e5cdcc\":{\"columnOrder\":[\"128f5751-155b-4132-891d-0f8e19ba0e09\",\"9bda1334-7bb8-4ee1-bf62-b7e89a34ddf1\"],\"columns\":{\"128f5751-155b-4132-891d-0f8e19ba0e09\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Software Packages having Vulnerability\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"9bda1334-7bb8-4ee1-bf62-b7e89a34ddf1\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.vulnerabilities.vulnerable_packages.name\"},\"9bda1334-7bb8-4ee1-bf62-b7e89a34ddf1\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"128f5751-155b-4132-891d-0f8e19ba0e09\"},{\"columnId\":\"9bda1334-7bb8-4ee1-bf62-b7e89a34ddf1\"}],\"layerId\":\"70c66cc2-30b9-462d-9581-705567e5cdcc\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top 10 Software Packages having Vulnerability [Logs AWS]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"e2e1e909-11f4-4143-90f2-01f8f655889e\",\"w\":24,\"x\":24,\"y\":64},\"panelIndex\":\"e2e1e909-11f4-4143-90f2-01f8f655889e\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-6501c2cb-9124-4f68-959f-0edcdf9192df\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"6501c2cb-9124-4f68-959f-0edcdf9192df\":{\"columnOrder\":[\"b6af7a3e-4422-4a19-a0f8-745088629509\",\"59a527c4-30d6-40c2-90ee-978520ad0a6d\"],\"columns\":{\"59a527c4-30d6-40c2-90ee-978520ad0a6d\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"b6af7a3e-4422-4a19-a0f8-745088629509\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Vendor Severity\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"59a527c4-30d6-40c2-90ee-978520ad0a6d\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.vulnerabilities.vendor.severity\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"6501c2cb-9124-4f68-959f-0edcdf9192df\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"b6af7a3e-4422-4a19-a0f8-745088629509\"],\"metrics\":[\"59a527c4-30d6-40c2-90ee-978520ad0a6d\"]}],\"shape\":\"pie\"}},\"title\":\"Distribution of Events by Vendor Severity [Logs AWS]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Events by Vendor Severity [Logs AWS]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"0fb0e89f-d06b-410f-833a-7cdd065bb0f1\",\"w\":24,\"x\":0,\"y\":64},\"panelIndex\":\"0fb0e89f-d06b-410f-833a-7cdd065bb0f1\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-d0ec8900-0fdd-42d2-a9ca-341473136d56\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"d0ec8900-0fdd-42d2-a9ca-341473136d56\":{\"columnOrder\":[\"d7b65dd5-a2c5-4c33-be01-05c9ee6ea625\",\"e7bec509-1241-4872-8ee6-4c732d8bf311\"],\"columns\":{\"d7b65dd5-a2c5-4c33-be01-05c9ee6ea625\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Vulnerable Packages Architecture\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e7bec509-1241-4872-8ee6-4c732d8bf311\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.vulnerabilities.vulnerable_packages.architecture\"},\"e7bec509-1241-4872-8ee6-4c732d8bf311\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"e7bec509-1241-4872-8ee6-4c732d8bf311\"],\"layerId\":\"d0ec8900-0fdd-42d2-a9ca-341473136d56\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"d7b65dd5-a2c5-4c33-be01-05c9ee6ea625\"}],\"legend\":{\"isVisible\":true,\"legendSize\":\"auto\",\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Events by Vulnerable Packages Architecture [Logs AWS]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"e2d82ea2-864c-43f0-835a-eb20d0c81595\",\"w\":24,\"x\":24,\"y\":79},\"panelIndex\":\"e2d82ea2-864c-43f0-835a-eb20d0c81595\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a35f9122-38bb-412a-bfe8-63ac32cff907\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a35f9122-38bb-412a-bfe8-63ac32cff907\":{\"columnOrder\":[\"98fd6f34-859b-4715-b89a-ac7c5df5d069\",\"a929085b-2ce4-42a8-8fce-220f12728af8\"],\"columns\":{\"98fd6f34-859b-4715-b89a-ac7c5df5d069\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Compliance Status\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"a929085b-2ce4-42a8-8fce-220f12728af8\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.compliance.status\"},\"a929085b-2ce4-42a8-8fce-220f12728af8\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"a35f9122-38bb-412a-bfe8-63ac32cff907\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"98fd6f34-859b-4715-b89a-ac7c5df5d069\"],\"metrics\":[\"a929085b-2ce4-42a8-8fce-220f12728af8\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Events by Compliance Status [Logs AWS]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"12d448b6-1ea8-42a9-89d0-c9b025b86438\",\"w\":24,\"x\":0,\"y\":79},\"panelIndex\":\"12d448b6-1ea8-42a9-89d0-c9b025b86438\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a43577d9-3b6a-4b88-945e-20a290ac059a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a43577d9-3b6a-4b88-945e-20a290ac059a\":{\"columnOrder\":[\"e1282a2c-e5d0-4fba-b51a-c5ea7ed34949\",\"4b0578ca-9eee-4b30-a70f-8c30f770ff8b\"],\"columns\":{\"4b0578ca-9eee-4b30-a70f-8c30f770ff8b\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"e1282a2c-e5d0-4fba-b51a-c5ea7ed34949\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Security Hub Insight Name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"4b0578ca-9eee-4b30-a70f-8c30f770ff8b\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_insights.name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_insights\\\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"e1282a2c-e5d0-4fba-b51a-c5ea7ed34949\"},{\"columnId\":\"4b0578ca-9eee-4b30-a70f-8c30f770ff8b\"}],\"layerId\":\"a43577d9-3b6a-4b88-945e-20a290ac059a\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top 10 Security Hub Insight Name [Logs AWS]\"}]","timeRestore":false,"title":"[Logs AWS] Security Hub Findings and Insights Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"aws-cc571400-dc61-11ec-a6e3-1bc5ab0aa1b4","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"172b1706-6063-4239-92f8-3b8467011451:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"172b1706-6063-4239-92f8-3b8467011451:indexpattern-datasource-layer-0e162cf0-664f-4e61-811a-53b6647439eb","type":"index-pattern"},{"id":"logs-*","name":"97721563-8afc-4ff2-b30d-a309a6673b09:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"97721563-8afc-4ff2-b30d-a309a6673b09:indexpattern-datasource-layer-4a594fbf-8dbd-4a05-b3e0-3fbbad5b9935","type":"index-pattern"},{"id":"logs-*","name":"40ab8dcf-a27a-4c38-b007-9d089e826939:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"40ab8dcf-a27a-4c38-b007-9d089e826939:indexpattern-datasource-layer-a2993a77-e691-4f3b-8924-14a76108ce95","type":"index-pattern"},{"id":"logs-*","name":"ab35d746-7e18-49e8-b7e0-f7d9d2ade580:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"ab35d746-7e18-49e8-b7e0-f7d9d2ade580:indexpattern-datasource-layer-474374c1-eb7e-4000-908b-730e850b8860","type":"index-pattern"},{"id":"logs-*","name":"6d092e76-fd08-4a90-a79d-f4a6d7c0539a:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"6d092e76-fd08-4a90-a79d-f4a6d7c0539a:indexpattern-datasource-layer-f338c401-cb0d-4b88-b79a-331e97840ec7","type":"index-pattern"},{"id":"logs-*","name":"d73afd74-7fb1-467f-a1a3-2758d228d350:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"d73afd74-7fb1-467f-a1a3-2758d228d350:indexpattern-datasource-layer-24f9158d-6500-4033-9d0a-e5e66e628cd4","type":"index-pattern"},{"id":"logs-*","name":"7a63107d-cb62-4206-bd3b-23f9d492d158:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"7a63107d-cb62-4206-bd3b-23f9d492d158:indexpattern-datasource-layer-121c4faf-2de3-4bca-9a64-a1f1c5a0a8f0","type":"index-pattern"},{"id":"logs-*","name":"615635af-0004-4e26-984b-e35cf9b65678:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"615635af-0004-4e26-984b-e35cf9b65678:indexpattern-datasource-layer-70c66cc2-30b9-462d-9581-705567e5cdcc","type":"index-pattern"},{"id":"logs-*","name":"e2e1e909-11f4-4143-90f2-01f8f655889e:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"e2e1e909-11f4-4143-90f2-01f8f655889e:indexpattern-datasource-layer-6501c2cb-9124-4f68-959f-0edcdf9192df","type":"index-pattern"},{"id":"logs-*","name":"0fb0e89f-d06b-410f-833a-7cdd065bb0f1:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"0fb0e89f-d06b-410f-833a-7cdd065bb0f1:indexpattern-datasource-layer-d0ec8900-0fdd-42d2-a9ca-341473136d56","type":"index-pattern"},{"id":"logs-*","name":"e2d82ea2-864c-43f0-835a-eb20d0c81595:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"e2d82ea2-864c-43f0-835a-eb20d0c81595:indexpattern-datasource-layer-a35f9122-38bb-412a-bfe8-63ac32cff907","type":"index-pattern"},{"id":"logs-*","name":"12d448b6-1ea8-42a9-89d0-c9b025b86438:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"12d448b6-1ea8-42a9-89d0-c9b025b86438:indexpattern-datasource-layer-a43577d9-3b6a-4b88-945e-20a290ac059a","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688154054424,6291],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1MzEsMV0="}
-{"attributes":{"description":"Overview of AWS SNS Metrics","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.sns\"},\"type\":\"phrase\",\"value\":\"aws.sns\"},\"query\":{\"match\":{\"data_stream.dataset\":{\"query\":\"aws.sns\",\"type\":\"phrase\"}}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"3b9b0cee-b175-4268-8c5b-4ce869a09caf\",\"w\":9,\"x\":0,\"y\":0},\"panelIndex\":\"3b9b0cee-b175-4268-8c5b-4ce869a09caf\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloud.region\",\"id\":\"1549397251041\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"region name\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":true,\"useTimeFilter\":false},\"title\":\"AWS Region Filter [Metrics AWS]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"5f0d72c5-0f28-449f-9c93-3b4074f068f7\",\"w\":39,\"x\":9,\"y\":0},\"panelIndex\":\"5f0d72c5-0f28-449f-9c93-3b4074f068f7\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"legend_position\":\"bottom\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"s,s,3\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Messages Published\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.sns.metrics.NumberOfMessagesPublished.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"5\",\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":null,\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(115,216,255,1)\",\"fill\":\"0\",\"formatter\":\"s,s,3\",\"id\":\"204ff2b0-1b77-11ea-9357-231d0e09a8a9\",\"label\":\"Notifications Delivered\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.sns.metrics.NumberOfNotificationsDelivered.sum\",\"id\":\"204ff2b1-1b77-11ea-9357-231d0e09a8a9\",\"type\":\"avg\"}],\"point_size\":\"5\",\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":null,\"terms_order_by\":\"204ff2b1-1b77-11ea-9357-231d0e09a8a9\",\"type\":\"timeseries\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(244,78,59,1)\",\"fill\":\"0\",\"formatter\":\"s,s,3\",\"id\":\"32e925e0-1b77-11ea-9357-231d0e09a8a9\",\"label\":\"Notifications Failed\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.sns.metrics.NumberOfNotificationsFailed.sum\",\"id\":\"32e925e1-1b77-11ea-9357-231d0e09a8a9\",\"type\":\"avg\"}],\"point_size\":\"5\",\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":null,\"terms_order_by\":\"32e925e1-1b77-11ea-9357-231d0e09a8a9\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"SNS Messages and Notifications [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"SNS Messages and Notifications\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"5a9d5f2f-b075-4892-8188-c6e808a1163d\",\"w\":9,\"x\":0,\"y\":5},\"panelIndex\":\"5a9d5f2f-b075-4892-8188-c6e808a1163d\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"aws.dimensions.TopicName\",\"id\":\"1565034367477\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"topic name\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":true,\"useTimeFilter\":true},\"title\":\"SNS Topic Name Filter [Metrics AWS]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"c6d5a54d-61a4-470b-8769-c5b6d6ab6c0f\",\"w\":16,\"x\":0,\"y\":10},\"panelIndex\":\"c6d5a54d-61a4-470b-8769-c5b6d6ab6c0f\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"legend_position\":\"bottom\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Publish Size\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.sns.metrics.PublishSize.avg\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"5\",\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":null,\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"SNS Publish Size [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"SNS Publish Size\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"0684c25d-34e8-425e-9069-dd8364e6325b\",\"w\":16,\"x\":16,\"y\":10},\"panelIndex\":\"0684c25d-34e8-425e-9069-dd8364e6325b\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"legend_position\":\"bottom\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"s,s,3\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Notifications Filtered Out\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.sns.metrics.NumberOfNotificationsFilteredOut.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"5\",\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":null,\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"SNS Notifications Filtered Out [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"SNS Notifications Filtered Out\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"72e987da-9a49-4dd4-99c4-4acbc49a0e0b\",\"w\":16,\"x\":32,\"y\":10},\"panelIndex\":\"72e987da-9a49-4dd4-99c4-4acbc49a0e0b\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"legend_position\":\"bottom\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"s,s,3\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Notifications Filtered Out Invalid Attributes\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.sns.metrics.NumberOfNotificationsFilteredOut-InvalidAttributes.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"5\",\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":null,\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"SNS Notifications Filtered Out Invalid Attributes [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"SNS Notifications Filtered Out Invalid Attributes\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"923bd4cd-d8fe-47b5-afcf-577bf2c5987c\",\"w\":16,\"x\":0,\"y\":20},\"panelIndex\":\"923bd4cd-d8fe-47b5-afcf-577bf2c5987c\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"legend_position\":\"bottom\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"s,s,3\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Notifications Filtered Out No Message Attributes\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.sns.metrics.NumberOfNotificationsFilteredOut-NoMessageAttributes.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"5\",\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":null,\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"SNS Notifications Filtered Out No Message Attributes [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"SNS Notifications Filtered Out No Message Attributes\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"f176153f-4588-42f9-a7bb-3015909d5610\",\"w\":16,\"x\":32,\"y\":20},\"panelIndex\":\"f176153f-4588-42f9-a7bb-3015909d5610\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"legend_position\":\"bottom\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"s,s,3\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Notifications Failed To Redrive To DLQ\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.sns.metrics.NumberOfNotificationsFailedToRedriveToDlq.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"5\",\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":null,\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"SNS Notifications Failed To Redrive To DLQ [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"SNS Notifications Failed to Redrive to DLQ\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"f3c5915b-6848-4950-afca-53653d13d6af\",\"w\":16,\"x\":0,\"y\":30},\"panelIndex\":\"f3c5915b-6848-4950-afca-53653d13d6af\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"legend_position\":\"bottom\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"SMS Success Rate\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.sns.metrics.SMSSuccessRate.avg\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"5\",\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":null,\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"SNS SMS Success Rate [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"SNS SMS Success Rate\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"3b3cc747-b57c-44e0-a18c-77155072bee4\",\"w\":16,\"x\":16,\"y\":20},\"panelIndex\":\"3b3cc747-b57c-44e0-a18c-77155072bee4\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"legend_position\":\"bottom\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"s,s,3\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Notifications Redriven To DLQ\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.sns.metrics.NumberOfNotificationsRedrivenToDlq.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"5\",\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":null,\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"SNS Notifications Redriven To DLQ [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"SNS Notifications Redriven To DLQ\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"ee130150-c1de-465b-8a8e-013f466528bf\",\"w\":16,\"x\":16,\"y\":30},\"panelIndex\":\"ee130150-c1de-465b-8a8e-013f466528bf\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"legend_position\":\"bottom\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"s,s,3\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"SMS Month To Date Spent USD\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.sns.metrics.SMSMonthToDateSpentUSD.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"5\",\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":null,\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"SNS SMS Month To Date Spent USD [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"SNS SMS Month To Date Spent USD\"}]","timeRestore":false,"title":"[Metrics AWS] SNS Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"aws-d17b1000-17a4-11ea-8e91-03c7047cbb9d","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"3b9b0cee-b175-4268-8c5b-4ce869a09caf:control_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"5a9d5f2f-b075-4892-8188-c6e808a1163d:control_0_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688154054424,6297],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1MzIsMV0="}
-{"attributes":{"description":"Dashboard providing statistics about alerts ingested from the AWS Network Firewall integration.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.firewall_logs\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.firewall_logs\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"event.kind\",\"negate\":false,\"params\":{\"query\":\"alert\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.kind\":\"alert\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":14,\"i\":\"258f7245-5011-4f03-bcd3-cada0180dc7a\",\"w\":12,\"x\":0,\"y\":0},\"panelIndex\":\"258f7245-5011-4f03-bcd3-cada0180dc7a\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"**Navigation**\\n\\n[Overview](/app/dashboards#/view/aws-2ba11b50-4b9d-11ec-8282-5342b8988acc)  \\n**[Alerts (This Page)](/app/dashboards#/view/aws-dfa76470-4ba1-11ec-8282-5342b8988acc)**  \\n[Flows](/app/dashboards#/view/aws-562bdea0-4ba7-11ec-8282-5342b8988acc)  \\n[Metrics](/app/dashboards#/view/aws-3abffe60-4ba9-11ec-8282-5342b8988acc)  \\n\\n[Integrations Page](/app/integrations/detail/aws/overview?integration=firewall)  \\n\\n**Overview**\\n\\nThis dashboard provides an overall view of AWS Network Firewall alerts.\\n\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"8bc8eff1-b70e-4f81-b2a1-de0db6742337\",\"w\":36,\"x\":12,\"y\":0},\"panelIndex\":\"8bc8eff1-b70e-4f81-b2a1-de0db6742337\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloud.region\",\"id\":\"1637591016076\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"Region\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloud.availability_zone\",\"id\":\"1637591029629\",\"indexPatternRefName\":\"control_1_index_pattern\",\"label\":\"Availability Zone\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"observer.name\",\"id\":\"1637591118622\",\"indexPatternRefName\":\"control_2_index_pattern\",\"label\":\"Firewall\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":false,\"useTimeFilter\":false},\"title\":\"Firewall Filters [Logs AWS]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Firewall Filters\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64\",\"w\":6,\"x\":12,\"y\":7},\"panelIndex\":\"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Source IPs\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(source.ip)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of unique_count(source.ip)\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"source.ip\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Source IPs\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"4c85d573-baea-49ca-bb9e-4013a0373da7\",\"w\":6,\"x\":18,\"y\":7},\"panelIndex\":\"4c85d573-baea-49ca-bb9e-4013a0373da7\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Destination IPs\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(destination.ip)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Unique Source IPs\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"destination.ip\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Destination IPs\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"b0b8c30c-2096-49ee-95b3-9adbf27808e5\",\"w\":6,\"x\":24,\"y\":7},\"panelIndex\":\"b0b8c30c-2096-49ee-95b3-9adbf27808e5\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Source Countries\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(source.geo.country_name)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Unique Source IPs\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"source.geo.country_name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Source Countries\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"e0be3094-1544-4c59-858c-05320b57c3a7\",\"w\":6,\"x\":30,\"y\":7},\"panelIndex\":\"e0be3094-1544-4c59-858c-05320b57c3a7\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Destination Countries\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(destination.geo.country_name)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Unique Source Countries\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"destination.geo.country_name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Destination Countries\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"673dd2b3-e271-4ad9-9b86-83e4e1070647\",\"w\":6,\"x\":36,\"y\":7},\"panelIndex\":\"673dd2b3-e271-4ad9-9b86-83e4e1070647\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Network Protocols\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(network.protocol)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Unique Rules\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"network.protocol\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Network Protocols\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"09caeba8-1f98-4937-b1b8-60debe3e3728\",\"w\":6,\"x\":42,\"y\":7},\"panelIndex\":\"09caeba8-1f98-4937-b1b8-60debe3e3728\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Rules\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(rule.id)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Unique Network Protocols\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"rule.id\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Rules\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"0e2449f9-149d-473f-99f6-28e3ef05f2fd\",\"w\":12,\"x\":0,\"y\":14},\"panelIndex\":\"0e2449f9-149d-473f-99f6-28e3ef05f2fd\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-1759e92e-4fa4-4b59-ad5b-333b72cc71b2\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"1759e92e-4fa4-4b59-ad5b-333b72cc71b2\":{\"columnOrder\":[\"89ef0f2c-d13c-4c54-93d0-acf58ff43d3f\",\"78c62ee4-eb82-401b-b39b-423df9c7e0eb\"],\"columns\":{\"78c62ee4-eb82-401b-b39b-423df9c7e0eb\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"89ef0f2c-d13c-4c54-93d0-acf58ff43d3f\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Rules\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"78c62ee4-eb82-401b-b39b-423df9c7e0eb\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"rule.name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"accessors\":[\"78c62ee4-eb82-401b-b39b-423df9c7e0eb\"],\"layerId\":\"1759e92e-4fa4-4b59-ad5b-333b72cc71b2\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_horizontal_stacked\",\"showGridlines\":false,\"xAccessor\":\"89ef0f2c-d13c-4c54-93d0-acf58ff43d3f\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"bar_horizontal_stacked\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Rules\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"2148efa5-f130-4751-909d-6a79eed2e16b\",\"w\":12,\"x\":12,\"y\":14},\"panelIndex\":\"2148efa5-f130-4751-909d-6a79eed2e16b\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"77c8c7dc-b073-4d7c-8403-b25ee4647152\":{\"columnOrder\":[\"f49ff962-9e8a-4170-a0d8-54cee9438651\",\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"],\"columns\":{\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"f49ff962-9e8a-4170-a0d8-54cee9438651\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of source.geo.country_name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"source.geo.country_name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"legendSize\":\"auto\",\"primaryGroups\":[\"f49ff962-9e8a-4170-a0d8-54cee9438651\"],\"metrics\":[\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Source Countries\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"6790d45f-4fa9-4a70-b0e1-a3e10682c852\",\"w\":12,\"x\":24,\"y\":14},\"panelIndex\":\"6790d45f-4fa9-4a70-b0e1-a3e10682c852\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"77c8c7dc-b073-4d7c-8403-b25ee4647152\":{\"columnOrder\":[\"f49ff962-9e8a-4170-a0d8-54cee9438651\",\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"],\"columns\":{\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"f49ff962-9e8a-4170-a0d8-54cee9438651\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of destination.geo.country_name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"destination.geo.country_name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"legendSize\":\"auto\",\"primaryGroups\":[\"f49ff962-9e8a-4170-a0d8-54cee9438651\"],\"metrics\":[\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Destination Countries\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"f7c1e866-ba0d-45af-95bf-2736901431dc\",\"w\":12,\"x\":36,\"y\":14},\"panelIndex\":\"f7c1e866-ba0d-45af-95bf-2736901431dc\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"77c8c7dc-b073-4d7c-8403-b25ee4647152\":{\"columnOrder\":[\"9367ad41-b48b-438e-b4d8-2c3f85aff052\",\"76f26815-f13c-4273-b52f-7c25247f2b0d\",\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"],\"columns\":{\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"76f26815-f13c-4273-b52f-7c25247f2b0d\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of network.protocol\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"network.protocol\"},\"9367ad41-b48b-438e-b4d8-2c3f85aff052\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of network.transport\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":3},\"scale\":\"ordinal\",\"sourceField\":\"network.transport\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"legendSize\":\"auto\",\"primaryGroups\":[\"76f26815-f13c-4273-b52f-7c25247f2b0d\",\"76f26815-f13c-4273-b52f-7c25247f2b0d\",\"9367ad41-b48b-438e-b4d8-2c3f85aff052\",\"76f26815-f13c-4273-b52f-7c25247f2b0d\",\"76f26815-f13c-4273-b52f-7c25247f2b0d\",\"76f26815-f13c-4273-b52f-7c25247f2b0d\"],\"metrics\":[\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"]}],\"shape\":\"donut\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Network Protocols and Applications\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"ce8caf3c-c830-4500-a4bf-66a9f354cd49\",\"w\":12,\"x\":0,\"y\":29},\"panelIndex\":\"ce8caf3c-c830-4500-a4bf-66a9f354cd49\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5c93c96-5038-49e1-acca-2e876257c059\":{\"columnOrder\":[\"b2d72986-1818-4a93-9155-2a66cd00eca4\",\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\"],\"columns\":{\"b2d72986-1818-4a93-9155-2a66cd00eca4\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Firewall\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"observer.name\"},\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"b2d72986-1818-4a93-9155-2a66cd00eca4\",\"isTransposed\":false},{\"columnId\":\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\",\"isTransposed\":false}],\"layerId\":\"a5c93c96-5038-49e1-acca-2e876257c059\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Event Generating Firewalls\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"9609e04b-0043-4b3a-a31b-a2461c1e3dcb\",\"w\":12,\"x\":12,\"y\":29},\"panelIndex\":\"9609e04b-0043-4b3a-a31b-a2461c1e3dcb\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5c93c96-5038-49e1-acca-2e876257c059\":{\"columnOrder\":[\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"915adad5-4455-40d4-a9cd-0702da79189c\"],\"columns\":{\"63e483b4-0ce2-4f05-92a2-8e699650d64c\":{\"customLabel\":true,\"dataType\":\"ip\",\"isBucketed\":true,\"label\":\"Source IP\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"source.ip\"},\"915adad5-4455-40d4-a9cd-0702da79189c\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"isTransposed\":false},{\"columnId\":\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"isTransposed\":false}],\"layerId\":\"a5c93c96-5038-49e1-acca-2e876257c059\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Event Source IPs\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"8a1bd282-e360-473d-b26d-e73f2b470c81\",\"w\":12,\"x\":24,\"y\":29},\"panelIndex\":\"8a1bd282-e360-473d-b26d-e73f2b470c81\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5c93c96-5038-49e1-acca-2e876257c059\":{\"columnOrder\":[\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"915adad5-4455-40d4-a9cd-0702da79189c\"],\"columns\":{\"63e483b4-0ce2-4f05-92a2-8e699650d64c\":{\"customLabel\":true,\"dataType\":\"ip\",\"isBucketed\":true,\"label\":\"Destination IP\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"destination.ip\"},\"915adad5-4455-40d4-a9cd-0702da79189c\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"isTransposed\":false},{\"columnId\":\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"isTransposed\":false}],\"layerId\":\"a5c93c96-5038-49e1-acca-2e876257c059\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Event Destination IPs\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"3b9a2a5f-1226-415c-88d5-21496508d060\",\"w\":12,\"x\":36,\"y\":29},\"panelIndex\":\"3b9a2a5f-1226-415c-88d5-21496508d060\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5c93c96-5038-49e1-acca-2e876257c059\":{\"columnOrder\":[\"71a5a0d6-161e-4175-9a34-b25e8cfbf4c0\",\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\"],\"columns\":{\"71a5a0d6-161e-4175-9a34-b25e8cfbf4c0\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Network Protocol\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"network.protocol\"},\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"71a5a0d6-161e-4175-9a34-b25e8cfbf4c0\",\"isTransposed\":false},{\"columnId\":\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\",\"isTransposed\":false}],\"layerId\":\"a5c93c96-5038-49e1-acca-2e876257c059\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Network Protocols\"},{\"embeddableConfig\":{\"columns\":[\"observer.name\",\"source.ip\",\"source.port\",\"destination.ip\",\"destination.port\",\"rule.name\",\"event.type\"],\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":12,\"i\":\"cc6fd495-c70e-4805-b097-e40ac11d2fb8\",\"w\":48,\"x\":0,\"y\":40},\"panelIndex\":\"cc6fd495-c70e-4805-b097-e40ac11d2fb8\",\"panelRefName\":\"panel_cc6fd495-c70e-4805-b097-e40ac11d2fb8\",\"title\":\"Firewall Logs\",\"type\":\"search\",\"version\":\"7.15.1\"}]","timeRestore":false,"title":"[Logs AWS] Firewall Alerts","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"aws-dfa76470-4ba1-11ec-8282-5342b8988acc","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"logs-*","name":"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"4c85d573-baea-49ca-bb9e-4013a0373da7:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"4c85d573-baea-49ca-bb9e-4013a0373da7:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"b0b8c30c-2096-49ee-95b3-9adbf27808e5:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"b0b8c30c-2096-49ee-95b3-9adbf27808e5:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"e0be3094-1544-4c59-858c-05320b57c3a7:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"e0be3094-1544-4c59-858c-05320b57c3a7:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"673dd2b3-e271-4ad9-9b86-83e4e1070647:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"673dd2b3-e271-4ad9-9b86-83e4e1070647:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"09caeba8-1f98-4937-b1b8-60debe3e3728:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"09caeba8-1f98-4937-b1b8-60debe3e3728:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"0e2449f9-149d-473f-99f6-28e3ef05f2fd:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"0e2449f9-149d-473f-99f6-28e3ef05f2fd:indexpattern-datasource-layer-1759e92e-4fa4-4b59-ad5b-333b72cc71b2","type":"index-pattern"},{"id":"logs-*","name":"2148efa5-f130-4751-909d-6a79eed2e16b:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"2148efa5-f130-4751-909d-6a79eed2e16b:indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152","type":"index-pattern"},{"id":"logs-*","name":"6790d45f-4fa9-4a70-b0e1-a3e10682c852:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"6790d45f-4fa9-4a70-b0e1-a3e10682c852:indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152","type":"index-pattern"},{"id":"logs-*","name":"f7c1e866-ba0d-45af-95bf-2736901431dc:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"f7c1e866-ba0d-45af-95bf-2736901431dc:indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152","type":"index-pattern"},{"id":"logs-*","name":"ce8caf3c-c830-4500-a4bf-66a9f354cd49:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"ce8caf3c-c830-4500-a4bf-66a9f354cd49:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059","type":"index-pattern"},{"id":"logs-*","name":"9609e04b-0043-4b3a-a31b-a2461c1e3dcb:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"9609e04b-0043-4b3a-a31b-a2461c1e3dcb:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059","type":"index-pattern"},{"id":"logs-*","name":"8a1bd282-e360-473d-b26d-e73f2b470c81:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"8a1bd282-e360-473d-b26d-e73f2b470c81:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059","type":"index-pattern"},{"id":"logs-*","name":"3b9a2a5f-1226-415c-88d5-21496508d060:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"3b9a2a5f-1226-415c-88d5-21496508d060:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059","type":"index-pattern"},{"id":"aws-f4856850-4d32-11ec-a678-057fce71e8cd","name":"cc6fd495-c70e-4805-b097-e40ac11d2fb8:panel_cc6fd495-c70e-4805-b097-e40ac11d2fb8","type":"search"},{"id":"logs-*","name":"8bc8eff1-b70e-4f81-b2a1-de0db6742337:control_0_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"8bc8eff1-b70e-4f81-b2a1-de0db6742337:control_1_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"8bc8eff1-b70e-4f81-b2a1-de0db6742337:control_2_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688154054424,6334],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1MzMsMV0="}
-{"attributes":{"description":"Overview of AWS Billing Metrics","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.billing\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.billing\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"89dccfe8-a25e-44ea-afdb-ff01ab1f05d6\",\"w\":16,\"x\":0,\"y\":0},\"panelIndex\":\"89dccfe8-a25e-44ea-afdb-ff01ab1f05d6\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloud.account.name\",\"id\":\"1549397251041\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"account name\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":true,\"useTimeFilter\":false},\"title\":\"AWS Account Filter [Metrics AWS]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"AWS Account Filter\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":16,\"i\":\"26670498-b079-4447-bbc8-e4ca8215898c\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"26670498-b079-4447-bbc8-e4ca8215898c\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"\",\"field\":\"aws.billing.EstimatedCharges\"},\"schema\":\"metric\",\"type\":\"sum\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"\",\"field\":\"aws.billing.ServiceName\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderAgg\":{\"enabled\":true,\"id\":\"2-orderAgg\",\"params\":{\"field\":\"aws.billing.EstimatedCharges\"},\"schema\":\"orderAgg\",\"type\":\"avg\"},\"orderBy\":\"custom\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"size\":10},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metric\":{\"accessor\":1,\"aggType\":\"sum\",\"format\":{\"id\":\"number\"},\"params\":{}}},\"distinctColors\":true,\"isDonut\":false,\"labels\":{\"last_level\":true,\"show\":true,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"type\":\"pie\",\"legendSize\":\"auto\"},\"title\":\"Estimated Billing Pie Chart [Metrics AWS]\",\"type\":\"pie\",\"uiState\":{\"vis\":{\"colors\":{\"16\":\"#629E51\",\"80\":\"#E24D42\",\"272\":\"#DEDAF7\",\"running\":\"#7EB26D\",\"stopped\":\"#E24D42\"},\"legendOpen\":true}}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Estimated Billing Chart\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"221aab02-2747-4d84-9dde-028ccd51bdce\",\"w\":16,\"x\":0,\"y\":5},\"panelIndex\":\"221aab02-2747-4d84-9dde-028ccd51bdce\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"88a80e30-1530-11ea-961e-c1db9cc6166e\"}],\"bar_color_rules\":[{\"id\":\"ebb52700-1531-11ea-961e-c1db9cc6166e\"}],\"drop_last_bucket\":0,\"gauge_color_rules\":[{\"id\":\"e8a045e0-1531-11ea-961e-c1db9cc6166e\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"hide_last_value_indicator\":true,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"12h\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"not aws.billing.ServiceName : * \"},\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Total Estimated Charges\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.billing.EstimatedCharges\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\"}],\"override_index_pattern\":0,\"point_size\":1,\"separate_axis\":0,\"series_drop_last_bucket\":0,\"series_interval\":\"12h\",\"split_color_mode\":\"gradient\",\"split_mode\":\"filter\",\"stacked\":\"none\",\"time_range_mode\":\"last_value\",\"value_template\":\"${{value}}\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\",\"use_kibana_indexes\":false},\"title\":\"Total Estimated Charges [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Total Estimated Charges\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"21e91e6b-0ff0-42ba-9132-6f30c5c6bbb7\",\"w\":48,\"x\":0,\"y\":16},\"panelIndex\":\"21e91e6b-0ff0-42ba-9132-6f30c5c6bbb7\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":0,\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"id\":\"729af8b0-152a-11ea-ae8f-79fec1a0d4d3\",\"index_pattern\":\"metrics-*\",\"interval\":\"12h\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#3185FC\",\"fill\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"formatter\":\"number\",\"id\":\"729b1fc0-152a-11ea-ae8f-79fec1a0d4d3\",\"label\":\"avg(aws.billing.EstimatedCharges)\",\"line_width\":2,\"metrics\":[{\"field\":\"aws.billing.EstimatedCharges\",\"id\":\"729b1fc1-152a-11ea-ae8f-79fec1a0d4d3\",\"type\":\"sum\"}],\"override_index_pattern\":0,\"point_size\":\"4\",\"separate_axis\":0,\"series_drop_last_bucket\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"steps\":0,\"terms_field\":\"aws.billing.ServiceName\",\"terms_include\":\"\",\"terms_order_by\":\"729b1fc1-152a-11ea-ae8f-79fec1a0d4d3\",\"terms_size\":\"10\",\"type\":\"timeseries\",\"value_template\":\"${{value}}\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"Top 10 Billing per Service Name [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Top 10 Estimated Billing Per Service Name\"}]","timeRestore":false,"title":"[Metrics AWS] Billing Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"aws-e6776b10-1534-11ea-841c-01bf20a6c8ba","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"89dccfe8-a25e-44ea-afdb-ff01ab1f05d6:control_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"26670498-b079-4447-bbc8-e4ca8215898c:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688154054424,6340],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1MzQsMV0="}
-{"attributes":{"description":"Overview of AWS ELB Metrics","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.elb_metrics\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.elb_metrics\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"2\",\"w\":25,\"x\":23,\"y\":32},\"panelIndex\":\"2\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"7e66beb0-b3c6-11e9-af6e-ef22c5680226\"}],\"bar_color_rules\":[{\"id\":\"7db91990-b3c6-11e9-af6e-ef22c5680226\"}],\"drop_last_bucket\":1,\"filter\":\"\",\"gauge_color_rules\":[{\"id\":\"7d0b9b80-b3c6-11e9-af6e-ef22c5680226\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"id\":\"35d3cbc0-b3c6-11e9-bf3f-29d51aa3d971\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#3185FC\",\"fill\":0,\"formatter\":\"number\",\"id\":\"35d3cbc1-b3c6-11e9-bf3f-29d51aa3d971\",\"label\":\"HTTP 5XX Errors\",\"line_width\":2,\"metrics\":[{\"field\":\"aws.elb.metrics.HTTPCode_ELB_5XX.sum\",\"id\":\"35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971\",\"type\":\"avg\"}],\"point_size\":\"5\",\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.LoadBalancerName\",\"terms_order_by\":\"35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971\",\"value_template\":\"{{value}}\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"ELB HTTP 5XX Errors [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"HTTP 5XX Errors\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"3\",\"w\":37,\"x\":11,\"y\":0},\"panelIndex\":\"3\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"7e66beb0-b3c6-11e9-af6e-ef22c5680226\"}],\"bar_color_rules\":[{\"id\":\"7db91990-b3c6-11e9-af6e-ef22c5680226\"}],\"drop_last_bucket\":1,\"filter\":\"\",\"gauge_color_rules\":[{\"id\":\"7d0b9b80-b3c6-11e9-af6e-ef22c5680226\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"id\":\"35d3cbc0-b3c6-11e9-bf3f-29d51aa3d971\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#3185FC\",\"fill\":0,\"formatter\":\"number\",\"id\":\"35d3cbc1-b3c6-11e9-bf3f-29d51aa3d971\",\"label\":\"Request Count\",\"line_width\":2,\"metrics\":[{\"field\":\"aws.elb.metrics.RequestCount.sum\",\"id\":\"35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971\",\"type\":\"avg\"}],\"point_size\":\"5\",\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.LoadBalancerName\",\"terms_order_by\":\"35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971\",\"type\":\"timeseries\",\"value_template\":\"{{value}}\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"ELB Request Count [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Request Count\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"4\",\"w\":11,\"x\":0,\"y\":15},\"panelIndex\":\"4\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"background_color\":\"rgba(244,78,59,1)\",\"color\":\"rgba(255,255,255,1)\",\"id\":\"7e66beb0-b3c6-11e9-af6e-ef22c5680226\",\"operator\":\"gt\",\"value\":0}],\"bar_color_rules\":[{\"id\":\"7db91990-b3c6-11e9-af6e-ef22c5680226\"}],\"drop_last_bucket\":1,\"filter\":\"\",\"gauge_color_rules\":[{\"id\":\"7d0b9b80-b3c6-11e9-af6e-ef22c5680226\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"hide_last_value_indicator\":true,\"id\":\"35d3cbc0-b3c6-11e9-bf3f-29d51aa3d971\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#3185FC\",\"fill\":0,\"formatter\":\"number\",\"id\":\"35d3cbc1-b3c6-11e9-bf3f-29d51aa3d971\",\"label\":\"Unhealthy Host Count\",\"line_width\":2,\"metrics\":[{\"field\":\"aws.elb.metrics.UnHealthyHostCount.max\",\"id\":\"35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971\",\"type\":\"max\"}],\"point_size\":0,\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.AvailabilityZone\",\"terms_order_by\":\"35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971\",\"value_template\":\"{{value}}\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\",\"use_kibana_indexes\":false},\"title\":\"ELB Unhealthy Host Count [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Unhealthy Host Count\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"5\",\"w\":11,\"x\":0,\"y\":7},\"panelIndex\":\"5\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"background_color\":\"rgba(104,188,0,1)\",\"color\":\"rgba(255,255,255,1)\",\"id\":\"7e66beb0-b3c6-11e9-af6e-ef22c5680226\",\"operator\":\"gt\",\"value\":0}],\"bar_color_rules\":[{\"id\":\"7db91990-b3c6-11e9-af6e-ef22c5680226\"}],\"drop_last_bucket\":1,\"filter\":\"\",\"gauge_color_rules\":[{\"id\":\"7d0b9b80-b3c6-11e9-af6e-ef22c5680226\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"hide_last_value_indicator\":true,\"id\":\"35d3cbc0-b3c6-11e9-bf3f-29d51aa3d971\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#3185FC\",\"fill\":0,\"formatter\":\"number\",\"id\":\"35d3cbc1-b3c6-11e9-bf3f-29d51aa3d971\",\"label\":\"Healthy Host Count\",\"line_width\":2,\"metrics\":[{\"field\":\"aws.elb.metrics.HealthyHostCount.max\",\"id\":\"35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971\",\"type\":\"max\"}],\"point_size\":0,\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.AvailabilityZone\",\"terms_order_by\":\"35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971\",\"value_template\":\"{{value}}\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\",\"use_kibana_indexes\":false},\"title\":\"ELB Healthy Host Count [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Healthy Host Count\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"6\",\"w\":37,\"x\":11,\"y\":11},\"panelIndex\":\"6\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"7e66beb0-b3c6-11e9-af6e-ef22c5680226\"}],\"bar_color_rules\":[{\"id\":\"7db91990-b3c6-11e9-af6e-ef22c5680226\"}],\"drop_last_bucket\":1,\"filter\":\"\",\"gauge_color_rules\":[{\"id\":\"7d0b9b80-b3c6-11e9-af6e-ef22c5680226\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"id\":\"35d3cbc0-b3c6-11e9-bf3f-29d51aa3d971\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#3185FC\",\"fill\":0,\"formatter\":\"s,s,3\",\"id\":\"35d3cbc1-b3c6-11e9-bf3f-29d51aa3d971\",\"label\":\"Latency in seconds\",\"line_width\":2,\"metrics\":[{\"field\":\"aws.elb.metrics.Latency.avg\",\"id\":\"35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971\",\"type\":\"avg\"}],\"point_size\":\"5\",\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.LoadBalancerName\",\"terms_order_by\":\"35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971\",\"value_template\":\"{{value}}\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"ELB Latency in Seconds [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Latency in Seconds\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"7\",\"w\":23,\"x\":0,\"y\":32},\"panelIndex\":\"7\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"7e66beb0-b3c6-11e9-af6e-ef22c5680226\"}],\"bar_color_rules\":[{\"id\":\"7db91990-b3c6-11e9-af6e-ef22c5680226\"}],\"drop_last_bucket\":1,\"filter\":\"\",\"gauge_color_rules\":[{\"id\":\"7d0b9b80-b3c6-11e9-af6e-ef22c5680226\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"id\":\"35d3cbc0-b3c6-11e9-bf3f-29d51aa3d971\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#3185FC\",\"fill\":\"0\",\"formatter\":\"number\",\"id\":\"35d3cbc1-b3c6-11e9-bf3f-29d51aa3d971\",\"label\":\"HTTP Backend 4XX Errors\",\"line_width\":2,\"metrics\":[{\"field\":\"aws.elb.metrics.HTTPCode_Backend_4XX.sum\",\"id\":\"35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971\",\"type\":\"avg\"}],\"point_size\":\"5\",\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.LoadBalancerName\",\"terms_order_by\":\"35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971\",\"value_template\":\"{{value}}\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"ELB HTTP Backend 4XX Errors [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"HTTP Backend 4XX Errors\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"8\",\"w\":23,\"x\":0,\"y\":23},\"panelIndex\":\"8\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"7e66beb0-b3c6-11e9-af6e-ef22c5680226\"}],\"bar_color_rules\":[{\"id\":\"7db91990-b3c6-11e9-af6e-ef22c5680226\"}],\"drop_last_bucket\":1,\"filter\":\"\",\"gauge_color_rules\":[{\"id\":\"7d0b9b80-b3c6-11e9-af6e-ef22c5680226\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"id\":\"35d3cbc0-b3c6-11e9-bf3f-29d51aa3d971\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#3185FC\",\"fill\":\"00\",\"formatter\":\"number\",\"id\":\"35d3cbc1-b3c6-11e9-bf3f-29d51aa3d971\",\"label\":\"Backend Connection Errors\",\"line_width\":2,\"metrics\":[{\"field\":\"aws.elb.metrics.BackendConnectionErrors.sum\",\"id\":\"35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971\",\"type\":\"avg\"}],\"point_size\":\"5\",\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"steps\":0,\"terms_field\":\"aws.dimensions.LoadBalancerName\",\"terms_order_by\":\"35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971\",\"value_template\":\"{{value}}\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"ELB Backend Connection Errors [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Backend Connection Errors\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"9\",\"w\":11,\"x\":0,\"y\":0},\"panelIndex\":\"9\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloud.region\",\"id\":\"1549397251041\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"region name\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":true,\"useTimeFilter\":false},\"title\":\"AWS Region Filter [Metrics AWS]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"10\",\"w\":25,\"x\":23,\"y\":23},\"panelIndex\":\"10\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"7e66beb0-b3c6-11e9-af6e-ef22c5680226\"}],\"bar_color_rules\":[{\"id\":\"7db91990-b3c6-11e9-af6e-ef22c5680226\"}],\"drop_last_bucket\":1,\"filter\":\"\",\"gauge_color_rules\":[{\"id\":\"7d0b9b80-b3c6-11e9-af6e-ef22c5680226\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"id\":\"35d3cbc0-b3c6-11e9-bf3f-29d51aa3d971\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#3185FC\",\"fill\":0,\"formatter\":\"number\",\"id\":\"35d3cbc1-b3c6-11e9-bf3f-29d51aa3d971\",\"label\":\"HTTP Backend 2XX\",\"line_width\":2,\"metrics\":[{\"field\":\"aws.elb.metrics.HTTPCode_Backend_2XX.sum\",\"id\":\"35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971\",\"type\":\"avg\"}],\"point_size\":\"5\",\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.LoadBalancerName\",\"terms_order_by\":\"35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971\",\"value_template\":\"{{value}}\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"ELB HTTP Backend 2XX [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"HTTP Backend 2XX\"}]","timeRestore":false,"title":"[Metrics AWS] ELB Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"aws-e74bf320-b3ce-11e9-87a4-078dbbae220d","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"9:control_0_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688154054424,6345],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1MzUsMV0="}
-{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{\"ca2b6a90-582d-4564-a0b0-1e41d59a3354\":{\"order\":0,\"width\":\"large\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"aws.guardduty.severity.value\",\"parentFieldName\":\"aws.guardduty.severity.value\",\"title\":\"Findings Severity\",\"id\":\"ca2b6a90-582d-4564-a0b0-1e41d59a3354\",\"enhancements\":{}}},\"7baf430f-c5f2-41b3-9759-bcc954c83f5a\":{\"order\":1,\"width\":\"large\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"cloud.account.id\",\"title\":\"Cloud Account ID\",\"id\":\"7baf430f-c5f2-41b3-9759-bcc954c83f5a\",\"enhancements\":{}}},\"a8f4f8e8-fdc9-46a1-9875-87b5ac0b1f55\":{\"order\":2,\"width\":\"large\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"cloud.region\",\"title\":\"Cloud Region\",\"id\":\"a8f4f8e8-fdc9-46a1-9875-87b5ac0b1f55\",\"enhancements\":{}}},\"1bda4437-a500-4db2-a965-9bf9457099b3\":{\"order\":3,\"width\":\"large\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"cloud.provider\",\"title\":\"Cloud Provider\",\"id\":\"1bda4437-a500-4db2-a965-9bf9457099b3\",\"enhancements\":{}}}}"},"description":"Overview of Amazon Guardduty Threat.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.guardduty\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.guardduty\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"61a40814-9dd1-4831-afe7-c890f0d577ef\",\"w\":24,\"x\":0,\"y\":0},\"panelIndex\":\"61a40814-9dd1-4831-afe7-c890f0d577ef\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-ae36b619-b48f-4c2c-9488-529c1d556a45\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"ae36b619-b48f-4c2c-9488-529c1d556a45\":{\"columnOrder\":[\"f4d5b22b-fd83-4008-863c-ae1ca6c1b6c7\",\"cccccc67-3390-4055-9d65-af9da8413fc3\",\"146dba13-563a-41c0-aca7-74c8b5d61d5f\"],\"columns\":{\"146dba13-563a-41c0-aca7-74c8b5d61d5f\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"cccccc67-3390-4055-9d65-af9da8413fc3\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Resource Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"146dba13-563a-41c0-aca7-74c8b5d61d5f\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"rule.ruleset\"},\"f4d5b22b-fd83-4008-863c-ae1ca6c1b6c7\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Threat Purpose\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"146dba13-563a-41c0-aca7-74c8b5d61d5f\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"rule.category\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"f4d5b22b-fd83-4008-863c-ae1ca6c1b6c7\",\"isTransposed\":false},{\"alignment\":\"left\",\"columnId\":\"146dba13-563a-41c0-aca7-74c8b5d61d5f\",\"hidden\":false,\"isTransposed\":false},{\"columnId\":\"cccccc67-3390-4055-9d65-af9da8413fc3\",\"isTransposed\":false}],\"layerId\":\"ae36b619-b48f-4c2c-9488-529c1d556a45\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Threats by Threat Purpose, Resource Type [Logs Guardduty]\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":16,\"i\":\"609f0379-b003-41e8-9c10-eb62a4ec31bf\",\"w\":48,\"x\":0,\"y\":15},\"panelIndex\":\"609f0379-b003-41e8-9c10-eb62a4ec31bf\",\"panelRefName\":\"panel_609f0379-b003-41e8-9c10-eb62a4ec31bf\",\"type\":\"search\",\"version\":\"8.4.0\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"54628857-cd79-42c3-932b-7e8df3759e45\",\"w\":24,\"x\":24,\"y\":0},\"panelIndex\":\"54628857-cd79-42c3-932b-7e8df3759e45\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-f28ae8c1-640f-4d79-8e2e-ce78d5b2baf3\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"f28ae8c1-640f-4d79-8e2e-ce78d5b2baf3\":{\"columnOrder\":[\"017ea05f-da86-49d8-8dda-de0459fdd312\",\"dbea28c7-a444-4ae7-a39e-1f3a9e247714\"],\"columns\":{\"017ea05f-da86-49d8-8dda-de0459fdd312\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Threat Name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"dbea28c7-a444-4ae7-a39e-1f3a9e247714\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":25},\"scale\":\"ordinal\",\"sourceField\":\"aws.guardduty.service.evidence.threat_intelligence_details.threat.names\"},\"dbea28c7-a444-4ae7-a39e-1f3a9e247714\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"accessors\":[\"dbea28c7-a444-4ae7-a39e-1f3a9e247714\"],\"layerId\":\"f28ae8c1-640f-4d79-8e2e-ce78d5b2baf3\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_horizontal_stacked\",\"showGridlines\":false,\"xAccessor\":\"017ea05f-da86-49d8-8dda-de0459fdd312\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_horizontal_stacked\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Findings by Threat Name [Logs Guardduty]\"}]","timeRestore":false,"title":"[Logs AWS] Guardduty Findings Threat","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"aws-f890a5b0-6a3a-11ed-b880-2f1b70138655","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"61a40814-9dd1-4831-afe7-c890f0d577ef:indexpattern-datasource-layer-ae36b619-b48f-4c2c-9488-529c1d556a45","type":"index-pattern"},{"id":"aws-b3169d70-6a38-11ed-b880-2f1b70138655","name":"609f0379-b003-41e8-9c10-eb62a4ec31bf:panel_609f0379-b003-41e8-9c10-eb62a4ec31bf","type":"search"},{"id":"logs-*","name":"54628857-cd79-42c3-932b-7e8df3759e45:indexpattern-datasource-layer-f28ae8c1-640f-4d79-8e2e-ce78d5b2baf3","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_ca2b6a90-582d-4564-a0b0-1e41d59a3354:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_7baf430f-c5f2-41b3-9759-bcc954c83f5a:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_a8f4f8e8-fdc9-46a1-9875-87b5ac0b1f55:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_1bda4437-a500-4db2-a965-9bf9457099b3:optionsListDataView","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688154054424,6356],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1MzYsMV0="}
-{"attributes":{"description":"Overview of AWS Metrics","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"2\",\"w\":9,\"x\":0,\"y\":0},\"panelIndex\":\"2\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloud.region\",\"id\":\"1549397251041\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"region name\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":true,\"useTimeFilter\":false},\"title\":\"AWS Region Filter [Metrics AWS]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"3\",\"w\":10,\"x\":9,\"y\":0},\"panelIndex\":\"3\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"EC2 Instance State\"},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"\",\"field\":\"aws.ec2.instance.state.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"distinctColors\":true,\"isDonut\":false,\"labels\":{\"last_level\":true,\"show\":true,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"type\":\"pie\",\"legendSize\":\"auto\"},\"title\":\"EC2 Instance State [Metrics AWS]\",\"type\":\"pie\",\"uiState\":{\"vis\":{\"colors\":{\"16\":\"#629E51\",\"80\":\"#E24D42\",\"272\":\"#DEDAF7\",\"running\":\"#7EB26D\",\"stopped\":\"#E24D42\"},\"legendOpen\":true}}},\"type\":\"visualization\",\"enhancements\":{}}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"4\",\"w\":29,\"x\":19,\"y\":0},\"panelIndex\":\"4\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"annotations\":[],\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"23428b30-f7f2-11e8-bff8-21537b07dd44\"}],\"bar_color_rules\":[{\"id\":\"2592bcc0-f7f2-11e8-bff8-21537b07dd44\"}],\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(104,188,0,1)\",\"fill\":\"0\",\"filter\":\"\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"AWS EC2 CPU Utilization\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.ec2.cpu.total.pct\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":1,\"separate_axis\":0,\"series_drop_last_bucket\":1,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"steps\":0,\"terms_field\":\"cloud.instance.id\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"terms_size\":\"5\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"EC2 CPU Utilization [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"6\",\"w\":9,\"x\":0,\"y\":7},\"panelIndex\":\"6\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"59207fe0-4762-11e9-bf81-69a4e579cab5\"}],\"bar_color_rules\":[{\"id\":\"5ad9a190-4762-11e9-bf81-69a4e579cab5\"}],\"drop_last_bucket\":1,\"hide_last_value_indicator\":true,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Total # of HTTP 4xx Errors\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.s3_request.errors.4xx\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\",\"use_kibana_indexes\":false},\"title\":\"S3 Total Error 4xx [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"7\",\"w\":9,\"x\":9,\"y\":7},\"panelIndex\":\"7\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"59207fe0-4762-11e9-bf81-69a4e579cab5\"}],\"bar_color_rules\":[{\"id\":\"5ad9a190-4762-11e9-bf81-69a4e579cab5\"}],\"drop_last_bucket\":1,\"hide_last_value_indicator\":true,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Total # of HTTP 5xx Errors\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.s3_request.errors.5xx\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\",\"use_kibana_indexes\":false},\"title\":\"S3 Total Error 5xx [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"9\",\"w\":15,\"x\":18,\"y\":7},\"panelIndex\":\"9\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"bar_color_rules\":[{\"id\":\"23be77d0-734a-11e9-a683-47ca322fa6f9\"}],\"drop_last_bucket\":1,\"hide_last_value_indicator\":true,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"AWS SQS Empty Receives\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.sqs.empty_receives\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.sqs.queue.name\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"terms_size\":\"5\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"top_n\",\"use_kibana_indexes\":false},\"title\":\"SQS Empty Receives Top5 [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"10\",\"w\":15,\"x\":33,\"y\":7},\"panelIndex\":\"10\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"bar_color_rules\":[{\"id\":\"23be77d0-734a-11e9-a683-47ca322fa6f9\"}],\"drop_last_bucket\":1,\"hide_last_value_indicator\":true,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"AWS SQS Messages Delayed\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.sqs.messages.delayed\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.sqs.queue.name\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"terms_size\":\"5\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"top_n\",\"use_kibana_indexes\":false},\"title\":\"SQS Messages Delayed Top5 [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"12\",\"w\":13,\"x\":0,\"y\":14},\"panelIndex\":\"12\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"bar_color_rules\":[{\"id\":\"94f2ce40-734c-11e9-a683-47ca322fa6f9\"}],\"drop_last_bucket\":1,\"hide_last_value_indicator\":true,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"ELB Request Count Top5\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.elb.metrics.RequestCount.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.LoadBalancerName\",\"terms_size\":\"5\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"top_n\",\"use_kibana_indexes\":false},\"title\":\"Cloudwatch ELB Request Count Top5 [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"14\",\"w\":20,\"x\":13,\"y\":14},\"panelIndex\":\"14\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"annotations\":[],\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"23428b30-f7f2-11e8-bff8-21537b07dd44\"}],\"bar_color_rules\":[{\"id\":\"2592bcc0-f7f2-11e8-bff8-21537b07dd44\"}],\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(104,188,0,1)\",\"fill\":\"0\",\"filter\":\"\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"AWS Cloudwatch ELB Latency\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.elb.metrics.Latency\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":1,\"separate_axis\":0,\"series_drop_last_bucket\":1,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"steps\":0,\"terms_field\":\"aws.dimensions.LoadBalancerName\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"terms_size\":\"5\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"Cloudwatch ELB Latency [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"15\",\"w\":15,\"x\":33,\"y\":14},\"panelIndex\":\"15\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"cbb498f0-734c-11e9-a683-47ca322fa6f9\"}],\"bar_color_rules\":[{\"id\":\"94f2ce40-734c-11e9-a683-47ca322fa6f9\"}],\"drop_last_bucket\":1,\"hide_last_value_indicator\":true,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"ELB Unhealthy Host Count\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.elb.metrics.UnHealthyHostCount\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.LoadBalancerName\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"terms_size\":\"5\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"top_n\",\"use_kibana_indexes\":false},\"title\":\"Cloudwatch ELB Unhealthy Host Count [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"17\",\"w\":16,\"x\":15,\"y\":21},\"panelIndex\":\"17\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"cbb498f0-734c-11e9-a683-47ca322fa6f9\"}],\"bar_color_rules\":[{\"id\":\"94f2ce40-734c-11e9-a683-47ca322fa6f9\"}],\"drop_last_bucket\":1,\"hide_last_value_indicator\":true,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Lambda Invocations\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.lambda.metrics.Invocations\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.FunctionName\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"terms_size\":\"5\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"top_n\",\"use_kibana_indexes\":false},\"title\":\"Cloudwatch Lambda Invocations Top5 [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"18\",\"w\":15,\"x\":0,\"y\":21},\"panelIndex\":\"18\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"cbb498f0-734c-11e9-a683-47ca322fa6f9\"}],\"bar_color_rules\":[{\"id\":\"94f2ce40-734c-11e9-a683-47ca322fa6f9\"}],\"drop_last_bucket\":1,\"hide_last_value_indicator\":true,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Lambda Errors\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.lambda.metrics.Errors.avg\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.FunctionName\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"terms_size\":\"5\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"top_n\",\"use_kibana_indexes\":false},\"title\":\"Cloudwatch Lambda Errors Top5 [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"19\",\"w\":17,\"x\":31,\"y\":21},\"panelIndex\":\"19\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"cbb498f0-734c-11e9-a683-47ca322fa6f9\"}],\"bar_color_rules\":[{\"id\":\"94f2ce40-734c-11e9-a683-47ca322fa6f9\"}],\"drop_last_bucket\":1,\"hide_last_value_indicator\":true,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Lambda Throttles\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.lambda.metrics.Throttles.avg\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.FunctionName\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"terms_size\":\"5\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"top_n\",\"use_kibana_indexes\":false},\"title\":\"Cloudwatch Lambda Throttles Top5 [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"24\",\"w\":24,\"x\":0,\"y\":28},\"panelIndex\":\"24\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"bb21d180-830d-11e9-9c4c-391fa0a2e15f\"}],\"drop_last_bucket\":1,\"filter\":\"\",\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"filter\":{\"language\":\"lucene\",\"query\":\"(aws.cloudwatch.namespace:\\\"AWS/ECS\\\") AND (_exists_: aws.ecs.metrics.CPUReservation.avg) AND (_exists_: aws.ecs.metrics.CPUUtilization.avg)\"},\"formatter\":\"percent\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.ecs.metrics.CPUUtilization\",\"id\":\"17f8ddf0-830d-11e9-9f3d-ed346f48a007\",\"type\":\"sum\"},{\"field\":\"aws.ecs.metrics.CPUReservation\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\"},{\"id\":\"68a93050-830e-11e9-9c4c-391fa0a2e15f\",\"script\":\"(params.res - params.util) / 100\",\"type\":\"math\",\"variables\":[{\"field\":\"17f8ddf0-830d-11e9-9f3d-ed346f48a007\",\"id\":\"6f338920-830e-11e9-9c4c-391fa0a2e15f\",\"name\":\"util\"},{\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"id\":\"7ab9f9a0-830e-11e9-9c4c-391fa0a2e15f\",\"name\":\"res\"}]}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.ClusterName\",\"terms_order_by\":\"_key\",\"terms_size\":\"5\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"Cloudwatch CPU Available [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"25\",\"w\":24,\"x\":24,\"y\":28},\"panelIndex\":\"25\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"bb21d180-830d-11e9-9c4c-391fa0a2e15f\"}],\"drop_last_bucket\":1,\"filter\":\"\",\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"filter\":{\"language\":\"lucene\",\"query\":\"(aws.cloudwatch.namespace:\\\"AWS/ECS\\\") AND (_exists_: aws.ecs.metrics.MemoryReservation.avg) AND (_exists_: aws.ecs.metrics.MemoryUtilization.avg)\"},\"formatter\":\"percent\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.ecs.metrics.MemoryUtilization\",\"id\":\"17f8ddf0-830d-11e9-9f3d-ed346f48a007\",\"type\":\"sum\"},{\"field\":\"aws.ecs.metrics.MemoryReservation\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\"},{\"id\":\"68a93050-830e-11e9-9c4c-391fa0a2e15f\",\"script\":\"(params.res - params.util) / 100\",\"type\":\"math\",\"variables\":[{\"field\":\"17f8ddf0-830d-11e9-9f3d-ed346f48a007\",\"id\":\"6f338920-830e-11e9-9c4c-391fa0a2e15f\",\"name\":\"util\"},{\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"id\":\"7ab9f9a0-830e-11e9-9c4c-391fa0a2e15f\",\"name\":\"res\"}]}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.ClusterName\",\"terms_order_by\":\"_key\",\"terms_size\":\"5\",\"value_template\":\"{{value}}\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"Cloudwatch Memory Available [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}}}]","timeRestore":false,"title":"[Metrics AWS] Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"aws-fac28650-7349-11e9-816b-07687310a99a","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"metrics-*","name":"2:control_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"3:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688154054424,6361],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1MzcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Azure Spring cloud Logs Application Console Apps [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Azure Spring cloud Logs Application Console Apps [Logs Azure]\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"ab65f411-b92e-4b25-959d-b60941882406\",\"type\":\"timeseries\",\"series\":[{\"id\":\"76dedc9c-dc5f-487f-a56a-f78712f3b249\",\"color\":\"#68BC00\",\"split_mode\":\"terms\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"bbf3df20-f52c-11eb-9798-91531c982260\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"azure.springcloudlogs.properties.app_name\",\"label\":\"Application\",\"type\":\"timeseries\"},{\"id\":\"ccf24e10-f52c-11eb-9798-91531c982260\",\"color\":\"#68BC00\",\"split_mode\":\"terms\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"ccf24e11-f52c-11eb-9798-91531c982260\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Instance\",\"type\":\"timeseries\",\"terms_field\":\"azure.springcloudlogs.properties.instance_name\"}],\"time_field\":\"\",\"use_kibana_indexes\":true,\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"drop_last_bucket\":0,\"isModelInvalid\":false,\"filter\":{\"query\":\"data_stream.dataset : \\\"azure.springcloudlogs\\\" and azure.springcloudlogs.category : \\\"ApplicationConsole\\\" \",\"language\":\"kuery\"},\"index_pattern_ref_name\":\"metrics_0_index_pattern\"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-013d9a80-f52d-11eb-b9f3-73fa29f35762","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"metrics_0_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6365],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1MzgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Azure Spring Cloud Logs System Logs Services [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Azure Spring Cloud Logs System Logs Services [Logs Azure]\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"aee8223d-7cfa-4776-a006-15876e5bb382\",\"type\":\"timeseries\",\"series\":[{\"id\":\"286b9de2-90e1-48c1-9357-63dc88a0d500\",\"color\":\"rgba(160,165,230,1)\",\"split_mode\":\"terms\",\"palette\":{\"type\":\"palette\",\"name\":\"complimentary\"},\"metrics\":[{\"id\":\"4a944774-8d00-4412-aeae-1a3e978f1a6a\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"azure.springcloudlogs.properties.service_name\",\"label\":\"Services\",\"split_color_mode\":null}],\"time_field\":\"\",\"use_kibana_indexes\":true,\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"drop_last_bucket\":0,\"isModelInvalid\":false,\"filter\":{\"query\":\"data_stream.dataset : \\\"azure.springcloudlogs\\\" and azure.springcloudlogs.category : \\\"SystemLogs\\\" \",\"language\":\"kuery\"},\"index_pattern_ref_name\":\"metrics_0_index_pattern\"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-037fa5d0-f52e-11eb-b9f3-73fa29f35762","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"metrics_0_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6369],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1MzksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"title":"Subscriptions Filter [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"controls\":[{\"fieldName\":\"azure.subscription_id\",\"id\":\"1571250866125\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"Subscription ID\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":true,\"useTimeFilter\":false},\"title\":\"Subscriptions Filter [Logs Azure]\",\"type\":\"input_control_vis\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-097d74d0-f044-11e9-90ec-112a988266d5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6373],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1NDAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Authorization Activity User [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset :\\\"azure.activitylogs\\\" and azure.activitylogs.operation_name : *LISTKEYS* \"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(164,221,0,1)\",\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"azure.activitylogs.result_type : \\\"Success\\\" \"},\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Success\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"azure.activitylogs.result_type\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(244,78,59,1)\",\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"azure.activitylogs.result_type : \\\"Fail\\\" \"},\"formatter\":\"number\",\"id\":\"78e85470-f0cb-11e9-bf79-0db2fc8554f1\",\"label\":\"Failure\",\"line_width\":1,\"metrics\":[{\"id\":\"78e85471-f0cb-11e9-bf79-0db2fc8554f1\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"filter\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":0,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"title\":\"Authorization Activity User [Logs Azure]\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-0dd135c0-f0cc-11e9-90ec-112a988266d5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6376],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1NDEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"title":"Navigation Alerts [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"fontSize\":10,\"markdown\":\"### Azure Monitoring\\n\\n[Overview](#/dashboard/azure-41e84340-ec20-11e9-90ec-112a988266d5) | [Users](#/dashboard/azure-87095750-f05a-11e9-90ec-112a988266d5) | [**Alerts**](#/dashboard/azure-0f559cc0-f0d5-11e9-90ec-112a988266d5) \",\"openLinksInNewTab\":false},\"title\":\"Navigation Alerts [Logs Azure]\",\"type\":\"markdown\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-46544960-f0d5-11e9-90ec-112a988266d5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6379],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1NDIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Alerts Overview [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset :\\\"azure.activitylogs\\\" and azure.activitylogs.event_category : \\\"Alert\\\"\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(252,220,0,1)\",\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"azure.activitylogs.result_type: \\\"Activated\\\"\"},\"formatter\":\"number\",\"hide_in_legend\":0,\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"filter\",\"stacked\":\"none\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"azure.activitylogs.result_type: \\\"Resolved\\\" or azure.activitylogs.result_type: \\\"Succeeded\\\"\"},\"formatter\":\"number\",\"hide_in_legend\":0,\"id\":\"5a52f170-ec1e-11e9-b6a7-21d19b63822a\",\"line_width\":1,\"metrics\":[{\"id\":\"5a52f171-ec1e-11e9-b6a7-21d19b63822a\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"filter\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":0,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"title\":\"Alerts Overview [Logs Azure]\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-52c2a4e0-ec1f-11e9-90ec-112a988266d5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6382],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1NDMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset :\\\"azure.activitylogs\\\" and azure.activitylogs.event_category : \\\"Alert\\\" \"}}"},"title":"Alerts Count [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Alerts\"},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"filters\":[{\"input\":{\"language\":\"kuery\",\"query\":\"azure.activitylogs.result_type : \\\"Activated\\\"\"},\"label\":\"Activated\"},{\"input\":{\"language\":\"kuery\",\"query\":\"azure.activitylogs.result_type : \\\"Resolved\\\"\"},\"label\":\"Resolved\"},{\"input\":{\"language\":\"kuery\",\"query\":\"azure.activitylogs.result_type : \\\"Succeeded\\\"\"},\"label\":\"Succeeded\"}]},\"schema\":\"group\",\"type\":\"filters\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"dimensions\":{\"bucket\":{\"accessor\":0,\"format\":{\"id\":\"string\",\"params\":{}},\"type\":\"vis_dimension\"},\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{}},\"type\":\"vis_dimension\"}]},\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000,\"type\":\"range\"}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Alerts Count [Logs Azure]\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-f684a750-ec23-11e9-90ec-112a988266d5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6386],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1NDQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset :\\\"azure.activitylogs\\\" and azure.activitylogs.event_category : \\\"Alert\\\" \"}}"},"title":"Alerts Heatmap [Logs Azure]","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0\":\"rgb(247,252,245)\"}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Provider\",\"field\":\"azure.resource.provider\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Resource Group\",\"field\":\"azure.resource.group\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"group\",\"type\":\"terms\"}],\"params\":{\"addLegend\":true,\"addTooltip\":true,\"colorSchema\":\"Greens\",\"colorsNumber\":4,\"colorsRange\":[],\"dimensions\":{\"x\":{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},\"y\":[{\"accessor\":1,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"enableHover\":false,\"invertColors\":false,\"legendPosition\":\"right\",\"percentageMode\":false,\"setColorRange\":false,\"times\":[],\"type\":\"heatmap\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"color\":\"black\",\"overwriteColor\":false,\"rotate\":0,\"show\":false},\"scale\":{\"defaultYExtents\":false,\"type\":\"linear\"},\"show\":false,\"type\":\"value\"}],\"legendSize\":\"auto\"},\"title\":\"Alerts Heatmap [Logs Azure]\",\"type\":\"heatmap\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-c704b050-f0de-11e9-90ec-112a988266d5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6390],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1NDUsMV0="}
-{"attributes":{"description":"This dashboard provides expanded alerts overview for Azure cloud","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"9d1a26e6-2ff0-4d3e-bab3-7bb3c50cd060\",\"w\":7,\"x\":0,\"y\":0},\"panelIndex\":\"9d1a26e6-2ff0-4d3e-bab3-7bb3c50cd060\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Navigation Alerts\",\"panelRefName\":\"panel_9d1a26e6-2ff0-4d3e-bab3-7bb3c50cd060\"},{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"676fd632-a9c1-46ed-829b-ca5b55817379\",\"w\":14,\"x\":7,\"y\":0},\"panelIndex\":\"676fd632-a9c1-46ed-829b-ca5b55817379\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Subscriptions Filter\",\"panelRefName\":\"panel_676fd632-a9c1-46ed-829b-ca5b55817379\"},{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"096b4eaa-072e-455f-befa-3076f71be12d\",\"w\":27,\"x\":21,\"y\":0},\"panelIndex\":\"096b4eaa-072e-455f-befa-3076f71be12d\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Alerts Overview\",\"panelRefName\":\"panel_096b4eaa-072e-455f-befa-3076f71be12d\"},{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"162fb43e-fff3-4f50-aa9b-a713418bd651\",\"w\":27,\"x\":21,\"y\":15},\"panelIndex\":\"162fb43e-fff3-4f50-aa9b-a713418bd651\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Alerts Count\",\"panelRefName\":\"panel_162fb43e-fff3-4f50-aa9b-a713418bd651\"},{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":20,\"i\":\"36fb5c08-80d9-4a1c-8fde-9c063381fdd8\",\"w\":21,\"x\":0,\"y\":4},\"panelIndex\":\"36fb5c08-80d9-4a1c-8fde-9c063381fdd8\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Alerts Heatmap\",\"panelRefName\":\"panel_36fb5c08-80d9-4a1c-8fde-9c063381fdd8\"}]","timeRestore":false,"title":"[Logs Azure] Alerts Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-0f559cc0-f0d5-11e9-90ec-112a988266d5","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"azure-46544960-f0d5-11e9-90ec-112a988266d5","name":"9d1a26e6-2ff0-4d3e-bab3-7bb3c50cd060:panel_9d1a26e6-2ff0-4d3e-bab3-7bb3c50cd060","type":"visualization"},{"id":"azure-097d74d0-f044-11e9-90ec-112a988266d5","name":"676fd632-a9c1-46ed-829b-ca5b55817379:panel_676fd632-a9c1-46ed-829b-ca5b55817379","type":"visualization"},{"id":"azure-52c2a4e0-ec1f-11e9-90ec-112a988266d5","name":"096b4eaa-072e-455f-befa-3076f71be12d:panel_096b4eaa-072e-455f-befa-3076f71be12d","type":"visualization"},{"id":"azure-f684a750-ec23-11e9-90ec-112a988266d5","name":"162fb43e-fff3-4f50-aa9b-a713418bd651:panel_162fb43e-fff3-4f50-aa9b-a713418bd651","type":"visualization"},{"id":"azure-c704b050-f0de-11e9-90ec-112a988266d5","name":"36fb5c08-80d9-4a1c-8fde-9c063381fdd8:panel_36fb5c08-80d9-4a1c-8fde-9c063381fdd8","type":"visualization"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6398],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1NDYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Azure Spring Cloud Logs System Logs Level List [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Azure Spring Cloud Logs System Logs Level List [Logs Azure]\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"e8ae1bbe-9172-4214-986d-7118f06a8f02\",\"type\":\"timeseries\",\"series\":[{\"id\":\"710c298a-93bb-4d00-99c0-605bbd463ac0\",\"color\":\"rgba(170,101,86,1)\",\"split_mode\":\"terms\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"10c7e926-cf10-42a7-89f7-0c0018b38c62\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"log.level\"}],\"time_field\":\"\",\"use_kibana_indexes\":true,\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"drop_last_bucket\":0,\"isModelInvalid\":false,\"filter\":{\"query\":\"data_stream.dataset : \\\"azure.springcloudlogs\\\" and azure.springcloudlogs.category : \\\"SystemLogs\\\" \",\"language\":\"kuery\"},\"index_pattern_ref_name\":\"metrics_0_index_pattern\"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-16df08d0-f526-11eb-b9f3-73fa29f35762","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"metrics_0_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6402],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1NDcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Azure Spring Cloud Logs Navigation System Logs [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Azure Spring Cloud Logs Navigation System Logs [Logs Azure]\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"### Azure Spring Cloud System Logs\\n[Overview](#/dashboard/azure-5ad41d90-f50e-11eb-a831-732d3e9bbd43) | [**System Logs**](#/dashboard/azure-1adf52d0-f50f-11eb-a831-732d3e9bbd43) | [Application Console Logs](#/dashboard/azure-32aedb00-f524-11eb-b9f3-73fa29f35762) \"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-e58802b0-f510-11eb-a831-732d3e9bbd43","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6405],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1NDgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Subscription and Type Filter [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Subscription and Type Filter [Logs Azure]\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1628066574084\",\"fieldName\":\"azure.subscription_id\",\"parent\":\"\",\"label\":\"Subscription ID\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1628066623258\",\"fieldName\":\"azure.springcloudlogs.category\",\"parent\":\"\",\"label\":\"Spring Cloud Logs Type\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-f619df10-f50e-11eb-a831-732d3e9bbd43","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6410],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1NDksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Azure Spring Cloud Logs System Logs Activity [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Azure Spring Cloud Logs System Logs Activity [Logs Azure]\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"2377e52f-91ef-4ff1-bdad-211ff2c25f0f\",\"type\":\"timeseries\",\"series\":[{\"id\":\"267ec4fa-03f7-4089-b02f-c738d4a0dd04\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"737a9957-834d-4a30-8e4c-468cfb3c4905\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\"}],\"time_field\":\"\",\"use_kibana_indexes\":true,\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"drop_last_bucket\":0,\"isModelInvalid\":false,\"filter\":{\"query\":\"data_stream.dataset : \\\"azure.springcloudlogs\\\" and azure.springcloudlogs.category : \\\"SystemLogs\\\" \",\"language\":\"kuery\"},\"index_pattern_ref_name\":\"metrics_0_index_pattern\"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-803777a0-f511-11eb-a831-732d3e9bbd43","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"metrics_0_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6414],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1NTAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Azure Spring Cloud Logs System Logs Logger Type [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Azure Spring Cloud Logs System Logs Logger Type [Logs Azure]\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"c8b02450-7668-4c2b-9b21-e7d59f0867a7\",\"type\":\"timeseries\",\"series\":[{\"id\":\"901af5fd-96ec-4e96-b35d-7a1941b85a40\",\"color\":\"#68BC00\",\"split_mode\":\"terms\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"08168ad0-60ba-492f-a7be-af47252f9cfe\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"azure.springcloudlogs.properties.logger\",\"label\":\"Logger\"},{\"id\":\"d9a5e200-f52e-11eb-ba9b-7b2d136782e1\",\"color\":\"rgba(145,112,184,1)\",\"split_mode\":\"terms\",\"palette\":{\"type\":\"palette\",\"name\":\"negative\"},\"metrics\":[{\"id\":\"d9a5e201-f52e-11eb-ba9b-7b2d136782e1\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"stacked_within_series\",\"label\":\"Type\",\"terms_field\":\"azure.springcloudlogs.properties.type\",\"split_color_mode\":null}],\"time_field\":\"\",\"use_kibana_indexes\":true,\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"drop_last_bucket\":0,\"isModelInvalid\":false,\"filter\":{\"query\":\"data_stream.dataset : \\\"azure.springcloudlogs\\\" and azure.springcloudlogs.category : \\\"SystemLogs\\\" \",\"language\":\"kuery\"},\"background_color\":null,\"index_pattern_ref_name\":\"metrics_0_index_pattern\"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-30e95c40-f52f-11eb-b9f3-73fa29f35762","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"metrics_0_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6418],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1NTEsMV0="}
-{"attributes":{"description":"[Logs Azure] Azure Spring cloud Logs System Logs","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":10,\"h\":7,\"i\":\"36cfd9c9-98e2-427a-9f99-3b4406d86841\"},\"panelIndex\":\"36cfd9c9-98e2-427a-9f99-3b4406d86841\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"### Azure Spring Cloud Logs\\n\\n[Overview](#/dashboard/azure-41e84340-ec20-11e9-90ec-112a988266d5) | [**System Logs**](#/dashboard/azure-87095750-f05a-11e9-90ec-112a988266d5) | [Application Console Logs](#/dashboard/azure-0f559cc0-f0d5-11e9-90ec-112a988266d5) \"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":false,\"enhancements\":{},\"type\":\"visualization\"},\"title\":\"Navigation Azure System Logs\",\"panelRefName\":\"panel_36cfd9c9-98e2-427a-9f99-3b4406d86841\"},{\"version\":\"7.14.0-SNAPSHOT\",\"type\":\"visualization\",\"gridData\":{\"x\":10,\"y\":0,\"w\":13,\"h\":7,\"i\":\"5cbc2c45-1213-4bb9-ab65-8dfc0cfbad8a\"},\"panelIndex\":\"5cbc2c45-1213-4bb9-ab65-8dfc0cfbad8a\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Subscription and Type Filter\",\"panelRefName\":\"panel_5cbc2c45-1213-4bb9-ab65-8dfc0cfbad8a\"},{\"version\":\"7.14.0-SNAPSHOT\",\"type\":\"visualization\",\"gridData\":{\"x\":23,\"y\":0,\"w\":25,\"h\":15,\"i\":\"dd3bc6e6-219b-46d1-a458-cf79faa14c22\"},\"panelIndex\":\"dd3bc6e6-219b-46d1-a458-cf79faa14c22\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"System Logs Activity\",\"panelRefName\":\"panel_dd3bc6e6-219b-46d1-a458-cf79faa14c22\"},{\"version\":\"7.14.0-SNAPSHOT\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":7,\"w\":23,\"h\":18,\"i\":\"6c53434c-d1f9-4210-a0fe-0e406cffb1a7\"},\"panelIndex\":\"6c53434c-d1f9-4210-a0fe-0e406cffb1a7\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Log Level\",\"panelRefName\":\"panel_6c53434c-d1f9-4210-a0fe-0e406cffb1a7\"},{\"version\":\"7.14.0-SNAPSHOT\",\"type\":\"lens\",\"gridData\":{\"x\":23,\"y\":15,\"w\":25,\"h\":19,\"i\":\"748eb38a-92e4-4636-87c4-ca8bde01e6d8\"},\"panelIndex\":\"748eb38a-92e4-4636-87c4-ca8bde01e6d8\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Operations\",\"panelRefName\":\"panel_748eb38a-92e4-4636-87c4-ca8bde01e6d8\"},{\"version\":\"7.14.0-SNAPSHOT\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":25,\"w\":23,\"h\":18,\"i\":\"f10825d9-48e7-4c3b-b225-51ac95988c8a\"},\"panelIndex\":\"f10825d9-48e7-4c3b-b225-51ac95988c8a\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Services\",\"panelRefName\":\"panel_f10825d9-48e7-4c3b-b225-51ac95988c8a\"},{\"version\":\"7.14.0-SNAPSHOT\",\"type\":\"visualization\",\"gridData\":{\"x\":23,\"y\":34,\"w\":25,\"h\":17,\"i\":\"65014b13-0aa6-488b-9015-5dcb7b0dfe74\"},\"panelIndex\":\"65014b13-0aa6-488b-9015-5dcb7b0dfe74\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Logger & Type\",\"panelRefName\":\"panel_65014b13-0aa6-488b-9015-5dcb7b0dfe74\"}]","timeRestore":false,"title":"[Logs Azure] Azure Spring Cloud Logs System Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-1adf52d0-f50f-11eb-a831-732d3e9bbd43","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"azure-e58802b0-f510-11eb-a831-732d3e9bbd43","name":"36cfd9c9-98e2-427a-9f99-3b4406d86841:panel_36cfd9c9-98e2-427a-9f99-3b4406d86841","type":"visualization"},{"id":"azure-f619df10-f50e-11eb-a831-732d3e9bbd43","name":"5cbc2c45-1213-4bb9-ab65-8dfc0cfbad8a:panel_5cbc2c45-1213-4bb9-ab65-8dfc0cfbad8a","type":"visualization"},{"id":"azure-803777a0-f511-11eb-a831-732d3e9bbd43","name":"dd3bc6e6-219b-46d1-a458-cf79faa14c22:panel_dd3bc6e6-219b-46d1-a458-cf79faa14c22","type":"visualization"},{"id":"azure-16df08d0-f526-11eb-b9f3-73fa29f35762","name":"6c53434c-d1f9-4210-a0fe-0e406cffb1a7:panel_6c53434c-d1f9-4210-a0fe-0e406cffb1a7","type":"visualization"},{"id":"azure-87256380-f52d-11eb-b9f3-73fa29f35762","name":"748eb38a-92e4-4636-87c4-ca8bde01e6d8:panel_748eb38a-92e4-4636-87c4-ca8bde01e6d8","type":"lens"},{"id":"azure-037fa5d0-f52e-11eb-b9f3-73fa29f35762","name":"f10825d9-48e7-4c3b-b225-51ac95988c8a:panel_f10825d9-48e7-4c3b-b225-51ac95988c8a","type":"visualization"},{"id":"azure-30e95c40-f52f-11eb-b9f3-73fa29f35762","name":"65014b13-0aa6-488b-9015-5dcb7b0dfe74:panel_65014b13-0aa6-488b-9015-5dcb7b0dfe74","type":"visualization"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6428],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1NTIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Azure Spring Cloud Logs Navigation Application Console Logs [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Azure Spring Cloud Logs Navigation Application Console Logs [Logs Azure]\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"### Azure Spring Cloud Application Console Logs\\n\\n[Overview](#/dashboard/azure-5ad41d90-f50e-11eb-a831-732d3e9bbd43) | [System Logs](#/dashboard/azure-1adf52d0-f50f-11eb-a831-732d3e9bbd43) | [**Application Console Logs**](#/dashboard/azure-32aedb00-f524-11eb-b9f3-73fa29f35762) \"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-1bb61e40-f524-11eb-b9f3-73fa29f35762","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6431],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1NTMsMV0="}
-{"attributes":{"columns":["observer.name","source.address","source.port","destination.address","destination.port","network.protocol","event.type","event.kind"],"description":"","grid":{},"hideChart":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"azure.firewall_logs\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"azure.firewall_logs\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"azure.firewall.operation_name : \\\"AzureFirewallApplicationRuleLog\\\"  \"}}"},"sort":[["@timestamp","desc"]],"title":"Firewall Network Application Rule Logs [Logs Azure]"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-671ff040-f24e-11ec-a5a8-bf965bcd5646","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6436],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1NTQsMV0="}
-{"attributes":{"description":"Dashboard providing statistics about alerts ingested from the Azure Firewall Application Rule Log events.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"azure.firewall_logs\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"azure.firewall_logs\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"azure.firewall.operation_name\",\"negate\":false,\"params\":{\"query\":\"AzureFirewallApplicationRuleLog\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"azure.firewall.operation_name\":\"AzureFirewallApplicationRuleLog\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":14,\"i\":\"258f7245-5011-4f03-bcd3-cada0180dc7a\",\"w\":12,\"x\":0,\"y\":0},\"panelIndex\":\"258f7245-5011-4f03-bcd3-cada0180dc7a\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"**Navigation**\\n\\n[Overview](/app/dashboards#/view/auzre-280493a0-f1a1-11ec-a5a8-bf965bcd5646)  \\n[Network Rule Logs](/app/dashboards#/view/azure-91224490-f1a6-11ec-a5a8-bf965bcd5646)  \\n[Network NAT Rule Logs](/app/dashboards#/view/azure-8731b980-f1aa-11ec-a5a8-bf965bcd5646)  \\n**[Application Rule Logs (This Page)](/app/dashboards#/view/azure-1e5c9b50-f24a-11ec-a5a8-bf965bcd5646)**  \\n[DNS Proxy Logs](/app/dashboards#/view/azure-cad82b40-f251-11ec-a5a8-bf965bcd5646)\\n\\n[Integrations Page](/app/integrations/detail/azure/overview?integration=firewall_logs)    \\n\\n**Overview**\\n\\nThis dashboard provides an overall view of Azure Firewall Application Rule Log events.\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"7cbe886c-4cc4-4fec-beff-7336b0965067\",\"w\":36,\"x\":12,\"y\":0},\"panelIndex\":\"7cbe886c-4cc4-4fec-beff-7336b0965067\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloud.account.id\",\"id\":\"1637591016076\",\"indexPatternRefName\":\"control_7cbe886c-4cc4-4fec-beff-7336b0965067_0_index_pattern\",\"label\":\"Subscription ID\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"observer.name\",\"id\":\"1637591118622\",\"indexPatternRefName\":\"control_7cbe886c-4cc4-4fec-beff-7336b0965067_1_index_pattern\",\"label\":\"Firewall\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":false,\"useTimeFilter\":false},\"title\":\"Firewall Filters\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64\",\"w\":6,\"x\":12,\"y\":7},\"panelIndex\":\"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Source IPs\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(source.ip)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of unique_count(source.ip)\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"source.ip\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Source IPs\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"4c85d573-baea-49ca-bb9e-4013a0373da7\",\"w\":6,\"x\":18,\"y\":7},\"panelIndex\":\"4c85d573-baea-49ca-bb9e-4013a0373da7\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Destination IPs\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(destination.ip)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Unique Source IPs\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"destination.ip\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Destination IPs\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"b0b8c30c-2096-49ee-95b3-9adbf27808e5\",\"w\":6,\"x\":24,\"y\":7},\"panelIndex\":\"b0b8c30c-2096-49ee-95b3-9adbf27808e5\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Source Countries\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(source.geo.country_name)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Unique Source IPs\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"source.geo.country_name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Source Countries\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"e0be3094-1544-4c59-858c-05320b57c3a7\",\"w\":6,\"x\":30,\"y\":7},\"panelIndex\":\"e0be3094-1544-4c59-858c-05320b57c3a7\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Destination Countries\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(destination.geo.country_name)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Unique Source Countries\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"destination.geo.country_name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Destination Countries\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"673dd2b3-e271-4ad9-9b86-83e4e1070647\",\"w\":6,\"x\":36,\"y\":7},\"panelIndex\":\"673dd2b3-e271-4ad9-9b86-83e4e1070647\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Network Protocols\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(network.protocol)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Unique Rules\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"network.protocol\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Network Protocols\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"ce8caf3c-c830-4500-a4bf-66a9f354cd49\",\"w\":12,\"x\":0,\"y\":14},\"panelIndex\":\"ce8caf3c-c830-4500-a4bf-66a9f354cd49\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5c93c96-5038-49e1-acca-2e876257c059\":{\"columnOrder\":[\"b2d72986-1818-4a93-9155-2a66cd00eca4\",\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\"],\"columns\":{\"b2d72986-1818-4a93-9155-2a66cd00eca4\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Firewall\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"observer.name\"},\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"b2d72986-1818-4a93-9155-2a66cd00eca4\",\"isTransposed\":false},{\"columnId\":\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\",\"isTransposed\":false}],\"layerId\":\"a5c93c96-5038-49e1-acca-2e876257c059\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Event Generating Firewalls\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"2148efa5-f130-4751-909d-6a79eed2e16b\",\"w\":12,\"x\":12,\"y\":14},\"panelIndex\":\"2148efa5-f130-4751-909d-6a79eed2e16b\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"77c8c7dc-b073-4d7c-8403-b25ee4647152\":{\"columnOrder\":[\"f49ff962-9e8a-4170-a0d8-54cee9438651\",\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"],\"columns\":{\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"f49ff962-9e8a-4170-a0d8-54cee9438651\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of source.geo.country_name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"source.geo.country_name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"legendSize\":\"auto\",\"primaryGroups\":[\"f49ff962-9e8a-4170-a0d8-54cee9438651\"],\"metrics\":[\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Source Countries\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"6790d45f-4fa9-4a70-b0e1-a3e10682c852\",\"w\":12,\"x\":24,\"y\":14},\"panelIndex\":\"6790d45f-4fa9-4a70-b0e1-a3e10682c852\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"77c8c7dc-b073-4d7c-8403-b25ee4647152\":{\"columnOrder\":[\"f49ff962-9e8a-4170-a0d8-54cee9438651\",\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"],\"columns\":{\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"f49ff962-9e8a-4170-a0d8-54cee9438651\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of destination.geo.country_name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"destination.geo.country_name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"legendSize\":\"auto\",\"primaryGroups\":[\"f49ff962-9e8a-4170-a0d8-54cee9438651\"],\"metrics\":[\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Destination Countries\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"f7c1e866-ba0d-45af-95bf-2736901431dc\",\"w\":12,\"x\":36,\"y\":14},\"panelIndex\":\"f7c1e866-ba0d-45af-95bf-2736901431dc\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"77c8c7dc-b073-4d7c-8403-b25ee4647152\":{\"columnOrder\":[\"76f26815-f13c-4273-b52f-7c25247f2b0d\",\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"],\"columns\":{\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"76f26815-f13c-4273-b52f-7c25247f2b0d\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of network.protocol\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"network.protocol\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"legendSize\":\"auto\",\"primaryGroups\":[\"76f26815-f13c-4273-b52f-7c25247f2b0d\",\"76f26815-f13c-4273-b52f-7c25247f2b0d\",\"76f26815-f13c-4273-b52f-7c25247f2b0d\",\"76f26815-f13c-4273-b52f-7c25247f2b0d\",\"76f26815-f13c-4273-b52f-7c25247f2b0d\"],\"metrics\":[\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"]}],\"shape\":\"donut\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Network Protocols and Applications\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"ffc33e34-3225-40da-97c6-ea9fbfa6db02\",\"w\":12,\"x\":0,\"y\":29},\"panelIndex\":\"ffc33e34-3225-40da-97c6-ea9fbfa6db02\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5c93c96-5038-49e1-acca-2e876257c059\":{\"columnOrder\":[\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"915adad5-4455-40d4-a9cd-0702da79189c\"],\"columns\":{\"63e483b4-0ce2-4f05-92a2-8e699650d64c\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Rules\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"rule.name\"},\"915adad5-4455-40d4-a9cd-0702da79189c\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"isTransposed\":false},{\"columnId\":\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"isTransposed\":false}],\"layerId\":\"a5c93c96-5038-49e1-acca-2e876257c059\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Event Rules\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"9609e04b-0043-4b3a-a31b-a2461c1e3dcb\",\"w\":12,\"x\":12,\"y\":29},\"panelIndex\":\"9609e04b-0043-4b3a-a31b-a2461c1e3dcb\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5c93c96-5038-49e1-acca-2e876257c059\":{\"columnOrder\":[\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"915adad5-4455-40d4-a9cd-0702da79189c\"],\"columns\":{\"63e483b4-0ce2-4f05-92a2-8e699650d64c\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Source Address\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"source.address\"},\"915adad5-4455-40d4-a9cd-0702da79189c\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"isTransposed\":false},{\"columnId\":\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"isTransposed\":false}],\"layerId\":\"a5c93c96-5038-49e1-acca-2e876257c059\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Event Source Addresses\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"8a1bd282-e360-473d-b26d-e73f2b470c81\",\"w\":12,\"x\":24,\"y\":29},\"panelIndex\":\"8a1bd282-e360-473d-b26d-e73f2b470c81\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5c93c96-5038-49e1-acca-2e876257c059\":{\"columnOrder\":[\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"915adad5-4455-40d4-a9cd-0702da79189c\"],\"columns\":{\"63e483b4-0ce2-4f05-92a2-8e699650d64c\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Destination Address\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"destination.address\"},\"915adad5-4455-40d4-a9cd-0702da79189c\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"isTransposed\":false},{\"columnId\":\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"isTransposed\":false}],\"layerId\":\"a5c93c96-5038-49e1-acca-2e876257c059\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Event Destination Addresses\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"3b9a2a5f-1226-415c-88d5-21496508d060\",\"w\":12,\"x\":36,\"y\":29},\"panelIndex\":\"3b9a2a5f-1226-415c-88d5-21496508d060\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5c93c96-5038-49e1-acca-2e876257c059\":{\"columnOrder\":[\"71a5a0d6-161e-4175-9a34-b25e8cfbf4c0\",\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\"],\"columns\":{\"71a5a0d6-161e-4175-9a34-b25e8cfbf4c0\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Network Protocol\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"network.protocol\"},\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"71a5a0d6-161e-4175-9a34-b25e8cfbf4c0\",\"isTransposed\":false},{\"columnId\":\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\",\"isTransposed\":false}],\"layerId\":\"a5c93c96-5038-49e1-acca-2e876257c059\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Network Protocols\"},{\"version\":\"7.16.0\",\"type\":\"search\",\"gridData\":{\"h\":17,\"i\":\"01c53b97-697b-40fb-874d-6e7d720eb3fe\",\"w\":48,\"x\":0,\"y\":40},\"panelIndex\":\"01c53b97-697b-40fb-874d-6e7d720eb3fe\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_01c53b97-697b-40fb-874d-6e7d720eb3fe\"}]","timeRestore":false,"title":"[Logs Azure] Firewall Application Rule Log","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-1e5c9b50-f24a-11ec-a5a8-bf965bcd5646","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"logs-*","name":"7cbe886c-4cc4-4fec-beff-7336b0965067:control_7cbe886c-4cc4-4fec-beff-7336b0965067_0_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7cbe886c-4cc4-4fec-beff-7336b0965067:control_7cbe886c-4cc4-4fec-beff-7336b0965067_1_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"4c85d573-baea-49ca-bb9e-4013a0373da7:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"4c85d573-baea-49ca-bb9e-4013a0373da7:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"b0b8c30c-2096-49ee-95b3-9adbf27808e5:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"b0b8c30c-2096-49ee-95b3-9adbf27808e5:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"e0be3094-1544-4c59-858c-05320b57c3a7:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"e0be3094-1544-4c59-858c-05320b57c3a7:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"673dd2b3-e271-4ad9-9b86-83e4e1070647:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"673dd2b3-e271-4ad9-9b86-83e4e1070647:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"ce8caf3c-c830-4500-a4bf-66a9f354cd49:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"ce8caf3c-c830-4500-a4bf-66a9f354cd49:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059","type":"index-pattern"},{"id":"logs-*","name":"2148efa5-f130-4751-909d-6a79eed2e16b:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"2148efa5-f130-4751-909d-6a79eed2e16b:indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152","type":"index-pattern"},{"id":"logs-*","name":"6790d45f-4fa9-4a70-b0e1-a3e10682c852:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"6790d45f-4fa9-4a70-b0e1-a3e10682c852:indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152","type":"index-pattern"},{"id":"logs-*","name":"f7c1e866-ba0d-45af-95bf-2736901431dc:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"f7c1e866-ba0d-45af-95bf-2736901431dc:indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152","type":"index-pattern"},{"id":"logs-*","name":"ffc33e34-3225-40da-97c6-ea9fbfa6db02:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"ffc33e34-3225-40da-97c6-ea9fbfa6db02:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059","type":"index-pattern"},{"id":"logs-*","name":"9609e04b-0043-4b3a-a31b-a2461c1e3dcb:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"9609e04b-0043-4b3a-a31b-a2461c1e3dcb:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059","type":"index-pattern"},{"id":"logs-*","name":"8a1bd282-e360-473d-b26d-e73f2b470c81:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"8a1bd282-e360-473d-b26d-e73f2b470c81:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059","type":"index-pattern"},{"id":"logs-*","name":"3b9a2a5f-1226-415c-88d5-21496508d060:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"3b9a2a5f-1226-415c-88d5-21496508d060:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059","type":"index-pattern"},{"id":"azure-671ff040-f24e-11ec-a5a8-bf965bcd5646","name":"01c53b97-697b-40fb-874d-6e7d720eb3fe:panel_01c53b97-697b-40fb-874d-6e7d720eb3fe","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6470],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1NTUsMV0="}
-{"attributes":{"columns":["observer.name","source.ip","source.port","destination.ip","destination.port","destination.nat.ip","destination.nat.port","event.type","event.kind"],"description":"","grid":{},"hideChart":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"azure.firewall_logs\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"azure.firewall_logs\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"azure.firewall.operation_name : \\\"AzureFirewallNatRuleLog\\\" \"}}"},"sort":[["@timestamp","desc"]],"title":"Firewall Network NAT Rule Logs [Logs Azure]"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-252228a0-f1ab-11ec-a5a8-bf965bcd5646","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6475],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1NTYsMV0="}
-{"attributes":{"columns":["observer.name","source.address","source.port","destination.address","destination.port","event.kind","event.type"],"description":"","grid":{},"hideChart":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"azure.firewall_logs\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"azure.firewall_logs\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"sort":[["@timestamp","desc"]],"title":"Firewall Logs [Logs Azure]"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-fb61c4c0-f1a1-11ec-a5a8-bf965bcd5646","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6480],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1NTcsMV0="}
-{"attributes":{"description":"Dashboard providing an overall view of the AWS Network Firewall integration.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"azure.firewall_logs\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"azure.firewall_logs\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"258f7245-5011-4f03-bcd3-cada0180dc7a\",\"w\":13,\"x\":0,\"y\":0},\"panelIndex\":\"258f7245-5011-4f03-bcd3-cada0180dc7a\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"**Navigation**\\n\\n**[Overview (This Page)](/app/dashboards#/view/azure-280493a0-f1a1-11ec-a5a8-bf965bcd5646)**  \\n[Network Rule Logs](/app/dashboards#/view/azure-91224490-f1a6-11ec-a5a8-bf965bcd5646)  \\n[Network NAT Rule Logs](/app/dashboards#/view/azure-8731b980-f1aa-11ec-a5a8-bf965bcd5646)  \\n[Application Rule Logs](/app/dashboards#/view/azure-1e5c9b50-f24a-11ec-a5a8-bf965bcd5646)  \\n[DNS Proxy Logs](/app/dashboards#/view/azure-cad82b40-f251-11ec-a5a8-bf965bcd5646)\\n\\n[Integrations Page](/app/integrations/detail/azure/overview?integration=firewall_logs)  \\n\\n**Overview**\\n\\nThis dashboard provides an overall view of Azure Firewall integration.\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"f22a22bc-21e2-4fb2-8c4e-a31393cba5e9\",\"w\":35,\"x\":13,\"y\":0},\"panelIndex\":\"f22a22bc-21e2-4fb2-8c4e-a31393cba5e9\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloud.account.id\",\"id\":\"1637591016076\",\"indexPatternRefName\":\"control_f22a22bc-21e2-4fb2-8c4e-a31393cba5e9_0_index_pattern\",\"label\":\"Subscription ID\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"observer.name\",\"id\":\"1637591118622\",\"indexPatternRefName\":\"control_f22a22bc-21e2-4fb2-8c4e-a31393cba5e9_1_index_pattern\",\"label\":\"Firewall\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":false,\"useTimeFilter\":false},\"title\":\"Firewall Filters\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"e8d2a7be-bc2a-4ca5-ae71-5273156084b3\",\"w\":5,\"x\":13,\"y\":7},\"panelIndex\":\"e8d2a7be-bc2a-4ca5-ae71-5273156084b3\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"775a9e84-2203-42bf-a775-f60ad2cd84ae\"],\"columns\":{\"775a9e84-2203-42bf-a775-f60ad2cd84ae\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Total Events\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.kind\",\"negate\":false,\"params\":{\"query\":\"event\"},\"type\":\"phrase\",\"index\":\"filter-index-pattern-0\"},\"query\":{\"match_phrase\":{\"event.kind\":\"event\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"775a9e84-2203-42bf-a775-f60ad2cd84ae\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Events\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"3fc05a86-0b0d-435d-9df5-a5423225d5e5\",\"w\":6,\"x\":18,\"y\":7},\"panelIndex\":\"3fc05a86-0b0d-435d-9df5-a5423225d5e5\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"filter-index-pattern-1\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"775a9e84-2203-42bf-a775-f60ad2cd84ae\"],\"columns\":{\"775a9e84-2203-42bf-a775-f60ad2cd84ae\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Total Allowed Events\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.category\",\"negate\":false,\"params\":{\"query\":\"network\"},\"type\":\"phrase\",\"index\":\"filter-index-pattern-0\"},\"query\":{\"match_phrase\":{\"event.category\":\"network\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.type\",\"negate\":false,\"params\":{\"query\":\"allowed\"},\"type\":\"phrase\",\"index\":\"filter-index-pattern-1\"},\"query\":{\"match_phrase\":{\"event.type\":\"allowed\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"775a9e84-2203-42bf-a775-f60ad2cd84ae\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Allowed Events\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64\",\"w\":6,\"x\":24,\"y\":7},\"panelIndex\":\"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"filter-index-pattern-1\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"775a9e84-2203-42bf-a775-f60ad2cd84ae\"],\"columns\":{\"775a9e84-2203-42bf-a775-f60ad2cd84ae\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Total Denied Events\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.category\",\"negate\":false,\"params\":{\"query\":\"network\"},\"type\":\"phrase\",\"index\":\"filter-index-pattern-0\"},\"query\":{\"match_phrase\":{\"event.category\":\"network\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.type\",\"negate\":false,\"params\":{\"query\":\"denied\"},\"type\":\"phrase\",\"index\":\"filter-index-pattern-1\"},\"query\":{\"match_phrase\":{\"event.type\":\"denied\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"775a9e84-2203-42bf-a775-f60ad2cd84ae\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Denied Events\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"54c39a08-c881-4c64-af1a-8e48867947c3\",\"w\":6,\"x\":30,\"y\":7},\"panelIndex\":\"54c39a08-c881-4c64-af1a-8e48867947c3\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"775a9e84-2203-42bf-a775-f60ad2cd84ae\"],\"columns\":{\"775a9e84-2203-42bf-a775-f60ad2cd84ae\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Source Addresses\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"source.address\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"775a9e84-2203-42bf-a775-f60ad2cd84ae\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Source IPs\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"b9d7f8b6-deb6-4d46-ad11-7793dd783012\",\"w\":6,\"x\":36,\"y\":7},\"panelIndex\":\"b9d7f8b6-deb6-4d46-ad11-7793dd783012\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"775a9e84-2203-42bf-a775-f60ad2cd84ae\"],\"columns\":{\"775a9e84-2203-42bf-a775-f60ad2cd84ae\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Destination Addresses\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"destination.address\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"775a9e84-2203-42bf-a775-f60ad2cd84ae\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Destination IPs\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"83dde1a0-0605-4c05-9bd2-1f2686cd7007\",\"w\":6,\"x\":42,\"y\":7},\"panelIndex\":\"83dde1a0-0605-4c05-9bd2-1f2686cd7007\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"b6504f22-c6eb-439d-bb4d-a3acc2b5de34\",\"775a9e84-2203-42bf-a775-f60ad2cd84ae\"],\"columns\":{\"775a9e84-2203-42bf-a775-f60ad2cd84ae\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Network Protocols\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"network.protocol\"},\"b6504f22-c6eb-439d-bb4d-a3acc2b5de34\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique count of network.protocol\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"network.protocol\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.kind\",\"negate\":false,\"params\":{\"query\":\"event\"},\"type\":\"phrase\",\"index\":\"filter-index-pattern-0\"},\"query\":{\"match_phrase\":{\"event.kind\":\"event\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"775a9e84-2203-42bf-a775-f60ad2cd84ae\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Network Protocols\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":16,\"i\":\"f933435c-1f7d-4cb0-87eb-6c23c6ad6dbb\",\"w\":28,\"x\":0,\"y\":15},\"panelIndex\":\"f933435c-1f7d-4cb0-87eb-6c23c6ad6dbb\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-8c1d8a18-0da5-431f-8faf-f72f028b10de\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"8c1d8a18-0da5-431f-8faf-f72f028b10de\":{\"columnOrder\":[\"995b44f7-a7f2-474a-b080-bc5e61834c85\",\"ac103bf9-1072-42f9-88e1-645355cfab7d\",\"d75176b0-fe18-4834-8be1-876ae441c8f9\"],\"columns\":{\"995b44f7-a7f2-474a-b080-bc5e61834c85\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of event.kind\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"d75176b0-fe18-4834-8be1-876ae441c8f9\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":3},\"scale\":\"ordinal\",\"sourceField\":\"event.kind\"},\"ac103bf9-1072-42f9-88e1-645355cfab7d\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"d75176b0-fe18-4834-8be1-876ae441c8f9\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"d75176b0-fe18-4834-8be1-876ae441c8f9\"],\"layerId\":\"8c1d8a18-0da5-431f-8faf-f72f028b10de\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"995b44f7-a7f2-474a-b080-bc5e61834c85\",\"xAccessor\":\"ac103bf9-1072-42f9-88e1-645355cfab7d\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Events\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":16,\"i\":\"bcfbc5f5-fd40-48e3-937d-965fcb8a5585\",\"w\":20,\"x\":28,\"y\":15},\"panelIndex\":\"bcfbc5f5-fd40-48e3-937d-965fcb8a5585\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b2bc813b-af38-4aac-bf1f-7d3b6f3aa51c\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b2bc813b-af38-4aac-bf1f-7d3b6f3aa51c\":{\"columnOrder\":[\"7ea404e0-e31f-4216-a626-ee830469e97b\",\"de9ad2be-a35d-4e4c-a6ac-4a1b2dcc2c0b\",\"6e93ea29-3bab-47ea-b978-c91480873532\"],\"columns\":{\"6e93ea29-3bab-47ea-b978-c91480873532\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"7ea404e0-e31f-4216-a626-ee830469e97b\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Firewalls\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"6e93ea29-3bab-47ea-b978-c91480873532\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"observer.name\"},\"de9ad2be-a35d-4e4c-a6ac-4a1b2dcc2c0b\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of event.kind\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"6e93ea29-3bab-47ea-b978-c91480873532\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":3},\"scale\":\"ordinal\",\"sourceField\":\"event.kind\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"6e93ea29-3bab-47ea-b978-c91480873532\"],\"layerId\":\"b2bc813b-af38-4aac-bf1f-7d3b6f3aa51c\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"splitAccessor\":\"de9ad2be-a35d-4e4c-a6ac-4a1b2dcc2c0b\",\"xAccessor\":\"7ea404e0-e31f-4216-a626-ee830469e97b\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"bar_horizontal\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Events by Firewall\"},{\"version\":\"7.16.0\",\"type\":\"search\",\"gridData\":{\"h\":17,\"i\":\"eca6f69d-bee2-4e17-bdb9-4852f3056957\",\"w\":48,\"x\":0,\"y\":31},\"panelIndex\":\"eca6f69d-bee2-4e17-bdb9-4852f3056957\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Firewall Logs\",\"panelRefName\":\"panel_eca6f69d-bee2-4e17-bdb9-4852f3056957\"}]","timeRestore":false,"title":"[Logs Azure] Firewall Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-280493a0-f1a1-11ec-a5a8-bf965bcd5646","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"f22a22bc-21e2-4fb2-8c4e-a31393cba5e9:control_f22a22bc-21e2-4fb2-8c4e-a31393cba5e9_0_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"f22a22bc-21e2-4fb2-8c4e-a31393cba5e9:control_f22a22bc-21e2-4fb2-8c4e-a31393cba5e9_1_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"e8d2a7be-bc2a-4ca5-ae71-5273156084b3:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"e8d2a7be-bc2a-4ca5-ae71-5273156084b3:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"e8d2a7be-bc2a-4ca5-ae71-5273156084b3:filter-index-pattern-0","type":"index-pattern"},{"id":"logs-*","name":"3fc05a86-0b0d-435d-9df5-a5423225d5e5:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"3fc05a86-0b0d-435d-9df5-a5423225d5e5:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"3fc05a86-0b0d-435d-9df5-a5423225d5e5:filter-index-pattern-0","type":"index-pattern"},{"id":"logs-*","name":"3fc05a86-0b0d-435d-9df5-a5423225d5e5:filter-index-pattern-1","type":"index-pattern"},{"id":"logs-*","name":"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:filter-index-pattern-0","type":"index-pattern"},{"id":"logs-*","name":"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:filter-index-pattern-1","type":"index-pattern"},{"id":"logs-*","name":"54c39a08-c881-4c64-af1a-8e48867947c3:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"54c39a08-c881-4c64-af1a-8e48867947c3:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"b9d7f8b6-deb6-4d46-ad11-7793dd783012:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"b9d7f8b6-deb6-4d46-ad11-7793dd783012:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"83dde1a0-0605-4c05-9bd2-1f2686cd7007:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"83dde1a0-0605-4c05-9bd2-1f2686cd7007:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"83dde1a0-0605-4c05-9bd2-1f2686cd7007:filter-index-pattern-0","type":"index-pattern"},{"id":"logs-*","name":"f933435c-1f7d-4cb0-87eb-6c23c6ad6dbb:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"f933435c-1f7d-4cb0-87eb-6c23c6ad6dbb:indexpattern-datasource-layer-8c1d8a18-0da5-431f-8faf-f72f028b10de","type":"index-pattern"},{"id":"logs-*","name":"bcfbc5f5-fd40-48e3-937d-965fcb8a5585:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"bcfbc5f5-fd40-48e3-937d-965fcb8a5585:indexpattern-datasource-layer-b2bc813b-af38-4aac-bf1f-7d3b6f3aa51c","type":"index-pattern"},{"id":"azure-fb61c4c0-f1a1-11ec-a5a8-bf965bcd5646","name":"eca6f69d-bee2-4e17-bdb9-4852f3056957:panel_eca6f69d-bee2-4e17-bdb9-4852f3056957","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6509],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1NTgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Azure Spring Cloud Logs Application Console Logs [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Azure Spring Cloud Logs Application Console Logs [Logs Azure]\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"fe635368-0f50-4039-82f0-a229d13b6665\",\"type\":\"timeseries\",\"series\":[{\"id\":\"c99c6393-738a-452b-a68f-2cf1e7580ba0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"7c304953-51fe-4c51-8007-0c0035eb39da\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\"}],\"time_field\":\"\",\"use_kibana_indexes\":true,\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"drop_last_bucket\":0,\"isModelInvalid\":false,\"filter\":{\"query\":\"data_stream.dataset : \\\"azure.springcloudlogs\\\" and azure.springcloudlogs.category : \\\"ApplicationConsole\\\" \",\"language\":\"kuery\"},\"index_pattern_ref_name\":\"metrics_0_index_pattern\"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-6c570750-f525-11eb-b9f3-73fa29f35762","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"metrics_0_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6513],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1NTksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Azure Spring Cloud Logs Application Console Logs Log Level [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Azure Spring Cloud Logs Application Console Logs Log Level [Logs Azure]\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"d8e737ce-125a-4263-9045-c1106588cbbb\",\"type\":\"timeseries\",\"series\":[{\"id\":\"710c298a-93bb-4d00-99c0-605bbd463ac0\",\"color\":\"rgba(211,96,134,1)\",\"split_mode\":\"terms\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"10c7e926-cf10-42a7-89f7-0c0018b38c62\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"log.level\",\"label\":\"Log Level\"}],\"time_field\":\"\",\"use_kibana_indexes\":true,\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"drop_last_bucket\":0,\"isModelInvalid\":false,\"filter\":{\"query\":\"data_stream.dataset : \\\"azure.springcloudlogs\\\" and azure.springcloudlogs.category : \\\"ApplicationConsole\\\" \",\"language\":\"kuery\"},\"index_pattern_ref_name\":\"metrics_0_index_pattern\"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-8becb3c0-f526-11eb-b9f3-73fa29f35762","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"metrics_0_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6517],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1NjAsMV0="}
-{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"7.14.0-SNAPSHOT\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":9,\"h\":7,\"i\":\"0be608b5-cbdb-49a6-a789-a4f2ede7e5bd\"},\"panelIndex\":\"0be608b5-cbdb-49a6-a789-a4f2ede7e5bd\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Navigation Application Console Logs \",\"panelRefName\":\"panel_0be608b5-cbdb-49a6-a789-a4f2ede7e5bd\"},{\"version\":\"7.14.0-SNAPSHOT\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":0,\"w\":14,\"h\":7,\"i\":\"92623f66-de82-45c4-b8ef-63131d89c01e\"},\"panelIndex\":\"92623f66-de82-45c4-b8ef-63131d89c01e\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Subscription and Type Filter\",\"panelRefName\":\"panel_92623f66-de82-45c4-b8ef-63131d89c01e\"},{\"version\":\"7.14.0-SNAPSHOT\",\"type\":\"visualization\",\"gridData\":{\"x\":23,\"y\":0,\"w\":25,\"h\":15,\"i\":\"a6dbf221-669f-43e9-ae52-95ca08285b90\"},\"panelIndex\":\"a6dbf221-669f-43e9-ae52-95ca08285b90\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Application Console Logs Activity\",\"panelRefName\":\"panel_a6dbf221-669f-43e9-ae52-95ca08285b90\"},{\"version\":\"7.14.0-SNAPSHOT\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":7,\"w\":23,\"h\":16,\"i\":\"516b81e3-38d5-4858-bc21-780601523d46\"},\"panelIndex\":\"516b81e3-38d5-4858-bc21-780601523d46\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Log Level\",\"panelRefName\":\"panel_516b81e3-38d5-4858-bc21-780601523d46\"},{\"version\":\"7.14.0-SNAPSHOT\",\"type\":\"lens\",\"gridData\":{\"x\":23,\"y\":15,\"w\":13,\"h\":18,\"i\":\"98d4b7c1-7a04-4075-a35f-913e310b71bf\"},\"panelIndex\":\"98d4b7c1-7a04-4075-a35f-913e310b71bf\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Services\",\"panelRefName\":\"panel_98d4b7c1-7a04-4075-a35f-913e310b71bf\"},{\"version\":\"7.14.0-SNAPSHOT\",\"type\":\"lens\",\"gridData\":{\"x\":36,\"y\":15,\"w\":12,\"h\":18,\"i\":\"fdc7ed64-888b-438d-811a-567fc741276c\"},\"panelIndex\":\"fdc7ed64-888b-438d-811a-567fc741276c\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Applications\",\"panelRefName\":\"panel_fdc7ed64-888b-438d-811a-567fc741276c\"},{\"version\":\"7.14.0-SNAPSHOT\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":23,\"w\":23,\"h\":26,\"i\":\"ee0da4f3-5c39-4d08-91ed-ba518d1ae171\"},\"panelIndex\":\"ee0da4f3-5c39-4d08-91ed-ba518d1ae171\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Operations\",\"panelRefName\":\"panel_ee0da4f3-5c39-4d08-91ed-ba518d1ae171\"},{\"version\":\"7.14.0-SNAPSHOT\",\"type\":\"visualization\",\"gridData\":{\"x\":23,\"y\":33,\"w\":25,\"h\":16,\"i\":\"961f9ee7-5d00-4686-8ead-0538cef2c685\"},\"panelIndex\":\"961f9ee7-5d00-4686-8ead-0538cef2c685\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Applications & Instances\",\"panelRefName\":\"panel_961f9ee7-5d00-4686-8ead-0538cef2c685\"}]","timeRestore":false,"title":"[Logs Azure] Azure Spring Cloud Logs Application Cloud Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-32aedb00-f524-11eb-b9f3-73fa29f35762","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"azure-1bb61e40-f524-11eb-b9f3-73fa29f35762","name":"0be608b5-cbdb-49a6-a789-a4f2ede7e5bd:panel_0be608b5-cbdb-49a6-a789-a4f2ede7e5bd","type":"visualization"},{"id":"azure-f619df10-f50e-11eb-a831-732d3e9bbd43","name":"92623f66-de82-45c4-b8ef-63131d89c01e:panel_92623f66-de82-45c4-b8ef-63131d89c01e","type":"visualization"},{"id":"azure-6c570750-f525-11eb-b9f3-73fa29f35762","name":"a6dbf221-669f-43e9-ae52-95ca08285b90:panel_a6dbf221-669f-43e9-ae52-95ca08285b90","type":"visualization"},{"id":"azure-8becb3c0-f526-11eb-b9f3-73fa29f35762","name":"516b81e3-38d5-4858-bc21-780601523d46:panel_516b81e3-38d5-4858-bc21-780601523d46","type":"visualization"},{"id":"azure-d3708b30-f527-11eb-b9f3-73fa29f35762","name":"98d4b7c1-7a04-4075-a35f-913e310b71bf:panel_98d4b7c1-7a04-4075-a35f-913e310b71bf","type":"lens"},{"id":"azure-1c9f21e0-f528-11eb-b9f3-73fa29f35762","name":"fdc7ed64-888b-438d-811a-567fc741276c:panel_fdc7ed64-888b-438d-811a-567fc741276c","type":"lens"},{"id":"azure-18bb8240-f52c-11eb-b9f3-73fa29f35762","name":"ee0da4f3-5c39-4d08-91ed-ba518d1ae171:panel_ee0da4f3-5c39-4d08-91ed-ba518d1ae171","type":"lens"},{"id":"azure-013d9a80-f52d-11eb-b9f3-73fa29f35762","name":"961f9ee7-5d00-4686-8ead-0538cef2c685:panel_961f9ee7-5d00-4686-8ead-0538cef2c685","type":"visualization"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6528],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1NjEsMV0="}
-{"attributes":{"columns":[],"description":"Lists sync activities produced by the Azure AD Provisioning service.","grid":{},"hideChart":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"azure.provisioning.category : \\\"ProvisioningLogs\\\" \"}}"},"sort":[["@timestamp","desc"]],"title":"Provisioning Logs [Azure Logs]"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-a3664560-32ed-11ed-8fa6-3121b5e93ca0","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6532],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1NjIsMV0="}
-{"attributes":{"description":"Provide an overview and statistics of the provisioning activities on your enterprise applications.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":12,\"i\":\"3e85d806-64f3-4fef-9094-95820e962a59\",\"w\":7,\"x\":0,\"y\":0},\"panelIndex\":\"3e85d806-64f3-4fef-9094-95820e962a59\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-2ac1988b-9f69-439c-8898-0a385bb56434\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"2ac1988b-9f69-439c-8898-0a385bb56434\":{\"columnOrder\":[\"bb6d8913-2437-461c-a5cb-95f745f2e061\",\"37aa3be8-a77c-4241-92a7-4d1b58bc0d47\"],\"columns\":{\"37aa3be8-a77c-4241-92a7-4d1b58bc0d47\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"bb6d8913-2437-461c-a5cb-95f745f2e061\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"System Name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"37aa3be8-a77c-4241-92a7-4d1b58bc0d47\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"azure.provisioning.properties.source_system.name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"azure.provisioning.category : \\\"ProvisioningLogs\\\" \"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"2ac1988b-9f69-439c-8898-0a385bb56434\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"legendSize\":\"auto\",\"primaryGroups\":[\"bb6d8913-2437-461c-a5cb-95f745f2e061\"],\"metrics\":[\"37aa3be8-a77c-4241-92a7-4d1b58bc0d47\"]}],\"shape\":\"donut\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Source Systems\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":12,\"i\":\"2f5e0c64-5e96-420c-bc64-afacc08e6170\",\"w\":40,\"x\":7,\"y\":0},\"panelIndex\":\"2f5e0c64-5e96-420c-bc64-afacc08e6170\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-1f69b72b-c265-4fe1-b20d-88a15cff56f9\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"1f69b72b-c265-4fe1-b20d-88a15cff56f9\":{\"columnOrder\":[\"a586c6fb-aa02-42c6-a12b-8a283461a055\",\"284e3e1d-c5d0-4e97-ac45-ab7348467727\",\"e8e6a775-ed41-4215-9037-a7ee9e4b2b95\"],\"columns\":{\"284e3e1d-c5d0-4e97-ac45-ab7348467727\":{\"customLabel\":true,\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"Activity Date\",\"operationType\":\"date_histogram\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true},\"scale\":\"interval\",\"sourceField\":\"azure.provisioning.properties.activity_datetime\"},\"a586c6fb-aa02-42c6-a12b-8a283461a055\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Status\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e8e6a775-ed41-4215-9037-a7ee9e4b2b95\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":3},\"scale\":\"ordinal\",\"sourceField\":\"azure.provisioning.properties.provisioning_status_info.status\"},\"e8e6a775-ed41-4215-9037-a7ee9e4b2b95\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"azure.provisioning.category : \\\"ProvisioningLogs\\\" \"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"e8e6a775-ed41-4215-9037-a7ee9e4b2b95\"],\"layerId\":\"1f69b72b-c265-4fe1-b20d-88a15cff56f9\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"splitAccessor\":\"a586c6fb-aa02-42c6-a12b-8a283461a055\",\"xAccessor\":\"284e3e1d-c5d0-4e97-ac45-ab7348467727\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"bar_stacked\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Provisioning Timeline\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":12,\"i\":\"bbb69b3c-5709-44bf-9fb2-282185863941\",\"w\":7,\"x\":0,\"y\":12},\"panelIndex\":\"bbb69b3c-5709-44bf-9fb2-282185863941\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-2ac1988b-9f69-439c-8898-0a385bb56434\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"2ac1988b-9f69-439c-8898-0a385bb56434\":{\"columnOrder\":[\"bb6d8913-2437-461c-a5cb-95f745f2e061\",\"37aa3be8-a77c-4241-92a7-4d1b58bc0d47\"],\"columns\":{\"37aa3be8-a77c-4241-92a7-4d1b58bc0d47\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"bb6d8913-2437-461c-a5cb-95f745f2e061\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"System Name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"37aa3be8-a77c-4241-92a7-4d1b58bc0d47\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"azure.provisioning.properties.target_system.name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"azure.provisioning.category : \\\"ProvisioningLogs\\\" \"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"2ac1988b-9f69-439c-8898-0a385bb56434\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"legendSize\":\"auto\",\"primaryGroups\":[\"bb6d8913-2437-461c-a5cb-95f745f2e061\"],\"metrics\":[\"37aa3be8-a77c-4241-92a7-4d1b58bc0d47\"]}],\"shape\":\"donut\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Target Systems\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":12,\"i\":\"30ec913d-7cc6-46e6-aa9a-8fab0c3102e8\",\"w\":6,\"x\":7,\"y\":12},\"panelIndex\":\"30ec913d-7cc6-46e6-aa9a-8fab0c3102e8\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-294d1395-9af2-4496-a6a1-0092fe28f2c1\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"294d1395-9af2-4496-a6a1-0092fe28f2c1\":{\"columnOrder\":[\"c3972110-af8a-4610-9c78-356de76c5b42\"],\"columns\":{\"c3972110-af8a-4610-9c78-356de76c5b42\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Activities\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"azure.provisioning.category : \\\"ProvisioningLogs\\\" and azure.provisioning.operation_name : \\\"Provisioning activity\\\" \"},\"visualization\":{\"accessor\":\"c3972110-af8a-4610-9c78-356de76c5b42\",\"layerId\":\"294d1395-9af2-4496-a6a1-0092fe28f2c1\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Provisioning Activities\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"357e6699-3227-4674-a833-84c6487dc22e\",\"w\":34,\"x\":13,\"y\":12},\"panelIndex\":\"357e6699-3227-4674-a833-84c6487dc22e\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"aggregate\":\"concat\",\"customLabel\":\"Date\",\"field\":\"azure.provisioning.properties.activity_datetime\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\"},\"schema\":\"metric\",\"type\":\"top_hits\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Name\",\"field\":\"azure.provisioning.properties.source_identity.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":3},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Type\",\"field\":\"azure.provisioning.properties.source_identity.identity_type\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Action\",\"field\":\"azure.provisioning.properties.action\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"5\",\"params\":{\"customLabel\":\"Source\",\"field\":\"azure.provisioning.properties.source_system.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"6\",\"params\":{\"customLabel\":\"Target\",\"field\":\"azure.provisioning.properties.target_system.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"7\",\"params\":{\"customLabel\":\"Status\",\"field\":\"azure.provisioning.properties.provisioning_status_info.status\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":false,\"id\":\"8\",\"params\":{\"customLabel\":\"Date\",\"field\":\"azure.provisioning.properties.activity_datetime\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"savedSearchId\":\"azure-a3664560-32ed-11ed-8fa6-3121b5e93ca0\",\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"azure.provisioning.category : \\\"ProvisioningLogs\\\" \"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"autoFitRowToContent\":false,\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":false,\"showTotal\":false,\"totalFunc\":\"sum\"},\"title\":\"\",\"type\":\"table\",\"uiState\":{}},\"table\":null,\"vis\":{\"params\":{\"colWidth\":[{\"colIndex\":1,\"width\":121.42857142857142},{\"colIndex\":2,\"width\":123.0952380952381},{\"colIndex\":3,\"width\":256.8952380952381},{\"colIndex\":4,\"width\":213.89523809523808},{\"colIndex\":5,\"width\":107.2285714285714},{\"colIndex\":0,\"width\":179.22857142857146},{\"colIndex\":6,\"width\":295.61428571428564},{\"colIndex\":7,\"width\":89}]}},\"type\":\"visualization\"},\"title\":\"Last Activity\"}]","timeRestore":false,"title":"[Logs Azure] Azure AD Provisioning Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-3cdf69c0-32d9-11ed-a2e6-916b60bbea71","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"3e85d806-64f3-4fef-9094-95820e962a59:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"3e85d806-64f3-4fef-9094-95820e962a59:indexpattern-datasource-layer-2ac1988b-9f69-439c-8898-0a385bb56434","type":"index-pattern"},{"id":"logs-*","name":"2f5e0c64-5e96-420c-bc64-afacc08e6170:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"2f5e0c64-5e96-420c-bc64-afacc08e6170:indexpattern-datasource-layer-1f69b72b-c265-4fe1-b20d-88a15cff56f9","type":"index-pattern"},{"id":"logs-*","name":"bbb69b3c-5709-44bf-9fb2-282185863941:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"bbb69b3c-5709-44bf-9fb2-282185863941:indexpattern-datasource-layer-2ac1988b-9f69-439c-8898-0a385bb56434","type":"index-pattern"},{"id":"logs-*","name":"30ec913d-7cc6-46e6-aa9a-8fab0c3102e8:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"30ec913d-7cc6-46e6-aa9a-8fab0c3102e8:indexpattern-datasource-layer-294d1395-9af2-4496-a6a1-0092fe28f2c1","type":"index-pattern"},{"id":"azure-a3664560-32ed-11ed-8fa6-3121b5e93ca0","name":"357e6699-3227-4674-a833-84c6487dc22e:search_0","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6544],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1NjMsMV0="}
-{"attributes":{"columns":["observer.name","source.address","source.port","network.transport","dns.question.name","event.type","event.kind"],"description":"","grid":{},"hideChart":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"azure.firewall_logs\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"azure.firewall_logs\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"azure.firewall.operation_name : \\\"AzureFirewallDnsProxyLog\\\"   \"}}"},"sort":[["@timestamp","desc"]],"title":"Firewall Network DNS Proxy Logs [Logs Azure]"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-3d1466b0-f252-11ec-a5a8-bf965bcd5646","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6549],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1NjQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"title":"Navigation Overview [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"fontSize\":10,\"markdown\":\"### Azure Monitoring\\n\\n[**Overview**](#/dashboard/azure-41e84340-ec20-11e9-90ec-112a988266d5) | [Users](#/dashboard/azure-87095750-f05a-11e9-90ec-112a988266d5) | [Alerts](#/dashboard/azure-0f559cc0-f0d5-11e9-90ec-112a988266d5) \",\"openLinksInNewTab\":false},\"title\":\"Navigation Overview [Logs Azure]\",\"type\":\"markdown\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-fe24ac90-f05a-11e9-90ec-112a988266d5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6552],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1NjUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Activity Level [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset :\\\"azure.activitylogs\\\" and azure.activitylogs.event_category :\\\"Administrative\\\" \"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"bar\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":0,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"title\":\"Activity Level [Logs Azure]\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-da67d650-ec14-11e9-90ec-112a988266d5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6555],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1NjYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"azure.activitylogs\\\" \"}}"},"title":"Activity Stats [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Resources\",\"field\":\"azure.resource.name\"},\"schema\":\"metric\",\"type\":\"cardinality\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Users\",\"field\":\"azure.activitylogs.identity.claims_initiated_by_user.name\"},\"schema\":\"metric\",\"type\":\"cardinality\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Resource Groups\",\"field\":\"azure.resource.group\"},\"schema\":\"metric\",\"type\":\"cardinality\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Subscriptions\",\"field\":\"azure.subscription_id\"},\"schema\":\"metric\",\"type\":\"cardinality\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}},\"type\":\"vis_dimension\"},{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{}},\"type\":\"vis_dimension\"},{\"accessor\":2,\"format\":{\"id\":\"number\",\"params\":{}},\"type\":\"vis_dimension\"}]},\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000,\"type\":\"range\"}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Activity Stats [Logs Azure]\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-e4c7f4b0-f045-11e9-90ec-112a988266d5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6559],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1NjcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Access Requests [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset :\\\"azure.activitylogs\\\" and azure.activitylogs.operation_name : *LISTKEYS*\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"filter\":{\"language\":\"kuery\",\"query\":\"event.outcome : \\\"success\\\" or event.outcome : \\\"Success\\\" \"},\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Success\",\"line_width\":\"2\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"filter\",\"stacked\":\"none\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(226,115,0,1)\",\"fill\":\"0\",\"filter\":{\"language\":\"kuery\",\"query\":\"event.outcome : \\\"Failure\\\"  or event.outcome : \\\"failure\\\"  \"},\"formatter\":\"number\",\"id\":\"1b5f75a0-ec15-11e9-b6a7-21d19b63822a\",\"label\":\"Failure\",\"line_width\":\"2\",\"metrics\":[{\"id\":\"1b5f75a1-ec15-11e9-b6a7-21d19b63822a\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"filter\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":0,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"title\":\"Access Requests [Logs Azure]\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-709995e0-ec16-11e9-90ec-112a988266d5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6562],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1NjgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"title":"User Tag Cloud [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"azure.activitylogs.identity.claims_initiated_by_user.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"bucket\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"type\":\"vis_dimension\"},\"maxFontSize\":32,\"metric\":{\"accessor\":1,\"format\":{\"id\":\"string\",\"params\":{}},\"type\":\"vis_dimension\"},\"minFontSize\":12,\"orientation\":\"single\",\"scale\":\"linear\",\"showLabel\":true,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"}},\"title\":\"User Tag Cloud [Logs Azure]\",\"type\":\"tagcloud\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-ffe22180-ec1c-11e9-90ec-112a988266d5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6566],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1NjksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Service Health Overview [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset :\\\"azure.activitylogs\\\" and azure.activitylogs.event_category : \\\"ServiceHealth\\\"\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(252,220,0,1)\",\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"azure.activitylogs.result_type: \\\"Active\\\"\"},\"formatter\":\"number\",\"hide_in_legend\":0,\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"filter\",\"stacked\":\"none\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"azure.activitylogs.result_type: \\\"Resolved\\\" \"},\"formatter\":\"number\",\"hide_in_legend\":0,\"id\":\"5a52f170-ec1e-11e9-b6a7-21d19b63822a\",\"line_width\":1,\"metrics\":[{\"id\":\"5a52f171-ec1e-11e9-b6a7-21d19b63822a\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"filter\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":0,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"title\":\"Service Health Overview [Logs Azure]\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-bc65e840-ec1e-11e9-90ec-112a988266d5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6569],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1NzAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"title":"Top Resource Groups [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Resource Groups\",\"field\":\"azure.resource.group\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":200},\"position\":\"left\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"dimensions\":{\"x\":{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},\"y\":[{\"accessor\":1,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"grid\":{\"categoryLines\":false},\"labels\":{},\"legendPosition\":\"right\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\",\"circlesRadius\":1}],\"times\":[],\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":true,\"rotate\":75,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"bottom\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":false,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"legendSize\":\"auto\"},\"title\":\"Top Resource Groups [Logs Azure]\",\"type\":\"horizontal_bar\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-71b62ca0-ec1a-11e9-90ec-112a988266d5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6573],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1NzEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset :\\\"azure.activitylogs\\\" and azure.activitylogs.event_category : \\\"ServiceHealth\\\" \"}}"},"title":"Service Health Count [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Incidents\"},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"filters\":[{\"input\":{\"language\":\"kuery\",\"query\":\"azure.activitylogs.result_type : \\\"Active\\\"\"},\"label\":\"Active\"},{\"input\":{\"language\":\"kuery\",\"query\":\"azure.activitylogs.result_type : \\\"Resolved\\\"\"},\"label\":\"Resolved\"}]},\"schema\":\"group\",\"type\":\"filters\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"dimensions\":{\"bucket\":{\"accessor\":0,\"format\":{\"id\":\"string\",\"params\":{}},\"type\":\"vis_dimension\"},\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{}},\"type\":\"vis_dimension\"}]},\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000,\"type\":\"range\"}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Service Health Count [Logs Azure]\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-e37cd3d0-ec23-11e9-90ec-112a988266d5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6577],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1NzIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset :\\\"azure.activitylogs\\\" \"}}"},"title":"Resource Creations [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Resource type\",\"field\":\"azure.resource.provider\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":15},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Creations\",\"field\":\"azure.activitylogs.identity.authorization.action\",\"include\":\".*write\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":15},\"schema\":\"group\",\"type\":\"terms\"}],\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":200},\"position\":\"left\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"dimensions\":{\"series\":[{\"accessor\":1,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"label\":\"Creations\",\"params\":{}}],\"x\":{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"label\":\"Resource type\",\"params\":{}},\"y\":[{\"accessor\":2,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"label\":\"Count\",\"params\":{}}]},\"grid\":{\"categoryLines\":false,\"valueAxis\":\"\"},\"labels\":{},\"legendPosition\":\"right\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"mode\":\"stacked\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\",\"circlesRadius\":1}],\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":true,\"rotate\":75,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"bottom\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":false,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"legendSize\":\"auto\"},\"title\":\"Resource Creations [Logs Azure]\",\"type\":\"horizontal_bar\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-d91ce8d0-53e8-11ea-b1b7-7de801e1c297","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6581],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1NzMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset :\\\"azure.activitylogs\\\" \"}}"},"title":"Resource Deletions [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Resource type\",\"field\":\"azure.resource.provider\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":15},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Deletions\",\"field\":\"azure.activitylogs.identity.authorization.action\",\"include\":\".*delete\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":15},\"schema\":\"group\",\"type\":\"terms\"}],\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":200},\"position\":\"left\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"dimensions\":{\"series\":[{\"accessor\":1,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"label\":\"Deletions\",\"params\":{}}],\"x\":{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"label\":\"azure.resource.provider: Descending\",\"params\":{}},\"y\":[{\"accessor\":2,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"label\":\"Count\",\"params\":{}}]},\"grid\":{\"categoryLines\":false},\"labels\":{},\"legendPosition\":\"right\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\",\"circlesRadius\":1}],\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":true,\"rotate\":75,\"show\":false,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"bottom\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"legendSize\":\"auto\"},\"title\":\"Resource Deletions [Logs Azure]\",\"type\":\"horizontal_bar\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-6db84660-53e9-11ea-b1b7-7de801e1c297","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6585],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1NzQsMV0="}
-{"attributes":{"description":"This dashboard provides an overview of user activity, alerts and resource in Azure cloud.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"6b6e7452-979c-4f78-afc2-cc58fcf105ff\",\"w\":9,\"x\":0,\"y\":0},\"panelIndex\":\"6b6e7452-979c-4f78-afc2-cc58fcf105ff\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Navigation Overview\",\"panelRefName\":\"panel_6b6e7452-979c-4f78-afc2-cc58fcf105ff\"},{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"042f777a-5e41-41e8-9d6e-d842473a8aed\",\"w\":15,\"x\":9,\"y\":0},\"panelIndex\":\"042f777a-5e41-41e8-9d6e-d842473a8aed\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Subscriptions Filter\",\"panelRefName\":\"panel_042f777a-5e41-41e8-9d6e-d842473a8aed\"},{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"1e73bca7-8569-41b5-830e-2f762602219a\",\"w\":24,\"x\":24,\"y\":0},\"panelIndex\":\"1e73bca7-8569-41b5-830e-2f762602219a\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Activity Level\",\"panelRefName\":\"panel_1e73bca7-8569-41b5-830e-2f762602219a\"},{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":6,\"i\":\"d9465e9f-49f1-4173-b1a4-fea9ee3120ab\",\"w\":24,\"x\":0,\"y\":4},\"panelIndex\":\"d9465e9f-49f1-4173-b1a4-fea9ee3120ab\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Activity Stats\",\"panelRefName\":\"panel_d9465e9f-49f1-4173-b1a4-fea9ee3120ab\"},{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"18ec1e20-202b-4a40-8d0d-22060ac3e23c\",\"w\":24,\"x\":24,\"y\":8},\"panelIndex\":\"18ec1e20-202b-4a40-8d0d-22060ac3e23c\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Access Requests\",\"panelRefName\":\"panel_18ec1e20-202b-4a40-8d0d-22060ac3e23c\"},{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"d2bdec0f-dde1-4925-bf7e-afbc430c0eca\",\"w\":24,\"x\":0,\"y\":10},\"panelIndex\":\"d2bdec0f-dde1-4925-bf7e-afbc430c0eca\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Top Active Users\",\"panelRefName\":\"panel_d2bdec0f-dde1-4925-bf7e-afbc430c0eca\"},{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"3bcc964d-6862-4fdd-9d82-f7510cc02162\",\"w\":12,\"x\":24,\"y\":15},\"panelIndex\":\"3bcc964d-6862-4fdd-9d82-f7510cc02162\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Alerts Overview\",\"panelRefName\":\"panel_3bcc964d-6862-4fdd-9d82-f7510cc02162\"},{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"74436614-9dfc-4c38-bc58-8cb76c348f37\",\"w\":12,\"x\":36,\"y\":15},\"panelIndex\":\"74436614-9dfc-4c38-bc58-8cb76c348f37\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Service Health\",\"panelRefName\":\"panel_74436614-9dfc-4c38-bc58-8cb76c348f37\"},{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":19,\"i\":\"a6f36dfe-b6d6-4dca-b63c-81f5b4f7c8f8\",\"w\":24,\"x\":0,\"y\":21},\"panelIndex\":\"a6f36dfe-b6d6-4dca-b63c-81f5b4f7c8f8\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false},\"enhancements\":{}},\"title\":\"Top Resource Groups\",\"panelRefName\":\"panel_a6f36dfe-b6d6-4dca-b63c-81f5b4f7c8f8\"},{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":6,\"i\":\"644c6151-fd05-4b2e-b18e-30843697e932\",\"w\":12,\"x\":24,\"y\":22},\"panelIndex\":\"644c6151-fd05-4b2e-b18e-30843697e932\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Alerts Count\",\"panelRefName\":\"panel_644c6151-fd05-4b2e-b18e-30843697e932\"},{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":6,\"i\":\"3d5ccff8-6576-4a1c-b3ee-363ae665906e\",\"w\":12,\"x\":36,\"y\":22},\"panelIndex\":\"3d5ccff8-6576-4a1c-b3ee-363ae665906e\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Service Health Count\",\"panelRefName\":\"panel_3d5ccff8-6576-4a1c-b3ee-363ae665906e\"},{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"1a6dce1d-d039-4d18-87c7-1b700da676c2\",\"w\":12,\"x\":24,\"y\":28},\"panelIndex\":\"1a6dce1d-d039-4d18-87c7-1b700da676c2\",\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true},\"enhancements\":{}},\"title\":\"Resource Creations\",\"panelRefName\":\"panel_1a6dce1d-d039-4d18-87c7-1b700da676c2\"},{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"8fddd3bb-c1e6-4533-b075-1ab7361b3af0\",\"w\":12,\"x\":36,\"y\":28},\"panelIndex\":\"8fddd3bb-c1e6-4533-b075-1ab7361b3af0\",\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true},\"enhancements\":{}},\"title\":\"Resource Deletions\",\"panelRefName\":\"panel_8fddd3bb-c1e6-4533-b075-1ab7361b3af0\"}]","timeRestore":false,"title":"[Logs Azure] Cloud Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-41e84340-ec20-11e9-90ec-112a988266d5","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"azure-fe24ac90-f05a-11e9-90ec-112a988266d5","name":"6b6e7452-979c-4f78-afc2-cc58fcf105ff:panel_6b6e7452-979c-4f78-afc2-cc58fcf105ff","type":"visualization"},{"id":"azure-097d74d0-f044-11e9-90ec-112a988266d5","name":"042f777a-5e41-41e8-9d6e-d842473a8aed:panel_042f777a-5e41-41e8-9d6e-d842473a8aed","type":"visualization"},{"id":"azure-da67d650-ec14-11e9-90ec-112a988266d5","name":"1e73bca7-8569-41b5-830e-2f762602219a:panel_1e73bca7-8569-41b5-830e-2f762602219a","type":"visualization"},{"id":"azure-e4c7f4b0-f045-11e9-90ec-112a988266d5","name":"d9465e9f-49f1-4173-b1a4-fea9ee3120ab:panel_d9465e9f-49f1-4173-b1a4-fea9ee3120ab","type":"visualization"},{"id":"azure-709995e0-ec16-11e9-90ec-112a988266d5","name":"18ec1e20-202b-4a40-8d0d-22060ac3e23c:panel_18ec1e20-202b-4a40-8d0d-22060ac3e23c","type":"visualization"},{"id":"azure-ffe22180-ec1c-11e9-90ec-112a988266d5","name":"d2bdec0f-dde1-4925-bf7e-afbc430c0eca:panel_d2bdec0f-dde1-4925-bf7e-afbc430c0eca","type":"visualization"},{"id":"azure-52c2a4e0-ec1f-11e9-90ec-112a988266d5","name":"3bcc964d-6862-4fdd-9d82-f7510cc02162:panel_3bcc964d-6862-4fdd-9d82-f7510cc02162","type":"visualization"},{"id":"azure-bc65e840-ec1e-11e9-90ec-112a988266d5","name":"74436614-9dfc-4c38-bc58-8cb76c348f37:panel_74436614-9dfc-4c38-bc58-8cb76c348f37","type":"visualization"},{"id":"azure-71b62ca0-ec1a-11e9-90ec-112a988266d5","name":"a6f36dfe-b6d6-4dca-b63c-81f5b4f7c8f8:panel_a6f36dfe-b6d6-4dca-b63c-81f5b4f7c8f8","type":"visualization"},{"id":"azure-f684a750-ec23-11e9-90ec-112a988266d5","name":"644c6151-fd05-4b2e-b18e-30843697e932:panel_644c6151-fd05-4b2e-b18e-30843697e932","type":"visualization"},{"id":"azure-e37cd3d0-ec23-11e9-90ec-112a988266d5","name":"3d5ccff8-6576-4a1c-b3ee-363ae665906e:panel_3d5ccff8-6576-4a1c-b3ee-363ae665906e","type":"visualization"},{"id":"azure-d91ce8d0-53e8-11ea-b1b7-7de801e1c297","name":"1a6dce1d-d039-4d18-87c7-1b700da676c2:panel_1a6dce1d-d039-4d18-87c7-1b700da676c2","type":"visualization"},{"id":"azure-6db84660-53e9-11ea-b1b7-7de801e1c297","name":"8fddd3bb-c1e6-4533-b075-1ab7361b3af0:panel_8fddd3bb-c1e6-4533-b075-1ab7361b3af0","type":"visualization"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6601],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1NzUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"lucene\",\"query\":\"\"}}"},"title":"Users List [Logs Azure]","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Email\",\"field\":\"azure.activitylogs.identity.claims_initiated_by_user.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":20},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Name\",\"field\":\"azure.activitylogs.identity.claims_initiated_by_user.fullname\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"5\",\"params\":{\"customLabel\":\"IPs\",\"field\":\"source.ip\"},\"schema\":\"metric\",\"type\":\"cardinality\"},{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Actions\"},\"schema\":\"metric\",\"type\":\"count\"}],\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":1,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metrics\":[{\"accessor\":2,\"aggType\":\"cardinality\",\"format\":{\"id\":\"number\"},\"params\":{}},{\"accessor\":3,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"title\":\"Users List [Logs Azure]\",\"type\":\"table\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-52da1700-f05d-11e9-90ec-112a988266d5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6605],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1NzYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Azure Spring Cloud Logs Navigation Overview [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Azure Spring Cloud Logs Navigation Overview [Logs Azure]\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"### Azure Spring Cloud  Overview Logs\\n\\n[**Overview**](#/dashboard/azure-5ad41d90-f50e-11eb-a831-732d3e9bbd43) | [System Logs](#/dashboard/azure-1adf52d0-f50f-11eb-a831-732d3e9bbd43) | [Application Console Logs](#/dashboard/azure-32aedb00-f524-11eb-b9f3-73fa29f35762) \"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-5f57bf00-f510-11eb-a831-732d3e9bbd43","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6608],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1NzcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Azure Spring Cloud Logs Activity Level [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Azure Spring Cloud Logs Activity Level [Logs Azure]\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"6e9eef83-a185-439a-984f-66145d3836a8\",\"type\":\"timeseries\",\"series\":[{\"id\":\"cde434f5-35d6-49e2-8730-ef347d66c57d\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"41bce31f-658c-4580-adfd-9fb86fe623db\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\"}],\"time_field\":\"\",\"use_kibana_indexes\":true,\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"drop_last_bucket\":0,\"isModelInvalid\":false,\"filter\":{\"query\":\"data_stream.dataset :\\\"azure.springcloudlogs\\\"\",\"language\":\"kuery\"},\"index_pattern_ref_name\":\"metrics_0_index_pattern\"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-bc8ef760-f510-11eb-a831-732d3e9bbd43","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"metrics_0_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6612],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1NzgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Azure Spring Cloud Logs Top Resource Groups [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Azure Spring Cloud Logs Top Resource Groups [Logs Azure]\",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"azure.resource.group\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{},\"style\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"},\"style\":{}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"interpolate\":\"linear\",\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true,\"circlesRadius\":3}],\"addTooltip\":true,\"detailedTooltip\":true,\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"radiusRatio\":0,\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"legendSize\":\"auto\"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-9d600690-f510-11eb-a831-732d3e9bbd43","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6616],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1NzksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Azure Spring Cloud Logs Service  List [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Azure Spring Cloud Logs Service  List [Logs Azure]\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"136ddaa9-9a6d-423b-b399-29018f0ea01b\",\"type\":\"timeseries\",\"series\":[{\"id\":\"c99c6393-738a-452b-a68f-2cf1e7580ba0\",\"color\":\"rgba(231,102,76,1)\",\"split_mode\":\"terms\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"7c304953-51fe-4c51-8007-0c0035eb39da\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"azure.springcloudlogs.properties.service_name\",\"label\":\"Service name\"}],\"time_field\":\"\",\"use_kibana_indexes\":true,\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"drop_last_bucket\":0,\"isModelInvalid\":false,\"filter\":{\"query\":\"data_stream.dataset : \\\"azure.springcloudlogs\\\" \",\"language\":\"kuery\"},\"index_pattern_ref_name\":\"metrics_0_index_pattern\"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-b4f3d030-f523-11eb-b9f3-73fa29f35762","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"metrics_0_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6620],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1ODAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Azure Spring Cloud Logs Overview Level [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Azure Spring Cloud Logs Overview Level [Logs Azure]\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"ccbe1aec-ac1e-4ec8-85af-24aa0b31530d\",\"type\":\"timeseries\",\"series\":[{\"id\":\"8f3fef78-506e-48d0-b365-2c2824d09876\",\"color\":\"#68BC00\",\"split_mode\":\"terms\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"48e32be1-95d1-41a0-89e4-ed62cc73a459\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"\",\"type\":\"timeseries\",\"terms_field\":\"log.level\"}],\"time_field\":\"\",\"use_kibana_indexes\":true,\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"drop_last_bucket\":0,\"isModelInvalid\":false,\"filter\":{\"query\":\"data_stream.dataset : \\\"azure.springcloudlogs\\\"\",\"language\":\"kuery\"},\"index_pattern_ref_name\":\"metrics_0_index_pattern\"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-9d80c770-f530-11eb-b9f3-73fa29f35762","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"metrics_0_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6624],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1ODEsMV0="}
-{"attributes":{"description":"Logs Azure] Azure Spring Cloud logs Overview","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":7,\"h\":6,\"i\":\"5139d9b1-5d42-4157-8c19-9f5480da0741\"},\"panelIndex\":\"5139d9b1-5d42-4157-8c19-9f5480da0741\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"### Azure Spring Cloud Logs\\n\\n[**Overview**](#/dashboard/azure-41e84340-ec20-11e9-90ec-112a988266d5) | [System Logs](#/dashboard/azure-87095750-f05a-11e9-90ec-112a988266d5) | [Application Console Logs](#/dashboard/azure-0f559cc0-f0d5-11e9-90ec-112a988266d5) \"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":false,\"enhancements\":{},\"type\":\"visualization\"},\"title\":\"Navigation Azure Spring Cloud Logs\",\"panelRefName\":\"panel_5139d9b1-5d42-4157-8c19-9f5480da0741\"},{\"version\":\"7.14.0-SNAPSHOT\",\"type\":\"visualization\",\"gridData\":{\"x\":7,\"y\":0,\"w\":13,\"h\":6,\"i\":\"a71b2a03-663d-4897-a3c2-4a363a5cd13c\"},\"panelIndex\":\"a71b2a03-663d-4897-a3c2-4a363a5cd13c\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Subscription and Type Filter\",\"panelRefName\":\"panel_a71b2a03-663d-4897-a3c2-4a363a5cd13c\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"x\":20,\"y\":0,\"w\":28,\"h\":14,\"i\":\"c9d5c763-5ee4-4fa2-8694-5678a33ca7ab\"},\"panelIndex\":\"c9d5c763-5ee4-4fa2-8694-5678a33ca7ab\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"metrics\",\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"6e9eef83-a185-439a-984f-66145d3836a8\",\"type\":\"timeseries\",\"series\":[{\"id\":\"cde434f5-35d6-49e2-8730-ef347d66c57d\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"41bce31f-658c-4580-adfd-9fb86fe623db\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\"}],\"time_field\":\"\",\"use_kibana_indexes\":true,\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"drop_last_bucket\":0,\"isModelInvalid\":false,\"filter\":{\"query\":\"data_stream.dataset :\\\"azure.springcloudlogs\\\"\",\"language\":\"kuery\"}},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":false,\"enhancements\":{},\"type\":\"visualization\"},\"title\":\"Spring Cloud Logs Activity\",\"panelRefName\":\"panel_c9d5c763-5ee4-4fa2-8694-5678a33ca7ab\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":6,\"w\":20,\"h\":20,\"i\":\"8ed7ced5-a053-4d6c-99f0-09ec2c3d5933\"},\"panelIndex\":\"8ed7ced5-a053-4d6c-99f0-09ec2c3d5933\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{},\"style\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"},\"style\":{}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"interpolate\":\"linear\",\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true,\"circlesRadius\":3}],\"addTooltip\":true,\"detailedTooltip\":true,\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"radiusRatio\":0,\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"legendSize\":\"auto\"},\"uiState\":{},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"azure.resource.group\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"searchSource\":{\"index\":\"logs-*\",\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":false,\"enhancements\":{},\"type\":\"visualization\"},\"title\":\"Top Resource Groups\",\"panelRefName\":\"panel_8ed7ced5-a053-4d6c-99f0-09ec2c3d5933\"},{\"version\":\"7.14.0-SNAPSHOT\",\"type\":\"visualization\",\"gridData\":{\"x\":20,\"y\":14,\"w\":28,\"h\":15,\"i\":\"8a69029b-054e-4adc-b20b-b2052cdaed73\"},\"panelIndex\":\"8a69029b-054e-4adc-b20b-b2052cdaed73\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Services\",\"panelRefName\":\"panel_8a69029b-054e-4adc-b20b-b2052cdaed73\"},{\"version\":\"7.14.0-SNAPSHOT\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":26,\"w\":20,\"h\":19,\"i\":\"08b8beb6-9b26-461b-9a04-3560916952d0\"},\"panelIndex\":\"08b8beb6-9b26-461b-9a04-3560916952d0\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Top Resources\",\"panelRefName\":\"panel_08b8beb6-9b26-461b-9a04-3560916952d0\"},{\"version\":\"7.14.0-SNAPSHOT\",\"type\":\"visualization\",\"gridData\":{\"x\":20,\"y\":29,\"w\":28,\"h\":16,\"i\":\"e0d96ed1-5839-4e7a-bf04-8757614b8503\"},\"panelIndex\":\"e0d96ed1-5839-4e7a-bf04-8757614b8503\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Log Level\",\"panelRefName\":\"panel_e0d96ed1-5839-4e7a-bf04-8757614b8503\"}]","timeRestore":false,"title":"[Logs Azure] Azure Spring Cloud logs Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-5ad41d90-f50e-11eb-a831-732d3e9bbd43","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"azure-5f57bf00-f510-11eb-a831-732d3e9bbd43","name":"5139d9b1-5d42-4157-8c19-9f5480da0741:panel_5139d9b1-5d42-4157-8c19-9f5480da0741","type":"visualization"},{"id":"azure-f619df10-f50e-11eb-a831-732d3e9bbd43","name":"a71b2a03-663d-4897-a3c2-4a363a5cd13c:panel_a71b2a03-663d-4897-a3c2-4a363a5cd13c","type":"visualization"},{"id":"azure-bc8ef760-f510-11eb-a831-732d3e9bbd43","name":"c9d5c763-5ee4-4fa2-8694-5678a33ca7ab:panel_c9d5c763-5ee4-4fa2-8694-5678a33ca7ab","type":"visualization"},{"id":"azure-9d600690-f510-11eb-a831-732d3e9bbd43","name":"8ed7ced5-a053-4d6c-99f0-09ec2c3d5933:panel_8ed7ced5-a053-4d6c-99f0-09ec2c3d5933","type":"visualization"},{"id":"azure-b4f3d030-f523-11eb-b9f3-73fa29f35762","name":"8a69029b-054e-4adc-b20b-b2052cdaed73:panel_8a69029b-054e-4adc-b20b-b2052cdaed73","type":"visualization"},{"id":"azure-f080c110-f52f-11eb-b9f3-73fa29f35762","name":"08b8beb6-9b26-461b-9a04-3560916952d0:panel_08b8beb6-9b26-461b-9a04-3560916952d0","type":"lens"},{"id":"azure-9d80c770-f530-11eb-b9f3-73fa29f35762","name":"e0d96ed1-5839-4e7a-bf04-8757614b8503:panel_e0d96ed1-5839-4e7a-bf04-8757614b8503","type":"visualization"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6634],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1ODIsMV0="}
-{"attributes":{"columns":[],"description":"Lists risk users produced by the Azure AD Identity Protection service.","grid":{},"hideChart":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"azure.identityprotection.category : \\\"RiskyUsers\\\" \"}}"},"sort":[["@timestamp","desc"]],"title":"Identity Protection Risky Users [Azure Logs]"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-f7cc8d20-32e9-11ed-8fa6-3121b5e93ca0","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6638],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1ODMsMV0="}
-{"attributes":{"columns":[],"description":"Lists user risk event produced by the Azure AD Identity Protection service.","grid":{},"hideChart":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\" azure.identityprotection.category : \\\"UserRiskEvents\\\" \"}}"},"sort":[["@timestamp","desc"]],"title":"Identity Protection User Risk Events [Azure Logs]"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-813b8ba0-32eb-11ed-8fa6-3121b5e93ca0","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6642],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1ODQsMV0="}
-{"attributes":{"description":"Provide an overview and statistics of the provisioning activities on your enterprise applications.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":10,\"i\":\"0705b471-583f-4593-916e-46b213966691\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"0705b471-583f-4593-916e-46b213966691\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-2b0a18e6-25a6-40ef-ade8-5dddbd897856\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"2b0a18e6-25a6-40ef-ade8-5dddbd897856\":{\"columnOrder\":[\"a1c2991d-9586-4c81-893a-e29584070568\",\"bd75d029-b44e-4c22-b06e-df0e4da1e694\"],\"columns\":{\"a1c2991d-9586-4c81-893a-e29584070568\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Source\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"bd75d029-b44e-4c22-b06e-df0e4da1e694\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"azure.identityprotection.properties.source\"},\"bd75d029-b44e-4c22-b06e-df0e4da1e694\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"azure.identityprotection.category : \\\"UserRiskEvents\\\" \"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"2b0a18e6-25a6-40ef-ade8-5dddbd897856\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"legendSize\":\"auto\",\"primaryGroups\":[\"a1c2991d-9586-4c81-893a-e29584070568\"],\"metrics\":[\"bd75d029-b44e-4c22-b06e-df0e4da1e694\"]}],\"shape\":\"donut\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Detection Sources\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":10,\"i\":\"b5e5ace6-ace9-4c70-a6d2-60e2991a1d40\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"b5e5ace6-ace9-4c70-a6d2-60e2991a1d40\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-2b0a18e6-25a6-40ef-ade8-5dddbd897856\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"2b0a18e6-25a6-40ef-ade8-5dddbd897856\":{\"columnOrder\":[\"fab280b9-af2c-4256-a89f-19371827be79\",\"bd75d029-b44e-4c22-b06e-df0e4da1e694\"],\"columns\":{\"bd75d029-b44e-4c22-b06e-df0e4da1e694\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"fab280b9-af2c-4256-a89f-19371827be79\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Detected Risk Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"bd75d029-b44e-4c22-b06e-df0e4da1e694\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"azure.identityprotection.properties.risk_event_type\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"azure.identityprotection.category : \\\"UserRiskEvents\\\" \"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"2b0a18e6-25a6-40ef-ade8-5dddbd897856\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"legendSize\":\"auto\",\"primaryGroups\":[\"fab280b9-af2c-4256-a89f-19371827be79\"],\"metrics\":[\"bd75d029-b44e-4c22-b06e-df0e4da1e694\"]}],\"shape\":\"donut\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Detected Risk Type\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":10,\"i\":\"854eeccf-1660-4c42-b5c9-23fd59f8546e\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"854eeccf-1660-4c42-b5c9-23fd59f8546e\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-88e4665c-0d7e-4529-91b3-d4dd23b4c842\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"88e4665c-0d7e-4529-91b3-d4dd23b4c842\":{\"columnOrder\":[\"3756bebc-5376-45e4-a3b0-5d7d8aed12fb\",\"526f2da3-311e-491a-b0d2-46122d1582ee\",\"545a5a92-574f-445c-8fc8-c3414408702b\"],\"columns\":{\"3756bebc-5376-45e4-a3b0-5d7d8aed12fb\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Risk Type Event\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"545a5a92-574f-445c-8fc8-c3414408702b\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"azure.identityprotection.properties.risk_event_type\"},\"526f2da3-311e-491a-b0d2-46122d1582ee\":{\"customLabel\":true,\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"Detected Date\",\"operationType\":\"date_histogram\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true},\"scale\":\"interval\",\"sourceField\":\"azure.identityprotection.properties.detected_datetime\"},\"545a5a92-574f-445c-8fc8-c3414408702b\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"azure.identityprotection.category : \\\"UserRiskEvents\\\" \"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"545a5a92-574f-445c-8fc8-c3414408702b\"],\"layerId\":\"88e4665c-0d7e-4529-91b3-d4dd23b4c842\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"splitAccessor\":\"3756bebc-5376-45e4-a3b0-5d7d8aed12fb\",\"xAccessor\":\"526f2da3-311e-491a-b0d2-46122d1582ee\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"bar_stacked\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Detection Timeline\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"48157948-c755-4eee-9f28-aa5846bcc8c9\",\"w\":16,\"x\":0,\"y\":10},\"panelIndex\":\"48157948-c755-4eee-9f28-aa5846bcc8c9\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"aggregate\":\"concat\",\"customLabel\":\"Risk State\",\"field\":\"azure.identityprotection.properties.risk_state\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\"},\"schema\":\"metric\",\"type\":\"top_hits\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Name\",\"field\":\"azure.identityprotection.properties.user_display_name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":false,\"id\":\"4\",\"params\":{\"customLabel\":\"Level\",\"field\":\"azure.identityprotection.properties.risk_level\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":false,\"id\":\"5\",\"params\":{\"customLabel\":\"State\",\"field\":\"azure.identityprotection.properties.risk_state\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"savedSearchId\":\"azure-f7cc8d20-32e9-11ed-8fa6-3121b5e93ca0\",\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"autoFitRowToContent\":false,\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":false,\"showTotal\":false,\"totalFunc\":\"sum\"},\"title\":\"\",\"type\":\"table\",\"uiState\":{}},\"table\":null,\"vis\":{\"params\":{\"colWidth\":[{\"colIndex\":2,\"width\":188.75},{\"colIndex\":0,\"width\":431.08333333333337},{\"colIndex\":1,\"width\":160.08333333333331}]}},\"type\":\"visualization\"},\"title\":\"Risky Users\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"5d0136d7-0ba1-4054-95ce-218ad42e157e\",\"w\":32,\"x\":16,\"y\":10},\"panelIndex\":\"5d0136d7-0ba1-4054-95ce-218ad42e157e\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"aggregate\":\"concat\",\"customLabel\":\"Date\",\"field\":\"azure.identityprotection.properties.detected_datetime\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\"},\"schema\":\"metric\",\"type\":\"top_hits\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Name\",\"field\":\"azure.identityprotection.properties.user_display_name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"IP Address\",\"field\":\"azure.identityprotection.properties.ip_address\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Risk State\",\"field\":\"azure.identityprotection.properties.risk_state\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"5\",\"params\":{\"customLabel\":\"Risk Level\",\"field\":\"azure.identityprotection.properties.risk_level\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"6\",\"params\":{\"customLabel\":\"Detection Timing\",\"field\":\"azure.identityprotection.properties.detection_timing_type\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"savedSearchId\":\"azure-813b8ba0-32eb-11ed-8fa6-3121b5e93ca0\",\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"autoFitRowToContent\":false,\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":false,\"showTotal\":false,\"totalFunc\":\"sum\"},\"title\":\"\",\"type\":\"table\",\"uiState\":{}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}},\"type\":\"visualization\"},\"title\":\"Risky Sign-ins\"}]","timeRestore":false,"title":"[Logs Azure] Azure AD Identity Protection","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-5ee36c30-32dc-11ed-a2e6-916b60bbea71","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"0705b471-583f-4593-916e-46b213966691:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"0705b471-583f-4593-916e-46b213966691:indexpattern-datasource-layer-2b0a18e6-25a6-40ef-ade8-5dddbd897856","type":"index-pattern"},{"id":"logs-*","name":"b5e5ace6-ace9-4c70-a6d2-60e2991a1d40:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"b5e5ace6-ace9-4c70-a6d2-60e2991a1d40:indexpattern-datasource-layer-2b0a18e6-25a6-40ef-ade8-5dddbd897856","type":"index-pattern"},{"id":"logs-*","name":"854eeccf-1660-4c42-b5c9-23fd59f8546e:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"854eeccf-1660-4c42-b5c9-23fd59f8546e:indexpattern-datasource-layer-88e4665c-0d7e-4529-91b3-d4dd23b4c842","type":"index-pattern"},{"id":"azure-f7cc8d20-32e9-11ed-8fa6-3121b5e93ca0","name":"48157948-c755-4eee-9f28-aa5846bcc8c9:search_0","type":"search"},{"id":"azure-813b8ba0-32eb-11ed-8fa6-3121b5e93ca0","name":"5d0136d7-0ba1-4054-95ce-218ad42e157e:search_0","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6653],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1ODUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset :\\\"azure.activitylogs\\\" \"}}"},"title":"Caller IP [Logs Azure]","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Caller IP\",\"field\":\"source.ip\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"5\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Country\",\"field\":\"geo.country_name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"5\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Email\",\"field\":\"azure.activitylogs.identity.claims_initiated_by_user.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"5\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"}],\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":1,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":2,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metrics\":[{\"accessor\":3,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"title\":\"Caller IP [Logs Azure]\",\"type\":\"table\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-6ece76d0-f0cc-11e9-90ec-112a988266d5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6657],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1ODYsMV0="}
-{"attributes":{"columns":["observer.name","aws.firewall.flow.id","source.ip","source.port","destination.ip","destination.port","event.kind","event.type"],"description":"","grid":{},"hideChart":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"azure.firewall_logs\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"azure.firewall_logs\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"sort":[["@timestamp","desc"]],"title":"Firewall Network Rule Logs [Logs Azure]"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-70cbce40-f1a7-11ec-a5a8-bf965bcd5646","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6662],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1ODcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"title":"Navigation Users [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"fontSize\":10,\"markdown\":\"### Azure Monitoring\\n\\n[Overview](#/dashboard/azure-41e84340-ec20-11e9-90ec-112a988266d5) | [**Users**](#/dashboard/azure-87095750-f05a-11e9-90ec-112a988266d5) | [Alerts](#/dashboard/azure-0f559cc0-f0d5-11e9-90ec-112a988266d5) \",\"openLinksInNewTab\":false},\"title\":\"Navigation Users [Logs Azure]\",\"type\":\"markdown\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-c43855e0-f05a-11e9-90ec-112a988266d5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6665],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1ODgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"title":"User Filters [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"controls\":[{\"fieldName\":\"azure.subscription_id\",\"id\":\"1517598395667\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"Subscription\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":100,\"type\":\"terms\"},\"type\":\"list\"},{\"fieldName\":\"azure.activitylogs.identity.claims_initiated_by_user.name\",\"id\":\"1518843942322\",\"indexPatternRefName\":\"control_1_index_pattern\",\"label\":\"User Email\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":100,\"type\":\"terms\"},\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":true,\"useTimeFilter\":false},\"title\":\"User Filters [Logs Azure]\",\"type\":\"input_control_vis\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-b0471750-f05b-11e9-90ec-112a988266d5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6670],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1ODksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"User Activity Overview [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset :\\\"azure.activitylogs\\\" and azure.activitylogs.event_category :\\\"Administrative\\\" and azure.activitylogs.identity.claims_initiated_by_user.fullname :*\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"auto\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"bar\",\"color\":\"rgba(1,155,143,1)\",\"fill\":\"0.4\",\"filter\":\"\",\"formatter\":\"number\",\"hide_in_legend\":0,\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Actions\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_filters\":[{\"color\":\"rgba(244,78,59,1)\",\"filter\":{\"language\":\"lucene\",\"query\":\"_exists_:identity.claims.name\"},\"id\":\"a5302500-1399-11e8-a699-f390e75f4dd5\",\"label\":\"\"}],\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":0,\"time_field\":null,\"type\":\"timeseries\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"title\":\"User Activity Overview [Logs Azure]\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-e0203fc0-f05f-11e9-90ec-112a988266d5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6673],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1OTAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset :\\\"azure.activitylogs\\\" \"}}"},"title":"Resource Type Breakdown [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"azure.resource.provider\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"addTooltip\":true,\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metric\":{\"accessor\":1,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}},\"isDonut\":false,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Resource Type Breakdown [Logs Azure]\",\"type\":\"pie\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-9ed46680-f0ce-11e9-90ec-112a988266d5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6677],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1OTEsMV0="}
-{"attributes":{"description":"This dashboard shows expanded user activity in Azure cloud.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"exists\":{\"field\":\"azure.activitylogs.identity.claims_initiated_by_user.fullname\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"azure.activitylogs.identity.claims_initiated_by_user.fullname\",\"negate\":false,\"type\":\"exists\",\"value\":\"exists\"}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"675f172f-dbec-44fe-b45c-fe854a967695\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"675f172f-dbec-44fe-b45c-fe854a967695\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Navigation Users\",\"panelRefName\":\"panel_675f172f-dbec-44fe-b45c-fe854a967695\"},{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"705596b5-db2e-4c45-875d-95d98bfb7ee8\",\"w\":16,\"x\":8,\"y\":0},\"panelIndex\":\"705596b5-db2e-4c45-875d-95d98bfb7ee8\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"User Filters\",\"panelRefName\":\"panel_705596b5-db2e-4c45-875d-95d98bfb7ee8\"},{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"ace19840-2084-45bd-bf86-9ab31b04a17b\",\"w\":24,\"x\":24,\"y\":0},\"panelIndex\":\"ace19840-2084-45bd-bf86-9ab31b04a17b\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"User Activity Overview\",\"panelRefName\":\"panel_ace19840-2084-45bd-bf86-9ab31b04a17b\"},{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"d4d708e1-d179-4688-8005-54e2162a82d2\",\"w\":11,\"x\":0,\"y\":4},\"panelIndex\":\"d4d708e1-d179-4688-8005-54e2162a82d2\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Users List\",\"panelRefName\":\"panel_d4d708e1-d179-4688-8005-54e2162a82d2\"},{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"5774219c-fb45-4480-bdfb-75a69bdc2cfe\",\"w\":13,\"x\":11,\"y\":4},\"panelIndex\":\"5774219c-fb45-4480-bdfb-75a69bdc2cfe\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Top Caller IPs\",\"panelRefName\":\"panel_5774219c-fb45-4480-bdfb-75a69bdc2cfe\"},{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"5deee186-fe00-4edc-9e5b-86d8d09f6550\",\"w\":24,\"x\":24,\"y\":9},\"panelIndex\":\"5deee186-fe00-4edc-9e5b-86d8d09f6550\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Authorization Activity User\",\"panelRefName\":\"panel_5deee186-fe00-4edc-9e5b-86d8d09f6550\"},{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"2fa13b32-c544-45f7-9132-620d09d121eb\",\"w\":16,\"x\":0,\"y\":19},\"panelIndex\":\"2fa13b32-c544-45f7-9132-620d09d121eb\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false},\"enhancements\":{}},\"title\":\"Top Resource Groups\",\"panelRefName\":\"panel_2fa13b32-c544-45f7-9132-620d09d121eb\"},{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"1a6dce1d-d039-4d18-87c7-1b700da676c2\",\"w\":17,\"x\":16,\"y\":19},\"panelIndex\":\"1a6dce1d-d039-4d18-87c7-1b700da676c2\",\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true},\"enhancements\":{}},\"title\":\"Resource Creations\",\"panelRefName\":\"panel_1a6dce1d-d039-4d18-87c7-1b700da676c2\"},{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"8fddd3bb-c1e6-4533-b075-1ab7361b3af0\",\"w\":17,\"x\":16,\"y\":26},\"panelIndex\":\"8fddd3bb-c1e6-4533-b075-1ab7361b3af0\",\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true},\"enhancements\":{}},\"title\":\"Resource Deletions\",\"panelRefName\":\"panel_8fddd3bb-c1e6-4533-b075-1ab7361b3af0\"},{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"84583e62-1aad-4f03-a25a-c4f9eaace8c0\",\"w\":15,\"x\":33,\"y\":19},\"panelIndex\":\"84583e62-1aad-4f03-a25a-c4f9eaace8c0\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Top Resource Types\",\"panelRefName\":\"panel_84583e62-1aad-4f03-a25a-c4f9eaace8c0\"}]","timeRestore":false,"title":"[Logs Azure] User Activity","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-87095750-f05a-11e9-90ec-112a988266d5","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"azure-c43855e0-f05a-11e9-90ec-112a988266d5","name":"675f172f-dbec-44fe-b45c-fe854a967695:panel_675f172f-dbec-44fe-b45c-fe854a967695","type":"visualization"},{"id":"azure-b0471750-f05b-11e9-90ec-112a988266d5","name":"705596b5-db2e-4c45-875d-95d98bfb7ee8:panel_705596b5-db2e-4c45-875d-95d98bfb7ee8","type":"visualization"},{"id":"azure-e0203fc0-f05f-11e9-90ec-112a988266d5","name":"ace19840-2084-45bd-bf86-9ab31b04a17b:panel_ace19840-2084-45bd-bf86-9ab31b04a17b","type":"visualization"},{"id":"azure-52da1700-f05d-11e9-90ec-112a988266d5","name":"d4d708e1-d179-4688-8005-54e2162a82d2:panel_d4d708e1-d179-4688-8005-54e2162a82d2","type":"visualization"},{"id":"azure-6ece76d0-f0cc-11e9-90ec-112a988266d5","name":"5774219c-fb45-4480-bdfb-75a69bdc2cfe:panel_5774219c-fb45-4480-bdfb-75a69bdc2cfe","type":"visualization"},{"id":"azure-0dd135c0-f0cc-11e9-90ec-112a988266d5","name":"5deee186-fe00-4edc-9e5b-86d8d09f6550:panel_5deee186-fe00-4edc-9e5b-86d8d09f6550","type":"visualization"},{"id":"azure-71b62ca0-ec1a-11e9-90ec-112a988266d5","name":"2fa13b32-c544-45f7-9132-620d09d121eb:panel_2fa13b32-c544-45f7-9132-620d09d121eb","type":"visualization"},{"id":"azure-d91ce8d0-53e8-11ea-b1b7-7de801e1c297","name":"1a6dce1d-d039-4d18-87c7-1b700da676c2:panel_1a6dce1d-d039-4d18-87c7-1b700da676c2","type":"visualization"},{"id":"azure-6db84660-53e9-11ea-b1b7-7de801e1c297","name":"8fddd3bb-c1e6-4533-b075-1ab7361b3af0:panel_8fddd3bb-c1e6-4533-b075-1ab7361b3af0","type":"visualization"},{"id":"azure-9ed46680-f0ce-11e9-90ec-112a988266d5","name":"84583e62-1aad-4f03-a25a-c4f9eaace8c0:panel_84583e62-1aad-4f03-a25a-c4f9eaace8c0","type":"visualization"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6691],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1OTIsMV0="}
-{"attributes":{"description":"Dashboard providing statistics about alerts ingested from the Azure Firewall NAT Rule Log events.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"azure.firewall_logs\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"azure.firewall_logs\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"azure.firewall.operation_name\",\"negate\":false,\"params\":{\"query\":\"AzureFirewallNatRuleLog\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"azure.firewall.operation_name\":\"AzureFirewallNatRuleLog\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":14,\"i\":\"258f7245-5011-4f03-bcd3-cada0180dc7a\",\"w\":12,\"x\":0,\"y\":0},\"panelIndex\":\"258f7245-5011-4f03-bcd3-cada0180dc7a\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"**Navigation**\\n\\n[Overview](/app/dashboards#/view/azure-280493a0-f1a1-11ec-a5a8-bf965bcd5646)  \\n[Network Rule Logs](/app/dashboards#/view/azure-91224490-f1a6-11ec-a5a8-bf965bcd5646)      \\n**[Network NAT Rule Logs (This Page)](/app/dashboards#/view/azure-8731b980-f1aa-11ec-a5a8-bf965bcd5646)**  \\n[Application Rule Logs](/app/dashboards#/view/azure-1e5c9b50-f24a-11ec-a5a8-bf965bcd5646)  \\n[DNS Proxy Logs](/app/dashboards#/view/azure-cad82b40-f251-11ec-a5a8-bf965bcd5646)\\n\\n[Integrations Page](/app/integrations/detail/azure/overview?integration=firewall_logs)  \\n\\n**Overview**\\n\\nThis dashboard provides an overall view of Azure Firewall Network NAT Rule Log events.\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"7cbe886c-4cc4-4fec-beff-7336b0965067\",\"w\":36,\"x\":12,\"y\":0},\"panelIndex\":\"7cbe886c-4cc4-4fec-beff-7336b0965067\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloud.account.id\",\"id\":\"1637591016076\",\"indexPatternRefName\":\"control_7cbe886c-4cc4-4fec-beff-7336b0965067_0_index_pattern\",\"label\":\"Subscription ID\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"observer.name\",\"id\":\"1637591118622\",\"indexPatternRefName\":\"control_7cbe886c-4cc4-4fec-beff-7336b0965067_1_index_pattern\",\"label\":\"Firewall\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":false,\"useTimeFilter\":false},\"title\":\"Firewall Filters\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64\",\"w\":6,\"x\":12,\"y\":7},\"panelIndex\":\"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Source IPs\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(source.ip)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of unique_count(source.ip)\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"source.ip\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Source IPs\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"4c85d573-baea-49ca-bb9e-4013a0373da7\",\"w\":6,\"x\":18,\"y\":7},\"panelIndex\":\"4c85d573-baea-49ca-bb9e-4013a0373da7\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Destination IPs\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(destination.ip)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Unique Source IPs\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"destination.ip\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Destination IPs\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"b0b8c30c-2096-49ee-95b3-9adbf27808e5\",\"w\":6,\"x\":24,\"y\":7},\"panelIndex\":\"b0b8c30c-2096-49ee-95b3-9adbf27808e5\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Source Countries\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(source.geo.country_name)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Unique Source IPs\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"source.geo.country_name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Source Countries\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"e0be3094-1544-4c59-858c-05320b57c3a7\",\"w\":6,\"x\":30,\"y\":7},\"panelIndex\":\"e0be3094-1544-4c59-858c-05320b57c3a7\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Destination Countries\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(destination.geo.country_name)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Unique Source Countries\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"destination.geo.country_name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Destination Countries\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"673dd2b3-e271-4ad9-9b86-83e4e1070647\",\"w\":6,\"x\":36,\"y\":7},\"panelIndex\":\"673dd2b3-e271-4ad9-9b86-83e4e1070647\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Network Protocols\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(network.protocol)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Unique Rules\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"network.protocol\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Network Protocols\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"ce8caf3c-c830-4500-a4bf-66a9f354cd49\",\"w\":12,\"x\":0,\"y\":14},\"panelIndex\":\"ce8caf3c-c830-4500-a4bf-66a9f354cd49\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5c93c96-5038-49e1-acca-2e876257c059\":{\"columnOrder\":[\"b2d72986-1818-4a93-9155-2a66cd00eca4\",\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\"],\"columns\":{\"b2d72986-1818-4a93-9155-2a66cd00eca4\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Firewall\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"observer.name\"},\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"b2d72986-1818-4a93-9155-2a66cd00eca4\",\"isTransposed\":false},{\"columnId\":\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\",\"isTransposed\":false}],\"layerId\":\"a5c93c96-5038-49e1-acca-2e876257c059\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Event Generating Firewalls\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"2148efa5-f130-4751-909d-6a79eed2e16b\",\"w\":12,\"x\":12,\"y\":14},\"panelIndex\":\"2148efa5-f130-4751-909d-6a79eed2e16b\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"77c8c7dc-b073-4d7c-8403-b25ee4647152\":{\"columnOrder\":[\"f49ff962-9e8a-4170-a0d8-54cee9438651\",\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"],\"columns\":{\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"f49ff962-9e8a-4170-a0d8-54cee9438651\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of source.geo.country_name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"source.geo.country_name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"legendSize\":\"auto\",\"primaryGroups\":[\"f49ff962-9e8a-4170-a0d8-54cee9438651\"],\"metrics\":[\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Source Countries\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"6790d45f-4fa9-4a70-b0e1-a3e10682c852\",\"w\":12,\"x\":24,\"y\":14},\"panelIndex\":\"6790d45f-4fa9-4a70-b0e1-a3e10682c852\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"77c8c7dc-b073-4d7c-8403-b25ee4647152\":{\"columnOrder\":[\"f49ff962-9e8a-4170-a0d8-54cee9438651\",\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"],\"columns\":{\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"f49ff962-9e8a-4170-a0d8-54cee9438651\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of destination.geo.country_name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"destination.geo.country_name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"legendSize\":\"auto\",\"primaryGroups\":[\"f49ff962-9e8a-4170-a0d8-54cee9438651\"],\"metrics\":[\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Destination Countries\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"f7c1e866-ba0d-45af-95bf-2736901431dc\",\"w\":12,\"x\":36,\"y\":14},\"panelIndex\":\"f7c1e866-ba0d-45af-95bf-2736901431dc\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"77c8c7dc-b073-4d7c-8403-b25ee4647152\":{\"columnOrder\":[\"9367ad41-b48b-438e-b4d8-2c3f85aff052\",\"76f26815-f13c-4273-b52f-7c25247f2b0d\",\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"],\"columns\":{\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"76f26815-f13c-4273-b52f-7c25247f2b0d\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of network.protocol\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"network.protocol\"},\"9367ad41-b48b-438e-b4d8-2c3f85aff052\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of network.transport\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":3},\"scale\":\"ordinal\",\"sourceField\":\"network.transport\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"legendSize\":\"auto\",\"primaryGroups\":[\"76f26815-f13c-4273-b52f-7c25247f2b0d\",\"76f26815-f13c-4273-b52f-7c25247f2b0d\",\"9367ad41-b48b-438e-b4d8-2c3f85aff052\",\"76f26815-f13c-4273-b52f-7c25247f2b0d\",\"76f26815-f13c-4273-b52f-7c25247f2b0d\",\"76f26815-f13c-4273-b52f-7c25247f2b0d\"],\"metrics\":[\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"]}],\"shape\":\"donut\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Network Protocols and Applications\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"9609e04b-0043-4b3a-a31b-a2461c1e3dcb\",\"w\":12,\"x\":12,\"y\":29},\"panelIndex\":\"9609e04b-0043-4b3a-a31b-a2461c1e3dcb\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5c93c96-5038-49e1-acca-2e876257c059\":{\"columnOrder\":[\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"915adad5-4455-40d4-a9cd-0702da79189c\"],\"columns\":{\"63e483b4-0ce2-4f05-92a2-8e699650d64c\":{\"customLabel\":true,\"dataType\":\"ip\",\"isBucketed\":true,\"label\":\"Source IP\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"source.ip\"},\"915adad5-4455-40d4-a9cd-0702da79189c\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"isTransposed\":false},{\"columnId\":\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"isTransposed\":false}],\"layerId\":\"a5c93c96-5038-49e1-acca-2e876257c059\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Event Source IPs\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"8a1bd282-e360-473d-b26d-e73f2b470c81\",\"w\":12,\"x\":24,\"y\":29},\"panelIndex\":\"8a1bd282-e360-473d-b26d-e73f2b470c81\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5c93c96-5038-49e1-acca-2e876257c059\":{\"columnOrder\":[\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"915adad5-4455-40d4-a9cd-0702da79189c\"],\"columns\":{\"63e483b4-0ce2-4f05-92a2-8e699650d64c\":{\"customLabel\":true,\"dataType\":\"ip\",\"isBucketed\":true,\"label\":\"Destination IP\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"destination.ip\"},\"915adad5-4455-40d4-a9cd-0702da79189c\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"isTransposed\":false},{\"columnId\":\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"isTransposed\":false}],\"layerId\":\"a5c93c96-5038-49e1-acca-2e876257c059\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Event Destination IPs\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"3b9a2a5f-1226-415c-88d5-21496508d060\",\"w\":12,\"x\":36,\"y\":29},\"panelIndex\":\"3b9a2a5f-1226-415c-88d5-21496508d060\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5c93c96-5038-49e1-acca-2e876257c059\":{\"columnOrder\":[\"71a5a0d6-161e-4175-9a34-b25e8cfbf4c0\",\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\"],\"columns\":{\"71a5a0d6-161e-4175-9a34-b25e8cfbf4c0\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Network Protocol\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"network.protocol\"},\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"71a5a0d6-161e-4175-9a34-b25e8cfbf4c0\",\"isTransposed\":false},{\"columnId\":\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\",\"isTransposed\":false}],\"layerId\":\"a5c93c96-5038-49e1-acca-2e876257c059\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Network Protocols\"},{\"version\":\"7.16.0\",\"type\":\"search\",\"gridData\":{\"h\":18,\"i\":\"6923a967-09ff-4f14-ad5f-46a491efb566\",\"w\":48,\"x\":0,\"y\":40},\"panelIndex\":\"6923a967-09ff-4f14-ad5f-46a491efb566\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6923a967-09ff-4f14-ad5f-46a491efb566\"}]","timeRestore":false,"title":"[Logs Azure] Firewall Network NAT Rule Log","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-8731b980-f1aa-11ec-a5a8-bf965bcd5646","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"logs-*","name":"7cbe886c-4cc4-4fec-beff-7336b0965067:control_7cbe886c-4cc4-4fec-beff-7336b0965067_0_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7cbe886c-4cc4-4fec-beff-7336b0965067:control_7cbe886c-4cc4-4fec-beff-7336b0965067_1_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"4c85d573-baea-49ca-bb9e-4013a0373da7:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"4c85d573-baea-49ca-bb9e-4013a0373da7:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"b0b8c30c-2096-49ee-95b3-9adbf27808e5:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"b0b8c30c-2096-49ee-95b3-9adbf27808e5:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"e0be3094-1544-4c59-858c-05320b57c3a7:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"e0be3094-1544-4c59-858c-05320b57c3a7:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"673dd2b3-e271-4ad9-9b86-83e4e1070647:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"673dd2b3-e271-4ad9-9b86-83e4e1070647:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"ce8caf3c-c830-4500-a4bf-66a9f354cd49:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"ce8caf3c-c830-4500-a4bf-66a9f354cd49:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059","type":"index-pattern"},{"id":"logs-*","name":"2148efa5-f130-4751-909d-6a79eed2e16b:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"2148efa5-f130-4751-909d-6a79eed2e16b:indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152","type":"index-pattern"},{"id":"logs-*","name":"6790d45f-4fa9-4a70-b0e1-a3e10682c852:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"6790d45f-4fa9-4a70-b0e1-a3e10682c852:indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152","type":"index-pattern"},{"id":"logs-*","name":"f7c1e866-ba0d-45af-95bf-2736901431dc:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"f7c1e866-ba0d-45af-95bf-2736901431dc:indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152","type":"index-pattern"},{"id":"logs-*","name":"9609e04b-0043-4b3a-a31b-a2461c1e3dcb:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"9609e04b-0043-4b3a-a31b-a2461c1e3dcb:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059","type":"index-pattern"},{"id":"logs-*","name":"8a1bd282-e360-473d-b26d-e73f2b470c81:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"8a1bd282-e360-473d-b26d-e73f2b470c81:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059","type":"index-pattern"},{"id":"logs-*","name":"3b9a2a5f-1226-415c-88d5-21496508d060:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"3b9a2a5f-1226-415c-88d5-21496508d060:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059","type":"index-pattern"},{"id":"azure-252228a0-f1ab-11ec-a5a8-bf965bcd5646","name":"6923a967-09ff-4f14-ad5f-46a491efb566:panel_6923a967-09ff-4f14-ad5f-46a491efb566","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6723],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1OTMsMV0="}
-{"attributes":{"description":"Dashboard providing statistics about alerts ingested from the AWS Network Firewall integration.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"azure.firewall_logs\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"azure.firewall_logs\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"azure.firewall.operation_name\",\"negate\":false,\"params\":{\"query\":\"AzureFirewallNetworkRuleLog\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"azure.firewall.operation_name\":\"AzureFirewallNetworkRuleLog\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":14,\"i\":\"258f7245-5011-4f03-bcd3-cada0180dc7a\",\"w\":12,\"x\":0,\"y\":0},\"panelIndex\":\"258f7245-5011-4f03-bcd3-cada0180dc7a\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"**Navigation**\\n\\n[Overview](/app/dashboards#/view/azure-280493a0-f1a1-11ec-a5a8-bf965bcd5646)  \\n**[Network Rule Logs (This Page)](/app/dashboards#/view/azure-91224490-f1a6-11ec-a5a8-bf965bcd5646)**    \\n[Network NAT Rule Logs](/app/dashboards#/view/azure-8731b980-f1aa-11ec-a5a8-bf965bcd5646)  \\n[Application Rule Logs](/app/dashboards#/view/azure-1e5c9b50-f24a-11ec-a5a8-bf965bcd5646)  \\n[DNS Proxy Logs](/app/dashboards#/view/azure-cad82b40-f251-11ec-a5a8-bf965bcd5646)\\n\\n[Integrations Page](/app/integrations/detail/azure/overview?integration=firewall_logs) \\n\\n**Overview**\\n\\nThis dashboard provides an overall view of Azure Firewall Network Rule Log events.\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64\",\"w\":6,\"x\":12,\"y\":7},\"panelIndex\":\"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Source IPs\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(source.ip)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of unique_count(source.ip)\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"source.ip\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Source IPs\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"4c85d573-baea-49ca-bb9e-4013a0373da7\",\"w\":6,\"x\":18,\"y\":7},\"panelIndex\":\"4c85d573-baea-49ca-bb9e-4013a0373da7\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Destination IPs\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(destination.ip)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Unique Source IPs\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"destination.ip\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Destination IPs\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"b0b8c30c-2096-49ee-95b3-9adbf27808e5\",\"w\":6,\"x\":24,\"y\":7},\"panelIndex\":\"b0b8c30c-2096-49ee-95b3-9adbf27808e5\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Source Countries\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(source.geo.country_name)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Unique Source IPs\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"source.geo.country_name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Source Countries\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"e0be3094-1544-4c59-858c-05320b57c3a7\",\"w\":6,\"x\":30,\"y\":7},\"panelIndex\":\"e0be3094-1544-4c59-858c-05320b57c3a7\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Destination Countries\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(destination.geo.country_name)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Unique Source Countries\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"destination.geo.country_name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Destination Countries\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"673dd2b3-e271-4ad9-9b86-83e4e1070647\",\"w\":6,\"x\":36,\"y\":7},\"panelIndex\":\"673dd2b3-e271-4ad9-9b86-83e4e1070647\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Network Protocols\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(network.protocol)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Unique Rules\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"network.protocol\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Network Protocols\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"ce8caf3c-c830-4500-a4bf-66a9f354cd49\",\"w\":12,\"x\":0,\"y\":14},\"panelIndex\":\"ce8caf3c-c830-4500-a4bf-66a9f354cd49\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5c93c96-5038-49e1-acca-2e876257c059\":{\"columnOrder\":[\"b2d72986-1818-4a93-9155-2a66cd00eca4\",\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\"],\"columns\":{\"b2d72986-1818-4a93-9155-2a66cd00eca4\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Firewall\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"observer.name\"},\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"b2d72986-1818-4a93-9155-2a66cd00eca4\",\"isTransposed\":false},{\"columnId\":\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\",\"isTransposed\":false}],\"layerId\":\"a5c93c96-5038-49e1-acca-2e876257c059\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Event Generating Firewalls\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"2148efa5-f130-4751-909d-6a79eed2e16b\",\"w\":12,\"x\":12,\"y\":14},\"panelIndex\":\"2148efa5-f130-4751-909d-6a79eed2e16b\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"77c8c7dc-b073-4d7c-8403-b25ee4647152\":{\"columnOrder\":[\"f49ff962-9e8a-4170-a0d8-54cee9438651\",\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"],\"columns\":{\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"f49ff962-9e8a-4170-a0d8-54cee9438651\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of source.geo.country_name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"source.geo.country_name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"legendSize\":\"auto\",\"primaryGroups\":[\"f49ff962-9e8a-4170-a0d8-54cee9438651\"],\"metrics\":[\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Source Countries\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"6790d45f-4fa9-4a70-b0e1-a3e10682c852\",\"w\":12,\"x\":24,\"y\":14},\"panelIndex\":\"6790d45f-4fa9-4a70-b0e1-a3e10682c852\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"77c8c7dc-b073-4d7c-8403-b25ee4647152\":{\"columnOrder\":[\"f49ff962-9e8a-4170-a0d8-54cee9438651\",\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"],\"columns\":{\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"f49ff962-9e8a-4170-a0d8-54cee9438651\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of destination.geo.country_name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"destination.geo.country_name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"legendSize\":\"auto\",\"primaryGroups\":[\"f49ff962-9e8a-4170-a0d8-54cee9438651\"],\"metrics\":[\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Destination Countries\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"f7c1e866-ba0d-45af-95bf-2736901431dc\",\"w\":12,\"x\":36,\"y\":14},\"panelIndex\":\"f7c1e866-ba0d-45af-95bf-2736901431dc\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"77c8c7dc-b073-4d7c-8403-b25ee4647152\":{\"columnOrder\":[\"9367ad41-b48b-438e-b4d8-2c3f85aff052\",\"76f26815-f13c-4273-b52f-7c25247f2b0d\",\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"],\"columns\":{\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"76f26815-f13c-4273-b52f-7c25247f2b0d\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of network.protocol\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"network.protocol\"},\"9367ad41-b48b-438e-b4d8-2c3f85aff052\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of network.transport\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":3},\"scale\":\"ordinal\",\"sourceField\":\"network.transport\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"legendSize\":\"auto\",\"primaryGroups\":[\"76f26815-f13c-4273-b52f-7c25247f2b0d\",\"76f26815-f13c-4273-b52f-7c25247f2b0d\",\"9367ad41-b48b-438e-b4d8-2c3f85aff052\",\"76f26815-f13c-4273-b52f-7c25247f2b0d\",\"76f26815-f13c-4273-b52f-7c25247f2b0d\",\"76f26815-f13c-4273-b52f-7c25247f2b0d\"],\"metrics\":[\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"]}],\"shape\":\"donut\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Network Protocols and Applications\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"9609e04b-0043-4b3a-a31b-a2461c1e3dcb\",\"w\":12,\"x\":12,\"y\":29},\"panelIndex\":\"9609e04b-0043-4b3a-a31b-a2461c1e3dcb\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5c93c96-5038-49e1-acca-2e876257c059\":{\"columnOrder\":[\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"915adad5-4455-40d4-a9cd-0702da79189c\"],\"columns\":{\"63e483b4-0ce2-4f05-92a2-8e699650d64c\":{\"customLabel\":true,\"dataType\":\"ip\",\"isBucketed\":true,\"label\":\"Source IP\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"source.ip\"},\"915adad5-4455-40d4-a9cd-0702da79189c\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"isTransposed\":false},{\"columnId\":\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"isTransposed\":false}],\"layerId\":\"a5c93c96-5038-49e1-acca-2e876257c059\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Event Source IPs\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"8a1bd282-e360-473d-b26d-e73f2b470c81\",\"w\":12,\"x\":24,\"y\":29},\"panelIndex\":\"8a1bd282-e360-473d-b26d-e73f2b470c81\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5c93c96-5038-49e1-acca-2e876257c059\":{\"columnOrder\":[\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"915adad5-4455-40d4-a9cd-0702da79189c\"],\"columns\":{\"63e483b4-0ce2-4f05-92a2-8e699650d64c\":{\"customLabel\":true,\"dataType\":\"ip\",\"isBucketed\":true,\"label\":\"Destination IP\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"destination.ip\"},\"915adad5-4455-40d4-a9cd-0702da79189c\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"isTransposed\":false},{\"columnId\":\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"isTransposed\":false}],\"layerId\":\"a5c93c96-5038-49e1-acca-2e876257c059\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Event Destination IPs\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"3b9a2a5f-1226-415c-88d5-21496508d060\",\"w\":12,\"x\":36,\"y\":29},\"panelIndex\":\"3b9a2a5f-1226-415c-88d5-21496508d060\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5c93c96-5038-49e1-acca-2e876257c059\":{\"columnOrder\":[\"71a5a0d6-161e-4175-9a34-b25e8cfbf4c0\",\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\"],\"columns\":{\"71a5a0d6-161e-4175-9a34-b25e8cfbf4c0\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Network Protocol\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"network.protocol\"},\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"71a5a0d6-161e-4175-9a34-b25e8cfbf4c0\",\"isTransposed\":false},{\"columnId\":\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\",\"isTransposed\":false}],\"layerId\":\"a5c93c96-5038-49e1-acca-2e876257c059\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Network Protocols\"},{\"version\":\"7.16.0\",\"type\":\"search\",\"gridData\":{\"h\":15,\"i\":\"c469c097-b5bf-4eb9-ba69-c4590ec183a7\",\"w\":48,\"x\":0,\"y\":40},\"panelIndex\":\"c469c097-b5bf-4eb9-ba69-c4590ec183a7\",\"embeddableConfig\":{\"columns\":[\"observer.name\",\"source.ip\",\"source.port\",\"destination.ip\",\"destination.port\",\"event.kind\",\"event.type\"],\"enhancements\":{}},\"panelRefName\":\"panel_c469c097-b5bf-4eb9-ba69-c4590ec183a7\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"7cbe886c-4cc4-4fec-beff-7336b0965067\",\"w\":36,\"x\":12,\"y\":0},\"panelIndex\":\"7cbe886c-4cc4-4fec-beff-7336b0965067\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloud.account.id\",\"id\":\"1637591016076\",\"indexPatternRefName\":\"control_7cbe886c-4cc4-4fec-beff-7336b0965067_0_index_pattern\",\"label\":\"Subscription ID\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"observer.name\",\"id\":\"1637591118622\",\"indexPatternRefName\":\"control_7cbe886c-4cc4-4fec-beff-7336b0965067_1_index_pattern\",\"label\":\"Firewall\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":false,\"useTimeFilter\":false},\"title\":\"Firewall Filters\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\"}}]","timeRestore":false,"title":"[Logs Azure] Firewall Network Rule Log","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-91224490-f1a6-11ec-a5a8-bf965bcd5646","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"logs-*","name":"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"4c85d573-baea-49ca-bb9e-4013a0373da7:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"4c85d573-baea-49ca-bb9e-4013a0373da7:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"b0b8c30c-2096-49ee-95b3-9adbf27808e5:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"b0b8c30c-2096-49ee-95b3-9adbf27808e5:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"e0be3094-1544-4c59-858c-05320b57c3a7:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"e0be3094-1544-4c59-858c-05320b57c3a7:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"673dd2b3-e271-4ad9-9b86-83e4e1070647:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"673dd2b3-e271-4ad9-9b86-83e4e1070647:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"ce8caf3c-c830-4500-a4bf-66a9f354cd49:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"ce8caf3c-c830-4500-a4bf-66a9f354cd49:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059","type":"index-pattern"},{"id":"logs-*","name":"2148efa5-f130-4751-909d-6a79eed2e16b:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"2148efa5-f130-4751-909d-6a79eed2e16b:indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152","type":"index-pattern"},{"id":"logs-*","name":"6790d45f-4fa9-4a70-b0e1-a3e10682c852:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"6790d45f-4fa9-4a70-b0e1-a3e10682c852:indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152","type":"index-pattern"},{"id":"logs-*","name":"f7c1e866-ba0d-45af-95bf-2736901431dc:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"f7c1e866-ba0d-45af-95bf-2736901431dc:indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152","type":"index-pattern"},{"id":"logs-*","name":"9609e04b-0043-4b3a-a31b-a2461c1e3dcb:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"9609e04b-0043-4b3a-a31b-a2461c1e3dcb:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059","type":"index-pattern"},{"id":"logs-*","name":"8a1bd282-e360-473d-b26d-e73f2b470c81:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"8a1bd282-e360-473d-b26d-e73f2b470c81:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059","type":"index-pattern"},{"id":"logs-*","name":"3b9a2a5f-1226-415c-88d5-21496508d060:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"3b9a2a5f-1226-415c-88d5-21496508d060:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059","type":"index-pattern"},{"id":"azure-70cbce40-f1a7-11ec-a5a8-bf965bcd5646","name":"c469c097-b5bf-4eb9-ba69-c4590ec183a7:panel_c469c097-b5bf-4eb9-ba69-c4590ec183a7","type":"search"},{"id":"logs-*","name":"7cbe886c-4cc4-4fec-beff-7336b0965067:control_7cbe886c-4cc4-4fec-beff-7336b0965067_0_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7cbe886c-4cc4-4fec-beff-7336b0965067:control_7cbe886c-4cc4-4fec-beff-7336b0965067_1_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6755],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1OTQsMV0="}
-{"attributes":{"description":"Dashboard providing statistics about logs ingested from the Azure Firewall DNS Proxy events.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"azure.firewall_logs\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"azure.firewall_logs\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"azure.firewall.operation_name\",\"negate\":false,\"params\":{\"query\":\"AzureFirewallDnsProxyLog\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"azure.firewall.operation_name\":\"AzureFirewallDnsProxyLog\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":14,\"i\":\"258f7245-5011-4f03-bcd3-cada0180dc7a\",\"w\":12,\"x\":0,\"y\":0},\"panelIndex\":\"258f7245-5011-4f03-bcd3-cada0180dc7a\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"**Navigation**\\n\\n[Overview](/app/dashboards#/view/azure-280493a0-f1a1-11ec-a5a8-bf965bcd5646)  \\n[Network Rule Logs](/app/dashboards#/view/azure-91224490-f1a6-11ec-a5a8-bf965bcd5646)  \\n[Network NAT Rule Logs](/app/dashboards#/view/azure-8731b980-f1aa-11ec-a5a8-bf965bcd5646)  \\n[Application Rule Logs)](/app/dashboards#/view/azure-1e5c9b50-f24a-11ec-a5a8-bf965bcd5646)  \\n**[DNS Proxy Logs (This Page)](/app/dashboards#/view/azure-cad82b40-f251-11ec-a5a8-bf965bcd5646)**\\n\\n[Integrations Page](/app/integrations/detail/azure/overview?integration=firewall_logs)  \\n\\n**Overview**\\n\\nThis dashboard provides an overall view of Azure Firewall DNS Proxy Log events.   \",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"7cbe886c-4cc4-4fec-beff-7336b0965067\",\"w\":36,\"x\":12,\"y\":0},\"panelIndex\":\"7cbe886c-4cc4-4fec-beff-7336b0965067\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloud.account.id\",\"id\":\"1637591016076\",\"indexPatternRefName\":\"control_7cbe886c-4cc4-4fec-beff-7336b0965067_0_index_pattern\",\"label\":\"Subscription ID\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"observer.name\",\"id\":\"1637591118622\",\"indexPatternRefName\":\"control_7cbe886c-4cc4-4fec-beff-7336b0965067_1_index_pattern\",\"label\":\"Firewall\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":false,\"useTimeFilter\":false},\"title\":\"Firewall Filters\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"8f1313ba-331f-478a-aa30-ea8e2845f86c\",\"w\":6,\"x\":12,\"y\":7},\"panelIndex\":\"8f1313ba-331f-478a-aa30-ea8e2845f86c\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-8fee795f-a453-4cfa-a819-be091462e0ee\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"8fee795f-a453-4cfa-a819-be091462e0ee\":{\"columnOrder\":[\"e5fe95be-c8fe-4066-8ea1-58e63682f94b\"],\"columns\":{\"e5fe95be-c8fe-4066-8ea1-58e63682f94b\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Total DNS Queries\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"e5fe95be-c8fe-4066-8ea1-58e63682f94b\",\"layerId\":\"8fee795f-a453-4cfa-a819-be091462e0ee\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total DNS Queries\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64\",\"w\":6,\"x\":18,\"y\":7},\"panelIndex\":\"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Source IPs\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(source.ip)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of unique_count(source.ip)\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"source.ip\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Source IPs\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"b0b8c30c-2096-49ee-95b3-9adbf27808e5\",\"w\":6,\"x\":24,\"y\":7},\"panelIndex\":\"b0b8c30c-2096-49ee-95b3-9adbf27808e5\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Source Countries\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(source.geo.country_name)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Unique Source IPs\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"source.geo.country_name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Source Countries\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"e0be3094-1544-4c59-858c-05320b57c3a7\",\"w\":6,\"x\":30,\"y\":7},\"panelIndex\":\"e0be3094-1544-4c59-858c-05320b57c3a7\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Domains\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(dns.question.name)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Unique DNS Names\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"dns.question.name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Domains\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"2c2c4900-3223-4061-aba7-6c7274441654\",\"w\":6,\"x\":36,\"y\":7},\"panelIndex\":\"2c2c4900-3223-4061-aba7-6c7274441654\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-8fee795f-a453-4cfa-a819-be091462e0ee\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"8fee795f-a453-4cfa-a819-be091462e0ee\":{\"columnOrder\":[\"e5fe95be-c8fe-4066-8ea1-58e63682f94b\",\"e5fe95be-c8fe-4066-8ea1-58e63682f94bX0\",\"e5fe95be-c8fe-4066-8ea1-58e63682f94bX1\",\"e5fe95be-c8fe-4066-8ea1-58e63682f94bX2\"],\"columns\":{\"e5fe95be-c8fe-4066-8ea1-58e63682f94b\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Total Bytes\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}},\"formula\":\"sum(source.bytes) + sum(destination.bytes)\",\"isFormulaBroken\":false},\"references\":[\"e5fe95be-c8fe-4066-8ea1-58e63682f94bX2\"],\"scale\":\"ratio\"},\"e5fe95be-c8fe-4066-8ea1-58e63682f94bX0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Total Source Bytes\",\"operationType\":\"sum\",\"scale\":\"ratio\",\"sourceField\":\"source.bytes\"},\"e5fe95be-c8fe-4066-8ea1-58e63682f94bX1\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Total Source Bytes\",\"operationType\":\"sum\",\"scale\":\"ratio\",\"sourceField\":\"destination.bytes\"},\"e5fe95be-c8fe-4066-8ea1-58e63682f94bX2\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Total Source Bytes\",\"operationType\":\"math\",\"params\":{\"tinymathAst\":{\"args\":[\"e5fe95be-c8fe-4066-8ea1-58e63682f94bX0\",\"e5fe95be-c8fe-4066-8ea1-58e63682f94bX1\"],\"location\":{\"max\":42,\"min\":0},\"name\":\"add\",\"text\":\"sum(source.bytes) + sum(destination.bytes)\",\"type\":\"function\"}},\"references\":[\"e5fe95be-c8fe-4066-8ea1-58e63682f94bX0\",\"e5fe95be-c8fe-4066-8ea1-58e63682f94bX1\"],\"scale\":\"ratio\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"e5fe95be-c8fe-4066-8ea1-58e63682f94b\",\"layerId\":\"8fee795f-a453-4cfa-a819-be091462e0ee\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Bytes\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"673dd2b3-e271-4ad9-9b86-83e4e1070647\",\"w\":6,\"x\":42,\"y\":7},\"panelIndex\":\"673dd2b3-e271-4ad9-9b86-83e4e1070647\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Network Protocols\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(network.transport)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Unique Network Protocols\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"network.transport\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Network Protocols\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"9609e04b-0043-4b3a-a31b-a2461c1e3dcb\",\"w\":12,\"x\":24,\"y\":14},\"panelIndex\":\"9609e04b-0043-4b3a-a31b-a2461c1e3dcb\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5c93c96-5038-49e1-acca-2e876257c059\":{\"columnOrder\":[\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"915adad5-4455-40d4-a9cd-0702da79189c\"],\"columns\":{\"63e483b4-0ce2-4f05-92a2-8e699650d64c\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Source Address\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"source.address\"},\"915adad5-4455-40d4-a9cd-0702da79189c\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"isTransposed\":false},{\"columnId\":\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"isTransposed\":false}],\"layerId\":\"a5c93c96-5038-49e1-acca-2e876257c059\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Event Source Addresses\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"ce8caf3c-c830-4500-a4bf-66a9f354cd49\",\"w\":12,\"x\":36,\"y\":14},\"panelIndex\":\"ce8caf3c-c830-4500-a4bf-66a9f354cd49\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5c93c96-5038-49e1-acca-2e876257c059\":{\"columnOrder\":[\"b2d72986-1818-4a93-9155-2a66cd00eca4\",\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\"],\"columns\":{\"b2d72986-1818-4a93-9155-2a66cd00eca4\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Firewall\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"observer.name\"},\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"b2d72986-1818-4a93-9155-2a66cd00eca4\",\"isTransposed\":false},{\"columnId\":\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\",\"isTransposed\":false}],\"layerId\":\"a5c93c96-5038-49e1-acca-2e876257c059\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Event Generating Firewalls\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"dc473cf3-3ff8-4c71-b465-1e9b819ddd94\",\"w\":24,\"x\":0,\"y\":14},\"panelIndex\":\"dc473cf3-3ff8-4c71-b465-1e9b819ddd94\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5c93c96-5038-49e1-acca-2e876257c059\":{\"columnOrder\":[\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"915adad5-4455-40d4-a9cd-0702da79189c\"],\"columns\":{\"63e483b4-0ce2-4f05-92a2-8e699650d64c\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Domains\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"dns.question.name\"},\"915adad5-4455-40d4-a9cd-0702da79189c\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"isTransposed\":false},{\"columnId\":\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"isTransposed\":false}],\"layerId\":\"a5c93c96-5038-49e1-acca-2e876257c059\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Domains\"},{\"version\":\"7.16.0\",\"type\":\"search\",\"gridData\":{\"h\":18,\"i\":\"49811546-e0b1-4814-82fe-e99715c85069\",\"w\":48,\"x\":0,\"y\":29},\"panelIndex\":\"49811546-e0b1-4814-82fe-e99715c85069\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_49811546-e0b1-4814-82fe-e99715c85069\"}]","timeRestore":false,"title":"[Logs Azure] Firewall DNS Proxy Log","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"azure-cad82b40-f251-11ec-a5a8-bf965bcd5646","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"logs-*","name":"7cbe886c-4cc4-4fec-beff-7336b0965067:control_7cbe886c-4cc4-4fec-beff-7336b0965067_0_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7cbe886c-4cc4-4fec-beff-7336b0965067:control_7cbe886c-4cc4-4fec-beff-7336b0965067_1_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"8f1313ba-331f-478a-aa30-ea8e2845f86c:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"8f1313ba-331f-478a-aa30-ea8e2845f86c:indexpattern-datasource-layer-8fee795f-a453-4cfa-a819-be091462e0ee","type":"index-pattern"},{"id":"logs-*","name":"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"b0b8c30c-2096-49ee-95b3-9adbf27808e5:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"b0b8c30c-2096-49ee-95b3-9adbf27808e5:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"e0be3094-1544-4c59-858c-05320b57c3a7:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"e0be3094-1544-4c59-858c-05320b57c3a7:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"2c2c4900-3223-4061-aba7-6c7274441654:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"2c2c4900-3223-4061-aba7-6c7274441654:indexpattern-datasource-layer-8fee795f-a453-4cfa-a819-be091462e0ee","type":"index-pattern"},{"id":"logs-*","name":"673dd2b3-e271-4ad9-9b86-83e4e1070647:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"673dd2b3-e271-4ad9-9b86-83e4e1070647:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"9609e04b-0043-4b3a-a31b-a2461c1e3dcb:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"9609e04b-0043-4b3a-a31b-a2461c1e3dcb:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059","type":"index-pattern"},{"id":"logs-*","name":"ce8caf3c-c830-4500-a4bf-66a9f354cd49:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"ce8caf3c-c830-4500-a4bf-66a9f354cd49:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059","type":"index-pattern"},{"id":"logs-*","name":"dc473cf3-3ff8-4c71-b465-1e9b819ddd94:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"dc473cf3-3ff8-4c71-b465-1e9b819ddd94:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059","type":"index-pattern"},{"id":"azure-3d1466b0-f252-11ec-a5a8-bf965bcd5646","name":"49811546-e0b1-4814-82fe-e99715c85069:panel_49811546-e0b1-4814-82fe-e99715c85069","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688154054424,6781],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1OTUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RADIUS - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RADIUS - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"b0456970-6e1f-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"75545310-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,6783],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1OTYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DNP3 - IIN","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DNP3 - IIN\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"dnp3.iin: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dnp3.iin\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IIN\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"f991b6d0-75b8-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,6785],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1OTcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:dnp3\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"728d0151-5dc6-429d-9b14-b457ab73d3fd\"},\"panelIndex\":\"728d0151-5dc6-429d-9b14-b457ab73d3fd\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_728d0151-5dc6-429d-9b14-b457ab73d3fd\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":13,\"y\":0,\"w\":15,\"h\":8,\"i\":\"1b99097d-a957-4163-9810-263a0e653c18\"},\"panelIndex\":\"1b99097d-a957-4163-9810-263a0e653c18\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1b99097d-a957-4163-9810-263a0e653c18\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":20,\"h\":8,\"i\":\"43bb3cf4-ee4a-4eba-8eea-8e133957fd48\"},\"panelIndex\":\"43bb3cf4-ee4a-4eba-8eea-8e133957fd48\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_43bb3cf4-ee4a-4eba-8eea-8e133957fd48\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":8,\"w\":8,\"h\":19,\"i\":\"87f23747-38c9-4d15-a85b-8beff66abaf4\"},\"panelIndex\":\"87f23747-38c9-4d15-a85b-8beff66abaf4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_87f23747-38c9-4d15-a85b-8beff66abaf4\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":8,\"y\":8,\"w\":8,\"h\":19,\"i\":\"d10ae5ac-6400-4a2c-a376-e6e74ed529ad\"},\"panelIndex\":\"d10ae5ac-6400-4a2c-a376-e6e74ed529ad\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_d10ae5ac-6400-4a2c-a376-e6e74ed529ad\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":16,\"y\":8,\"w\":12,\"h\":19,\"i\":\"a9916c8f-c82b-413d-8561-64ce0d68d3b8\"},\"panelIndex\":\"a9916c8f-c82b-413d-8561-64ce0d68d3b8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a9916c8f-c82b-413d-8561-64ce0d68d3b8\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":19,\"i\":\"04426d00-3313-40eb-a0c9-2541a7ea99f3\"},\"panelIndex\":\"04426d00-3313-40eb-a0c9-2541a7ea99f3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_04426d00-3313-40eb-a0c9-2541a7ea99f3\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":28,\"i\":\"f36f0fec-ab1e-4aea-84ea-4cf0fedcfffc\"},\"panelIndex\":\"f36f0fec-ab1e-4aea-84ea-4cf0fedcfffc\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f36f0fec-ab1e-4aea-84ea-4cf0fedcfffc\"}]","timeRestore":false,"title":"Security Onion - DNP3","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"b1f52180-755a-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"728d0151-5dc6-429d-9b14-b457ab73d3fd:panel_728d0151-5dc6-429d-9b14-b457ab73d3fd","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"1b99097d-a957-4163-9810-263a0e653c18:panel_1b99097d-a957-4163-9810-263a0e653c18","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"43bb3cf4-ee4a-4eba-8eea-8e133957fd48:panel_43bb3cf4-ee4a-4eba-8eea-8e133957fd48","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"87f23747-38c9-4d15-a85b-8beff66abaf4:panel_87f23747-38c9-4d15-a85b-8beff66abaf4","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"d10ae5ac-6400-4a2c-a376-e6e74ed529ad:panel_d10ae5ac-6400-4a2c-a376-e6e74ed529ad","type":"visualization"},{"id":"f991b6d0-75b8-11ea-9565-7315f4ee5cac","name":"a9916c8f-c82b-413d-8561-64ce0d68d3b8:panel_a9916c8f-c82b-413d-8561-64ce0d68d3b8","type":"visualization"},{"id":"214793c0-75b9-11ea-9565-7315f4ee5cac","name":"04426d00-3313-40eb-a0c9-2541a7ea99f3:panel_04426d00-3313-40eb-a0c9-2541a7ea99f3","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"f36f0fec-ab1e-4aea-84ea-4cf0fedcfffc:panel_f36f0fec-ab1e-4aea-84ea-4cf0fedcfffc","type":"search"}],"sort":[1688154054424,6794],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1OTgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RFB - Authentication Method","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - RFB - Authentication Method\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rfb.authentication.method.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rfb.authentication.method.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Method\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"b2053990-75c7-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,6796],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ1OTksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:kerberos\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":9,\"i\":\"caa0aaa2-ed03-47b4-9a9f-c0f9b8d50da9\"},\"panelIndex\":\"caa0aaa2-ed03-47b4-9a9f-c0f9b8d50da9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_caa0aaa2-ed03-47b4-9a9f-c0f9b8d50da9\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":14,\"y\":0,\"w\":15,\"h\":9,\"i\":\"e0e4a50d-887b-472b-a790-302966fb6f49\"},\"panelIndex\":\"e0e4a50d-887b-472b-a790-302966fb6f49\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e0e4a50d-887b-472b-a790-302966fb6f49\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":9,\"i\":\"5cca2c4b-7299-4122-a3d5-3637ef23dc5d\"},\"panelIndex\":\"5cca2c4b-7299-4122-a3d5-3637ef23dc5d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5cca2c4b-7299-4122-a3d5-3637ef23dc5d\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":10,\"h\":19,\"i\":\"aa944a94-288e-490f-9e04-f5b3bc2cf19f\"},\"panelIndex\":\"aa944a94-288e-490f-9e04-f5b3bc2cf19f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_aa944a94-288e-490f-9e04-f5b3bc2cf19f\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":10,\"y\":9,\"w\":10,\"h\":19,\"i\":\"ebc359a7-3dce-4e7d-bd70-355cc8099437\"},\"panelIndex\":\"ebc359a7-3dce-4e7d-bd70-355cc8099437\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_ebc359a7-3dce-4e7d-bd70-355cc8099437\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":20,\"y\":9,\"w\":11,\"h\":19,\"i\":\"251dacac-b4c5-481a-9e41-8173e9bc27ab\"},\"panelIndex\":\"251dacac-b4c5-481a-9e41-8173e9bc27ab\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_251dacac-b4c5-481a-9e41-8173e9bc27ab\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":31,\"y\":9,\"w\":7,\"h\":19,\"i\":\"1a78a61c-7b0a-425f-ade8-bcbb302a2585\"},\"panelIndex\":\"1a78a61c-7b0a-425f-ade8-bcbb302a2585\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1a78a61c-7b0a-425f-ade8-bcbb302a2585\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":38,\"y\":9,\"w\":10,\"h\":19,\"i\":\"eba2e210-8b36-41a7-8ac5-7d63cfc022e1\"},\"panelIndex\":\"eba2e210-8b36-41a7-8ac5-7d63cfc022e1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_eba2e210-8b36-41a7-8ac5-7d63cfc022e1\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":28,\"w\":48,\"h\":29,\"i\":\"13a216e9-1e56-4069-a61a-238ff604a18b\"},\"panelIndex\":\"13a216e9-1e56-4069-a61a-238ff604a18b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_13a216e9-1e56-4069-a61a-238ff604a18b\"}]","timeRestore":false,"title":"Security Onion - Kerberos","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"b207ab90-75bc-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"caa0aaa2-ed03-47b4-9a9f-c0f9b8d50da9:panel_caa0aaa2-ed03-47b4-9a9f-c0f9b8d50da9","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"e0e4a50d-887b-472b-a790-302966fb6f49:panel_e0e4a50d-887b-472b-a790-302966fb6f49","type":"visualization"},{"id":"c879ad60-72a1-11ea-8dd2-9d8795a1200b","name":"5cca2c4b-7299-4122-a3d5-3637ef23dc5d:panel_5cca2c4b-7299-4122-a3d5-3637ef23dc5d","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"aa944a94-288e-490f-9e04-f5b3bc2cf19f:panel_aa944a94-288e-490f-9e04-f5b3bc2cf19f","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"ebc359a7-3dce-4e7d-bd70-355cc8099437:panel_ebc359a7-3dce-4e7d-bd70-355cc8099437","type":"visualization"},{"id":"0ecc7310-75bd-11ea-9565-7315f4ee5cac","name":"251dacac-b4c5-481a-9e41-8173e9bc27ab:panel_251dacac-b4c5-481a-9e41-8173e9bc27ab","type":"visualization"},{"id":"2d73e460-75bd-11ea-9565-7315f4ee5cac","name":"1a78a61c-7b0a-425f-ade8-bcbb302a2585:panel_1a78a61c-7b0a-425f-ade8-bcbb302a2585","type":"visualization"},{"id":"48331f00-75bd-11ea-9565-7315f4ee5cac","name":"eba2e210-8b36-41a7-8ac5-7d63cfc022e1:panel_eba2e210-8b36-41a7-8ac5-7d63cfc022e1","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"13a216e9-1e56-4069-a61a-238ff604a18b:panel_13a216e9-1e56-4069-a61a-238ff604a18b","type":"search"}],"sort":[1688154054424,6806],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2MDAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Kerberos - Success Status (Donut Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Kerberos - Success Status (Donut Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"kerberos_success.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"b31231c0-35bb-11e7-b9ee-834112670159","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,6808],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2MDEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RADIUS - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RADIUS - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"b48442b0-3808-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"75545310-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,6810],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2MDIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Responder Bytes","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Connections - Responder Bytes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"respond_bytes\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Responder Bytes\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"b50912f0-366f-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,6812],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2MDMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Tunnels - Type","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Tunnels - Type\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tunnel.type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Type\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"b6120810-75ef-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,6814],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2MDQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Source - Responder Bytes ( Tile Map)","uiStateJSON":"{\"mapZoom\":3,\"mapCenter\":[39.70718665682654,-44.912109375]}","version":1,"visState":"{\"title\":\"Connections - Source - Responder Bytes ( Tile Map)\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":0,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"respond_bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.location\",\"autoPrecision\":true,\"useGeocentroid\":true,\"precision\":2}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"f3bc9fa0-46cb-11e7-946f-1bfb1be7c36b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,6816],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2MDUsMV0="}
-{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.3.0\",\"gridData\":{\"w\":8,\"h\":44,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.3.0\",\"gridData\":{\"w\":40,\"h\":40,\"x\":8,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[24.84656534821976,0.17578125],\"mapZoom\":2,\"enhancements\":{}},\"panelRefName\":\"panel_1\"}]","timeRestore":false,"title":"Connections - Source - Responder Bytes","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"b65775e0-46cb-11e7-946f-1bfb1be7c36b","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"f3bc9fa0-46cb-11e7-946f-1bfb1be7c36b","name":"panel_1","type":"visualization"}],"sort":[1688154054424,6819],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2MDYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SSL - Validation Status","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - SSL - Validation Status\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ssl.validation_status.keyword: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ssl.validation_status.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Status\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"b8371250-75ec-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,6821],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2MDcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:radius\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":9,\"i\":\"005ac000-9db8-4310-97d5-4574cdaf0e49\"},\"panelIndex\":\"005ac000-9db8-4310-97d5-4574cdaf0e49\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_005ac000-9db8-4310-97d5-4574cdaf0e49\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":13,\"y\":0,\"w\":17,\"h\":9,\"i\":\"a65d1358-9fa9-4457-8a46-5790a748d1fa\"},\"panelIndex\":\"a65d1358-9fa9-4457-8a46-5790a748d1fa\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a65d1358-9fa9-4457-8a46-5790a748d1fa\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":9,\"i\":\"d38d991e-53e4-4b71-8e3f-c0d4b0d454da\"},\"panelIndex\":\"d38d991e-53e4-4b71-8e3f-c0d4b0d454da\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_d38d991e-53e4-4b71-8e3f-c0d4b0d454da\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":8,\"h\":19,\"i\":\"9304c1a2-e55f-4f51-bd04-d15892b754a4\"},\"panelIndex\":\"9304c1a2-e55f-4f51-bd04-d15892b754a4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9304c1a2-e55f-4f51-bd04-d15892b754a4\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":8,\"y\":9,\"w\":8,\"h\":19,\"i\":\"7075ea4f-e935-470c-9329-9a0b15202385\"},\"panelIndex\":\"7075ea4f-e935-470c-9329-9a0b15202385\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7075ea4f-e935-470c-9329-9a0b15202385\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":16,\"y\":9,\"w\":8,\"h\":19,\"i\":\"91a90e9d-71f7-484c-a561-6aef6a3b8f09\"},\"panelIndex\":\"91a90e9d-71f7-484c-a561-6aef6a3b8f09\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_91a90e9d-71f7-484c-a561-6aef6a3b8f09\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":9,\"w\":9,\"h\":19,\"i\":\"9058f9ee-39d1-4e2b-a99b-ed4c2fb26efd\"},\"panelIndex\":\"9058f9ee-39d1-4e2b-a99b-ed4c2fb26efd\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9058f9ee-39d1-4e2b-a99b-ed4c2fb26efd\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":33,\"y\":9,\"w\":15,\"h\":19,\"i\":\"766f8f9b-3f31-47d8-9734-442fc1fcff84\"},\"panelIndex\":\"766f8f9b-3f31-47d8-9734-442fc1fcff84\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_766f8f9b-3f31-47d8-9734-442fc1fcff84\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":28,\"w\":48,\"h\":29,\"i\":\"49fd1168-f7ab-4759-a92c-f2699389678e\"},\"panelIndex\":\"49fd1168-f7ab-4759-a92c-f2699389678e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_49fd1168-f7ab-4759-a92c-f2699389678e\"}]","timeRestore":false,"title":"Security Onion - RADIUS","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"b9769e60-75c4-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"005ac000-9db8-4310-97d5-4574cdaf0e49:panel_005ac000-9db8-4310-97d5-4574cdaf0e49","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"a65d1358-9fa9-4457-8a46-5790a748d1fa:panel_a65d1358-9fa9-4457-8a46-5790a748d1fa","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"d38d991e-53e4-4b71-8e3f-c0d4b0d454da:panel_d38d991e-53e4-4b71-8e3f-c0d4b0d454da","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"9304c1a2-e55f-4f51-bd04-d15892b754a4:panel_9304c1a2-e55f-4f51-bd04-d15892b754a4","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"7075ea4f-e935-470c-9329-9a0b15202385:panel_7075ea4f-e935-470c-9329-9a0b15202385","type":"visualization"},{"id":"767c89f0-af4c-11ea-b262-353d451b125b","name":"91a90e9d-71f7-484c-a561-6aef6a3b8f09:panel_91a90e9d-71f7-484c-a561-6aef6a3b8f09","type":"visualization"},{"id":"0ca071b0-75c5-11ea-9565-7315f4ee5cac","name":"9058f9ee-39d1-4e2b-a99b-ed4c2fb26efd:panel_9058f9ee-39d1-4e2b-a99b-ed4c2fb26efd","type":"visualization"},{"id":"27ab8260-75c5-11ea-9565-7315f4ee5cac","name":"766f8f9b-3f31-47d8-9734-442fc1fcff84:panel_766f8f9b-3f31-47d8-9734-442fc1fcff84","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"49fd1168-f7ab-4759-a92c-f2699389678e:panel_49fd1168-f7ab-4759-a92c-f2699389678e","type":"search"}],"sort":[1688154054424,6831],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2MDgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Intel - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Intel - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"ba2d3b10-399b-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,6833],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2MDksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NIDS Alerts - Severity (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"NIDS Alerts - Severity (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"priority.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Priority\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"ba60bcf0-3af5-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,6835],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2MTAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Kerberos - Renewable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Kerberos - Renewable\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"renewable.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Renewable\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"bb748470-6e1a-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,6837],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2MTEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RFB - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"bbbe5a80-6e21-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,6839],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2MTIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Connections - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Connections - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"bc7fbe00-4a44-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,6841],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2MTMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DNP3 - Function Reply","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNP3 - Function Reply\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"fc_reply.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Reply\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"bd5435f0-4a4d-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c2587840-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,6843],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2MTQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"RDP - Keyboard Layout (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"RDP - Keyboard Layout (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"keyboard_layout.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Keyboard Layout\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"be7637c0-371c-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,6845],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2MTUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Authentication Method","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RFB - Authentication Method\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"authentication_method.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Authentication Method\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"bf47f4c0-371e-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,6847],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2MTYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Autoruns - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Autoruns - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 seconds\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"bf5ab2d0-6d6b-11e7-ad64-15aa071374a6","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"dd700830-6d69-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688154054424,6849],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2MTcsMV0="}
-{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.module:osquery\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":7,\"h\":7,\"i\":\"7f9eaa30-b358-4027-a312-249defe273c4\"},\"panelIndex\":\"7f9eaa30-b358-4027-a312-249defe273c4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":7,\"y\":0,\"w\":17,\"h\":7,\"i\":\"ca041a33-b29f-4ce6-8762-2dd86a9c27a2\"},\"panelIndex\":\"ca041a33-b29f-4ce6-8762-2dd86a9c27a2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":7,\"i\":\"4e6cdaec-ad6d-46b2-abdc-7383382635c7\"},\"panelIndex\":\"4e6cdaec-ad6d-46b2-abdc-7383382635c7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":7,\"w\":48,\"h\":16,\"i\":\"fae63e28-6a3c-4641-94fd-e5b033ac55b9\"},\"panelIndex\":\"fae63e28-6a3c-4641-94fd-e5b033ac55b9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":23,\"w\":48,\"h\":31,\"i\":\"91e35690-24ec-4a13-b791-6146c05a2285\"},\"panelIndex\":\"91e35690-24ec-4a13-b791-6146c05a2285\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"}]","timeRestore":false,"title":"Security Onion - Osquery","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"bf7cf8d0-7732-11ea-bee5-af7f7c7b8e05","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"df50eba0-6ec0-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"ab47a590-afcc-11ea-b262-353d451b125b","name":"panel_3","type":"visualization"},{"id":"a866be10-0e45-11eb-a255-e1e8e85e3571","name":"panel_4","type":"search"}],"sort":[1688154054424,6855],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2MTgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"IRC - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"IRC - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"bf959cb0-35b7-11e7-a994-c528746bc6e8","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"344c6010-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,6857],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2MTksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Bro - Notice - Message/Sub-Message","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Bro - Notice - Message/Sub-Message\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"msg.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Message\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sub_msg.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Sub-Message\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"bfeb6210-7bb9-11e7-90ec-cdd3dff73b38","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,6859],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2MjAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Top 50 - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Top 50 - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"c0de57b0-4948-11e8-9576-313be7c6b44b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,6861],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2MjEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NTLM - Server NetBIOS Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NTLM - Server NetBIOS Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server_nb_computer_name.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server NetBIOS Name\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"c23ea470-0edc-11e9-9846-59f545e7293f","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688154054424,6863],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2MjIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Authentication Method (Horizontal Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"RFB - Authentication Method (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"authentication_method.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Method\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"c24191f0-6e22-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,6865],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2MjMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_ssl AND _exists_:server_name_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"SSL - Certificate Server Name Frequency Analysis","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSL - Certificate Server Name Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"server_name_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server_name.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Server Name\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"c2e54c20-6f0b-11e7-9d31-23c0596994a7","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,6867],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2MjQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Connections - Protocol (Bar Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Connections - Protocol (Bar Chart)\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100,\"filter\":true},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Protocol\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\",\"circlesRadius\":1}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"protocol.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Protocol\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"c3152010-3673-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,6869],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2MjUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Firewall - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Firewall - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"c3a06740-6d75-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"37c16940-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688154054424,6871],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2MjYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - TLS (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SMTP - TLS (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tls.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"c3bb32c0-39a2-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,6873],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2MjcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - MySQL - Success","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - MySQL - Success\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"mysql.success\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"ec40c5e0-75c0-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,6875],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2MjgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:mysql\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":9,\"i\":\"b08e3120-b482-4817-b3e9-f521f5acd8f2\"},\"panelIndex\":\"b08e3120-b482-4817-b3e9-f521f5acd8f2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b08e3120-b482-4817-b3e9-f521f5acd8f2\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":13,\"y\":0,\"w\":16,\"h\":9,\"i\":\"e23b2681-5eae-4de6-8933-ba755508ec5b\"},\"panelIndex\":\"e23b2681-5eae-4de6-8933-ba755508ec5b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e23b2681-5eae-4de6-8933-ba755508ec5b\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":9,\"i\":\"53e06ed2-d64f-46dc-b864-5b884a8c53dc\"},\"panelIndex\":\"53e06ed2-d64f-46dc-b864-5b884a8c53dc\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_53e06ed2-d64f-46dc-b864-5b884a8c53dc\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":9,\"h\":18,\"i\":\"2bfa498b-d0a8-48ee-9a47-bcf288127d2a\"},\"panelIndex\":\"2bfa498b-d0a8-48ee-9a47-bcf288127d2a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2bfa498b-d0a8-48ee-9a47-bcf288127d2a\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":9,\"w\":9,\"h\":18,\"i\":\"e6a27aaf-ef8d-41a3-aebc-9c26ab2dc189\"},\"panelIndex\":\"e6a27aaf-ef8d-41a3-aebc-9c26ab2dc189\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e6a27aaf-ef8d-41a3-aebc-9c26ab2dc189\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":18,\"y\":9,\"w\":15,\"h\":18,\"i\":\"e2f6f286-c4ba-4642-b650-366aca2c3d2d\"},\"panelIndex\":\"e2f6f286-c4ba-4642-b650-366aca2c3d2d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e2f6f286-c4ba-4642-b650-366aca2c3d2d\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":33,\"y\":9,\"w\":15,\"h\":18,\"i\":\"f84a5dbd-d99c-4c24-895f-18f1d419af93\"},\"panelIndex\":\"f84a5dbd-d99c-4c24-895f-18f1d419af93\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f84a5dbd-d99c-4c24-895f-18f1d419af93\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":16,\"i\":\"3b2e66eb-aa46-4363-b8ad-efd564b95279\"},\"panelIndex\":\"3b2e66eb-aa46-4363-b8ad-efd564b95279\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3b2e66eb-aa46-4363-b8ad-efd564b95279\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":43,\"w\":48,\"h\":29,\"i\":\"fb7962e7-1108-429e-a623-8ece03931e4a\"},\"panelIndex\":\"fb7962e7-1108-429e-a623-8ece03931e4a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_fb7962e7-1108-429e-a623-8ece03931e4a\"}]","timeRestore":false,"title":"Security Onion - MySQL","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"c3ced6d0-75be-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"b08e3120-b482-4817-b3e9-f521f5acd8f2:panel_b08e3120-b482-4817-b3e9-f521f5acd8f2","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"e23b2681-5eae-4de6-8933-ba755508ec5b:panel_e23b2681-5eae-4de6-8933-ba755508ec5b","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"53e06ed2-d64f-46dc-b864-5b884a8c53dc:panel_53e06ed2-d64f-46dc-b864-5b884a8c53dc","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"2bfa498b-d0a8-48ee-9a47-bcf288127d2a:panel_2bfa498b-d0a8-48ee-9a47-bcf288127d2a","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"e6a27aaf-ef8d-41a3-aebc-9c26ab2dc189:panel_e6a27aaf-ef8d-41a3-aebc-9c26ab2dc189","type":"visualization"},{"id":"ec40c5e0-75c0-11ea-9565-7315f4ee5cac","name":"e2f6f286-c4ba-4642-b650-366aca2c3d2d:panel_e2f6f286-c4ba-4642-b650-366aca2c3d2d","type":"visualization"},{"id":"1f306f60-75c0-11ea-9565-7315f4ee5cac","name":"f84a5dbd-d99c-4c24-895f-18f1d419af93:panel_f84a5dbd-d99c-4c24-895f-18f1d419af93","type":"visualization"},{"id":"3af496e0-75c0-11ea-9565-7315f4ee5cac","name":"3b2e66eb-aa46-4363-b8ad-efd564b95279:panel_3b2e66eb-aa46-4363-b8ad-efd564b95279","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"fb7962e7-1108-429e-a623-8ece03931e4a:panel_fb7962e7-1108-429e-a623-8ece03931e4a","type":"search"}],"sort":[1688154054424,6885],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2MjksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_x509 AND _exists_:issuer_organization_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"X.509 - Certificate Issuer Organization Frequency Analysis","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"X.509 - Certificate Issuer Organization Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"issuer_organization_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"issuer_organization.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Issuer Organization\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"c3f244c0-6f0a-11e7-83d2-adea2f314dc5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,6887],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2MzAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - Subject","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMTP - Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"subject.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"SMTP\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"c47e2a10-39a1-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,6889],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2MzEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"MySQL - Success","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"MySQL - Success\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"mysql_success.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"c48925a0-4a58-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"5d624230-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,6891],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2MzIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"RDP - Result (Horizontal Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"RDP - Result (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"result.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Result\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"c4f37d70-6e20-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,6893],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2MzMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Autoruns - Hostname (Tag Cloud)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Autoruns - Hostname (Tag Cloud)\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":10,\"maxFontSize\":30,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"hostname.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"c5d58f60-6d78-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"dd700830-6d69-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688154054424,6895],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2MzQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - HTTP - Count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - HTTP - Count\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":false},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":40}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"c7484350-6eb1-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9ee33aa0-6eb1-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1688154054424,6897],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2MzUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NIDS - Alerts","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NIDS - Alerts\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"alert.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"c7eed4c0-3649-11e7-bf60-314364dd1cde","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,6899],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2MzYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Zeek - Notice Message","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Zeek - Notice Message\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"notice.message.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"notice.message.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Message\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"c8039090-7a84-11ea-9d13-57f5db13d1ed","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,6901],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2MzcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Intel - Matched","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Intel - Matched\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"matched.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type Matched\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"c8540380-399c-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,6903],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2MzgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RFB - Share Flag","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - RFB - Share Flag\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"rfb.share_flag\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"d5e72b20-75c7-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,6905],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2MzksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RFB - Desktop Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - RFB - Desktop Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rfb.desktop.name.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rfb.desktop.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Desktop Name\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"fe62c910-75c7-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,6907],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2NDAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:rfb\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"f64f888f-f9bb-4be1-ab75-80d2a11303ed\"},\"panelIndex\":\"f64f888f-f9bb-4be1-ab75-80d2a11303ed\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f64f888f-f9bb-4be1-ab75-80d2a11303ed\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":13,\"y\":0,\"w\":17,\"h\":8,\"i\":\"0e12fa96-b29d-4815-ae19-b6e894948597\"},\"panelIndex\":\"0e12fa96-b29d-4815-ae19-b6e894948597\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0e12fa96-b29d-4815-ae19-b6e894948597\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":8,\"i\":\"7c1a7e05-c37b-4f81-b6b6-b30cfa0897e2\"},\"panelIndex\":\"7c1a7e05-c37b-4f81-b6b6-b30cfa0897e2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7c1a7e05-c37b-4f81-b6b6-b30cfa0897e2\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":8,\"w\":9,\"h\":19,\"i\":\"c1bb39f4-4d9f-4154-a131-65e727fc0049\"},\"panelIndex\":\"c1bb39f4-4d9f-4154-a131-65e727fc0049\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_c1bb39f4-4d9f-4154-a131-65e727fc0049\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":8,\"w\":9,\"h\":19,\"i\":\"e51c88d1-a11a-4d5f-b5a7-f6ac79b23054\"},\"panelIndex\":\"e51c88d1-a11a-4d5f-b5a7-f6ac79b23054\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e51c88d1-a11a-4d5f-b5a7-f6ac79b23054\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":18,\"y\":8,\"w\":14,\"h\":19,\"i\":\"b9412112-bc5a-4b16-ba5e-ded11a0e299d\"},\"panelIndex\":\"b9412112-bc5a-4b16-ba5e-ded11a0e299d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b9412112-bc5a-4b16-ba5e-ded11a0e299d\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":32,\"y\":8,\"w\":16,\"h\":19,\"i\":\"edfbec77-b174-40ac-9f11-776da22fe82d\"},\"panelIndex\":\"edfbec77-b174-40ac-9f11-776da22fe82d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_edfbec77-b174-40ac-9f11-776da22fe82d\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":27,\"w\":24,\"h\":15,\"i\":\"d2d1ebcb-83a9-44ca-80f2-2f0fc2abcecf\"},\"panelIndex\":\"d2d1ebcb-83a9-44ca-80f2-2f0fc2abcecf\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_d2d1ebcb-83a9-44ca-80f2-2f0fc2abcecf\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":27,\"w\":12,\"h\":15,\"i\":\"aedad86f-ec5e-4330-bab0-468351eb8355\"},\"panelIndex\":\"aedad86f-ec5e-4330-bab0-468351eb8355\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_aedad86f-ec5e-4330-bab0-468351eb8355\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":27,\"w\":12,\"h\":15,\"i\":\"8092b313-2e40-47e4-96a2-51086f98e53f\"},\"panelIndex\":\"8092b313-2e40-47e4-96a2-51086f98e53f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8092b313-2e40-47e4-96a2-51086f98e53f\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":42,\"w\":48,\"h\":29,\"i\":\"630311aa-6915-4543-a10a-2677f3c2f96a\"},\"panelIndex\":\"630311aa-6915-4543-a10a-2677f3c2f96a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_630311aa-6915-4543-a10a-2677f3c2f96a\"}]","timeRestore":false,"title":"Security Onion - RFB","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"c8b3c360-75c6-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"f64f888f-f9bb-4be1-ab75-80d2a11303ed:panel_f64f888f-f9bb-4be1-ab75-80d2a11303ed","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"0e12fa96-b29d-4815-ae19-b6e894948597:panel_0e12fa96-b29d-4815-ae19-b6e894948597","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"7c1a7e05-c37b-4f81-b6b6-b30cfa0897e2:panel_7c1a7e05-c37b-4f81-b6b6-b30cfa0897e2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"c1bb39f4-4d9f-4154-a131-65e727fc0049:panel_c1bb39f4-4d9f-4154-a131-65e727fc0049","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"e51c88d1-a11a-4d5f-b5a7-f6ac79b23054:panel_e51c88d1-a11a-4d5f-b5a7-f6ac79b23054","type":"visualization"},{"id":"b2053990-75c7-11ea-9565-7315f4ee5cac","name":"b9412112-bc5a-4b16-ba5e-ded11a0e299d:panel_b9412112-bc5a-4b16-ba5e-ded11a0e299d","type":"visualization"},{"id":"d5e72b20-75c7-11ea-9565-7315f4ee5cac","name":"edfbec77-b174-40ac-9f11-776da22fe82d:panel_edfbec77-b174-40ac-9f11-776da22fe82d","type":"visualization"},{"id":"fe62c910-75c7-11ea-9565-7315f4ee5cac","name":"d2d1ebcb-83a9-44ca-80f2-2f0fc2abcecf:panel_d2d1ebcb-83a9-44ca-80f2-2f0fc2abcecf","type":"visualization"},{"id":"5dcf09e0-75c8-11ea-9565-7315f4ee5cac","name":"aedad86f-ec5e-4330-bab0-468351eb8355:panel_aedad86f-ec5e-4330-bab0-468351eb8355","type":"visualization"},{"id":"316e90a0-75c8-11ea-9565-7315f4ee5cac","name":"8092b313-2e40-47e4-96a2-51086f98e53f:panel_8092b313-2e40-47e4-96a2-51086f98e53f","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"630311aa-6915-4543-a10a-2677f3c2f96a:panel_630311aa-6915-4543-a10a-2677f3c2f96a","type":"search"}],"sort":[1688154054424,6919],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2NDEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Connection Count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Connection Count\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":40}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"c94e2aa0-6e9f-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1688154054424,6921],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2NDIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:tunnel\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"19aef080-5875-4182-81a8-2a6639c75489\"},\"panelIndex\":\"19aef080-5875-4182-81a8-2a6639c75489\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_19aef080-5875-4182-81a8-2a6639c75489\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":13,\"y\":0,\"w\":16,\"h\":8,\"i\":\"70939be7-5bb9-4d13-ab89-683b3eda7a98\"},\"panelIndex\":\"70939be7-5bb9-4d13-ab89-683b3eda7a98\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_70939be7-5bb9-4d13-ab89-683b3eda7a98\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":8,\"i\":\"21848a06-ca96-4869-b069-7524caf3ae06\"},\"panelIndex\":\"21848a06-ca96-4869-b069-7524caf3ae06\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_21848a06-ca96-4869-b069-7524caf3ae06\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":8,\"w\":10,\"h\":19,\"i\":\"8020a914-8f9f-4bd6-be32-1c6afa27f9e4\"},\"panelIndex\":\"8020a914-8f9f-4bd6-be32-1c6afa27f9e4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8020a914-8f9f-4bd6-be32-1c6afa27f9e4\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":10,\"y\":8,\"w\":10,\"h\":19,\"i\":\"9f72f316-c3a2-4658-8d03-932fa590e216\"},\"panelIndex\":\"9f72f316-c3a2-4658-8d03-932fa590e216\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9f72f316-c3a2-4658-8d03-932fa590e216\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":20,\"y\":8,\"w\":9,\"h\":19,\"i\":\"fa1bc43a-2be3-4699-97af-677bded82273\"},\"panelIndex\":\"fa1bc43a-2be3-4699-97af-677bded82273\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_fa1bc43a-2be3-4699-97af-677bded82273\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":29,\"y\":8,\"w\":19,\"h\":19,\"i\":\"7c522eab-36bc-4933-abea-29a4c4a4f918\"},\"panelIndex\":\"7c522eab-36bc-4933-abea-29a4c4a4f918\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7c522eab-36bc-4933-abea-29a4c4a4f918\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":29,\"i\":\"b7799f8a-60c5-4629-9acd-9bbe7ebbac2a\"},\"panelIndex\":\"b7799f8a-60c5-4629-9acd-9bbe7ebbac2a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b7799f8a-60c5-4629-9acd-9bbe7ebbac2a\"}]","timeRestore":false,"title":"Security Onion - Tunnels","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"c962dd60-75ed-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"19aef080-5875-4182-81a8-2a6639c75489:panel_19aef080-5875-4182-81a8-2a6639c75489","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"70939be7-5bb9-4d13-ab89-683b3eda7a98:panel_70939be7-5bb9-4d13-ab89-683b3eda7a98","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"21848a06-ca96-4869-b069-7524caf3ae06:panel_21848a06-ca96-4869-b069-7524caf3ae06","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"8020a914-8f9f-4bd6-be32-1c6afa27f9e4:panel_8020a914-8f9f-4bd6-be32-1c6afa27f9e4","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"9f72f316-c3a2-4658-8d03-932fa590e216:panel_9f72f316-c3a2-4658-8d03-932fa590e216","type":"visualization"},{"id":"f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b","name":"fa1bc43a-2be3-4699-97af-677bded82273:panel_fa1bc43a-2be3-4699-97af-677bded82273","type":"visualization"},{"id":"b6120810-75ef-11ea-9565-7315f4ee5cac","name":"7c522eab-36bc-4933-abea-29a4c4a4f918:panel_7c522eab-36bc-4933-abea-29a4c4a4f918","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"b7799f8a-60c5-4629-9acd-9bbe7ebbac2a:panel_b7799f8a-60c5-4629-9acd-9bbe7ebbac2a","type":"search"}],"sort":[1688154054424,6930],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2NDMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Kerberos - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Kerberos - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"c97cd4c0-35ba-11e7-b9ee-834112670159","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,6932],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2NDQsMV0="}
-{"attributes":{"fieldAttrs":"{}","fieldFormatMap":"{}","fields":"[]","name":"logs-osquery_manager.result*","runtimeFieldMap":"{}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"logs-osquery_manager.result*","typeMeta":"{}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:32:47.998Z","id":"c9d70a3e-6bbc-4544-8b30-4a57521b8c8a","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"sort":[1688153567998,3718],"type":"index-pattern","updated_at":"2023-06-30T19:32:47.998Z","version":"WzMyNDAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_dns AND _exists_:parent_domain_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"DNS - Parent Domain Frequency Analysis","uiStateJSON":"{\n  \"vis\": {\n    \"params\": {\n      \"sort\": {\n        \"columnIndex\": null,\n        \"direction\": null\n      }\n    }\n  }\n}","version":1,"visState":"{\"title\":\"DNS - Parent Domain Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"parent_domain_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"highest_registered_domain.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Domain\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"c9f5d3a0-6f05-11e7-b253-211f64f37eda","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,6934],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2NDUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Weird - Summary","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"Weird - Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"name.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"ca3e57d0-4172-11e7-9850-b78558d0ac17","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"e32d0d50-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,6936],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2NDYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Bro - Syslog - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Bro - Syslog - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"ca9ffc10-76b5-11e7-94e1-3d2ec4e57ed9","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"269ca380-76b4-11e7-8c3e-cfcdd8c95d87","name":"search_0","type":"search"}],"sort":[1688154054424,6938],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2NDcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DNP3 - FC Reply","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DNP3 - FC Reply\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"dnp3.fc_reply.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dnp3.fc_reply.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"FC Reply\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"cb29fbe0-75b8-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,6940],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2NDgsMV0="}
-{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"*\",\"language\":\"lucene\"}}"},"optionsJSON":"{\"darkTheme\":true}","panelsJSON":"[{\"version\":\"7.3.0\",\"gridData\":{\"x\":12,\"y\":20,\"w\":24,\"h\":20,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}},\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.3.0\",\"gridData\":{\"x\":12,\"y\":0,\"w\":24,\"h\":20,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.3.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":40,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.3.0\",\"gridData\":{\"x\":0,\"y\":40,\"w\":48,\"h\":24,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_3\"}]","timeRestore":false,"title":"Connections - Top Source IPs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"cb367060-3b04-11e7-a83b-b1b4da7d15f4","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"8261cf00-366e-11e7-8c78-e3086faf385c","name":"panel_0","type":"visualization"},{"id":"28c27f80-3b05-11e7-a83b-b1b4da7d15f4","name":"panel_1","type":"visualization"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_2","type":"visualization"},{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"panel_3","type":"search"}],"sort":[1688154054424,6945],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2NDksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Files - Files By Size (Bytes)","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Files - Files By Size (Bytes)\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"seen_bytes\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Bytes Seen\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"cb3f3850-3585-11e7-8f28-2b291d0f6d86","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"e929e8a0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,6947],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2NTAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DCE/RPC - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"DCE/RPC - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 minutes\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"cbb67b00-3af2-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688154054424,6949],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2NTEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RADIUS - Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"RADIUS - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"ccb3e270-363f-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"75545310-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,6951],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2NTIsMV0="}
-{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.3.0\",\"gridData\":{\"w\":40,\"h\":40,\"x\":8,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"mapCenter\":[24.846565348219734,0.087890625],\"mapZoom\":2,\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.3.0\",\"gridData\":{\"w\":8,\"h\":44,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"}]","timeRestore":false,"title":"Connections - Destination - Sum of Total Bytes","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"ccfcc540-4638-11e7-a82e-d97152153689","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"1342e630-4632-11e7-9903-85f789353078","name":"panel_0","type":"visualization"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_1","type":"visualization"}],"sort":[1688154054424,6954],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2NTMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastAlert - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastAlert - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"match_body.destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"ce25b750-7dcf-11e7-a1a2-3be6827d22ce","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:elastalert_status*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,6956],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2NTQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DHCP - Domain Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DHCP - Domain Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"domain_name.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Domain Name\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"ce859b40-0edb-11e9-9846-59f545e7293f","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"ac1799d0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,6958],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2NTUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Strelka - File - Entropy","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"Strelka - File - Entropy\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"scan.entropy.entropy\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Entropy\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"ce9e03f0-772c-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,6960],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2NTYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RADIUS - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RADIUS - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"cea78b70-3808-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"75545310-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,6962],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2NTcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SIP - Warning","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SIP - Warning\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"sip.warning.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sip.warning.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Warning\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"cf56b070-75ca-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,6964],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2NTgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FTP - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"FTP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"cf9e5660-367a-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,6966],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2NTksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Autoruns - Launch String","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Autoruns - Launch String\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"launch_string.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Launch String\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"image_path.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Image\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"cfd94590-6d7a-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"dd700830-6d69-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688154054424,6968],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2NjAsMV0="}
-{"attributes":{"columns":[],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"cloudflare.logpull\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.logpull\"}}]}}}],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"version\":true}"},"sort":[],"title":"Discover [Cloudflare]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-cloudflare-default","name":"tag-ref-fleet-pkg-cloudflare-default","type":"tag"}],"sort":[1688154054424,6973],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2NjEsMV0="}
-{"attributes":{"description":"Get a quick overview of the most important metrics from your websites and applications on the Cloudflare network.\n","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}"},"optionsJSON":"{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"1\",\"w\":11,\"x\":1,\"y\":26},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"cloudflare.device_type\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"*\"}}},\"description\":\"\",\"params\":{\"addTooltip\":true,\"distinctColors\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"type\":\"pie\",\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Traffic Type [Cloudflare]\",\"type\":\"pie\",\"uiState\":{\"vis\":{\"legendOpen\":true}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"2\",\"w\":23,\"x\":1,\"y\":31},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"url.full\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":50},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"*\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Top Requested URI [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"3\",\"w\":18,\"x\":29,\"y\":13},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"source.geo.country_name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":50},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"*\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Top Traffic Countries [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"4\",\"w\":12,\"x\":12,\"y\":26},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"http.version\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"*\"}}},\"description\":\"\",\"params\":{\"addTooltip\":true,\"distinctColors\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"type\":\"pie\",\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"HTTP Protocols [Cloudflare]\",\"type\":\"pie\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"5\",\"w\":12,\"x\":35,\"y\":26},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"cloudflare.edge.response.content_type\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"*\"}}},\"description\":\"\",\"params\":{\"addTooltip\":true,\"distinctColors\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"type\":\"pie\",\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Content Type [Cloudflare]\",\"type\":\"pie\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"6\",\"w\":11,\"x\":24,\"y\":26},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"http.request.method\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"*\"}}},\"description\":\"\",\"params\":{\"addTooltip\":true,\"distinctColors\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"type\":\"pie\",\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Request Methods [Cloudflare]\",\"type\":\"pie\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"7\",\"w\":23,\"x\":24,\"y\":31},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"http.request.referrer\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":50},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"*\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Top Referrer [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"8\",\"w\":12,\"x\":1,\"y\":38},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"cloudflare.client.ip_class\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":50},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"*\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Top Traffic Type [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"9\",\"w\":16,\"x\":13,\"y\":38},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"client.ip\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":50},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"source.geo.country_name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":50},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"*\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Top Traffic IPs [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"10\",\"w\":18,\"x\":29,\"y\":38},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"user_agent.original\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":50},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"*\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Top User Agents [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"11\",\"w\":10,\"x\":1,\"y\":9},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"*\"}}},\"description\":\"\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":30,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Total Number of Requests [Cloudflare]\",\"type\":\"metric\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"12\",\"w\":13,\"x\":11,\"y\":9},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Total Bandwidth\",\"field\":\"destination.bytes\"},\"schema\":\"metric\",\"type\":\"sum\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"*\"}}},\"description\":\"\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":30,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Total Bandwidth [Cloudflare]\",\"type\":\"metric\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"13\",\"w\":11,\"x\":24,\"y\":9},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Cached Bandwidth\",\"field\":\"destination.bytes\"},\"schema\":\"metric\",\"type\":\"sum\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"cloudflare.cache.status\",\"negate\":false,\"params\":[\"hit\",\"stale\",\"updating\",\"ignored\",\"revalidated\"],\"type\":\"phrases\",\"value\":\"hit, stale, updating, ignored, revalidated\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"cloudflare.cache.status\":\"hit\"}},{\"match_phrase\":{\"cloudflare.cache.status\":\"stale\"}},{\"match_phrase\":{\"cloudflare.cache.status\":\"updating\"}},{\"match_phrase\":{\"cloudflare.cache.status\":\"ignored\"}},{\"match_phrase\":{\"cloudflare.cache.status\":\"revalidated\"}}]}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":30,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Cached Bandwidth [Cloudflare]\",\"type\":\"metric\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"15\",\"w\":12,\"x\":35,\"y\":9},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"_source\":{\"excludes\":[],\"includes\":[\"source.geo.region_name\",\"cloudflare.client.ip_class\",\"url.path\",\"cloudflare.client.request.protocol\",\"http.request.referrer\",\"url.full\",\"user_agent.original\",\"cloudflare.client.ssl.cipher\",\"cloudflare.client.ssl.protocol\",\"cloudflare.edge.rate_limit.action\",\"cloudflare.edge.response.content_type\",\"cloudflare.origin.response.http.expires\",\"cloudflare.origin.response.http.last_modified\",\"cloudflare.origin.ssl.protocol\",\"user_agent.os.full\",\"user_agent.name\",\"cloudflare.waf.action\",\"cloudflare.waf.flags\",\"cloudflare.waf.matched_var\",\"cloudflare.waf.profile\",\"cloudflare.waf.rule.id\",\"cloudflare.waf.rule.message\",\"cloudflare.worker.status\",\"message\",\"tags\"]},\"docvalue_fields\":[{\"field\":\"@timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"@version\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.response.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.response.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.tiered.fill\",\"format\":\"use_field_mapping\"},{\"field\":\"source.as.number\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_iso_code\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.device_type\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.city_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.continent_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_code2\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_code3\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.dma_code\",\"format\":\"use_field_mapping\"},{\"field\":\"client.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.latitude\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.longitude\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.postal_code\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.region_code\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.timezone\",\"format\":\"use_field_mapping\"},{\"field\":\"http.request.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"url.domain\",\"format\":\"use_field_mapping\"},{\"field\":\"http.request.method\",\"format\":\"use_field_mapping\"},{\"field\":\"client.port\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.colo.id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.end.timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"cloudflare.edge.pathing.op\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.pathing.src\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.pathing.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.rate_limit.id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.request.host\",\"format\":\"use_field_mapping\"},{\"field\":\"destination.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.response.compression_ratio\",\"format\":\"use_field_mapping\"},{\"field\":\"http.response.status_code\",\"format\":\"use_field_mapping\"},{\"field\":\"observer.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"@timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"destination.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"http.response.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.origin.response.status_code\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.origin.response.time\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.parent.ray_id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.ray_id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.security_level\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.build\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.device\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.major\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.minor\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.name\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.os_major\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.os_minor\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.patch\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.cpu_time\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.subrequest\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.subrequest_count\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.zone_id\",\"format\":\"use_field_mapping\"}],\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"size\",\"negate\":false,\"type\":\"custom\",\"value\":\"50\"},\"query\":{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"bic\"}}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"hot\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"hot\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ip\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"captchaFail\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"jschlFail\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"zl\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"us\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"rateLimit\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"filterBasedFirewall\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"filterBasedFirewall\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ctry\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ip\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"terms\":{\"boost\":1,\"cloudflare.edge.pathing.status\":[\"ipr16\",\"ipr24\",\"ip6\",\"ip6r64\",\"ip6r48\",\"ip6r32\"]}}]}}]}},\"size\":50,\"sort\":[{\"_doc\":{\"order\":\"asc\"}}]}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":30,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Threats Stopped [Cloudflare]\",\"type\":\"metric\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"16\",\"w\":7,\"x\":1,\"y\":0},\"panelIndex\":\"16\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"cloudflare.log*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.log*\"}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"![alt text](https://www.cloudflare.com/img/logo-cloudflare-dark.svg)\",\"openLinksInNewTab\":false},\"title\":\"Cloudflare logo [Cloudflare]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"17\",\"w\":39,\"x\":8,\"y\":0},\"panelIndex\":\"17\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"cloudflare.log*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.log*\"}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":16,\"markdown\":\"**Web Traffic Overview**\",\"openLinksInNewTab\":false},\"title\":\"Web Traffic Overview - text [Cloudflare]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"18\",\"w\":46,\"x\":1,\"y\":22},\"panelIndex\":\"18\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":16,\"markdown\":\"**Web Traffic Types -\\nGet insight into the various types of traffic and content**\",\"openLinksInNewTab\":false},\"title\":\"Web Traffic Types - Text [Cloudflare]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"19\",\"w\":46,\"x\":1,\"y\":4},\"panelIndex\":\"19\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"cloudflare.logpull\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.logpull\"}}]}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloudflare.device_type\",\"id\":\"1554899945457\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"Device Type\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"source.geo.country_name\",\"id\":\"1554900041526\",\"indexPatternRefName\":\"control_1_index_pattern\",\"label\":\"Country\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"url.domain\",\"id\":\"1554900064098\",\"indexPatternRefName\":\"control_2_index_pattern\",\"label\":\"Hostname\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"client.ip\",\"id\":\"1554900102344\",\"indexPatternRefName\":\"control_3_index_pattern\",\"label\":\"Client IP\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"user_agent.original\",\"id\":\"1554900136614\",\"indexPatternRefName\":\"control_4_index_pattern\",\"label\":\"User Agent\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"url.full\",\"id\":\"1554900159944\",\"indexPatternRefName\":\"control_5_index_pattern\",\"label\":\"Request URI\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"http.response.status_code\",\"id\":\"1554900185676\",\"indexPatternRefName\":\"control_6_index_pattern\",\"label\":\"Edge Response Status\",\"options\":{\"dynamicOptions\":false,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloudflare.origin.response.status_code\",\"id\":\"1554900211881\",\"indexPatternRefName\":\"control_7_index_pattern\",\"label\":\"Origin Response Status\",\"options\":{\"dynamicOptions\":false,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"destination.ip\",\"id\":\"1556549231725\",\"indexPatternRefName\":\"control_8_index_pattern\",\"label\":\"Origin IP\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloudflare.ray_id\",\"id\":\"1554900244300\",\"indexPatternRefName\":\"control_9_index_pattern\",\"label\":\"RayID\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloudflare.worker.subrequest\",\"id\":\"1554900268999\",\"indexPatternRefName\":\"control_10_index_pattern\",\"label\":\"Worker Subrequest\",\"options\":{\"dynamicOptions\":false,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"http.request.method\",\"id\":\"1554900324235\",\"indexPatternRefName\":\"control_11_index_pattern\",\"label\":\"Client Request Method\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":true,\"updateFiltersOnChange\":true,\"useTimeFilter\":false},\"title\":\"Filters [Cloudflare]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"map\",\"gridData\":{\"h\":9,\"i\":\"bdc0fa59-ea05-4976-983a-70567c1fd2d6\",\"w\":28,\"x\":1,\"y\":13},\"panelIndex\":\"bdc0fa59-ea05-4976-983a-70567c1fd2d6\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"layerListJSON\":\"[{\\\"sourceDescriptor\\\":{\\\"type\\\":\\\"EMS_TMS\\\",\\\"isAutoSelect\\\":true,\\\"lightModeDefault\\\":\\\"road_map_desaturated\\\"},\\\"id\\\":\\\"84e94c8e-19d9-4dfe-8e37-c43c004c3f05\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":1,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"TILE\\\"},\\\"includeInFitToBounds\\\":true,\\\"type\\\":\\\"EMS_VECTOR_TILE\\\"},{\\\"alpha\\\":0.75,\\\"id\\\":\\\"5f05840e-eb7e-45bd-9319-e6746cc4fa49\\\",\\\"includeInFitToBounds\\\":true,\\\"joins\\\":[],\\\"label\\\":\\\"Top Traffic Countries Map [Cloudflare]\\\",\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"sourceDescriptor\\\":{\\\"applyForceRefresh\\\":true,\\\"applyGlobalQuery\\\":true,\\\"applyGlobalTime\\\":true,\\\"geoField\\\":\\\"source.geo.location\\\",\\\"id\\\":\\\"0f8532d1-8c6a-4c1d-900e-8d6eb49112df\\\",\\\"metrics\\\":[{\\\"type\\\":\\\"count\\\"}],\\\"requestType\\\":\\\"point\\\",\\\"resolution\\\":\\\"MOST_FINE\\\",\\\"type\\\":\\\"ES_GEO_GRID\\\",\\\"indexPatternRefName\\\":\\\"layer_1_source_index_pattern\\\"},\\\"style\\\":{\\\"isTimeAware\\\":true,\\\"properties\\\":{\\\"fillColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"Yellow to Red\\\",\\\"colorCategory\\\":\\\"palette_0\\\",\\\"field\\\":{\\\"name\\\":\\\"doc_count\\\",\\\"origin\\\":\\\"source\\\"},\\\"fieldMetaOptions\\\":{\\\"isEnabled\\\":false,\\\"sigma\\\":3},\\\"type\\\":\\\"ORDINAL\\\"},\\\"type\\\":\\\"DYNAMIC\\\"},\\\"icon\\\":{\\\"options\\\":{\\\"value\\\":\\\"marker\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"iconOrientation\\\":{\\\"options\\\":{\\\"orientation\\\":0},\\\"type\\\":\\\"STATIC\\\"},\\\"iconSize\\\":{\\\"options\\\":{\\\"field\\\":{\\\"name\\\":\\\"doc_count\\\",\\\"origin\\\":\\\"source\\\"},\\\"fieldMetaOptions\\\":{\\\"isEnabled\\\":false,\\\"sigma\\\":3},\\\"maxSize\\\":18,\\\"minSize\\\":7},\\\"type\\\":\\\"DYNAMIC\\\"},\\\"labelBorderColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#FFFFFF\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"labelBorderSize\\\":{\\\"options\\\":{\\\"size\\\":\\\"SMALL\\\"}},\\\"labelColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#000000\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"labelSize\\\":{\\\"options\\\":{\\\"size\\\":14},\\\"type\\\":\\\"STATIC\\\"},\\\"labelText\\\":{\\\"options\\\":{\\\"value\\\":\\\"\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"lineColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#3d3d3d\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"lineWidth\\\":{\\\"options\\\":{\\\"size\\\":1},\\\"type\\\":\\\"STATIC\\\"},\\\"symbolizeAs\\\":{\\\"options\\\":{\\\"value\\\":\\\"circle\\\"}}},\\\"type\\\":\\\"VECTOR\\\"},\\\"type\\\":\\\"GEOJSON_VECTOR\\\",\\\"visible\\\":true}]\",\"mapStateJSON\":\"{\\\"zoom\\\":1.78,\\\"center\\\":{\\\"lon\\\":0,\\\"lat\\\":16.40767},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-24h\\\",\\\"to\\\":\\\"now\\\"},\\\"refreshConfig\\\":{\\\"isPaused\\\":true,\\\"interval\\\":0},\\\"query\\\":{\\\"language\\\":\\\"lucene\\\",\\\"query\\\":\\\"*\\\"},\\\"filters\\\":[],\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false,\\\"backgroundColor\\\":\\\"#ffffff\\\",\\\"disableInteractive\\\":false,\\\"disableTooltipControl\\\":false,\\\"hideToolbarOverlay\\\":false,\\\"hideLayerControl\\\":false,\\\"hideViewControl\\\":false,\\\"initialLocation\\\":\\\"LAST_SAVED_LOCATION\\\",\\\"fixedLocation\\\":{\\\"lat\\\":0,\\\"lon\\\":0,\\\"zoom\\\":2},\\\"browserLocation\\\":{\\\"zoom\\\":2},\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"showScaleControl\\\":false,\\\"showSpatialFilters\\\":true,\\\"showTimesliderToggleButton\\\":true,\\\"spatialFiltersAlpa\\\":0.3,\\\"spatialFiltersFillColor\\\":\\\"#DA8B45\\\",\\\"spatialFiltersLineColor\\\":\\\"#DA8B45\\\"}}\",\"references\":[],\"title\":\"Top Traffic Countries Map [Cloudflare]\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[]}\"},\"enhancements\":{},\"hiddenLayers\":[],\"isLayerTOCOpen\":true,\"mapBuffer\":{\"maxLat\":66.51326,\"maxLon\":90,\"minLat\":-66.51326,\"minLon\":-90},\"mapCenter\":{\"lat\":16.40767,\"lon\":0,\"zoom\":1.78},\"openTOCDetails\":[],\"type\":\"map\"}}]","timeRestore":false,"title":"Cloudflare - Snapshot","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"cloudflare-095f3a00-23d6-11e9-ba08-c19298cded24","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"bdc0fa59-ea05-4976-983a-70567c1fd2d6:layer_1_source_index_pattern","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"1:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"2:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"3:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"4:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"5:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"6:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"7:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"8:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"9:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"10:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"11:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"12:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"13:search_0","type":"search"},{"id":"logs-*","name":"13:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"15:search_0","type":"search"},{"id":"logs-*","name":"15:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"16:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"17:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"18:search_0","type":"search"},{"id":"logs-*","name":"19:control_0_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"19:control_1_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"19:control_2_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"19:control_3_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"19:control_4_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"19:control_5_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"19:control_6_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"19:control_7_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"19:control_8_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"19:control_9_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"19:control_10_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"19:control_11_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"19:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-cloudflare-default","name":"tag-ref-fleet-pkg-cloudflare-default","type":"tag"}],"sort":[1688154054424,7009],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2NjIsMV0="}
-{"attributes":{"description":"Get insights on threats to your websites and applications, including number of threats stopped, threats over time, top threat countries, and more.\n","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}"},"optionsJSON":"{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"1\",\"w\":16,\"x\":1,\"y\":9},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"*\"}}},\"description\":\"\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":30,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Total Number of Requests [Cloudflare]\",\"type\":\"metric\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"2\",\"w\":15,\"x\":17,\"y\":9},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"cloudflare.waf.action\",\"negate\":true,\"params\":{\"query\":\"unknown\"},\"type\":\"phrase\",\"value\":\"unknown\"},\"query\":{\"match\":{\"cloudflare.waf.action\":{\"query\":\"unknown\",\"type\":\"phrase\"}}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":30,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"WAF Events Triggered [Cloudflare]\",\"type\":\"metric\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"3\",\"w\":15,\"x\":32,\"y\":9},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"_source\":{\"excludes\":[],\"includes\":[\"source.geo.region_name\",\"cloudflare.client.ip_class\",\"url.path\",\"cloudflare.client.request.protocol\",\"http.request.referrer\",\"url.full\",\"user_agent.original\",\"cloudflare.client.ssl.cipher\",\"cloudflare.client.ssl.protocol\",\"cloudflare.edge.rate_limit.action\",\"cloudflare.edge.response.content_type\",\"cloudflare.origin.response.http.expires\",\"cloudflare.origin.response.http.last_modified\",\"cloudflare.origin.ssl.protocol\",\"user_agent.os.full\",\"user_agent.name\",\"cloudflare.waf.action\",\"cloudflare.waf.flags\",\"cloudflare.waf.matched_var\",\"cloudflare.waf.profile\",\"cloudflare.waf.rule.id\",\"cloudflare.waf.rule.message\",\"cloudflare.worker.status\",\"message\",\"tags\"]},\"docvalue_fields\":[{\"field\":\"@timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"@version\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.response.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.response.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.tiered.fill\",\"format\":\"use_field_mapping\"},{\"field\":\"source.as.number\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_iso_code\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.device_type\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.city_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.continent_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_code2\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_code3\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.dma_code\",\"format\":\"use_field_mapping\"},{\"field\":\"client.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.latitude\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.longitude\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.postal_code\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.region_code\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.timezone\",\"format\":\"use_field_mapping\"},{\"field\":\"http.request.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"url.domain\",\"format\":\"use_field_mapping\"},{\"field\":\"http.request.method\",\"format\":\"use_field_mapping\"},{\"field\":\"client.port\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.colo.id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.end.timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"cloudflare.edge.pathing.op\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.pathing.src\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.pathing.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.rate_limit.id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.request.host\",\"format\":\"use_field_mapping\"},{\"field\":\"destination.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.response.compression_ratio\",\"format\":\"use_field_mapping\"},{\"field\":\"http.response.status_code\",\"format\":\"use_field_mapping\"},{\"field\":\"observer.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"@timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"destination.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"http.response.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.origin.response.status_code\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.origin.response.time\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.parent.ray_id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.ray_id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.security_level\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.build\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.device\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.major\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.minor\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.name\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.os_major\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.os_minor\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.patch\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.cpu_time\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.subrequest\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.subrequest_count\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.zone_id\",\"format\":\"use_field_mapping\"}],\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"size\",\"negate\":false,\"type\":\"custom\",\"value\":\"50\"},\"query\":{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"bic\"}}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"hot\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"hot\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ip\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"captchaFail\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"jschlFail\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"zl\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"us\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"rateLimit\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"filterBasedFirewall\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"filterBasedFirewall\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ctry\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ip\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"terms\":{\"boost\":1,\"cloudflare.edge.pathing.status\":[\"ipr16\",\"ipr24\",\"ip6\",\"ip6r64\",\"ip6r48\",\"ip6r32\"]}}]}}]}},\"size\":50,\"sort\":[{\"_doc\":{\"order\":\"asc\"}}]}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":30,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Threats Stopped [Cloudflare]\",\"type\":\"metric\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"4\",\"w\":16,\"x\":31,\"y\":14},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"client.ip\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"source.geo.country_name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"_source\":{\"excludes\":[],\"includes\":[\"source.geo.region_name\",\"cloudflare.client.ip_class\",\"url.path\",\"cloudflare.client.request.protocol\",\"http.request.referrer\",\"url.full\",\"user_agent.original\",\"cloudflare.client.ssl.cipher\",\"cloudflare.client.ssl.protocol\",\"cloudflare.edge.rate_limit.action\",\"cloudflare.edge.response.content_type\",\"cloudflare.origin.response.http.expires\",\"cloudflare.origin.response.http.last_modified\",\"cloudflare.origin.ssl.protocol\",\"user_agent.os.full\",\"user_agent.name\",\"cloudflare.waf.action\",\"cloudflare.waf.flags\",\"cloudflare.waf.matched_var\",\"cloudflare.waf.profile\",\"cloudflare.waf.rule.id\",\"cloudflare.waf.rule.message\",\"cloudflare.worker.status\",\"message\",\"tags\"]},\"docvalue_fields\":[{\"field\":\"@timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"@version\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.response.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.response.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.tiered.fill\",\"format\":\"use_field_mapping\"},{\"field\":\"source.as.number\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_iso_code\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.device_type\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.city_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.continent_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_code2\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_code3\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.dma_code\",\"format\":\"use_field_mapping\"},{\"field\":\"client.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.latitude\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.longitude\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.postal_code\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.region_code\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.timezone\",\"format\":\"use_field_mapping\"},{\"field\":\"http.request.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"url.domain\",\"format\":\"use_field_mapping\"},{\"field\":\"http.request.method\",\"format\":\"use_field_mapping\"},{\"field\":\"client.port\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.colo.id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.end.timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"cloudflare.edge.pathing.op\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.pathing.src\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.pathing.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.rate_limit.id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.request.host\",\"format\":\"use_field_mapping\"},{\"field\":\"destination.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.response.compression_ratio\",\"format\":\"use_field_mapping\"},{\"field\":\"http.response.status_code\",\"format\":\"use_field_mapping\"},{\"field\":\"observer.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"@timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"destination.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"http.response.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.origin.response.status_code\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.origin.response.time\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.parent.ray_id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.ray_id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.security_level\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.build\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.device\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.major\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.minor\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.name\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.os_major\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.os_minor\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.patch\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.cpu_time\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.subrequest\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.subrequest_count\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.zone_id\",\"format\":\"use_field_mapping\"}],\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"size\",\"negate\":false,\"type\":\"custom\",\"value\":\"50\"},\"query\":{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"bic\"}}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"hot\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"hot\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ip\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"captchaFail\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"jschlFail\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"zl\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"us\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"rateLimit\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"filterBasedFirewall\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"filterBasedFirewall\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ctry\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ip\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"terms\":{\"boost\":1,\"cloudflare.edge.pathing.status\":[\"ipr16\",\"ipr24\",\"ip6\",\"ip6r64\",\"ip6r48\",\"ip6r32\"]}}]}}]}},\"size\":50,\"sort\":[{\"_doc\":{\"order\":\"asc\"}}]}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Top Threat Client IPs [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"6\",\"w\":17,\"x\":30,\"y\":32},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"url.full\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"_source\":{\"excludes\":[],\"includes\":[\"source.geo.region_name\",\"cloudflare.client.ip_class\",\"url.path\",\"http.version\",\"http.request.referrer\",\"url.full\",\"user_agent.original\",\"cloudflare.client.ssl.cipher\",\"cloudflare.client.ssl.protocol\",\"cloudflare.edge.rate_limit.action\",\"cloudflare.edge.response.content_type\",\"cloudflare.origin.response.http.expires\",\"cloudflare.origin.response.http.last_modified\",\"cloudflare.origin.ssl.protocol\",\"user_agent.os.full\",\"user_agent.os.name\",\"cloudflare.waf.action\",\"cloudflare.waf.flags\",\"cloudflare.waf.matched_var\",\"cloudflare.waf.profile\",\"cloudflare.waf.rule.id\",\"cloudflare.waf.rule.message\",\"cloudflare.worker.status\",\"message\",\"tags\"]},\"docvalue_fields\":[{\"field\":\"@timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"@version\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.response.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.response.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.tiered.fill\",\"format\":\"use_field_mapping\"},{\"field\":\"source.as.number\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_iso_code\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.device_type\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.city_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.continent_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_code2\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_code2\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.dma_code\",\"format\":\"use_field_mapping\"},{\"field\":\"client.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.latitude\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.longitude\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.postal_code\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.region_code\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.timezone\",\"format\":\"use_field_mapping\"},{\"field\":\"http.request.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"url.domain\",\"format\":\"use_field_mapping\"},{\"field\":\"http.request.method\",\"format\":\"use_field_mapping\"},{\"field\":\"client.port\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.colo.id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.end.timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"cloudflare.edge.pathing.op\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.pathing.src\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.pathing.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.rate_limit.id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.request.host\",\"format\":\"use_field_mapping\"},{\"field\":\"destination.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.response.compression_ratio\",\"format\":\"use_field_mapping\"},{\"field\":\"http.response.status_code\",\"format\":\"use_field_mapping\"},{\"field\":\"observer.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"@timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"destination.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"http.response.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.origin.response.status_code\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.origin.response.time\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.parent.ray_id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.ray_id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.security_level\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.build\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.device\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.major\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.minor\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.name\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.os_major\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.os_minor\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.patch\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.cpu_time\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.subrequest\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.subrequest_count\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.zone_id\",\"format\":\"use_field_mapping\"}],\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"size\",\"negate\":false,\"type\":\"custom\",\"value\":\"50\"},\"query\":{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"bic\"}}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"hot\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"hot\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ip\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"captchaFail\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"jschlFail\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"zl\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"us\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"rateLimit\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"filterBasedFirewall\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"filterBasedFirewall\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ctry\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ip\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"terms\":{\"boost\":1,\"cloudflare.edge.pathing.status\":[\"ipr16\",\"ipr24\",\"ip6\",\"ip6r64\",\"ip6r48\",\"ip6r32\"]}}]}}]}},\"size\":50,\"sort\":[{\"_doc\":{\"order\":\"asc\"}}]}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Top Threat Target URIs [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"7\",\"w\":29,\"x\":1,\"y\":32},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"user_agent.original\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"_source\":{\"excludes\":[],\"includes\":[\"source.geo.region_name\",\"cloudflare.client.ip_class\",\"url.path\",\"cloudflare.client.request.protocol\",\"http.request.referrer\",\"url.full\",\"user_agent.original\",\"cloudflare.client.ssl.cipher\",\"cloudflare.client.ssl.protocol\",\"cloudflare.edge.rate_limit.action\",\"cloudflare.edge.response.content_type\",\"cloudflare.origin.response.http.expires\",\"cloudflare.origin.response.http.last_modified\",\"cloudflare.origin.ssl.protocol\",\"user_agent.os.full\",\"user_agent.name\",\"cloudflare.waf.action\",\"cloudflare.waf.flags\",\"cloudflare.waf.matched_var\",\"cloudflare.waf.profile\",\"cloudflare.waf.rule.id\",\"cloudflare.waf.rule.message\",\"cloudflare.worker.status\",\"message\",\"tags\"]},\"docvalue_fields\":[{\"field\":\"@timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"@version\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.response.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.response.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.tiered.fill\",\"format\":\"use_field_mapping\"},{\"field\":\"source.as.number\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_iso_code\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.device_type\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.city_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.continent_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_code2\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_code3\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.dma_code\",\"format\":\"use_field_mapping\"},{\"field\":\"client.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.latitude\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.longitude\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.postal_code\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.region_code\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.timezone\",\"format\":\"use_field_mapping\"},{\"field\":\"http.request.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"url.domain\",\"format\":\"use_field_mapping\"},{\"field\":\"http.request.method\",\"format\":\"use_field_mapping\"},{\"field\":\"client.port\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.colo.id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.end.timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"cloudflare.edge.pathing.op\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.pathing.src\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.pathing.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.rate_limit.id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.request.host\",\"format\":\"use_field_mapping\"},{\"field\":\"destination.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.response.compression_ratio\",\"format\":\"use_field_mapping\"},{\"field\":\"http.response.status_code\",\"format\":\"use_field_mapping\"},{\"field\":\"observer.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"@timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"destination.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"http.response.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.origin.response.status_code\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.origin.response.time\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.parent.ray_id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.ray_id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.security_level\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.build\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.device\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.major\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.minor\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.name\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.os_major\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.os_minor\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.patch\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.cpu_time\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.subrequest\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.subrequest_count\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.zone_id\",\"format\":\"use_field_mapping\"}],\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"size\",\"negate\":false,\"type\":\"custom\",\"value\":\"50\"},\"query\":{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"bic\"}}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"hot\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"hot\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ip\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"captchaFail\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"jschlFail\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"zl\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"us\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"rateLimit\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"filterBasedFirewall\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"filterBasedFirewall\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ctry\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ip\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"terms\":{\"boost\":1,\"cloudflare.edge.pathing.status\":[\"ipr16\",\"ipr24\",\"ip6\",\"ip6r64\",\"ip6r48\",\"ip6r32\"]}}]}}]}},\"size\":50,\"sort\":[{\"_doc\":{\"order\":\"asc\"}}]}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Top Threat User Agents [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"8\",\"w\":46,\"x\":1,\"y\":40},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"cloudflare.edge.pathing.src\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":50},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"cloudflare.edge.pathing.op\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":50},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"field\":\"cloudflare.edge.pathing.status\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":50},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"},\"totalFunc\":\"sum\"},\"title\":\"Top Pathing Statuses [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"9\",\"w\":11,\"x\":20,\"y\":14},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"source.geo.country_name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"_source\":{\"excludes\":[],\"includes\":[\"source.geo.region_name\",\"cloudflare.client.ip_class\",\"url.path\",\"cloudflare.client.request.protocol\",\"http.request.referrer\",\"url.full\",\"user_agent.original\",\"cloudflare.client.ssl.cipher\",\"cloudflare.client.ssl.protocol\",\"cloudflare.edge.rate_limit.action\",\"cloudflare.edge.response.content_type\",\"cloudflare.origin.response.http.expires\",\"cloudflare.origin.response.http.last_modified\",\"cloudflare.origin.ssl.protocol\",\"user_agent.os.full\",\"user_agent.name\",\"cloudflare.waf.action\",\"cloudflare.waf.flags\",\"cloudflare.waf.matched_var\",\"cloudflare.waf.profile\",\"cloudflare.waf.rule.id\",\"cloudflare.waf.rule.message\",\"cloudflare.worker.status\",\"message\",\"tags\"]},\"docvalue_fields\":[{\"field\":\"@timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"@version\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.response.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.response.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.tiered.fill\",\"format\":\"use_field_mapping\"},{\"field\":\"source.as.number\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_iso_code\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.device_type\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.city_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.continent_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_code2\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_code3\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.dma_code\",\"format\":\"use_field_mapping\"},{\"field\":\"client.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.latitude\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.longitude\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.postal_code\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.region_code\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.timezone\",\"format\":\"use_field_mapping\"},{\"field\":\"http.request.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"url.domain\",\"format\":\"use_field_mapping\"},{\"field\":\"http.request.method\",\"format\":\"use_field_mapping\"},{\"field\":\"client.port\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.colo.id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.end.timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"cloudflare.edge.pathing.op\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.pathing.src\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.pathing.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.rate_limit.id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.request.host\",\"format\":\"use_field_mapping\"},{\"field\":\"destination.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.response.compression_ratio\",\"format\":\"use_field_mapping\"},{\"field\":\"http.response.status_code\",\"format\":\"use_field_mapping\"},{\"field\":\"observer.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"@timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"destination.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"http.response.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.origin.response.status_code\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.origin.response.time\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.parent.ray_id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.ray_id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.security_level\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.build\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.device\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.major\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.minor\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.name\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.os_major\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.os_minor\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.patch\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.cpu_time\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.subrequest\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.subrequest_count\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.zone_id\",\"format\":\"use_field_mapping\"}],\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"size\",\"negate\":false,\"type\":\"custom\",\"value\":\"50\"},\"query\":{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"bic\"}}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"hot\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"hot\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ip\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"captchaFail\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"jschlFail\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"zl\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"us\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"rateLimit\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"filterBasedFirewall\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"filterBasedFirewall\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ctry\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ip\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"terms\":{\"boost\":1,\"cloudflare.edge.pathing.status\":[\"ipr16\",\"ipr24\",\"ip6\",\"ip6r64\",\"ip6r48\",\"ip6r32\"]}}]}}]}},\"size\":50,\"sort\":[{\"_doc\":{\"order\":\"asc\"}}]}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Top Threat Countries [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"10\",\"w\":29,\"x\":1,\"y\":24},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"timeRange\":{\"from\":\"now-24h\",\"mode\":\"quick\",\"to\":\"now\"},\"useNormalizedEsInterval\":true},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"client.ip\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"group\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"_source\":{\"excludes\":[],\"includes\":[\"source.geo.region_name\",\"cloudflare.client.ip_class\",\"url.path\",\"cloudflare.client.request.protocol\",\"http.request.referrer\",\"url.full\",\"user_agent.original\",\"cloudflare.client.ssl.cipher\",\"cloudflare.client.ssl.protocol\",\"cloudflare.edge.rate_limit.action\",\"cloudflare.edge.response.content_type\",\"cloudflare.origin.response.http.expires\",\"cloudflare.origin.response.http.last_modified\",\"cloudflare.origin.ssl.protocol\",\"user_agent.os.full\",\"user_agent.name\",\"cloudflare.waf.action\",\"cloudflare.waf.flags\",\"cloudflare.waf.matched_var\",\"cloudflare.waf.profile\",\"cloudflare.waf.rule.id\",\"cloudflare.waf.rule.message\",\"cloudflare.worker.status\",\"message\",\"tags\"]},\"docvalue_fields\":[{\"field\":\"@timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"@version\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.response.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.response.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.tiered.fill\",\"format\":\"use_field_mapping\"},{\"field\":\"source.as.number\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_iso_code\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.device_type\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.city_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.continent_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_code2\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_code3\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.dma_code\",\"format\":\"use_field_mapping\"},{\"field\":\"client.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.latitude\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.longitude\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.postal_code\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.region_code\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.timezone\",\"format\":\"use_field_mapping\"},{\"field\":\"http.request.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"url.domain\",\"format\":\"use_field_mapping\"},{\"field\":\"http.request.method\",\"format\":\"use_field_mapping\"},{\"field\":\"client.port\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.colo.id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.end.timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"cloudflare.edge.pathing.op\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.pathing.src\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.pathing.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.rate_limit.id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.request.host\",\"format\":\"use_field_mapping\"},{\"field\":\"destination.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.response.compression_ratio\",\"format\":\"use_field_mapping\"},{\"field\":\"http.response.status_code\",\"format\":\"use_field_mapping\"},{\"field\":\"observer.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"@timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"destination.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"http.response.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.origin.response.status_code\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.origin.response.time\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.parent.ray_id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.ray_id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.security_level\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.build\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.device\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.major\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.minor\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.name\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.os_major\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.os_minor\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.patch\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.cpu_time\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.subrequest\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.subrequest_count\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.zone_id\",\"format\":\"use_field_mapping\"}],\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"size\",\"negate\":false,\"type\":\"custom\",\"value\":\"50\"},\"query\":{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"bic\"}}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"hot\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"hot\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ip\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"captchaFail\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"jschlFail\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"zl\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"us\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"rateLimit\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"filterBasedFirewall\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"filterBasedFirewall\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ctry\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ip\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"terms\":{\"boost\":1,\"cloudflare.edge.pathing.status\":[\"ipr16\",\"ipr24\",\"ip6\",\"ip6r64\",\"ip6r48\",\"ip6r32\"]}}]}}]}},\"size\":50,\"sort\":[{\"_doc\":{\"order\":\"asc\"}}]}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"isVislibVis\":true,\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"legendSize\":\"auto\"},\"title\":\"Threats Over Time [Cloudflare]\",\"type\":\"line\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"11\",\"w\":17,\"x\":30,\"y\":24},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"client.ip\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"_source\":{\"excludes\":[],\"includes\":[\"source.geo.region_name\",\"cloudflare.client.ip_class\",\"url.path\",\"cloudflare.client.request.protocol\",\"http.request.referrer\",\"url.full\",\"user_agent.original\",\"cloudflare.client.ssl.cipher\",\"cloudflare.client.ssl.protocol\",\"cloudflare.edge.rate_limit.action\",\"cloudflare.edge.response.content_type\",\"cloudflare.origin.response.http.expires\",\"cloudflare.origin.response.http.last_modified\",\"cloudflare.origin.ssl.protocol\",\"user_agent.os.full\",\"user_agent.name\",\"cloudflare.waf.action\",\"cloudflare.waf.flags\",\"cloudflare.waf.matched_var\",\"cloudflare.waf.profile\",\"cloudflare.waf.rule.id\",\"cloudflare.waf.rule.message\",\"cloudflare.worker.status\",\"message\",\"tags\"]},\"docvalue_fields\":[{\"field\":\"@timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"@version\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.response.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.response.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.tiered.fill\",\"format\":\"use_field_mapping\"},{\"field\":\"source.as.number\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_iso_code\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.device_type\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.city_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.continent_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_code2\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_code3\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.dma_code\",\"format\":\"use_field_mapping\"},{\"field\":\"client.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.latitude\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.longitude\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.postal_code\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.region_code\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.timezone\",\"format\":\"use_field_mapping\"},{\"field\":\"http.request.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"url.domain\",\"format\":\"use_field_mapping\"},{\"field\":\"http.request.method\",\"format\":\"use_field_mapping\"},{\"field\":\"client.port\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.colo.id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.end.timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"cloudflare.edge.pathing.op\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.pathing.src\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.pathing.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.rate_limit.id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.request.host\",\"format\":\"use_field_mapping\"},{\"field\":\"destination.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.response.compression_ratio\",\"format\":\"use_field_mapping\"},{\"field\":\"http.response.status_code\",\"format\":\"use_field_mapping\"},{\"field\":\"observer.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"@timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"destination.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"http.response.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.origin.response.status_code\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.origin.response.time\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.parent.ray_id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.ray_id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.security_level\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.build\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.device\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.major\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.minor\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.name\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.os_major\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.os_minor\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.patch\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.cpu_time\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.subrequest\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.subrequest_count\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.zone_id\",\"format\":\"use_field_mapping\"}],\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"size\",\"negate\":false,\"type\":\"custom\",\"value\":\"50\"},\"query\":{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"bic\"}}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"hot\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"hot\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ip\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"captchaFail\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"jschlFail\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"zl\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"us\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"rateLimit\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"filterBasedFirewall\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"filterBasedFirewall\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ctry\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ip\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"terms\":{\"boost\":1,\"cloudflare.edge.pathing.status\":[\"ipr16\",\"ipr24\",\"ip6\",\"ip6r64\",\"ip6r48\",\"ip6r32\"]}}]}}]}},\"size\":50,\"sort\":[{\"_doc\":{\"order\":\"asc\"}}]}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Top Threats Stopped [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"13\",\"w\":7,\"x\":1,\"y\":0},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"cloudflare.log*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.log*\"}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"![alt text](https://www.cloudflare.com/img/logo-cloudflare-dark.svg)\",\"openLinksInNewTab\":false},\"title\":\"Cloudflare logo [Cloudflare]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"14\",\"w\":39,\"x\":8,\"y\":0},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"cloudflare.log*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.log*\"}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":16,\"markdown\":\"**Threats - Review threat activity**\",\"openLinksInNewTab\":false},\"title\":\"Threats - Review threat activity - text [Cloudflare]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"15\",\"w\":46,\"x\":1,\"y\":4},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"cloudflare.logpull\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.logpull\"}}]}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloudflare.device_type\",\"id\":\"1554899945457\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"Device Type\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"source.geo.country_name\",\"id\":\"1554900041526\",\"indexPatternRefName\":\"control_1_index_pattern\",\"label\":\"Country\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"url.domain\",\"id\":\"1554900064098\",\"indexPatternRefName\":\"control_2_index_pattern\",\"label\":\"Hostname\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"client.ip\",\"id\":\"1554900102344\",\"indexPatternRefName\":\"control_3_index_pattern\",\"label\":\"Client IP\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"user_agent.original\",\"id\":\"1554900136614\",\"indexPatternRefName\":\"control_4_index_pattern\",\"label\":\"User Agent\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"url.full\",\"id\":\"1554900159944\",\"indexPatternRefName\":\"control_5_index_pattern\",\"label\":\"Request URI\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"http.response.status_code\",\"id\":\"1554900185676\",\"indexPatternRefName\":\"control_6_index_pattern\",\"label\":\"Edge Response Status\",\"options\":{\"dynamicOptions\":false,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloudflare.origin.response.status_code\",\"id\":\"1554900211881\",\"indexPatternRefName\":\"control_7_index_pattern\",\"label\":\"Origin Response Status\",\"options\":{\"dynamicOptions\":false,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"destination.ip\",\"id\":\"1556549231725\",\"indexPatternRefName\":\"control_8_index_pattern\",\"label\":\"Origin IP\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloudflare.ray_id\",\"id\":\"1554900244300\",\"indexPatternRefName\":\"control_9_index_pattern\",\"label\":\"RayID\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloudflare.worker.subrequest\",\"id\":\"1554900268999\",\"indexPatternRefName\":\"control_10_index_pattern\",\"label\":\"Worker Subrequest\",\"options\":{\"dynamicOptions\":false,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"http.request.method\",\"id\":\"1554900324235\",\"indexPatternRefName\":\"control_11_index_pattern\",\"label\":\"Client Request Method\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":true,\"updateFiltersOnChange\":true,\"useTimeFilter\":false},\"title\":\"Filters [Cloudflare]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"map\",\"gridData\":{\"h\":10,\"i\":\"240814e0-fc79-4c27-af94-fa9df006d441\",\"w\":19,\"x\":1,\"y\":14},\"panelIndex\":\"240814e0-fc79-4c27-af94-fa9df006d441\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"layerListJSON\":\"[{\\\"sourceDescriptor\\\":{\\\"type\\\":\\\"EMS_TMS\\\",\\\"isAutoSelect\\\":true,\\\"lightModeDefault\\\":\\\"road_map_desaturated\\\"},\\\"id\\\":\\\"573a3d3e-987d-41b5-a714-2344535c0ca9\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":1,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"TILE\\\"},\\\"includeInFitToBounds\\\":true,\\\"type\\\":\\\"EMS_VECTOR_TILE\\\"},{\\\"alpha\\\":0.75,\\\"id\\\":\\\"4d50c3a6-72f9-46f4-bb21-4d54fe1c9842\\\",\\\"includeInFitToBounds\\\":true,\\\"joins\\\":[],\\\"label\\\":\\\"Top Threat Countries Map [Cloudflare]\\\",\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"sourceDescriptor\\\":{\\\"applyForceRefresh\\\":true,\\\"applyGlobalQuery\\\":true,\\\"applyGlobalTime\\\":true,\\\"geoField\\\":\\\"source.geo.location\\\",\\\"id\\\":\\\"25e907ec-31fb-40fe-9a10-49f002b31bf0\\\",\\\"metrics\\\":[{\\\"type\\\":\\\"count\\\"}],\\\"requestType\\\":\\\"point\\\",\\\"resolution\\\":\\\"MOST_FINE\\\",\\\"type\\\":\\\"ES_GEO_GRID\\\",\\\"indexPatternRefName\\\":\\\"layer_1_source_index_pattern\\\"},\\\"style\\\":{\\\"isTimeAware\\\":true,\\\"properties\\\":{\\\"fillColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"Yellow to Red\\\",\\\"colorCategory\\\":\\\"palette_0\\\",\\\"field\\\":{\\\"name\\\":\\\"doc_count\\\",\\\"origin\\\":\\\"source\\\"},\\\"fieldMetaOptions\\\":{\\\"isEnabled\\\":false,\\\"sigma\\\":3},\\\"type\\\":\\\"ORDINAL\\\"},\\\"type\\\":\\\"DYNAMIC\\\"},\\\"icon\\\":{\\\"options\\\":{\\\"value\\\":\\\"marker\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"iconOrientation\\\":{\\\"options\\\":{\\\"orientation\\\":0},\\\"type\\\":\\\"STATIC\\\"},\\\"iconSize\\\":{\\\"options\\\":{\\\"field\\\":{\\\"name\\\":\\\"doc_count\\\",\\\"origin\\\":\\\"source\\\"},\\\"fieldMetaOptions\\\":{\\\"isEnabled\\\":false,\\\"sigma\\\":3},\\\"maxSize\\\":18,\\\"minSize\\\":7},\\\"type\\\":\\\"DYNAMIC\\\"},\\\"labelBorderColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#FFFFFF\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"labelBorderSize\\\":{\\\"options\\\":{\\\"size\\\":\\\"SMALL\\\"}},\\\"labelColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#000000\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"labelSize\\\":{\\\"options\\\":{\\\"size\\\":14},\\\"type\\\":\\\"STATIC\\\"},\\\"labelText\\\":{\\\"options\\\":{\\\"value\\\":\\\"\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"lineColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#3d3d3d\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"lineWidth\\\":{\\\"options\\\":{\\\"size\\\":1},\\\"type\\\":\\\"STATIC\\\"},\\\"symbolizeAs\\\":{\\\"options\\\":{\\\"value\\\":\\\"circle\\\"}}},\\\"type\\\":\\\"VECTOR\\\"},\\\"type\\\":\\\"GEOJSON_VECTOR\\\",\\\"visible\\\":true}]\",\"mapStateJSON\":\"{\\\"zoom\\\":1.78,\\\"center\\\":{\\\"lon\\\":0,\\\"lat\\\":16.40767},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-24h\\\",\\\"to\\\":\\\"now\\\"},\\\"refreshConfig\\\":{\\\"isPaused\\\":true,\\\"interval\\\":0},\\\"query\\\":{\\\"language\\\":\\\"lucene\\\",\\\"query\\\":\\\"\\\"},\\\"filters\\\":[{\\\"$state\\\":{\\\"store\\\":\\\"appState\\\"},\\\"meta\\\":{\\\"alias\\\":null,\\\"disabled\\\":false,\\\"key\\\":\\\"query\\\",\\\"negate\\\":false,\\\"type\\\":\\\"custom\\\",\\\"value\\\":\\\"{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"should\\\\\\\":[{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"should\\\\\\\":[{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"should\\\\\\\":[{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"should\\\\\\\":[{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"should\\\\\\\":[{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"should\\\\\\\":[{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"should\\\\\\\":[{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"should\\\\\\\":[{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"should\\\\\\\":[{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"should\\\\\\\":[{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"must\\\\\\\":[{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.op\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"ban\\\\\\\"}}},{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"should\\\\\\\":[{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"should\\\\\\\":[{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"should\\\\\\\":[{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.src\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"bic\\\\\\\"}}},{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"must\\\\\\\":[{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.src\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"hot\\\\\\\"}}},{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.status\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"unknown\\\\\\\"}}}]}}]}},{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"must\\\\\\\":[{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.src\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"hot\\\\\\\"}}},{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.status\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"ip\\\\\\\"}}}]}}]}},{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"must\\\\\\\":[{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.src\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"macro\\\\\\\"}}},{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.status\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"unknown\\\\\\\"}}}]}}]}}]}},{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"must\\\\\\\":[{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"must\\\\\\\":[{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.src\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"macro\\\\\\\"}}},{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.op\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"chl\\\\\\\"}}}]}},{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.status\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"captchaFail\\\\\\\"}}}]}}]}},{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"must\\\\\\\":[{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"must\\\\\\\":[{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.src\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"macro\\\\\\\"}}},{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.op\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"chl\\\\\\\"}}}]}},{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.status\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"jschlFail\\\\\\\"}}}]}}]}},{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"must\\\\\\\":[{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"must\\\\\\\":[{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.src\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"user\\\\\\\"}}},{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.op\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"ban\\\\\\\"}}}]}},{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.status\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"zl\\\\\\\"}}}]}}]}},{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"must\\\\\\\":[{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"must\\\\\\\":[{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.src\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"user\\\\\\\"}}},{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.op\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"ban\\\\\\\"}}}]}},{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.status\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"us\\\\\\\"}}}]}}]}},{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"must\\\\\\\":[{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"must\\\\\\\":[{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.src\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"user\\\\\\\"}}},{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.op\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"ban\\\\\\\"}}}]}},{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.status\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"rateLimit\\\\\\\"}}}]}}]}},{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"must\\\\\\\":[{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"must\\\\\\\":[{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.src\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"filterBasedFirewall\\\\\\\"}}},{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.op\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"ban\\\\\\\"}}}]}},{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.status\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"unknown\\\\\\\"}}}]}}]}},{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"must\\\\\\\":[{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.src\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"filterBasedFirewall\\\\\\\"}}},{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.op\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"chl\\\\\\\"}}}]}}]}},{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"must\\\\\\\":[{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"must\\\\\\\":[{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.src\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"user\\\\\\\"}}},{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.op\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"ban\\\\\\\"}}}]}},{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.status\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"ctry\\\\\\\"}}}]}}]}},{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"must\\\\\\\":[{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"must\\\\\\\":[{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.src\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"user\\\\\\\"}}},{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.op\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"ban\\\\\\\"}}}]}},{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.status\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"ip\\\\\\\"}}}]}}]}},{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"must\\\\\\\":[{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"must\\\\\\\":[{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.src\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"user\\\\\\\"}}},{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.op\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"ban\\\\\\\"}}}]}},{\\\\\\\"terms\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"cloudflare.edge.pathing.status\\\\\\\":[\\\\\\\"ipr16\\\\\\\",\\\\\\\"ipr24\\\\\\\",\\\\\\\"ip6\\\\\\\",\\\\\\\"ip6r64\\\\\\\",\\\\\\\"ip6r48\\\\\\\",\\\\\\\"ip6r32\\\\\\\"]}}]}}]},\\\\\\\"_source\\\\\\\":{\\\\\\\"excludes\\\\\\\":[],\\\\\\\"includes\\\\\\\":[\\\\\\\"source.geo.region_name\\\\\\\",\\\\\\\"cloudflare.client.ip_class\\\\\\\",\\\\\\\"url.path\\\\\\\",\\\\\\\"cloudflare.client.request.protocol\\\\\\\",\\\\\\\"http.request.referrer\\\\\\\",\\\\\\\"url.full\\\\\\\",\\\\\\\"user_agent.original\\\\\\\",\\\\\\\"cloudflare.client.ssl.cipher\\\\\\\",\\\\\\\"cloudflare.client.ssl.protocol\\\\\\\",\\\\\\\"cloudflare.edge.rate_limit.action\\\\\\\",\\\\\\\"cloudflare.edge.response.content_type\\\\\\\",\\\\\\\"cloudflare.origin.response.http.expires\\\\\\\",\\\\\\\"cloudflare.origin.response.http.last_modified\\\\\\\",\\\\\\\"cloudflare.origin.ssl.protocol\\\\\\\",\\\\\\\"user_agent.os.full\\\\\\\",\\\\\\\"user_agent.name\\\\\\\",\\\\\\\"cloudflare.waf.action\\\\\\\",\\\\\\\"cloudflare.waf.flags\\\\\\\",\\\\\\\"cloudflare.waf.matched_var\\\\\\\",\\\\\\\"cloudflare.waf.profile\\\\\\\",\\\\\\\"cloudflare.waf.rule.id\\\\\\\",\\\\\\\"cloudflare.waf.rule.message\\\\\\\",\\\\\\\"cloudflare.worker.status\\\\\\\",\\\\\\\"message\\\\\\\",\\\\\\\"tags\\\\\\\"]},\\\\\\\"docvalue_fields\\\\\\\":[{\\\\\\\"field\\\\\\\":\\\\\\\"@timestamp\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"epoch_millis\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"@version\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"cloudflare.cache.status\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"cloudflare.cache.response.bytes\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"cloudflare.cache.response.status\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"cloudflare.cache.tiered.fill\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"source.as.number\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"source.geo.country_iso_code\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"cloudflare.device_type\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"source.geo.city_name\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"source.geo.continent_name\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"source.geo.country_code2\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"source.geo.country_code3\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"source.geo.country_name\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"source.geo.dma_code\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"client.ip\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"source.geo.latitude\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"source.geo.longitude\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"source.geo.postal_code\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"source.geo.region_code\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"source.geo.timezone\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"http.request.bytes\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"url.domain\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"http.request.method\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"client.port\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"cloudflare.edge.colo.id\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"cloudflare.edge.end.timestamp\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"epoch_millis\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"cloudflare.edge.pathing.op\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"cloudflare.edge.pathing.src\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"cloudflare.edge.pathing.status\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"cloudflare.edge.rate_limit.id\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"cloudflare.edge.request.host\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"destination.bytes\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"cloudflare.edge.response.compression_ratio\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"http.response.status_code\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"observer.ip\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"@timestamp\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"epoch_millis\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"destination.ip\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"http.response.bytes\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"cloudflare.origin.response.status_code\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"cloudflare.origin.response.time\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"cloudflare.parent.ray_id\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"cloudflare.ray_id\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"cloudflare.security_level\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"user_agent.build\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"user_agent.device\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"user_agent.major\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"user_agent.minor\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"user_agent.name\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"user_agent.os_major\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"user_agent.os_minor\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"user_agent.patch\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"cloudflare.worker.cpu_time\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"cloudflare.worker.subrequest\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"cloudflare.worker.subrequest_count\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"cloudflare.zone_id\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"}],\\\\\\\"size\\\\\\\":50,\\\\\\\"sort\\\\\\\":[{\\\\\\\"_doc\\\\\\\":{\\\\\\\"order\\\\\\\":\\\\\\\"asc\\\\\\\"}}]}\\\",\\\"index\\\":\\\"logs-*\\\"},\\\"query\\\":{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ban\\\"}}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"bic\\\"}}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"hot\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"unknown\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"hot\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ip\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"macro\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"unknown\\\"}}}]}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"macro\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"chl\\\"}}}]}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"captchaFail\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"macro\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"chl\\\"}}}]}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"jschlFail\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"user\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ban\\\"}}}]}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"zl\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"user\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ban\\\"}}}]}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"us\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"user\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ban\\\"}}}]}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"rateLimit\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"filterBasedFirewall\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ban\\\"}}}]}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"unknown\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"filterBasedFirewall\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"chl\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"user\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ban\\\"}}}]}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ctry\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"user\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ban\\\"}}}]}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ip\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"user\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ban\\\"}}}]}},{\\\"terms\\\":{\\\"boost\\\":1,\\\"cloudflare.edge.pathing.status\\\":[\\\"ipr16\\\",\\\"ipr24\\\",\\\"ip6\\\",\\\"ip6r64\\\",\\\"ip6r48\\\",\\\"ip6r32\\\"]}}]}}]},\\\"_source\\\":{\\\"excludes\\\":[],\\\"includes\\\":[\\\"source.geo.region_name\\\",\\\"cloudflare.client.ip_class\\\",\\\"url.path\\\",\\\"cloudflare.client.request.protocol\\\",\\\"http.request.referrer\\\",\\\"url.full\\\",\\\"user_agent.original\\\",\\\"cloudflare.client.ssl.cipher\\\",\\\"cloudflare.client.ssl.protocol\\\",\\\"cloudflare.edge.rate_limit.action\\\",\\\"cloudflare.edge.response.content_type\\\",\\\"cloudflare.origin.response.http.expires\\\",\\\"cloudflare.origin.response.http.last_modified\\\",\\\"cloudflare.origin.ssl.protocol\\\",\\\"user_agent.os.full\\\",\\\"user_agent.name\\\",\\\"cloudflare.waf.action\\\",\\\"cloudflare.waf.flags\\\",\\\"cloudflare.waf.matched_var\\\",\\\"cloudflare.waf.profile\\\",\\\"cloudflare.waf.rule.id\\\",\\\"cloudflare.waf.rule.message\\\",\\\"cloudflare.worker.status\\\",\\\"message\\\",\\\"tags\\\"]},\\\"docvalue_fields\\\":[{\\\"field\\\":\\\"@timestamp\\\",\\\"format\\\":\\\"epoch_millis\\\"},{\\\"field\\\":\\\"@version\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.cache.status\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.cache.response.bytes\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.cache.response.status\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.cache.tiered.fill\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.as.number\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.country_iso_code\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.device_type\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.city_name\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.continent_name\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.country_code2\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.country_code3\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.country_name\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.dma_code\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"client.ip\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.latitude\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.longitude\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.postal_code\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.region_code\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.timezone\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"http.request.bytes\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"url.domain\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"http.request.method\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"client.port\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.edge.colo.id\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.edge.end.timestamp\\\",\\\"format\\\":\\\"epoch_millis\\\"},{\\\"field\\\":\\\"cloudflare.edge.pathing.op\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.edge.pathing.src\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.edge.pathing.status\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.edge.rate_limit.id\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.edge.request.host\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"destination.bytes\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.edge.response.compression_ratio\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"http.response.status_code\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"observer.ip\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"@timestamp\\\",\\\"format\\\":\\\"epoch_millis\\\"},{\\\"field\\\":\\\"destination.ip\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"http.response.bytes\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.origin.response.status_code\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.origin.response.time\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.parent.ray_id\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.ray_id\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.security_level\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"user_agent.build\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"user_agent.device\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"user_agent.major\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"user_agent.minor\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"user_agent.name\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"user_agent.os_major\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"user_agent.os_minor\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"user_agent.patch\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.worker.cpu_time\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.worker.subrequest\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.worker.subrequest_count\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.zone_id\\\",\\\"format\\\":\\\"use_field_mapping\\\"}],\\\"size\\\":50,\\\"sort\\\":[{\\\"_doc\\\":{\\\"order\\\":\\\"asc\\\"}}]}}],\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false,\\\"backgroundColor\\\":\\\"#ffffff\\\",\\\"disableInteractive\\\":false,\\\"disableTooltipControl\\\":false,\\\"hideToolbarOverlay\\\":false,\\\"hideLayerControl\\\":false,\\\"hideViewControl\\\":false,\\\"initialLocation\\\":\\\"LAST_SAVED_LOCATION\\\",\\\"fixedLocation\\\":{\\\"lat\\\":0,\\\"lon\\\":0,\\\"zoom\\\":2},\\\"browserLocation\\\":{\\\"zoom\\\":2},\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"showScaleControl\\\":false,\\\"showSpatialFilters\\\":true,\\\"showTimesliderToggleButton\\\":true,\\\"spatialFiltersAlpa\\\":0.3,\\\"spatialFiltersFillColor\\\":\\\"#DA8B45\\\",\\\"spatialFiltersLineColor\\\":\\\"#DA8B45\\\"}}\",\"references\":[],\"title\":\"Top Threat Countries Map [Cloudflare]\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[]}\"},\"enhancements\":{},\"hiddenLayers\":[],\"isLayerTOCOpen\":true,\"mapBuffer\":{\"maxLat\":66.51326,\"maxLon\":90,\"minLat\":-66.51326,\"minLon\":-90},\"mapCenter\":{\"lat\":16.40767,\"lon\":0,\"zoom\":1.78},\"openTOCDetails\":[],\"type\":\"map\"}}]","timeRestore":false,"title":"Cloudflare - Security (Overview)","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"cloudflare-532a64c0-293a-11e9-b959-4502c43b2e30","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"240814e0-fc79-4c27-af94-fa9df006d441:layer_1_source_index_pattern","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"1:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"2:search_0","type":"search"},{"id":"logs-*","name":"2:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"3:search_0","type":"search"},{"id":"logs-*","name":"3:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"4:search_0","type":"search"},{"id":"logs-*","name":"4:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"6:search_0","type":"search"},{"id":"logs-*","name":"6:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"7:search_0","type":"search"},{"id":"logs-*","name":"7:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"8:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"9:search_0","type":"search"},{"id":"logs-*","name":"9:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"10:search_0","type":"search"},{"id":"logs-*","name":"10:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"11:search_0","type":"search"},{"id":"logs-*","name":"11:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"13:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"14:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"15:control_0_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"15:control_1_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"15:control_2_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"15:control_3_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"15:control_4_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"15:control_5_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"15:control_6_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"15:control_7_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"15:control_8_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"15:control_9_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"15:control_10_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"15:control_11_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"15:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-cloudflare-default","name":"tag-ref-fleet-pkg-cloudflare-default","type":"tag"}],"sort":[1688154054424,7046],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2NjMsMV0="}
-{"attributes":{"description":"Get insights into your most popular hostnames, most requested content types, breakdown of request methods, and connection type.\n","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}"},"optionsJSON":"{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"1\",\"w\":46,\"x\":1,\"y\":21},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"timeRange\":{\"from\":\"now-24h\",\"mode\":\"quick\",\"to\":\"now\"},\"useNormalizedEsInterval\":true},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"cloudflare.edge.response.content_type\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10},\"schema\":\"group\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"isVislibVis\":true,\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"area\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"area\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"legendSize\":\"auto\"},\"title\":\"Client Requests by Content Type [Cloudflare]\",\"type\":\"area\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"2\",\"w\":46,\"x\":1,\"y\":33},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"useNormalizedEsInterval\":true},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"http.request.method\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10},\"schema\":\"group\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"isVislibVis\":true,\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"area\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"area\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"legendSize\":\"auto\"},\"title\":\"Client Requests Methods Over Time [Cloudflare]\",\"type\":\"area\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"3\",\"w\":46,\"x\":1,\"y\":44},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"timeRange\":{\"from\":\"now-24h\",\"mode\":\"quick\",\"to\":\"now\"},\"useNormalizedEsInterval\":true},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"cloudflare.client.ssl.protocol\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"group\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"isVislibVis\":true,\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"area\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"area\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"legendSize\":\"auto\"},\"title\":\"Client Requests by Connection Over Time [Cloudflare]\",\"type\":\"area\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"4\",\"w\":46,\"x\":1,\"y\":9},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"timeRange\":{\"from\":\"now-24h\",\"mode\":\"quick\",\"to\":\"now\"},\"useNormalizedEsInterval\":true},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"url.domain\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10},\"schema\":\"group\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"isVislibVis\":true,\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"area\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"area\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"legendSize\":\"auto\"},\"title\":\"Client Requests by Hostname Over Time [Cloudflare]\",\"type\":\"area\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"5\",\"w\":7,\"x\":1,\"y\":0},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"cloudflare.log*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.log*\"}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"![alt text](https://www.cloudflare.com/img/logo-cloudflare-dark.svg)\",\"openLinksInNewTab\":false},\"title\":\"Cloudflare logo [Cloudflare]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"6\",\"w\":46,\"x\":1,\"y\":4},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"cloudflare.logpull\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.logpull\"}}]}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloudflare.device_type\",\"id\":\"1554899945457\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"Device Type\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"source.geo.country_name\",\"id\":\"1554900041526\",\"indexPatternRefName\":\"control_1_index_pattern\",\"label\":\"Country\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"url.domain\",\"id\":\"1554900064098\",\"indexPatternRefName\":\"control_2_index_pattern\",\"label\":\"Hostname\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"client.ip\",\"id\":\"1554900102344\",\"indexPatternRefName\":\"control_3_index_pattern\",\"label\":\"Client IP\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"user_agent.original\",\"id\":\"1554900136614\",\"indexPatternRefName\":\"control_4_index_pattern\",\"label\":\"User Agent\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"url.full\",\"id\":\"1554900159944\",\"indexPatternRefName\":\"control_5_index_pattern\",\"label\":\"Request URI\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"http.response.status_code\",\"id\":\"1554900185676\",\"indexPatternRefName\":\"control_6_index_pattern\",\"label\":\"Edge Response Status\",\"options\":{\"dynamicOptions\":false,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloudflare.origin.response.status_code\",\"id\":\"1554900211881\",\"indexPatternRefName\":\"control_7_index_pattern\",\"label\":\"Origin Response Status\",\"options\":{\"dynamicOptions\":false,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"destination.ip\",\"id\":\"1556549231725\",\"indexPatternRefName\":\"control_8_index_pattern\",\"label\":\"Origin IP\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloudflare.ray_id\",\"id\":\"1554900244300\",\"indexPatternRefName\":\"control_9_index_pattern\",\"label\":\"RayID\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloudflare.worker.subrequest\",\"id\":\"1554900268999\",\"indexPatternRefName\":\"control_10_index_pattern\",\"label\":\"Worker Subrequest\",\"options\":{\"dynamicOptions\":false,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"http.request.method\",\"id\":\"1554900324235\",\"indexPatternRefName\":\"control_11_index_pattern\",\"label\":\"Client Request Method\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":true,\"updateFiltersOnChange\":true,\"useTimeFilter\":false},\"title\":\"Filters [Cloudflare]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"8\",\"w\":39,\"x\":8,\"y\":0},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"cloudflare.log*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.log*\"}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":16,\"markdown\":\"**Origin Requests By Hostname - Content Type - Request Methods - Connection Type**\",\"openLinksInNewTab\":false},\"title\":\"Origin Requests By Hostname - Content Type - Request Methods - Connection Type - text [Cloudflare]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}}]","timeRestore":false,"title":"Cloudflare - Performance (Hostname, Content Type, Request Methods, Connection Type)","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"cloudflare-5a5d6b80-49b9-11e9-bd1f-75f359ac0c3f","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"1:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"2:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"3:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"4:search_0","type":"search"},{"id":"logs-*","name":"5:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"6:control_0_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"6:control_1_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"6:control_2_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"6:control_3_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"6:control_4_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"6:control_5_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"6:control_6_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"6:control_7_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"6:control_8_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"6:control_9_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"6:control_10_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"6:control_11_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"6:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"8:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-cloudflare-default","name":"tag-ref-fleet-pkg-cloudflare-default","type":"tag"}],"sort":[1688154054424,7068],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2NjQsMV0="}
-{"attributes":{"description":"Identify and address performance issues and caching misconfigurations. Metrics include total vs. cached bandwidth, saved bandwidth, total requests, cache ratio, top uncached requests, and more.\n","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}"},"optionsJSON":"{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"1\",\"w\":10,\"x\":1,\"y\":12},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"*\"}}},\"description\":\"\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":30,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Total Number of Requests [Cloudflare]\",\"type\":\"metric\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"2\",\"w\":13,\"x\":11,\"y\":12},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"cloudflare.cache.status\",\"negate\":false,\"params\":[\"hit\",\"stale\",\"updating\",\"ignored\"],\"type\":\"phrases\",\"value\":\"hit, stale, updating, ignored\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"cloudflare.cache.status\":\"hit\"}},{\"match_phrase\":{\"cloudflare.cache.status\":\"stale\"}},{\"match_phrase\":{\"cloudflare.cache.status\":\"updating\"}},{\"match_phrase\":{\"cloudflare.cache.status\":\"ignored\"}}]}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":30,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Cached Requests [Cloudflare]\",\"type\":\"metric\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"3\",\"w\":13,\"x\":24,\"y\":12},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"cloudflare.cache.status\",\"negate\":true,\"params\":[\"hit\",\"stale\",\"updating\",\"ignored\"],\"type\":\"phrases\",\"value\":\"hit, stale, updating, ignored\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"cloudflare.cache.status\":\"hit\"}},{\"match_phrase\":{\"cloudflare.cache.status\":\"stale\"}},{\"match_phrase\":{\"cloudflare.cache.status\":\"updating\"}},{\"match_phrase\":{\"cloudflare.cache.status\":\"ignored\"}}]}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":30,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Uncached Requests [Cloudflare]\",\"type\":\"metric\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"4\",\"w\":14,\"x\":1,\"y\":28},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Total Bandwidth\",\"field\":\"destination.bytes\"},\"schema\":\"metric\",\"type\":\"sum\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"*\"}}},\"description\":\"\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":30,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Total Bandwidth [Cloudflare]\",\"type\":\"metric\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"5\",\"w\":14,\"x\":15,\"y\":28},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Cached Bandwidth\",\"field\":\"destination.bytes\"},\"schema\":\"metric\",\"type\":\"sum\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"cloudflare.cache.status\",\"negate\":false,\"params\":[\"hit\",\"stale\",\"updating\",\"ignored\",\"revalidated\"],\"type\":\"phrases\",\"value\":\"hit, stale, updating, ignored, revalidated\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"cloudflare.cache.status\":\"hit\"}},{\"match_phrase\":{\"cloudflare.cache.status\":\"stale\"}},{\"match_phrase\":{\"cloudflare.cache.status\":\"updating\"}},{\"match_phrase\":{\"cloudflare.cache.status\":\"ignored\"}},{\"match_phrase\":{\"cloudflare.cache.status\":\"revalidated\"}}]}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":30,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Cached Bandwidth [Cloudflare]\",\"type\":\"metric\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"6\",\"w\":18,\"x\":29,\"y\":28},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"field\":\"destination.bytes\"},\"schema\":\"metric\",\"type\":\"sum\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"cloudflare.cache.status\",\"negate\":true,\"params\":[\"hit\",\"stale\",\"updating\",\"ignored\",\"revalidated\"],\"type\":\"phrases\",\"value\":\"hit, stale, updating, ignored, revalidated\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"cloudflare.cache.status\":\"hit\"}},{\"match_phrase\":{\"cloudflare.cache.status\":\"stale\"}},{\"match_phrase\":{\"cloudflare.cache.status\":\"updating\"}},{\"match_phrase\":{\"cloudflare.cache.status\":\"ignored\"}},{\"match_phrase\":{\"cloudflare.cache.status\":\"revalidated\"}}]}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":30,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Uncached Bandwidth [Cloudflare]\",\"type\":\"metric\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":13,\"i\":\"7\",\"w\":25,\"x\":1,\"y\":44},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"useNormalizedEsInterval\":true},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"cloudflare.cache.status\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"group\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"isVislibVis\":true,\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"legendSize\":\"auto\"},\"title\":\"Cache status over time [Cloudflare]\",\"type\":\"line\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":6,\"i\":\"8\",\"w\":21,\"x\":26,\"y\":44},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"cloudflare.cache.status\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":15},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addTooltip\":true,\"distinctColors\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"type\":\"pie\",\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Cache Status Ratio [Cloudflare]\",\"type\":\"pie\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"9\",\"w\":21,\"x\":26,\"y\":50},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"url.full\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":30},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"cloudflare.cache.status\",\"negate\":false,\"params\":{\"query\":\"miss\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"miss\"},\"query\":{\"match\":{\"cloudflare.cache.status\":{\"query\":\"miss\",\"type\":\"phrase\"}}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Top URIs with Cache Status Miss [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"12\",\"w\":24,\"x\":1,\"y\":16},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"auto\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(104,204,202,1)\",\"fill\":0.5,\"filter\":{\"language\":\"lucene\",\"query\":\"data_stream.dataset : \\\"cloudflare.log\\\"\"},\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"total requests\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_filters\":[{\"color\":\"#68BC00\",\"filter\":{\"language\":\"lucene\",\"query\":\"metricset.name:cloudflare.cache.status\"},\"id\":\"e847cce0-4731-11e9-b6ee-0784825b4ddc\",\"label\":\"cached requests\"}],\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"cloudflare.cache.status\",\"terms_order_by\":\"_term\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":{\"language\":\"lucene\",\"query\":\"data_stream.dataset : \\\"cloudflare.log\\\" AND cloudflare.cache.status:(hit OR stale OR updating OR ignored)\"},\"formatter\":\"number\",\"id\":\"0d45cce0-498f-11e9-b6ee-0784825b4ddc\",\"label\":\"cached requests\",\"line_width\":1,\"metrics\":[{\"id\":\"0d45cce1-498f-11e9-b6ee-0784825b4ddc\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_filters\":[{\"color\":\"#68BC00\",\"id\":\"14053f70-498f-11e9-b6ee-0784825b4ddc\"}],\"split_mode\":\"filter\",\"stacked\":\"none\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(244,78,59,1)\",\"fill\":0.5,\"filter\":{\"language\":\"lucene\",\"query\":\"data_stream.dataset : \\\"cloudflare.log\\\" AND cloudflare.cache.status:(-hit OR -stale OR -updating OR -ignored)\"},\"formatter\":\"number\",\"id\":\"3edf18b0-498f-11e9-b6ee-0784825b4ddc\",\"label\":\"uncached requests\",\"line_width\":1,\"metrics\":[{\"id\":\"3edf18b1-498f-11e9-b6ee-0784825b4ddc\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"filter\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"Total number of requests vs cached vs uncached over time [Cloudflare]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"13\",\"w\":22,\"x\":25,\"y\":16},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"auto\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(104,204,202,1)\",\"fill\":0.5,\"filter\":{\"language\":\"lucene\",\"query\":\"data_stream.dataset : \\\"cloudflare.log\\\"\"},\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"total requests\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"filter\",\"stacked\":\"none\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(253,161,255,1)\",\"fill\":0.5,\"filter\":{\"language\":\"lucene\",\"query\":\"data_stream.dataset : \\\"cloudflare.log\\\" AND cloudflare.origin.response.status_code:>0\"},\"formatter\":\"number\",\"id\":\"fca6dbb0-4991-11e9-b6ee-0784825b4ddc\",\"label\":\"origin requests\",\"line_width\":1,\"metrics\":[{\"id\":\"fca6dbb1-4991-11e9-b6ee-0784825b4ddc\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"filter\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"Total Requests vs. Origin Requests in rps last 24 hours [Cloudflare]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"14\",\"w\":25,\"x\":1,\"y\":32},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"auto\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":{\"language\":\"lucene\",\"query\":\"cloudflare.cache.status:(hit OR stale OR updating OR ignored OR revalidated)\"},\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"saved bandwidth\",\"line_width\":1,\"metrics\":[{\"field\":\"destination.bytes\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"filter\",\"stacked\":\"none\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(244,78,59,1)\",\"fill\":0.5,\"filter\":{\"language\":\"lucene\",\"query\":\"cloudflare.cache.status:(-hit OR -stale OR -updating OR -ignored OR -revalidated)\"},\"formatter\":\"bytes\",\"id\":\"73f43510-49a0-11e9-8499-d5aa4562b1c7\",\"label\":\"uncached bandwidth\",\"line_width\":1,\"metrics\":[{\"field\":\"destination.bytes\",\"id\":\"73f43511-49a0-11e9-8499-d5aa4562b1c7\",\"type\":\"sum\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"filter\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"Cached vs Uncached Bandwidth Over Time [Cloudflare]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"15\",\"w\":21,\"x\":26,\"y\":32},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"c520c1a0-1c6e-11ea-9387-9362a5ae410a\"}],\"bar_color_rules\":[{\"id\":\"c6258770-1c6e-11ea-9387-9362a5ae410a\"}],\"drop_last_bucket\":1,\"gauge_color_rules\":[{\"id\":\"c7b83560-1c6e-11ea-9387-9362a5ae410a\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"auto\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(104,204,202,1)\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"total bandwidth\",\"line_width\":1,\"metrics\":[{\"field\":\"destination.bytes\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(253,161,255,1)\",\"fill\":0.5,\"filter\":{\"language\":\"lucene\",\"query\":\"cloudflare.origin.response.status_code:>0\"},\"formatter\":\"bytes\",\"id\":\"65f93df0-49a7-11e9-a870-03d340338f04\",\"label\":\"origin bandwidth\",\"line_width\":1,\"metrics\":[{\"field\":\"destination.bytes\",\"id\":\"65f93df1-49a7-11e9-a870-03d340338f04\",\"type\":\"avg\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"filter\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"Total Bandwidth vs Origin Bandwidth in Mbps last 24 hours - 7.x [Cloudflare]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"16\",\"w\":7,\"x\":1,\"y\":0},\"panelIndex\":\"16\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"cloudflare.log*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.log*\"}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"![alt text](https://www.cloudflare.com/img/logo-cloudflare-dark.svg)\",\"openLinksInNewTab\":false},\"title\":\"Cloudflare logo [Cloudflare]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":3,\"i\":\"17\",\"w\":46,\"x\":1,\"y\":9},\"panelIndex\":\"17\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"cloudflare.log*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.log*\"}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":16,\"markdown\":\"**Requests**\",\"openLinksInNewTab\":false},\"title\":\"Requests - text [Cloudflare]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":3,\"i\":\"18\",\"w\":46,\"x\":1,\"y\":25},\"panelIndex\":\"18\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"cloudflare.log*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.log*\"}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":16,\"markdown\":\"**Bandwidth**\",\"openLinksInNewTab\":false},\"title\":\"Bandwidth - text [Cloudflare]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":3,\"i\":\"19\",\"w\":46,\"x\":1,\"y\":41},\"panelIndex\":\"19\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"cloudflare.log*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.log*\"}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":16,\"markdown\":\"**Cache**\",\"openLinksInNewTab\":false},\"title\":\"Cache - text [Cloudflare]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"20\",\"w\":46,\"x\":1,\"y\":4},\"panelIndex\":\"20\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"cloudflare.logpull\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.logpull\"}}]}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloudflare.device_type\",\"id\":\"1554899945457\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"Device Type\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"source.geo.country_name\",\"id\":\"1554900041526\",\"indexPatternRefName\":\"control_1_index_pattern\",\"label\":\"Country\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"url.domain\",\"id\":\"1554900064098\",\"indexPatternRefName\":\"control_2_index_pattern\",\"label\":\"Hostname\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"client.ip\",\"id\":\"1554900102344\",\"indexPatternRefName\":\"control_3_index_pattern\",\"label\":\"Client IP\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"user_agent.original\",\"id\":\"1554900136614\",\"indexPatternRefName\":\"control_4_index_pattern\",\"label\":\"User Agent\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"url.full\",\"id\":\"1554900159944\",\"indexPatternRefName\":\"control_5_index_pattern\",\"label\":\"Request URI\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"http.response.status_code\",\"id\":\"1554900185676\",\"indexPatternRefName\":\"control_6_index_pattern\",\"label\":\"Edge Response Status\",\"options\":{\"dynamicOptions\":false,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloudflare.origin.response.status_code\",\"id\":\"1554900211881\",\"indexPatternRefName\":\"control_7_index_pattern\",\"label\":\"Origin Response Status\",\"options\":{\"dynamicOptions\":false,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"destination.ip\",\"id\":\"1556549231725\",\"indexPatternRefName\":\"control_8_index_pattern\",\"label\":\"Origin IP\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloudflare.ray_id\",\"id\":\"1554900244300\",\"indexPatternRefName\":\"control_9_index_pattern\",\"label\":\"RayID\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloudflare.worker.subrequest\",\"id\":\"1554900268999\",\"indexPatternRefName\":\"control_10_index_pattern\",\"label\":\"Worker Subrequest\",\"options\":{\"dynamicOptions\":false,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"http.request.method\",\"id\":\"1554900324235\",\"indexPatternRefName\":\"control_11_index_pattern\",\"label\":\"Client Request Method\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":true,\"updateFiltersOnChange\":true,\"useTimeFilter\":false},\"title\":\"Filters [Cloudflare]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"21\",\"w\":39,\"x\":8,\"y\":0},\"panelIndex\":\"21\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"cloudflare.log*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.log*\"}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":16,\"markdown\":\"**Performance Overview**\",\"openLinksInNewTab\":false},\"title\":\"Performance Overview - text [Cloudflare]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}}]","timeRestore":false,"title":"Cloudflare - Performance (Requests, Bandwidth, Cache)","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"cloudflare-8d730ba0-3aa6-11e9-bd1f-75f359ac0c3f","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"1:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"2:search_0","type":"search"},{"id":"logs-*","name":"2:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"3:search_0","type":"search"},{"id":"logs-*","name":"3:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"4:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"5:search_0","type":"search"},{"id":"logs-*","name":"5:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"6:search_0","type":"search"},{"id":"logs-*","name":"6:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"7:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"8:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"9:search_0","type":"search"},{"id":"logs-*","name":"9:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"12:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"13:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"14:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"15:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"16:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"17:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"18:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"19:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"20:control_0_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"20:control_1_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"20:control_2_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"20:control_3_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"20:control_4_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"20:control_5_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"20:control_6_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"20:control_7_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"20:control_8_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"20:control_9_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"20:control_10_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"20:control_11_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"20:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"21:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-cloudflare-default","name":"tag-ref-fleet-pkg-cloudflare-default","type":"tag"}],"sort":[1688154054424,7107],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2NjUsMV0="}
-{"attributes":{"description":"Get insights on the availability of your websites and applications. Metrics include origin response error ratio, origin response status over time, percentage of 3xx/4xx/5xx errors over time, and more.\n","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}"},"optionsJSON":"{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"1\",\"w\":34,\"x\":1,\"y\":18},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"useNormalizedEsInterval\":true},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"http.response.status_code\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"group\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"isVislibVis\":true,\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"area\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"area\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"legendSize\":\"auto\"},\"title\":\"Edge Response Status Over Time [Cloudflare]\",\"type\":\"area\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"2\",\"w\":34,\"x\":1,\"y\":26},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"useNormalizedEsInterval\":true},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"cloudflare.origin.response.status_code\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"group\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"isVislibVis\":true,\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"area\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"area\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"legendSize\":\"auto\"},\"title\":\"Origin Response Status Over Time [Cloudflare]\",\"type\":\"area\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"3\",\"w\":15,\"x\":31,\"y\":9},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"exclude\":\"\",\"field\":\"client.ip\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":50},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"source.as.number\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":50},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Top Client IPs and AS Number - Reliability [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"4\",\"w\":17,\"x\":29,\"y\":37},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"source.geo.country_name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":50},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"http.response.status_code\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":50},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"totalFunc\":\"sum\"},\"title\":\"Top Countries - Reliability [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"6\",\"w\":28,\"x\":1,\"y\":37},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"url.full\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":50},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"http.response.status_code\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":50},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"totalFunc\":\"sum\"},\"title\":\"Top Requested URI - Reliability [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"7\",\"w\":28,\"x\":1,\"y\":46},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"user_agent.original\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":50},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"http.response.status_code\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":50},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"totalFunc\":\"sum\"},\"title\":\"Top User Agents - Reliability [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"8\",\"w\":17,\"x\":29,\"y\":46},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"url.domain\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":50},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"http.response.status_code\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":50},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"totalFunc\":\"sum\"},\"title\":\"Top Hostnames - Reliability [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"9\",\"w\":11,\"x\":35,\"y\":26},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"http.response.status_code\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addTooltip\":true,\"distinctColors\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"type\":\"pie\",\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Edge Response Error Ratio [Cloudflare]\",\"type\":\"pie\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"10\",\"w\":11,\"x\":35,\"y\":18},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"cloudflare.origin.response.status_code\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addTooltip\":true,\"distinctColors\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"type\":\"pie\",\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Origin Response Error Ratio [Cloudflare]\",\"type\":\"pie\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"11\",\"w\":30,\"x\":1,\"y\":9},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"http.response.status_code\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"group\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"gauge\":{\"alignment\":\"horizontal\",\"backStyle\":\"Full\",\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":50},{\"from\":50,\"to\":75},{\"from\":75,\"to\":100}],\"extendRange\":true,\"gaugeColorMode\":\"Labels\",\"gaugeStyle\":\"Full\",\"gaugeType\":\"Arc\",\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"orientation\":\"vertical\",\"percentageMode\":false,\"scale\":{\"color\":\"#333\",\"labels\":false,\"show\":true},\"style\":{\"bgColor\":false,\"bgFill\":\"#eee\",\"bgMask\":false,\"bgWidth\":0.9,\"fontSize\":60,\"labelColor\":true,\"mask\":false,\"maskBars\":50,\"subText\":\"\",\"width\":0.9},\"type\":\"meter\"},\"isDisplayWarning\":false,\"type\":\"gauge\"},\"title\":\"Errors Ratio (Edge) [Cloudflare]\",\"type\":\"gauge\",\"uiState\":{\"vis\":{\"defaultColors\":{\"0 - 50\":\"rgb(0,104,55)\",\"50 - 75\":\"rgb(255,255,190)\",\"75 - 100\":\"rgb(165,0,38)\"}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"12\",\"w\":45,\"x\":1,\"y\":4},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"cloudflare.logpull\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.logpull\"}}]}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloudflare.device_type\",\"id\":\"1554899945457\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"Device Type\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"source.geo.country_name\",\"id\":\"1554900041526\",\"indexPatternRefName\":\"control_1_index_pattern\",\"label\":\"Country\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"url.domain\",\"id\":\"1554900064098\",\"indexPatternRefName\":\"control_2_index_pattern\",\"label\":\"Hostname\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"client.ip\",\"id\":\"1554900102344\",\"indexPatternRefName\":\"control_3_index_pattern\",\"label\":\"Client IP\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"user_agent.original\",\"id\":\"1554900136614\",\"indexPatternRefName\":\"control_4_index_pattern\",\"label\":\"User Agent\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"url.full\",\"id\":\"1554900159944\",\"indexPatternRefName\":\"control_5_index_pattern\",\"label\":\"Request URI\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"http.response.status_code\",\"id\":\"1554900185676\",\"indexPatternRefName\":\"control_6_index_pattern\",\"label\":\"Edge Response Status\",\"options\":{\"dynamicOptions\":false,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloudflare.origin.response.status_code\",\"id\":\"1554900211881\",\"indexPatternRefName\":\"control_7_index_pattern\",\"label\":\"Origin Response Status\",\"options\":{\"dynamicOptions\":false,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"destination.ip\",\"id\":\"1556549231725\",\"indexPatternRefName\":\"control_8_index_pattern\",\"label\":\"Origin IP\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloudflare.ray_id\",\"id\":\"1554900244300\",\"indexPatternRefName\":\"control_9_index_pattern\",\"label\":\"RayID\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloudflare.worker.subrequest\",\"id\":\"1554900268999\",\"indexPatternRefName\":\"control_10_index_pattern\",\"label\":\"Worker Subrequest\",\"options\":{\"dynamicOptions\":false,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"http.request.method\",\"id\":\"1554900324235\",\"indexPatternRefName\":\"control_11_index_pattern\",\"label\":\"Client Request Method\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":true,\"updateFiltersOnChange\":true,\"useTimeFilter\":false},\"title\":\"Filters [Cloudflare]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"13\",\"w\":38,\"x\":8,\"y\":0},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"cloudflare.log*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.log*\"}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":16,\"markdown\":\"**Summary of Edge and Origin Response Status**\\n\\nGet an overview of the edge and origin response status codes\",\"openLinksInNewTab\":false},\"title\":\"Summary of Edge and Origin Response Status - text [Cloudflare]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"14\",\"w\":7,\"x\":1,\"y\":0},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"cloudflare.log*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.log*\"}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"![alt text](https://www.cloudflare.com/img/logo-cloudflare-dark.svg)\",\"openLinksInNewTab\":false},\"title\":\"Cloudflare logo [Cloudflare]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":3,\"i\":\"15\",\"w\":45,\"x\":1,\"y\":34},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"cloudflare.log*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.log*\"}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":14,\"markdown\":\"Detailed View\\nBreakdown of Origin Response Status Codes by Various Metrics\",\"openLinksInNewTab\":false},\"title\":\"Detailed View Breakdown of Origin Response Status Codes by Various Metrics - text [Cloudflare]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}}]","timeRestore":false,"title":"Cloudflare - Reliability","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"cloudflare-9c4c3100-39df-11e9-bd1f-75f359ac0c3f","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"1:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"2:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"3:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"4:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"6:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"7:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"8:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"9:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"10:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"11:search_0","type":"search"},{"id":"logs-*","name":"12:control_0_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"12:control_1_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"12:control_2_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"12:control_3_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"12:control_4_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"12:control_5_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"12:control_6_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"12:control_7_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"12:control_8_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"12:control_9_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"12:control_10_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"12:control_11_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"12:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"13:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"14:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"15:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-cloudflare-default","name":"tag-ref-fleet-pkg-cloudflare-default","type":"tag"}],"sort":[1688154054424,7136],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2NjYsMV0="}
-{"attributes":{"description":"Get insights into the performance of your static and dynamic content, including slowest URLs.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}"},"optionsJSON":"{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"1\",\"w\":46,\"x\":1,\"y\":9},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"field\":\"cloudflare.origin.response.time\",\"percents\":[50,75,95]},\"schema\":\"metric\",\"type\":\"percentiles\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"timeRange\":{\"from\":\"now-60d\",\"to\":\"now\"},\"useNormalizedEsInterval\":true},\"schema\":\"segment\",\"type\":\"date_histogram\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"cloudflare.cache.status\",\"negate\":false,\"params\":[\"bypass\",\"unknown\"],\"type\":\"phrases\",\"value\":\"bypass, unknown\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"cloudflare.cache.status\":\"bypass\"}},{\"match_phrase\":{\"cloudflare.cache.status\":\"unknown\"}}]}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"isVislibVis\":true,\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Percentiles of cloudflare.origin.response.time\"},\"drawLinesBetweenPoints\":true,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Percentiles of OriginResponseTime\"},\"type\":\"value\"}],\"legendSize\":\"auto\"},\"title\":\"Origin time to first byte dynamic requests [Cloudflare]\",\"type\":\"line\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"2\",\"w\":46,\"x\":1,\"y\":19},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"field\":\"cloudflare.origin.response.time\",\"percents\":[50,75,95]},\"schema\":\"metric\",\"type\":\"percentiles\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"timeRange\":{\"from\":\"now-60d\",\"to\":\"now\"},\"useNormalizedEsInterval\":true},\"schema\":\"segment\",\"type\":\"date_histogram\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"cloudflare.cache.status\",\"negate\":true,\"params\":[\"bypass\",\"unknown\"],\"type\":\"phrases\",\"value\":\"bypass, unknown\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"cloudflare.cache.status\":\"bypass\"}},{\"match_phrase\":{\"cloudflare.cache.status\":\"unknown\"}}]}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"isVislibVis\":true,\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Percentiles of cloudflare.origin.response.time\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"cardinal\",\"lineWidth\":1.5,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Percentiles of OriginResponseTime\"},\"type\":\"value\"}],\"legendSize\":\"auto\"},\"title\":\"Origin time to first byte static requests [Cloudflare]\",\"type\":\"line\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":14,\"i\":\"3\",\"w\":46,\"x\":1,\"y\":28},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"6\",\"params\":{\"customLabel\":\"average_response_time\",\"field\":\"cloudflare.origin.response.time\"},\"schema\":\"metric\",\"type\":\"avg\"},{\"enabled\":true,\"id\":\"7\",\"params\":{\"customLabel\":\"wait_time\",\"field\":\"cloudflare.origin.response.time\"},\"schema\":\"metric\",\"type\":\"sum\"},{\"enabled\":true,\"id\":\"8\",\"params\":{\"field\":\"cloudflare.origin.response.time\",\"percents\":[99,99.9]},\"schema\":\"metric\",\"type\":\"percentiles\"},{\"enabled\":true,\"id\":\"9\",\"params\":{\"field\":\"url.full\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":50},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"cloudflare.cache.status\",\"negate\":false,\"params\":[\"bypass\",\"unknown\"],\"type\":\"phrases\",\"value\":\"bypass, unknown\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"cloudflare.cache.status\":\"bypass\"}},{\"match_phrase\":{\"cloudflare.cache.status\":\"unknown\"}}]}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Slowest URIs by cumulative time to first byte for dynamic requests [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":14,\"i\":\"4\",\"w\":46,\"x\":1,\"y\":42},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"average_response_time\",\"field\":\"cloudflare.origin.response.time\"},\"schema\":\"metric\",\"type\":\"avg\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"wait_time\",\"field\":\"cloudflare.origin.response.time\"},\"schema\":\"metric\",\"type\":\"sum\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"field\":\"cloudflare.origin.response.time\",\"percents\":[99,99.9]},\"schema\":\"metric\",\"type\":\"percentiles\"},{\"enabled\":true,\"id\":\"5\",\"params\":{\"field\":\"url.full\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":50},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"cloudflare.cache.status\",\"negate\":true,\"params\":[\"unknown\",\"bypass\"],\"type\":\"phrases\",\"value\":\"unknown, bypass\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"cloudflare.cache.status\":\"unknown\"}},{\"match_phrase\":{\"cloudflare.cache.status\":\"bypass\"}}]}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Slowest URIs by cumulative time to first byte for static requests [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"5\",\"w\":7,\"x\":1,\"y\":0},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"cloudflare.log*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.log*\"}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"![alt text](https://www.cloudflare.com/img/logo-cloudflare-dark.svg)\",\"openLinksInNewTab\":false},\"title\":\"Cloudflare logo [Cloudflare]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"6\",\"w\":39,\"x\":8,\"y\":0},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"cloudflare.log*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.log*\"}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":16,\"markdown\":\"**Static vs Dynamic Content**\",\"openLinksInNewTab\":false},\"title\":\"Static vs Dynamic Content - text [Cloudflare]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"7\",\"w\":46,\"x\":1,\"y\":4},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"cloudflare.logpull\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.logpull\"}}]}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloudflare.device_type\",\"id\":\"1554899945457\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"Device Type\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"source.geo.country_name\",\"id\":\"1554900041526\",\"indexPatternRefName\":\"control_1_index_pattern\",\"label\":\"Country\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"url.domain\",\"id\":\"1554900064098\",\"indexPatternRefName\":\"control_2_index_pattern\",\"label\":\"Hostname\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"client.ip\",\"id\":\"1554900102344\",\"indexPatternRefName\":\"control_3_index_pattern\",\"label\":\"Client IP\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"user_agent.original\",\"id\":\"1554900136614\",\"indexPatternRefName\":\"control_4_index_pattern\",\"label\":\"User Agent\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"url.full\",\"id\":\"1554900159944\",\"indexPatternRefName\":\"control_5_index_pattern\",\"label\":\"Request URI\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"http.response.status_code\",\"id\":\"1554900185676\",\"indexPatternRefName\":\"control_6_index_pattern\",\"label\":\"Edge Response Status\",\"options\":{\"dynamicOptions\":false,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloudflare.origin.response.status_code\",\"id\":\"1554900211881\",\"indexPatternRefName\":\"control_7_index_pattern\",\"label\":\"Origin Response Status\",\"options\":{\"dynamicOptions\":false,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"destination.ip\",\"id\":\"1556549231725\",\"indexPatternRefName\":\"control_8_index_pattern\",\"label\":\"Origin IP\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloudflare.ray_id\",\"id\":\"1554900244300\",\"indexPatternRefName\":\"control_9_index_pattern\",\"label\":\"RayID\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloudflare.worker.subrequest\",\"id\":\"1554900268999\",\"indexPatternRefName\":\"control_10_index_pattern\",\"label\":\"Worker Subrequest\",\"options\":{\"dynamicOptions\":false,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"http.request.method\",\"id\":\"1554900324235\",\"indexPatternRefName\":\"control_11_index_pattern\",\"label\":\"Client Request Method\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":true,\"updateFiltersOnChange\":true,\"useTimeFilter\":false},\"title\":\"Filters [Cloudflare]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\"}}]","timeRestore":false,"title":"Cloudflare - Performance (Static vs. Dynamic Content)","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"cloudflare-a35b4880-49a9-11e9-bd1f-75f359ac0c3f","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"1:search_0","type":"search"},{"id":"logs-*","name":"1:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"2:search_0","type":"search"},{"id":"logs-*","name":"2:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"3:search_0","type":"search"},{"id":"logs-*","name":"3:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"4:search_0","type":"search"},{"id":"logs-*","name":"4:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"5:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"6:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"7:control_0_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7:control_1_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7:control_2_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7:control_3_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7:control_4_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7:control_5_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7:control_6_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7:control_7_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7:control_8_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7:control_9_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7:control_10_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7:control_11_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-cloudflare-default","name":"tag-ref-fleet-pkg-cloudflare-default","type":"tag"}],"sort":[1688154054424,7162],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2NjcsMV0="}
-{"attributes":{"description":"Get insights on rate limiting protection against denial-of-service attacks, brute-force login attempts, and other types of abusive behavior targeted at your websites or applications.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}"},"optionsJSON":"{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"1\",\"w\":46,\"x\":1,\"y\":9},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"timeRange\":{\"from\":\"now-6M\",\"to\":\"now\"},\"useNormalizedEsInterval\":true},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"cloudflare.edge.rate_limit.action\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10},\"schema\":\"group\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"cloudflare.edge.rate_limit.action\",\"negate\":false,\"params\":[\"ban\",\"simulate\",\"challenge\",\"jsChallenge\"],\"type\":\"phrases\",\"value\":\"ban, simulate, challenge, jsChallenge\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"cloudflare.edge.rate_limit.action\":\"ban\"}},{\"match_phrase\":{\"cloudflare.edge.rate_limit.action\":\"simulate\"}},{\"match_phrase\":{\"cloudflare.edge.rate_limit.action\":\"challenge\"}},{\"match_phrase\":{\"cloudflare.edge.rate_limit.action\":\"jsChallenge\"}}]}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"},\"valueAxis\":null},\"isVislibVis\":true,\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"lineWidth\":2.5,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"defaultYExtents\":true,\"mode\":\"normal\",\"setYExtents\":false,\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"legendSize\":\"auto\"},\"title\":\"Rate Limit Over Time [Cloudflare]\",\"type\":\"line\",\"uiState\":{\"vis\":{\"legendOpen\":true}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"2\",\"w\":23,\"x\":1,\"y\":16},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"cloudflare.edge.rate_limit.action\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"cloudflare.edge.rate_limit.id\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"cloudflare.edge.rate_limit.action\",\"negate\":false,\"params\":[\"ban\",\"simulate\",\"jsChallenge\",\"challenge\"],\"type\":\"phrases\",\"value\":\"ban, simulate, jsChallenge, challenge\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"cloudflare.edge.rate_limit.action\":\"ban\"}},{\"match_phrase\":{\"cloudflare.edge.rate_limit.action\":\"simulate\"}},{\"match_phrase\":{\"cloudflare.edge.rate_limit.action\":\"jsChallenge\"}},{\"match_phrase\":{\"cloudflare.edge.rate_limit.action\":\"challenge\"}}]}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Top Rate Limit Actions [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"3\",\"w\":46,\"x\":1,\"y\":25},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"cloudflare.edge.rate_limit.action\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"source.geo.country_iso_code\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"field\":\"url.domain\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"cloudflare.edge.rate_limit.action\",\"negate\":false,\"params\":[\"ban\",\"simulate\",\"jsChallenge\",\"challenge\"],\"type\":\"phrases\",\"value\":\"ban, simulate, jsChallenge, challenge\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"cloudflare.edge.rate_limit.action\":\"ban\"}},{\"match_phrase\":{\"cloudflare.edge.rate_limit.action\":\"simulate\"}},{\"match_phrase\":{\"cloudflare.edge.rate_limit.action\":\"jsChallenge\"}},{\"match_phrase\":{\"cloudflare.edge.rate_limit.action\":\"challenge\"}}]}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Top Rate Limit Countries [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"4\",\"w\":23,\"x\":24,\"y\":16},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"client.ip\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"url.domain\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"field\":\"url.full\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"cloudflare.edge.rate_limit.action\",\"negate\":false,\"params\":{\"query\":\"ban\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"ban\"},\"query\":{\"match\":{\"cloudflare.edge.rate_limit.action\":{\"query\":\"ban\",\"type\":\"phrase\"}}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Top Banned Client IPs [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"5\",\"w\":7,\"x\":1,\"y\":0},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"cloudflare.log*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.log*\"}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"![alt text](https://www.cloudflare.com/img/logo-cloudflare-dark.svg)\",\"openLinksInNewTab\":false},\"title\":\"Cloudflare logo [Cloudflare]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"6\",\"w\":39,\"x\":8,\"y\":0},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"cloudflare.log*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.log*\"}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":16,\"markdown\":\"**Rate Limiting - Get insights into rate limiting events and banned IPs and URIs**\",\"openLinksInNewTab\":false},\"title\":\"Rate Limiting Get insights into rate limiting events and banned IPs and URIs - text [Cloudflare]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"7\",\"w\":46,\"x\":1,\"y\":4},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"cloudflare.logpull\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.logpull\"}}]}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloudflare.device_type\",\"id\":\"1554899945457\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"Device Type\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"source.geo.country_name\",\"id\":\"1554900041526\",\"indexPatternRefName\":\"control_1_index_pattern\",\"label\":\"Country\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"url.domain\",\"id\":\"1554900064098\",\"indexPatternRefName\":\"control_2_index_pattern\",\"label\":\"Hostname\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"client.ip\",\"id\":\"1554900102344\",\"indexPatternRefName\":\"control_3_index_pattern\",\"label\":\"Client IP\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"user_agent.original\",\"id\":\"1554900136614\",\"indexPatternRefName\":\"control_4_index_pattern\",\"label\":\"User Agent\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"url.full\",\"id\":\"1554900159944\",\"indexPatternRefName\":\"control_5_index_pattern\",\"label\":\"Request URI\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"http.response.status_code\",\"id\":\"1554900185676\",\"indexPatternRefName\":\"control_6_index_pattern\",\"label\":\"Edge Response Status\",\"options\":{\"dynamicOptions\":false,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloudflare.origin.response.status_code\",\"id\":\"1554900211881\",\"indexPatternRefName\":\"control_7_index_pattern\",\"label\":\"Origin Response Status\",\"options\":{\"dynamicOptions\":false,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"destination.ip\",\"id\":\"1556549231725\",\"indexPatternRefName\":\"control_8_index_pattern\",\"label\":\"Origin IP\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloudflare.ray_id\",\"id\":\"1554900244300\",\"indexPatternRefName\":\"control_9_index_pattern\",\"label\":\"RayID\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloudflare.worker.subrequest\",\"id\":\"1554900268999\",\"indexPatternRefName\":\"control_10_index_pattern\",\"label\":\"Worker Subrequest\",\"options\":{\"dynamicOptions\":false,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"http.request.method\",\"id\":\"1554900324235\",\"indexPatternRefName\":\"control_11_index_pattern\",\"label\":\"Client Request Method\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":true,\"updateFiltersOnChange\":true,\"useTimeFilter\":false},\"title\":\"Filters [Cloudflare]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\"}}]","timeRestore":false,"title":"Cloudflare - Security (Rate Limiting)","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"cloudflare-b221c710-2963-11e9-b959-4502c43b2e30","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"1:search_0","type":"search"},{"id":"logs-*","name":"1:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"2:search_0","type":"search"},{"id":"logs-*","name":"2:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"3:search_0","type":"search"},{"id":"logs-*","name":"3:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"4:search_0","type":"search"},{"id":"logs-*","name":"4:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"5:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"6:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"7:control_0_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7:control_1_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7:control_2_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7:control_3_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7:control_4_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7:control_5_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7:control_6_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7:control_7_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7:control_8_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7:control_9_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7:control_10_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7:control_11_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-cloudflare-default","name":"tag-ref-fleet-pkg-cloudflare-default","type":"tag"}],"sort":[1688154054424,7188],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2NjgsMV0="}
-{"attributes":{"description":"Get insights on threat identification and mitigation by our Web Application Firewall, including events like SQL injections, XSS, and more. Use this data to fine tune the firewall to target obvious threats and prevent false positives.\n","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}"},"optionsJSON":"{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":14,\"i\":\"1\",\"w\":46,\"x\":1,\"y\":34},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"cloudflare.waf.rule.id\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"user_agent.original\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"cloudflare.waf.action\",\"negate\":true,\"params\":{\"query\":\"unknown\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"unknown\"},\"query\":{\"match\":{\"cloudflare.waf.action\":{\"query\":\"unknown\",\"type\":\"phrase\"}}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"WAF: Top User Agents [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"2\",\"w\":29,\"x\":18,\"y\":23},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"cloudflare.waf.rule.id\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"cloudflare.waf.rule.message\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"cloudflare.waf.action\",\"negate\":true,\"params\":{\"query\":\"unknown\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"unknown\"},\"query\":{\"match\":{\"cloudflare.waf.action\":{\"query\":\"unknown\",\"type\":\"phrase\"}}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Top WAF Rules Triggered [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"3\",\"w\":17,\"x\":1,\"y\":23},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"client.ip\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"cloudflare.waf.action\",\"negate\":true,\"params\":{\"query\":\"unknown\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"unknown\"},\"query\":{\"match\":{\"cloudflare.waf.action\":{\"query\":\"unknown\",\"type\":\"phrase\"}}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"WAF: Top Client IP [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":6,\"i\":\"4\",\"w\":18,\"x\":29,\"y\":9},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"url.domain\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"cloudflare.waf.action\",\"negate\":true,\"params\":{\"query\":\"unknown\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"unknown\"},\"query\":{\"match\":{\"cloudflare.waf.action\":{\"query\":\"unknown\",\"type\":\"phrase\"}}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"WAF: Top Hosts [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":6,\"i\":\"5\",\"w\":11,\"x\":18,\"y\":9},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"source.geo.country_iso_code\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":15},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"cloudflare.waf.action\",\"negate\":true,\"params\":{\"query\":\"unknown\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"unknown\"},\"query\":{\"match\":{\"cloudflare.waf.action\":{\"query\":\"unknown\",\"type\":\"phrase\"}}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addTooltip\":true,\"distinctColors\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"type\":\"pie\",\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"WAF: Top Countries [Cloudflare]\",\"type\":\"pie\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":6,\"i\":\"6\",\"w\":8,\"x\":10,\"y\":9},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"cloudflare.waf.action\",\"negate\":true,\"params\":{\"query\":\"unknown\"},\"type\":\"phrase\",\"value\":\"unknown\"},\"query\":{\"match\":{\"cloudflare.waf.action\":{\"query\":\"unknown\",\"type\":\"phrase\"}}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":30,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"WAF Events Triggered [Cloudflare]\",\"type\":\"metric\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"7\",\"w\":46,\"x\":1,\"y\":15},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"useNormalizedEsInterval\":true},\"schema\":\"segment\",\"type\":\"date_histogram\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"cloudflare.waf.action\",\"negate\":true,\"params\":{\"query\":\"unknown\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"unknown\"},\"query\":{\"match\":{\"cloudflare.waf.action\":{\"query\":\"unknown\",\"type\":\"phrase\"}}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"isVislibVis\":true,\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"legendSize\":\"auto\"},\"title\":\"WAF Events Over Time [Cloudflare]\",\"type\":\"line\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":6,\"i\":\"8\",\"w\":9,\"x\":1,\"y\":9},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"*\"}}},\"description\":\"\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":30,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Total Number of Requests [Cloudflare]\",\"type\":\"metric\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"9\",\"w\":7,\"x\":1,\"y\":0},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"cloudflare.log*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.log*\"}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"![alt text](https://www.cloudflare.com/img/logo-cloudflare-dark.svg)\",\"openLinksInNewTab\":false},\"title\":\"Cloudflare logo [Cloudflare]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"10\",\"w\":39,\"x\":8,\"y\":0},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"cloudflare.log*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.log*\"}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":16,\"markdown\":\"**WAF - Events triggered by the Web Application Firewall**\",\"openLinksInNewTab\":false},\"title\":\"WAF Events triggered by the Web Application Firewall - text [Cloudflare]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"11\",\"w\":46,\"x\":1,\"y\":4},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"cloudflare.logpull\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.logpull\"}}]}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloudflare.device_type\",\"id\":\"1554899945457\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"Device Type\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"source.geo.country_name\",\"id\":\"1554900041526\",\"indexPatternRefName\":\"control_1_index_pattern\",\"label\":\"Country\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"url.domain\",\"id\":\"1554900064098\",\"indexPatternRefName\":\"control_2_index_pattern\",\"label\":\"Hostname\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"client.ip\",\"id\":\"1554900102344\",\"indexPatternRefName\":\"control_3_index_pattern\",\"label\":\"Client IP\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"user_agent.original\",\"id\":\"1554900136614\",\"indexPatternRefName\":\"control_4_index_pattern\",\"label\":\"User Agent\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"url.full\",\"id\":\"1554900159944\",\"indexPatternRefName\":\"control_5_index_pattern\",\"label\":\"Request URI\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"http.response.status_code\",\"id\":\"1554900185676\",\"indexPatternRefName\":\"control_6_index_pattern\",\"label\":\"Edge Response Status\",\"options\":{\"dynamicOptions\":false,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloudflare.origin.response.status_code\",\"id\":\"1554900211881\",\"indexPatternRefName\":\"control_7_index_pattern\",\"label\":\"Origin Response Status\",\"options\":{\"dynamicOptions\":false,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"destination.ip\",\"id\":\"1556549231725\",\"indexPatternRefName\":\"control_8_index_pattern\",\"label\":\"Origin IP\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloudflare.ray_id\",\"id\":\"1554900244300\",\"indexPatternRefName\":\"control_9_index_pattern\",\"label\":\"RayID\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloudflare.worker.subrequest\",\"id\":\"1554900268999\",\"indexPatternRefName\":\"control_10_index_pattern\",\"label\":\"Worker Subrequest\",\"options\":{\"dynamicOptions\":false,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"http.request.method\",\"id\":\"1554900324235\",\"indexPatternRefName\":\"control_11_index_pattern\",\"label\":\"Client Request Method\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":true,\"updateFiltersOnChange\":true,\"useTimeFilter\":false},\"title\":\"Filters [Cloudflare]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\"}}]","timeRestore":false,"title":"Cloudflare - Security (WAF)","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"cloudflare-ded7e2c0-2955-11e9-b959-4502c43b2e30","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"1:search_0","type":"search"},{"id":"logs-*","name":"1:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"2:search_0","type":"search"},{"id":"logs-*","name":"2:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"3:search_0","type":"search"},{"id":"logs-*","name":"3:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"4:search_0","type":"search"},{"id":"logs-*","name":"4:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"5:search_0","type":"search"},{"id":"logs-*","name":"5:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"6:search_0","type":"search"},{"id":"logs-*","name":"6:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"7:search_0","type":"search"},{"id":"logs-*","name":"7:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"8:search_0","type":"search"},{"id":"logs-*","name":"9:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"10:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"11:control_0_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"11:control_1_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"11:control_2_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"11:control_3_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"11:control_4_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"11:control_5_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"11:control_6_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"11:control_7_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"11:control_8_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"11:control_9_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"11:control_10_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"11:control_11_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"11:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-cloudflare-default","name":"tag-ref-fleet-pkg-cloudflare-default","type":"tag"}],"sort":[1688154054424,7221],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2NjksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HTTP - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"HTTP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"d0f56da0-3648-11e7-bf60-314364dd1cde","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,7223],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2NzAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NTLM - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NTLM - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"d37b9330-3af1-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688154054424,7225],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2NzEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Endgame - All Logs (copy)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Endgame - All Logs\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"d43f0350-6347-11ec-864c-8b5450f97635","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1688154054424,7228],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2NzIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"FTP - Command","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"FTP - Command\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ftp_command.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Command\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"d5681260-4c8c-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,7230],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2NzMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NIDS - Alerts Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"NIDS - Alerts Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 minutes\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"d58ec1a0-34e4-11e7-9669-7f1d3242b798","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,7232],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2NzQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMTP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"d5aa6d00-6e29-11e7-8b76-75eee0095daa","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,7234],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2NzUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"NIDS - Classification","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NIDS - Classification\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"classification.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Classification\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"d66d54c0-4c89-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,7236],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2NzYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RFB - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"d6ec3570-6e21-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,7238],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2NzcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - User Agent","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMTP - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"useragent.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"d776e510-6e28-11e7-8b76-75eee0095daa","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,7240],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2NzgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event_type:bro_conn\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Connections - Service","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Connections - Service\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"service.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"d7d3dda0-54b9-11e9-a48f-b7dfb1d0f288","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,7242],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2NzksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NTLM - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NTLM - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"d7f162b0-6e1c-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688154054424,7244],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2ODAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Sensors/Devices and Services","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Sensors/Devices and Services\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sensor_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Sensor\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"service.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Service\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"d8214de0-4a3a-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,7246],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2ODEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DCE/RPC - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DCE/RPC - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"d979b0f0-4a45-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688154054424,7248],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2ODIsMV0="}
-{"attributes":{"fieldAttrs":"{}","fieldFormatMap":"{}","fields":"[]","name":"logs-osquery_manager.result*","runtimeFieldMap":"{}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"logs-osquery_manager.result*","typeMeta":"{}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"d9f9bbb8-c79a-4976-8209-7e7259142a99","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"sort":[1688154054424,7249],"type":"index-pattern","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2ODMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Software - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Software - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"da4cc2c0-3640-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"ba3d77e0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,7251],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2ODQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NIDS Alerts - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NIDS Alerts - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"db04aef0-399f-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,7253],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2ODUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SSL - Server Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SSL - Server Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ssl.server_name.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ssl.server_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server Name\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"db4dc4a0-75ec-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,7255],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2ODYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSL - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSL - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"db570800-365a-11e7-8bd0-1db2c55fb7a1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,7257],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2ODcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Network Datasets","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Network Datasets\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Dataset\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"event.module.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.dataset.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dataset\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.module.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Module\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"dbe4cc20-6ea7-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"387f44c0-6ea7-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1688154054424,7259],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2ODgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Weird - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Weird - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"dbfe2f00-6e35-11e7-9a19-a5996f8250c6","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"e32d0d50-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,7261],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2ODksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DNS - Queries","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNS - Queries\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"query.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"dcda5680-2927-11e8-b2a2-09f3986ae284","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,7263],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2OTAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSH - Authentication Success","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"SSH - Authentication Success\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Authentication Success\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"authentication_success.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Authentication Success\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"dcea2790-6e33-11e7-9a19-a5996f8250c6","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c33e7600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,7265],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2OTEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SIP - URI","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SIP - URI\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sip.uri.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"f63cba40-75ca-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,7267],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2OTIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:sip\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"1e84368a-ad74-4d57-9793-5c9ce813045b\"},\"panelIndex\":\"1e84368a-ad74-4d57-9793-5c9ce813045b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1e84368a-ad74-4d57-9793-5c9ce813045b\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":13,\"y\":0,\"w\":17,\"h\":8,\"i\":\"304e7cd2-dc4f-4bf4-b1fe-747091d61b67\"},\"panelIndex\":\"304e7cd2-dc4f-4bf4-b1fe-747091d61b67\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_304e7cd2-dc4f-4bf4-b1fe-747091d61b67\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":8,\"i\":\"e87052bf-935e-421b-8208-e798a37edf69\"},\"panelIndex\":\"e87052bf-935e-421b-8208-e798a37edf69\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e87052bf-935e-421b-8208-e798a37edf69\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":8,\"w\":9,\"h\":19,\"i\":\"b2055759-c7fd-43ab-8613-6031e8e148d3\"},\"panelIndex\":\"b2055759-c7fd-43ab-8613-6031e8e148d3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b2055759-c7fd-43ab-8613-6031e8e148d3\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":8,\"w\":9,\"h\":19,\"i\":\"a303da32-bd43-45a5-acbf-093478d734f9\"},\"panelIndex\":\"a303da32-bd43-45a5-acbf-093478d734f9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a303da32-bd43-45a5-acbf-093478d734f9\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":18,\"y\":8,\"w\":8,\"h\":19,\"i\":\"d8632aad-86f0-4290-9480-75ec477ae4cd\"},\"panelIndex\":\"d8632aad-86f0-4290-9480-75ec477ae4cd\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_d8632aad-86f0-4290-9480-75ec477ae4cd\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":26,\"y\":8,\"w\":8,\"h\":19,\"i\":\"ee3b0df5-4a03-470b-9d26-4eedf4f8b8d6\"},\"panelIndex\":\"ee3b0df5-4a03-470b-9d26-4eedf4f8b8d6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_ee3b0df5-4a03-470b-9d26-4eedf4f8b8d6\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":34,\"y\":8,\"w\":14,\"h\":19,\"i\":\"dbe534a3-1a06-4185-b78a-293d7ec848c4\"},\"panelIndex\":\"dbe534a3-1a06-4185-b78a-293d7ec848c4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_dbe534a3-1a06-4185-b78a-293d7ec848c4\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":27,\"w\":12,\"h\":17,\"i\":\"45de60a4-61ab-4b78-8cc7-5a783070c9be\"},\"panelIndex\":\"45de60a4-61ab-4b78-8cc7-5a783070c9be\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_45de60a4-61ab-4b78-8cc7-5a783070c9be\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":27,\"w\":12,\"h\":17,\"i\":\"9cb368f2-b652-4dc9-8427-b88a592e8361\"},\"panelIndex\":\"9cb368f2-b652-4dc9-8427-b88a592e8361\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9cb368f2-b652-4dc9-8427-b88a592e8361\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":27,\"w\":24,\"h\":17,\"i\":\"b78c61e2-61c3-4c43-94d9-c3971ee375be\"},\"panelIndex\":\"b78c61e2-61c3-4c43-94d9-c3971ee375be\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b78c61e2-61c3-4c43-94d9-c3971ee375be\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":44,\"w\":48,\"h\":29,\"i\":\"ba5c8087-cf68-4a4c-9800-05731dca2608\"},\"panelIndex\":\"ba5c8087-cf68-4a4c-9800-05731dca2608\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_ba5c8087-cf68-4a4c-9800-05731dca2608\"}]","timeRestore":false,"title":"Security Onion - SIP","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"dd98e260-75c6-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"1e84368a-ad74-4d57-9793-5c9ce813045b:panel_1e84368a-ad74-4d57-9793-5c9ce813045b","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"304e7cd2-dc4f-4bf4-b1fe-747091d61b67:panel_304e7cd2-dc4f-4bf4-b1fe-747091d61b67","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"e87052bf-935e-421b-8208-e798a37edf69:panel_e87052bf-935e-421b-8208-e798a37edf69","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"b2055759-c7fd-43ab-8613-6031e8e148d3:panel_b2055759-c7fd-43ab-8613-6031e8e148d3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"a303da32-bd43-45a5-acbf-093478d734f9:panel_a303da32-bd43-45a5-acbf-093478d734f9","type":"visualization"},{"id":"272b8ab0-75ca-11ea-9565-7315f4ee5cac","name":"d8632aad-86f0-4290-9480-75ec477ae4cd:panel_d8632aad-86f0-4290-9480-75ec477ae4cd","type":"visualization"},{"id":"9ff24600-75ca-11ea-9565-7315f4ee5cac","name":"ee3b0df5-4a03-470b-9d26-4eedf4f8b8d6:panel_ee3b0df5-4a03-470b-9d26-4eedf4f8b8d6","type":"visualization"},{"id":"f63cba40-75ca-11ea-9565-7315f4ee5cac","name":"dbe534a3-1a06-4185-b78a-293d7ec848c4:panel_dbe534a3-1a06-4185-b78a-293d7ec848c4","type":"visualization"},{"id":"49384710-75ca-11ea-9565-7315f4ee5cac","name":"45de60a4-61ab-4b78-8cc7-5a783070c9be:panel_45de60a4-61ab-4b78-8cc7-5a783070c9be","type":"visualization"},{"id":"81a1a740-75ca-11ea-9565-7315f4ee5cac","name":"9cb368f2-b652-4dc9-8427-b88a592e8361:panel_9cb368f2-b652-4dc9-8427-b88a592e8361","type":"visualization"},{"id":"cf56b070-75ca-11ea-9565-7315f4ee5cac","name":"b78c61e2-61c3-4c43-94d9-c3971ee375be:panel_b78c61e2-61c3-4c43-94d9-c3971ee375be","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"ba5c8087-cf68-4a4c-9800-05731dca2608:panel_ba5c8087-cf68-4a4c-9800-05731dca2608","type":"search"}],"sort":[1688154054424,7280],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2OTMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SIP - Request Path","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SIP - Request Path\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"request_path.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Request Path\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"dddb4430-3752-11e7-b74a-f5057991ccd2","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,7282],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2OTQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNP3 - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNP3 - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"dde8c8a0-3719-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c2587840-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,7284],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2OTUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Firewall - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Firewall - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"df06de60-6d75-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"37c16940-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688154054424,7286],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2OTYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Autoruns - Hostname","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Autoruns - Hostname\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"hostname.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Hostname\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"df5e9e80-6d79-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"dd700830-6d69-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688154054424,7288],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2OTcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SIP - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SIP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"dfd1dc00-6e24-11e7-a261-55504638cf3b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,7290],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2OTgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SMTP  - Destination Country (Donut Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SMTP  - Destination Country (Donut Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"dfe23030-39a1-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,7292],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ2OTksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Files - Source","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Files - Source\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"dff32860-4c8b-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"e929e8a0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,7294],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3MDAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_x509 AND _exists_:certificate_common_name_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"X.509 - Certificate Common Name Frequency Analysis","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"X.509 - Certificate Common Name Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"certificate_common_name_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"certificate_common_name.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Common Name\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"e03ba1d0-6f0a-11e7-83d2-adea2f314dc5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,7296],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3MDEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Hash - SSDeep","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Hash - SSDeep\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Hash\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"hash.ssdeep.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"SSDeep\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"e087c7d0-772d-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,7298],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3MDIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Sysmon - Event ID (Horizontal Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Sysmon - Event ID (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"event_id\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Event Type\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"e09f6010-6d72-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688154054424,7300],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3MDMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FTP - Argument","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"FTP - Argument\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ftp_argument.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Argument\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"e1907430-35b6-11e7-a994-c528746bc6e8","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,7302],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3MDQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NTLM - Hostname","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NTLM - Hostname\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"hostname.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Hostname\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"e2c8e040-3ab0-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688154054424,7304],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3MDUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNS - Destination Port (Horizontal Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"DNS - Destination Port (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":false,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"e3717d80-6e0f-11e7-8624-1fb07dd76c6a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,7306],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3MDYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Kerberos - Cipher (Donut Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Kerberos - Cipher (Donut Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"cipher.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"e3fffae0-3635-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,7308],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3MDcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"HTTP - Destination Country (Vertical Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"HTTP - Destination Country (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"filter\":true},\"title\":{\"text\":\"Country\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"e41a0bd0-6e0a-11e7-84cc-b363f104b3c7","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,7310],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3MDgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"IRC - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"IRC - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"e4615200-35b7-11e7-a994-c528746bc6e8","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"344c6010-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,7312],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3MDksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SNMP - Session Duration","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SNMP - Session Duration\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"duration\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Duration\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"e47015d0-36b9-11e7-9786-41a1d72e15ad","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"b12150a0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,7314],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3MTAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SSH -Server","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSH -Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"e64833a0-4c7b-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c33e7600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,7316],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3MTEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Firewall - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Firewall - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 seconds\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"e76d2eb0-6d6b-11e7-ad64-15aa071374a6","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"37c16940-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688154054424,7318],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3MTIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Syslog - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Syslog - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"syslog-sourceip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"e7a99b10-76e5-11e7-ab14-e1a4c1bc11e0","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"5a86ffe0-76e3-11e7-ab14-e1a4c1bc11e0","name":"search_0","type":"search"}],"sort":[1688154054424,7320],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3MTMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Host - Domain","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Host - Domain\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"host.domain.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Domain\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"e80aa100-7375-11ea-a3da-cbdb4f8a90c0","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,7322],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3MTQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"RADIUS - Username","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RADIUS - Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"e827bab0-4a5a-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"75545310-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,7324],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3MTUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SNMP - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SNMP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"e8511600-36b8-11e7-9786-41a1d72e15ad","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"b12150a0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,7326],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3MTYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Notice - Destination Port (Vertical Bar Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Notice - Destination Port (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"filter\":true},\"title\":{\"text\":\"Port\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"e85e2150-6e0e-11e7-8624-1fb07dd76c6a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,7328],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3MTcsMV0="}
-{"attributes":{"columns":["rule_name","matches","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"ElastAlert","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"e8840d40-7dcf-11e7-a1a2-3be6827d22ce","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:elastalert_status*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,7330],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3MTgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RFB - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"e8982270-6e21-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,7332],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3MTksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Tunnels - Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Tunnels - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"e89c9700-3641-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d26d5510-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,7334],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3MjAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNS - Query/Answer","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNS - Query/Answer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"query.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"answers.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Answer\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"e8e3b8a0-34c1-11e7-917c-af7a9d11771a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,7336],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3MjEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DHCP - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"DHCP - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"e9a7fe80-357b-11e7-ac34-8965f6420c51","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"ac1799d0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,7338],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3MjIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Bro - Syslog - Protocol","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Bro - Syslog - Protocol\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"protocol.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Protocol\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"e9d5ae30-76b6-11e7-94e1-3d2ec4e57ed9","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"269ca380-76b4-11e7-8c3e-cfcdd8c95d87","name":"search_0","type":"search"}],"sort":[1688154054424,7340],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3MjMsMV0="}
-{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.3.0\",\"gridData\":{\"w\":40,\"h\":40,\"x\":8,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"mapCenter\":[39.639537564366684,0.17578125],\"mapZoom\":2,\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.3.0\",\"gridData\":{\"w\":8,\"h\":44,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"}]","timeRestore":false,"title":"Connections - Destination - Top Connection Duration","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"ea211360-46c4-11e7-a82e-d97152153689","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f7492d0-46c4-11e7-a82e-d97152153689","name":"panel_0","type":"visualization"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_1","type":"visualization"}],"sort":[1688154054424,7343],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3MjQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SSL - Summary","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSL - Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server Name\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"certificate_common_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Common Name\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"validation_status.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Validation Status\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"version.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"TLS Version\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"ebec2ea0-4c7c-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,7345],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3MjUsMV0="}
-{"attributes":{"columns":["message"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:ossec_archive\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"OSSEC - Archive","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"ebf74e90-342f-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,7347],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3MjYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SMB - File System","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SMB - File System\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"smb.file_system.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"smb.file_system.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"File System\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"ed215680-75ef-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,7349],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3MjcsMV0="}
-{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.3.0\",\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false},\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.3.0\",\"gridData\":{\"h\":51,\"i\":\"4\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.3.0\",\"gridData\":{\"h\":22,\"i\":\"6\",\"w\":48,\"x\":0,\"y\":51},\"panelIndex\":\"6\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.3.0\",\"gridData\":{\"h\":17,\"i\":\"12\",\"w\":20,\"x\":8,\"y\":34},\"panelIndex\":\"12\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"title\":\"NIDS Alert - Source Port\",\"panelRefName\":\"panel_3\"},{\"version\":\"7.3.0\",\"gridData\":{\"h\":8,\"i\":\"16\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"16\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}},\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.3.0\",\"gridData\":{\"h\":17,\"i\":\"18\",\"w\":20,\"x\":28,\"y\":34},\"panelIndex\":\"18\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"NIDS Alert  - Destination Port\",\"panelRefName\":\"panel_5\"},{\"version\":\"7.3.0\",\"gridData\":{\"h\":16,\"i\":\"19\",\"w\":40,\"x\":8,\"y\":18},\"panelIndex\":\"19\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"NIDS - Alert Summary \",\"panelRefName\":\"panel_6\"},{\"version\":\"7.3.0\",\"gridData\":{\"h\":10,\"i\":\"20\",\"w\":17,\"x\":8,\"y\":8},\"panelIndex\":\"20\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"NIDS - Alert Title\",\"panelRefName\":\"panel_7\"},{\"version\":\"7.3.0\",\"gridData\":{\"h\":10,\"i\":\"21\",\"w\":23,\"x\":25,\"y\":8},\"panelIndex\":\"21\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"NIDS - Rule Signature\",\"panelRefName\":\"panel_8\"}]","timeRestore":false,"title":"NIDS - SID Drilldown","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"ed6f7e20-e060-11e9-8f0c-2ddbf5ed9290","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"d58ec1a0-34e4-11e7-9669-7f1d3242b798","name":"panel_0","type":"visualization"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_1","type":"visualization"},{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"panel_2","type":"search"},{"id":"620283e0-3af5-11e7-a83b-b1b4da7d15f4","name":"panel_3","type":"visualization"},{"id":"AWDG3ym0xQT5EBNmq3mG","name":"panel_4","type":"visualization"},{"id":"3f040620-4a44-11e8-9b0a-f1d33346f773","name":"panel_5","type":"visualization"},{"id":"3a1b54b0-e061-11e9-8f0c-2ddbf5ed9290","name":"panel_6","type":"visualization"},{"id":"1b3faca0-e064-11e9-8f0c-2ddbf5ed9290","name":"panel_7","type":"visualization"},{"id":"6533dd40-e064-11e9-8f0c-2ddbf5ed9290","name":"panel_8","type":"visualization"}],"sort":[1688154054424,7359],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3MjgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - HTTP - Version","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - HTTP - Version\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.version.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"ede56800-6ed7-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9ee33aa0-6eb1-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1688154054424,7361],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3MjksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"OSSEC Alerts - Event Summary","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"OSSEC Alerts - Event Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"description.keyword\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Description\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"agent.name.keyword\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Agent\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"\",\"customLabel\":\"Username\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"ee0ba080-4a3d-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d9096bb0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,7363],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3MzAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NTLM - Server DNS Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NTLM - Server DNS Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server_dns_computer_name.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server DNS Name\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"ee6a03f0-0edc-11e9-9846-59f545e7293f","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688154054424,7365],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3MzEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FTP - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"FTP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"eead8540-6e14-11e7-8624-1fb07dd76c6a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,7367],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3MzIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"RDP - Encryption Level (Vertical Bar Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"RDP - Encryption Level (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0,\"filter\":true},\"title\":{\"text\":\"Encryption Level\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"encryption_level.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Encryption Level\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"ef307a70-6e20-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,7369],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3MzMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNP3 - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNP3 - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"ef7546c0-3719-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c2587840-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,7371],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3MzQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:ssl\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"7ba54e84-e774-489e-b4e5-156bff163007\"},\"panelIndex\":\"7ba54e84-e774-489e-b4e5-156bff163007\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7ba54e84-e774-489e-b4e5-156bff163007\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":13,\"y\":0,\"w\":16,\"h\":8,\"i\":\"83706228-debf-441c-ab7f-2e20c91ec132\"},\"panelIndex\":\"83706228-debf-441c-ab7f-2e20c91ec132\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_83706228-debf-441c-ab7f-2e20c91ec132\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":8,\"i\":\"e06b2a92-d78b-4d77-9948-40a96a630656\"},\"panelIndex\":\"e06b2a92-d78b-4d77-9948-40a96a630656\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e06b2a92-d78b-4d77-9948-40a96a630656\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":8,\"w\":9,\"h\":20,\"i\":\"6f2ba042-522e-43a3-8b9f-0d00e1b60070\"},\"panelIndex\":\"6f2ba042-522e-43a3-8b9f-0d00e1b60070\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6f2ba042-522e-43a3-8b9f-0d00e1b60070\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":8,\"w\":10,\"h\":20,\"i\":\"f9b0f61d-4ff7-4bfb-a210-61ac7c07407a\"},\"panelIndex\":\"f9b0f61d-4ff7-4bfb-a210-61ac7c07407a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f9b0f61d-4ff7-4bfb-a210-61ac7c07407a\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":19,\"y\":8,\"w\":11,\"h\":20,\"i\":\"19764782-13cb-4b14-b272-d30fbdead5a2\"},\"panelIndex\":\"19764782-13cb-4b14-b272-d30fbdead5a2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_19764782-13cb-4b14-b272-d30fbdead5a2\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":30,\"y\":8,\"w\":18,\"h\":20,\"i\":\"8e0caa58-2dba-4d73-bf54-2c5452b7e5ff\"},\"panelIndex\":\"8e0caa58-2dba-4d73-bf54-2c5452b7e5ff\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8e0caa58-2dba-4d73-bf54-2c5452b7e5ff\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":28,\"w\":48,\"h\":21,\"i\":\"a804d523-cf9b-47f1-85ca-4931defc69ce\"},\"panelIndex\":\"a804d523-cf9b-47f1-85ca-4931defc69ce\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a804d523-cf9b-47f1-85ca-4931defc69ce\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":49,\"w\":48,\"h\":21,\"i\":\"6ce88ef8-a636-4f1c-85e9-922ab70a500f\"},\"panelIndex\":\"6ce88ef8-a636-4f1c-85e9-922ab70a500f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6ce88ef8-a636-4f1c-85e9-922ab70a500f\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":70,\"w\":48,\"h\":29,\"i\":\"75b95d1d-98a0-4d86-b72b-1ecc6f5d7c5a\"},\"panelIndex\":\"75b95d1d-98a0-4d86-b72b-1ecc6f5d7c5a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_75b95d1d-98a0-4d86-b72b-1ecc6f5d7c5a\"}]","timeRestore":false,"title":"Security Onion - SSL","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"efae8de0-75eb-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"7ba54e84-e774-489e-b4e5-156bff163007:panel_7ba54e84-e774-489e-b4e5-156bff163007","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"83706228-debf-441c-ab7f-2e20c91ec132:panel_83706228-debf-441c-ab7f-2e20c91ec132","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"e06b2a92-d78b-4d77-9948-40a96a630656:panel_e06b2a92-d78b-4d77-9948-40a96a630656","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"6f2ba042-522e-43a3-8b9f-0d00e1b60070:panel_6f2ba042-522e-43a3-8b9f-0d00e1b60070","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"f9b0f61d-4ff7-4bfb-a210-61ac7c07407a:panel_f9b0f61d-4ff7-4bfb-a210-61ac7c07407a","type":"visualization"},{"id":"db4dc4a0-75ec-11ea-9565-7315f4ee5cac","name":"19764782-13cb-4b14-b272-d30fbdead5a2:panel_19764782-13cb-4b14-b272-d30fbdead5a2","type":"visualization"},{"id":"b8371250-75ec-11ea-9565-7315f4ee5cac","name":"8e0caa58-2dba-4d73-bf54-2c5452b7e5ff:panel_8e0caa58-2dba-4d73-bf54-2c5452b7e5ff","type":"visualization"},{"id":"4e8cbf80-75ec-11ea-9565-7315f4ee5cac","name":"a804d523-cf9b-47f1-85ca-4931defc69ce:panel_a804d523-cf9b-47f1-85ca-4931defc69ce","type":"visualization"},{"id":"6fccb600-75ec-11ea-9565-7315f4ee5cac","name":"6ce88ef8-a636-4f1c-85e9-922ab70a500f:panel_6ce88ef8-a636-4f1c-85e9-922ab70a500f","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"75b95d1d-98a0-4d86-b72b-1ecc6f5d7c5a:panel_75b95d1d-98a0-4d86-b72b-1ecc6f5d7c5a","type":"search"}],"sort":[1688154054424,7382],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3MzUsMV0="}
-{"attributes":{"columns":["data_stream.dataset","error.message"],"description":"","grid":{"columns":{"data_stream.dataset":{"width":171}}},"hideChart":true,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"event.kind: pipeline_error and error.message : * \"}}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"[Elastic Agent] Integration Errors","usesAdHocDataView":false},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"elastic_agent-462b68c0-b10b-11ed-957f-f1c897630287","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-elastic_agent-default","name":"tag-ref-fleet-pkg-elastic_agent-default","type":"tag"}],"sort":[1688154054424,7386],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3MzYsMV0="}
-{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{\"4a765eb5-fe8e-4ef3-9930-ef8f832a6832\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"data_stream.dataset\",\"title\":\"Integration Name\",\"id\":\"4a765eb5-fe8e-4ef3-9930-ef8f832a6832\",\"enhancements\":{},\"selectedOptions\":[]}},\"d5126805-1e20-4c32-8c7b-a9c0afee3215\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"agent.name\",\"title\":\"Agent Name\",\"id\":\"d5126805-1e20-4c32-8c7b-a9c0afee3215\",\"enhancements\":{}}}}"},"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":42,\"i\":\"f89ab83c-c65a-442f-9161-8459e71518cd\",\"w\":7,\"x\":0,\"y\":0},\"panelIndex\":\"f89ab83c-c65a-442f-9161-8459e71518cd\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"**Navigation**\\n\\n**Agent Health**  \\n\\n[Overview](/app/dashboards#/view/elastic_agent-a148dc70-6b3c-11ed-98de-67bdecd21824)  \\n[Agent Info](/app/dashboards#/view/elastic_agent-0600ffa0-6b5e-11ed-98de-67bdecd21824)  \\n[Agent Metrics](/app/dashboards#/view/elastic_agent-f47f18cc-9c7d-4278-b2ea-a6dee816d395)  \\n**[Integrations](/app/dashboards#/view/elastic_agent-1a4e7280-6b5e-11ed-98de-67bdecd21824)**  \\n\\n\\n**Overview**\\n\\nThis dashboards visualizes the statistics and overall health of all the active integrations.\\n\\n\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Table of Contents\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":14,\"i\":\"54f07979-6f4b-4535-b97b-0552bbeb9b39\",\"w\":12,\"x\":7,\"y\":0},\"panelIndex\":\"54f07979-6f4b-4535-b97b-0552bbeb9b39\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-d125ad67-b062-4e41-ae8b-1db28534246f\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"ec330081-de01-4c31-808f-3bfa4c01193b\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"d125ad67-b062-4e41-ae8b-1db28534246f\":{\"columnOrder\":[\"7fded190-da7d-4eb2-8a9b-0c21e50f699e\",\"0298e2d3-1fb8-4dad-a555-50089f811e70\"],\"columns\":{\"0298e2d3-1fb8-4dad-a555-50089f811e70\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"event.kind:\\\"pipeline_error\\\" \"},\"isBucketed\":false,\"label\":\"Errors\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":false,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}}},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"7fded190-da7d-4eb2-8a9b-0c21e50f699e\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Integrations\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"fallback\":false,\"type\":\"alphabetical\"},\"orderDirection\":\"asc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":100},\"scale\":\"ordinal\",\"sourceField\":\"data_stream.dataset\"}},\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"ec330081-de01-4c31-808f-3bfa4c01193b\",\"key\":\"data_stream.dataset\",\"negate\":true,\"params\":[\"elastic_agent.*\",\"elastic_agent\"],\"type\":\"phrases\",\"value\":[\"elastic_agent.*\",\"elastic_agent\"]},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"elastic_agent.*\"}},{\"match_phrase\":{\"data_stream.dataset\":\"elastic_agent\"}}]}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"colorMode\":\"cell\",\"columnId\":\"0298e2d3-1fb8-4dad-a555-50089f811e70\",\"isTransposed\":false,\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#54B399\",\"stop\":0},{\"color\":\"#CC5642\",\"stop\":1}],\"continuity\":\"above\",\"name\":\"custom\",\"rangeMax\":null,\"rangeMin\":0,\"rangeType\":\"number\",\"steps\":5,\"stops\":[{\"color\":\"#54B399\",\"stop\":1},{\"color\":\"#CC5642\",\"stop\":5}]},\"type\":\"palette\"},\"summaryLabel\":\"Total Errors\",\"summaryRow\":\"none\",\"width\":170},{\"columnId\":\"7fded190-da7d-4eb2-8a9b-0c21e50f699e\",\"isTransposed\":false,\"width\":429}],\"headerRowHeight\":\"single\",\"headerRowHeightLines\":1,\"layerId\":\"d125ad67-b062-4e41-ae8b-1db28534246f\",\"layerType\":\"data\",\"paging\":{\"enabled\":true,\"size\":10},\"rowHeight\":\"single\",\"rowHeightLines\":1,\"sorting\":{\"columnId\":\"0298e2d3-1fb8-4dad-a555-50089f811e70\",\"direction\":\"desc\"}}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"[Elastic Agent] Integration Errors Table\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":14,\"i\":\"e2b6fbdd-506f-4b42-bd11-01a33205f6da\",\"w\":29,\"x\":19,\"y\":0},\"panelIndex\":\"e2b6fbdd-506f-4b42-bd11-01a33205f6da\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-3eae8cc8-c7dd-4928-a680-2d184923881f\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"970463b2-ccd3-4298-8f57-17b6e8dbaef0\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"3eae8cc8-c7dd-4928-a680-2d184923881f\":{\"columnOrder\":[\"fe1ea7d3-8330-4e4f-ad33-d058cfc96007\",\"30a1bcb7-9331-4748-93d8-dd1a4e554d2c\",\"01d61a02-d08d-4149-a1c0-02744ac2467f\"],\"columns\":{\"01d61a02-d08d-4149-a1c0-02744ac2467f\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Events\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}}},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"30a1bcb7-9331-4748-93d8-dd1a4e554d2c\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":true,\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"fe1ea7d3-8330-4e4f-ad33-d058cfc96007\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Datasets\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"01d61a02-d08d-4149-a1c0-02744ac2467f\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"data_stream.dataset\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"970463b2-ccd3-4298-8f57-17b6e8dbaef0\",\"key\":\"data_stream.dataset\",\"negate\":true,\"params\":{\"query\":\"elastic_agent*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"elastic_agent*\"}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"01d61a02-d08d-4149-a1c0-02744ac2467f\"],\"layerId\":\"3eae8cc8-c7dd-4928-a680-2d184923881f\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"area_stacked\",\"showGridlines\":false,\"splitAccessor\":\"fe1ea7d3-8330-4e4f-ad33-d058cfc96007\",\"xAccessor\":\"30a1bcb7-9331-4748-93d8-dd1a4e554d2c\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"area_stacked\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"[Elastic Agent] Events per Integration\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":20,\"i\":\"91739766-1a6c-4e96-9ad8-c9be52c03ff6\",\"w\":41,\"x\":7,\"y\":14},\"panelIndex\":\"91739766-1a6c-4e96-9ad8-c9be52c03ff6\",\"panelRefName\":\"panel_91739766-1a6c-4e96-9ad8-c9be52c03ff6\",\"type\":\"search\",\"version\":\"8.6.1\"}]","timeRestore":false,"title":"[Elastic Agent] Integrations","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"elastic_agent-1a4e7280-6b5e-11ed-98de-67bdecd21824","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"54f07979-6f4b-4535-b97b-0552bbeb9b39:indexpattern-datasource-layer-d125ad67-b062-4e41-ae8b-1db28534246f","type":"index-pattern"},{"id":"logs-*","name":"54f07979-6f4b-4535-b97b-0552bbeb9b39:ec330081-de01-4c31-808f-3bfa4c01193b","type":"index-pattern"},{"id":"logs-*","name":"e2b6fbdd-506f-4b42-bd11-01a33205f6da:indexpattern-datasource-layer-3eae8cc8-c7dd-4928-a680-2d184923881f","type":"index-pattern"},{"id":"logs-*","name":"e2b6fbdd-506f-4b42-bd11-01a33205f6da:970463b2-ccd3-4298-8f57-17b6e8dbaef0","type":"index-pattern"},{"id":"elastic_agent-462b68c0-b10b-11ed-957f-f1c897630287","name":"91739766-1a6c-4e96-9ad8-c9be52c03ff6:panel_91739766-1a6c-4e96-9ad8-c9be52c03ff6","type":"search"},{"id":"logs-*","name":"controlGroup_4a765eb5-fe8e-4ef3-9930-ef8f832a6832:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_d5126805-1e20-4c32-8c7b-a9c0afee3215:optionsListDataView","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-elastic_agent-default","name":"tag-ref-fleet-pkg-elastic_agent-default","type":"tag"}],"sort":[1688154054424,7396],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3MzcsMV0="}
-{"attributes":{"columns":["agent.name","message"],"description":"","grid":{"columns":{"agent.name":{"width":182}}},"hideChart":true,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"elastic_agent*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"elastic_agent*\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"log.level\",\"negate\":false,\"params\":{\"query\":\"error\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"log.level\":\"error\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"[Elastic Agent] Agent Errors","usesAdHocDataView":false},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"elastic_agent-522c9e20-ad53-11ed-957f-f1c897630287","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-elastic_agent-default","name":"tag-ref-fleet-pkg-elastic_agent-default","type":"tag"}],"sort":[1688154054424,7402],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3MzgsMV0="}
-{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{\"280071dd-16c7-4610-bae7-bc8f07cc6a1b\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"agent.name\",\"title\":\"Agent Hostname\",\"id\":\"280071dd-16c7-4610-bae7-bc8f07cc6a1b\",\"selectedOptions\":[],\"enhancements\":{}}},\"66670886-33b8-4cf9-95f3-fe4bff859fe9\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"data_stream.dataset\",\"title\":\"Integration Name\",\"id\":\"66670886-33b8-4cf9-95f3-fe4bff859fe9\",\"enhancements\":{}}},\"d6bc511d-a0f0-450c-b023-4d0295729dca\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"agent.version\",\"title\":\"Agent Version\",\"id\":\"d6bc511d-a0f0-450c-b023-4d0295729dca\",\"enhancements\":{}}}}"},"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":49,\"i\":\"10f18ea6-0bc4-4a96-ae2d-da7ed34c3c1a\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"10f18ea6-0bc4-4a96-ae2d-da7ed34c3c1a\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"**Navigation**\\n\\n**Agent Health**  \\n\\n[Overview](/app/dashboards#/view/elastic_agent-a148dc70-6b3c-11ed-98de-67bdecd21824)  \\n**[Agent Info](/app/dashboards#/view/elastic_agent-0600ffa0-6b5e-11ed-98de-67bdecd21824)**  \\n[Agent Metrics](/app/dashboards#/view/elastic_agent-f47f18cc-9c7d-4278-b2ea-a6dee816d395)  \\n[Integrations](/app/dashboards#/view/elastic_agent-1a4e7280-6b5e-11ed-98de-67bdecd21824)  \\n\\n**Overview**\\n\\nThis dashboards shows more detailed health information specifically related to running Elastic Agent instances.\\n\\n\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Table of Contents\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":14,\"i\":\"1fa17cb8-3a19-4fc7-9631-0f44ce8692b4\",\"w\":22,\"x\":8,\"y\":0},\"panelIndex\":\"1fa17cb8-3a19-4fc7-9631-0f44ce8692b4\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-299e2c43-13cd-477a-ba36-4c0f84bd32a4\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"ffe5b460-523c-4b2c-9403-4f6b7917c660\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"299e2c43-13cd-477a-ba36-4c0f84bd32a4\":{\"columnOrder\":[\"6188d370-f9d9-4ba3-aac8-5cc572219dcc\",\"022e5adc-bfb0-453a-ab84-37daa27b1d72\"],\"columns\":{\"022e5adc-bfb0-453a-ab84-37daa27b1d72\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Events\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"6188d370-f9d9-4ba3-aac8-5cc572219dcc\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Agents\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"022e5adc-bfb0-453a-ab84-37daa27b1d72\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":100},\"scale\":\"ordinal\",\"sourceField\":\"agent.name\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"ffe5b460-523c-4b2c-9403-4f6b7917c660\",\"key\":\"data_stream.dataset\",\"negate\":true,\"params\":[\"elastic_agent*\",\"apm.*\"],\"type\":\"phrases\",\"value\":[\"elastic_agent*\",\"apm.*\"]},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"elastic_agent*\"}},{\"match_phrase\":{\"data_stream.dataset\":\"apm.*\"}}]}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"Zero\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"hideEndzones\":false,\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"022e5adc-bfb0-453a-ab84-37daa27b1d72\"],\"layerId\":\"299e2c43-13cd-477a-ba36-4c0f84bd32a4\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar\",\"showGridlines\":false,\"splitAccessor\":\"6188d370-f9d9-4ba3-aac8-5cc572219dcc\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"showSingleSeries\":true},\"preferredSeriesType\":\"bar\",\"showCurrentTimeMarker\":false,\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"valuesInLegend\":true,\"xTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"[Elastic Agent] Most Active Agents\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":14,\"i\":\"36dd783f-4b32-41db-8d33-e2fb7b4d9365\",\"w\":18,\"x\":30,\"y\":0},\"panelIndex\":\"36dd783f-4b32-41db-8d33-e2fb7b4d9365\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-d2a77691-eb30-480e-b021-e323a1f67f07\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"79d7f2b4-c4d9-4b9b-9e3f-5b70226aebe0\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"d2a77691-eb30-480e-b021-e323a1f67f07\":{\"columnOrder\":[\"f82bd006-d5e8-42cf-975b-8c49ed8de2fe\",\"a9b13926-7e9f-4786-9372-af9a5aad1e4e\"],\"columns\":{\"a9b13926-7e9f-4786-9372-af9a5aad1e4e\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Agents\",\"operationType\":\"unique_count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"agent.name\"},\"f82bd006-d5e8-42cf-975b-8c49ed8de2fe\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Versions\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"a9b13926-7e9f-4786-9372-af9a5aad1e4e\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":9},\"scale\":\"ordinal\",\"sourceField\":\"agent.version\"}},\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"79d7f2b4-c4d9-4b9b-9e3f-5b70226aebe0\",\"key\":\"data_stream.dataset\",\"negate\":true,\"params\":{\"query\":\"apm.*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"apm.*\"}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"d2a77691-eb30-480e-b021-e323a1f67f07\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"metrics\":[\"a9b13926-7e9f-4786-9372-af9a5aad1e4e\"],\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"f82bd006-d5e8-42cf-975b-8c49ed8de2fe\"]}],\"shape\":\"donut\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"[Elastic Agent] Agent Versions\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":14,\"i\":\"5848c519-791c-45e2-b350-0740a12c3ace\",\"w\":22,\"x\":8,\"y\":14},\"panelIndex\":\"5848c519-791c-45e2-b350-0740a12c3ace\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-501c5bb4-5af0-46bf-99c1-e08ed2c31111\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"1f7f4c46-4a2f-4cf8-8509-dc41aab93385\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"501c5bb4-5af0-46bf-99c1-e08ed2c31111\":{\"columnOrder\":[\"a99f6081-4d6b-418d-92b5-28f77a248cbf\",\"97253ea0-c03f-4fc1-8512-c882a3018973\",\"97253ea0-c03f-4fc1-8512-c882a3018973X0\",\"97253ea0-c03f-4fc1-8512-c882a3018973X1\"],\"columns\":{\"97253ea0-c03f-4fc1-8512-c882a3018973\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Errors\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}},\"formula\":\"defaults(count(kql='log.level : \\\"error\\\" '), 0)\",\"isFormulaBroken\":false},\"references\":[\"97253ea0-c03f-4fc1-8512-c882a3018973X1\"],\"scale\":\"ratio\"},\"97253ea0-c03f-4fc1-8512-c882a3018973X0\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"log.level : \\\"error\\\" \"},\"isBucketed\":false,\"label\":\"Part of Errors\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"97253ea0-c03f-4fc1-8512-c882a3018973X1\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Errors\",\"operationType\":\"math\",\"params\":{\"tinymathAst\":{\"args\":[\"97253ea0-c03f-4fc1-8512-c882a3018973X0\",0],\"location\":{\"max\":46,\"min\":0},\"name\":\"defaults\",\"text\":\"defaults(count(kql='log.level : \\\"error\\\" '), 0)\",\"type\":\"function\"}},\"references\":[\"97253ea0-c03f-4fc1-8512-c882a3018973X0\"],\"scale\":\"ratio\"},\"a99f6081-4d6b-418d-92b5-28f77a248cbf\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Agents\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderAgg\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"orderBy\":{\"type\":\"custom\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":100},\"scale\":\"ordinal\",\"sourceField\":\"agent.name\"}},\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"1f7f4c46-4a2f-4cf8-8509-dc41aab93385\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"elastic_agent*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"elastic_agent*\"}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"a99f6081-4d6b-418d-92b5-28f77a248cbf\",\"isTransposed\":false},{\"colorMode\":\"cell\",\"columnId\":\"97253ea0-c03f-4fc1-8512-c882a3018973\",\"isTransposed\":false,\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#54B399\",\"stop\":0},{\"color\":\"#CC5642\",\"stop\":1}],\"continuity\":\"above\",\"name\":\"custom\",\"rangeMax\":null,\"rangeMin\":0,\"rangeType\":\"number\",\"steps\":5,\"stops\":[{\"color\":\"#54B399\",\"stop\":1},{\"color\":\"#CC5642\",\"stop\":2}]},\"type\":\"palette\"}}],\"layerId\":\"501c5bb4-5af0-46bf-99c1-e08ed2c31111\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"[Elastic Agent] Agents with Errors\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":14,\"i\":\"ea70f89b-accb-4972-9119-b04d1afae410\",\"w\":18,\"x\":30,\"y\":14},\"panelIndex\":\"ea70f89b-accb-4972-9119-b04d1afae410\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-2b14e40b-0f07-4713-b7fb-96b4df2c93aa\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"5aae4230-61df-4557-972b-cf52a1c78870\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"2b14e40b-0f07-4713-b7fb-96b4df2c93aa\":{\"columnOrder\":[\"0af06ae8-c199-4684-a132-a1a3d42acaec\",\"faf97258-224e-4050-9c05-3c4bb647a9f0\"],\"columns\":{\"0af06ae8-c199-4684-a132-a1a3d42acaec\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Agents\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"faf97258-224e-4050-9c05-3c4bb647a9f0\",\"type\":\"column\"},\"orderDirection\":\"asc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"agent.name\"},\"faf97258-224e-4050-9c05-3c4bb647a9f0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Number of Integrations\",\"operationType\":\"unique_count\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}}},\"scale\":\"ratio\",\"sourceField\":\"data_stream.dataset\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"5aae4230-61df-4557-972b-cf52a1c78870\",\"key\":\"data_stream.dataset\",\"negate\":true,\"params\":{\"query\":\"elastic_agent*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"elastic_agent*\"}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"2b14e40b-0f07-4713-b7fb-96b4df2c93aa\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"metrics\":[\"faf97258-224e-4050-9c05-3c4bb647a9f0\"],\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"0af06ae8-c199-4684-a132-a1a3d42acaec\"]}],\"shape\":\"donut\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"action\":{\"config\":{\"openInNewTab\":false,\"useCurrentDateRange\":true,\"useCurrentFilters\":false},\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"Integrations Dashboard\"},\"eventId\":\"f2edc3a8-5d50-4649-bb16-536aa103ed58\",\"triggers\":[\"FILTER_TRIGGER\"]}]}},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"[Elastic Agent] Integrations per Agent\"},{\"embeddableConfig\":{\"enhancements\":{},\"rowHeight\":-1},\"gridData\":{\"h\":21,\"i\":\"9604578e-7da2-4575-923e-f15e51bca436\",\"w\":40,\"x\":8,\"y\":28},\"panelIndex\":\"9604578e-7da2-4575-923e-f15e51bca436\",\"panelRefName\":\"panel_9604578e-7da2-4575-923e-f15e51bca436\",\"type\":\"search\",\"version\":\"8.6.1\"}]","timeRestore":false,"title":"[Elastic Agent] Agent Info","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"elastic_agent-0600ffa0-6b5e-11ed-98de-67bdecd21824","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"1fa17cb8-3a19-4fc7-9631-0f44ce8692b4:indexpattern-datasource-layer-299e2c43-13cd-477a-ba36-4c0f84bd32a4","type":"index-pattern"},{"id":"logs-*","name":"1fa17cb8-3a19-4fc7-9631-0f44ce8692b4:ffe5b460-523c-4b2c-9403-4f6b7917c660","type":"index-pattern"},{"id":"logs-*","name":"36dd783f-4b32-41db-8d33-e2fb7b4d9365:indexpattern-datasource-layer-d2a77691-eb30-480e-b021-e323a1f67f07","type":"index-pattern"},{"id":"logs-*","name":"36dd783f-4b32-41db-8d33-e2fb7b4d9365:79d7f2b4-c4d9-4b9b-9e3f-5b70226aebe0","type":"index-pattern"},{"id":"logs-*","name":"5848c519-791c-45e2-b350-0740a12c3ace:indexpattern-datasource-layer-501c5bb4-5af0-46bf-99c1-e08ed2c31111","type":"index-pattern"},{"id":"logs-*","name":"5848c519-791c-45e2-b350-0740a12c3ace:1f7f4c46-4a2f-4cf8-8509-dc41aab93385","type":"index-pattern"},{"id":"logs-*","name":"ea70f89b-accb-4972-9119-b04d1afae410:indexpattern-datasource-layer-2b14e40b-0f07-4713-b7fb-96b4df2c93aa","type":"index-pattern"},{"id":"logs-*","name":"ea70f89b-accb-4972-9119-b04d1afae410:5aae4230-61df-4557-972b-cf52a1c78870","type":"index-pattern"},{"id":"elastic_agent-1a4e7280-6b5e-11ed-98de-67bdecd21824","name":"ea70f89b-accb-4972-9119-b04d1afae410:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:f2edc3a8-5d50-4649-bb16-536aa103ed58:dashboardId","type":"dashboard"},{"id":"elastic_agent-522c9e20-ad53-11ed-957f-f1c897630287","name":"9604578e-7da2-4575-923e-f15e51bca436:panel_9604578e-7da2-4575-923e-f15e51bca436","type":"search"},{"id":"logs-*","name":"controlGroup_280071dd-16c7-4610-bae7-bc8f07cc6a1b:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_66670886-33b8-4cf9-95f3-fe4bff859fe9:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_d6bc511d-a0f0-450c-b023-4d0295729dca:optionsListDataView","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-elastic_agent-default","name":"tag-ref-fleet-pkg-elastic_agent-default","type":"tag"}],"sort":[1688154054424,7418],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3MzksMV0="}
-{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"twoLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{}"},"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":32,\"i\":\"7ec831d9-fe10-44ae-8859-ac8ed50ef16f\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"7ec831d9-fe10-44ae-8859-ac8ed50ef16f\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"**Navigation**\\n\\n**Agent Health**  \\n\\n**[Overview](/app/dashboards#/view/elastic_agent-a148dc70-6b3c-11ed-98de-67bdecd21824)**  \\n[Agent Info](/app/dashboards#/view/elastic_agent-0600ffa0-6b5e-11ed-98de-67bdecd21824)  \\n[Agent Metrics](/app/dashboards#/view/elastic_agent-f47f18cc-9c7d-4278-b2ea-a6dee816d395)  \\n[Integrations](/app/dashboards#/view/elastic_agent-1a4e7280-6b5e-11ed-98de-67bdecd21824)  \\n\\n**Overview**\\n\\nThis dashboard gives an overview of the current overall state and health of all Agents and their related enabled Integrations.\\n\\n\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Table of Contents\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":4,\"i\":\"106d153c-b2ce-497f-92a2-a6e37f3fee48\",\"w\":10,\"x\":8,\"y\":0},\"panelIndex\":\"106d153c-b2ce-497f-92a2-a6e37f3fee48\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-7a3dc055-1f15-4a42-b451-90a79c11e49c\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"cb5da399-620a-4db3-91d2-13febb4e0811\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"7a3dc055-1f15-4a42-b451-90a79c11e49c\":{\"columnOrder\":[\"15e49cfd-4bd5-4d51-af12-0878e9597dfa\",\"15e49cfd-4bd5-4d51-af12-0878e9597dfaX0\",\"15e49cfd-4bd5-4d51-af12-0878e9597dfaX1\"],\"columns\":{\"15e49cfd-4bd5-4d51-af12-0878e9597dfa\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"isBucketed\":false,\"label\":\"Integrations Enabled\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"number\",\"params\":{\"decimals\":2}},\"formula\":\"defaults(unique_count(data_stream.dataset), 0)\",\"isFormulaBroken\":false},\"references\":[\"15e49cfd-4bd5-4d51-af12-0878e9597dfaX1\"],\"scale\":\"ratio\"},\"15e49cfd-4bd5-4d51-af12-0878e9597dfaX0\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"isBucketed\":false,\"label\":\"Part of defaults(unique_count(data_stream.dataset), 0)\",\"operationType\":\"unique_count\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"data_stream.dataset\"},\"15e49cfd-4bd5-4d51-af12-0878e9597dfaX1\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of defaults(unique_count(data_stream.dataset), 0)\",\"operationType\":\"math\",\"params\":{\"tinymathAst\":{\"args\":[\"15e49cfd-4bd5-4d51-af12-0878e9597dfaX0\",0],\"location\":{\"max\":46,\"min\":0},\"name\":\"defaults\",\"text\":\"defaults(unique_count(data_stream.dataset), 0)\",\"type\":\"function\"}},\"references\":[\"15e49cfd-4bd5-4d51-af12-0878e9597dfaX0\"],\"scale\":\"ratio\"}},\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"cb5da399-620a-4db3-91d2-13febb4e0811\",\"key\":\"data_stream.dataset\",\"negate\":true,\"params\":{\"query\":\"elastic_agent*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"elastic_agent*\"}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layerId\":\"7a3dc055-1f15-4a42-b451-90a79c11e49c\",\"layerType\":\"data\",\"metricAccessor\":\"15e49cfd-4bd5-4d51-af12-0878e9597dfa\",\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#cc5642\",\"stop\":null},{\"color\":\"#54B399\",\"stop\":1}],\"continuity\":\"all\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":null,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#cc5642\",\"stop\":1},{\"color\":\"#54B399\",\"stop\":20}]},\"type\":\"palette\"}}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\"},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"action\":{\"config\":{\"openInNewTab\":false,\"useCurrentDateRange\":true,\"useCurrentFilters\":true},\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"View Integrations Dashboard\"},\"eventId\":\"9ecd8fe7-916e-468c-a071-4ea76cf09520\",\"triggers\":[\"FILTER_TRIGGER\"]}]}},\"hidePanelTitles\":true,\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":4,\"i\":\"f7fb14c3-542a-4dcb-a141-ea6f57f7ec50\",\"w\":10,\"x\":18,\"y\":0},\"panelIndex\":\"f7fb14c3-542a-4dcb-a141-ea6f57f7ec50\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-87b97f29-3b44-4769-8c7c-469a4d9a906f\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"87b97f29-3b44-4769-8c7c-469a4d9a906f\":{\"columnOrder\":[\"ff7ba9db-cf33-4cda-be08-7ca4d3c4bcd2\",\"ff7ba9db-cf33-4cda-be08-7ca4d3c4bcd2X0\",\"ff7ba9db-cf33-4cda-be08-7ca4d3c4bcd2X1\"],\"columns\":{\"ff7ba9db-cf33-4cda-be08-7ca4d3c4bcd2\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Ingest Errors\",\"operationType\":\"formula\",\"params\":{\"formula\":\"defaults(count(event.kind, kql='event.kind: pipeline_error'), 0)\",\"isFormulaBroken\":false},\"references\":[\"ff7ba9db-cf33-4cda-be08-7ca4d3c4bcd2X1\"],\"scale\":\"ratio\"},\"ff7ba9db-cf33-4cda-be08-7ca4d3c4bcd2X0\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"event.kind: pipeline_error\"},\"isBucketed\":false,\"label\":\"Part of Ingest Errors\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"event.kind\"},\"ff7ba9db-cf33-4cda-be08-7ca4d3c4bcd2X1\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Ingest Errors\",\"operationType\":\"math\",\"params\":{\"tinymathAst\":{\"args\":[\"ff7ba9db-cf33-4cda-be08-7ca4d3c4bcd2X0\",0],\"location\":{\"max\":64,\"min\":0},\"name\":\"defaults\",\"text\":\"defaults(count(event.kind, kql='event.kind: pipeline_error'), 0)\",\"type\":\"function\"}},\"references\":[\"ff7ba9db-cf33-4cda-be08-7ca4d3c4bcd2X0\"],\"scale\":\"ratio\"}},\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layerId\":\"87b97f29-3b44-4769-8c7c-469a4d9a906f\",\"layerType\":\"data\",\"metricAccessor\":\"ff7ba9db-cf33-4cda-be08-7ca4d3c4bcd2\",\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#54B399\",\"stop\":null},{\"color\":\"#cc5642\",\"stop\":1}],\"continuity\":\"all\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":null,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#54B399\",\"stop\":1},{\"color\":\"#cc5642\",\"stop\":2}]},\"type\":\"palette\"}}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\"},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"action\":{\"config\":{\"openInNewTab\":false,\"useCurrentDateRange\":true,\"useCurrentFilters\":true},\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"View Integrations Dashboard\"},\"eventId\":\"34bc44f3-8bfe-424b-ada8-225ec0ca67a6\",\"triggers\":[\"FILTER_TRIGGER\"]}]}},\"hidePanelTitles\":true,\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":4,\"i\":\"d9875e32-dd5f-4084-81c5-262f7bd0ccba\",\"w\":10,\"x\":28,\"y\":0},\"panelIndex\":\"d9875e32-dd5f-4084-81c5-262f7bd0ccba\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-468dc136-5f5c-4cd1-8569-cc8529881e52\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"468dc136-5f5c-4cd1-8569-cc8529881e52\":{\"columnOrder\":[\"a829ad10-3d32-47f1-8652-6cc35ed80edf\",\"a829ad10-3d32-47f1-8652-6cc35ed80edfX0\",\"a829ad10-3d32-47f1-8652-6cc35ed80edfX1\"],\"columns\":{\"a829ad10-3d32-47f1-8652-6cc35ed80edf\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Agents Ingested Data\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"number\",\"params\":{\"decimals\":2}},\"formula\":\"defaults(unique_count(agent.id), 0)\",\"isFormulaBroken\":false},\"references\":[\"a829ad10-3d32-47f1-8652-6cc35ed80edfX1\"],\"scale\":\"ratio\"},\"a829ad10-3d32-47f1-8652-6cc35ed80edfX0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Current Active Agents\",\"operationType\":\"unique_count\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"agent.id\"},\"a829ad10-3d32-47f1-8652-6cc35ed80edfX1\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Current Active Agents\",\"operationType\":\"math\",\"params\":{\"tinymathAst\":{\"args\":[\"a829ad10-3d32-47f1-8652-6cc35ed80edfX0\",0],\"location\":{\"max\":35,\"min\":0},\"name\":\"defaults\",\"text\":\"defaults(unique_count(agent.id), 0)\",\"type\":\"function\"}},\"references\":[\"a829ad10-3d32-47f1-8652-6cc35ed80edfX0\"],\"scale\":\"ratio\"}},\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layerId\":\"468dc136-5f5c-4cd1-8569-cc8529881e52\",\"layerType\":\"data\",\"metricAccessor\":\"a829ad10-3d32-47f1-8652-6cc35ed80edf\",\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#cc5642\",\"stop\":null},{\"color\":\"#54B399\",\"stop\":1}],\"continuity\":\"all\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":null,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#cc5642\",\"stop\":1},{\"color\":\"#54B399\",\"stop\":2}]},\"type\":\"palette\"},\"showBar\":false,\"subtitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\"},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"action\":{\"config\":{\"openInNewTab\":false,\"useCurrentDateRange\":true,\"useCurrentFilters\":true},\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"View Agents Dashboard\"},\"eventId\":\"ff1c170b-d997-40ef-9093-ca8265c8c031\",\"triggers\":[\"FILTER_TRIGGER\"]}]}},\"hidePanelTitles\":true,\"type\":\"lens\"},\"title\":\"Current Active Agents\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":4,\"i\":\"e8be8d39-4557-4077-bf45-e8c481f90699\",\"w\":10,\"x\":38,\"y\":0},\"panelIndex\":\"e8be8d39-4557-4077-bf45-e8c481f90699\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-87b97f29-3b44-4769-8c7c-469a4d9a906f\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"3f0b51ab-5242-4904-8e6c-c8654c68bbec\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"87b97f29-3b44-4769-8c7c-469a4d9a906f\":{\"columnOrder\":[\"ff7ba9db-cf33-4cda-be08-7ca4d3c4bcd2\",\"ff7ba9db-cf33-4cda-be08-7ca4d3c4bcd2X0\",\"ff7ba9db-cf33-4cda-be08-7ca4d3c4bcd2X1\"],\"columns\":{\"ff7ba9db-cf33-4cda-be08-7ca4d3c4bcd2\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"isBucketed\":false,\"label\":\"Agent Errors\",\"operationType\":\"formula\",\"params\":{\"formula\":\"defaults(count(kql='log.level: error'), 0)\",\"isFormulaBroken\":false},\"references\":[\"ff7ba9db-cf33-4cda-be08-7ca4d3c4bcd2X1\"],\"scale\":\"ratio\"},\"ff7ba9db-cf33-4cda-be08-7ca4d3c4bcd2X0\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"log.level: error\"},\"isBucketed\":false,\"label\":\"Part of Agent Errors\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"ff7ba9db-cf33-4cda-be08-7ca4d3c4bcd2X1\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Agent Errors\",\"operationType\":\"math\",\"params\":{\"tinymathAst\":{\"args\":[\"ff7ba9db-cf33-4cda-be08-7ca4d3c4bcd2X0\",0],\"location\":{\"max\":42,\"min\":0},\"name\":\"defaults\",\"text\":\"defaults(count(kql='log.level: error'), 0)\",\"type\":\"function\"}},\"references\":[\"ff7ba9db-cf33-4cda-be08-7ca4d3c4bcd2X0\"],\"scale\":\"ratio\"}},\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"3f0b51ab-5242-4904-8e6c-c8654c68bbec\",\"key\":\"data_stream.dataset\",\"negate\":true,\"params\":{\"query\":\"elastic_agent*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"elastic_agent*\"}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layerId\":\"87b97f29-3b44-4769-8c7c-469a4d9a906f\",\"layerType\":\"data\",\"metricAccessor\":\"ff7ba9db-cf33-4cda-be08-7ca4d3c4bcd2\",\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#54B399\",\"stop\":null},{\"color\":\"#cc5642\",\"stop\":1}],\"continuity\":\"all\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":null,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#54B399\",\"stop\":1},{\"color\":\"#cc5642\",\"stop\":2}]},\"type\":\"palette\"}}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\"},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"action\":{\"config\":{\"openInNewTab\":false,\"useCurrentDateRange\":true,\"useCurrentFilters\":true},\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"View Agents Dashboard\"},\"eventId\":\"1c9c2911-505b-4aae-92d9-ae278ab4a378\",\"triggers\":[\"FILTER_TRIGGER\"]}]}},\"hidePanelTitles\":true,\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":14,\"i\":\"b197eb2e-ee86-490c-afe1-605ce8e2edc1\",\"w\":20,\"x\":8,\"y\":4},\"panelIndex\":\"b197eb2e-ee86-490c-afe1-605ce8e2edc1\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-6c39da5e-0bfa-4ac0-b52c-75491ad21e8a\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"fbb56fc8-f301-483f-8d45-f6b2203ed246\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"6c39da5e-0bfa-4ac0-b52c-75491ad21e8a\":{\"columnOrder\":[\"ab9c8cb3-f469-4791-b087-cc9f006d60ee\",\"b8e08b83-8208-4df0-b627-95b5704b94da\"],\"columns\":{\"ab9c8cb3-f469-4791-b087-cc9f006d60ee\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Most Active Agents\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"b8e08b83-8208-4df0-b627-95b5704b94da\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"agent.name\"},\"b8e08b83-8208-4df0-b627-95b5704b94da\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Events\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"fbb56fc8-f301-483f-8d45-f6b2203ed246\",\"key\":\"data_stream.dataset\",\"negate\":true,\"params\":{\"query\":\"elastic_agent*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"elastic_agent*\"}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"b8e08b83-8208-4df0-b627-95b5704b94da\"],\"layerId\":\"6c39da5e-0bfa-4ac0-b52c-75491ad21e8a\",\"layerType\":\"data\",\"seriesType\":\"bar\",\"splitAccessor\":\"ab9c8cb3-f469-4791-b087-cc9f006d60ee\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"valuesInLegend\":true}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"action\":{\"config\":{\"openInNewTab\":false,\"useCurrentDateRange\":true,\"useCurrentFilters\":false},\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"View Agent Dashboard\"},\"eventId\":\"8b6dea27-19d8-4cbd-bc1a-cc1f5dd63544\",\"triggers\":[\"FILTER_TRIGGER\"]}]}},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Most Active Agents\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":14,\"i\":\"6e1bf032-bd2e-45e3-804b-d630d460228a\",\"w\":40,\"x\":8,\"y\":18},\"panelIndex\":\"6e1bf032-bd2e-45e3-804b-d630d460228a\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-70d7d4e3-d581-41d1-81d1-834b8f5f3ab9\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"70d7d4e3-d581-41d1-81d1-834b8f5f3ab9\":{\"columnOrder\":[\"2e4f2692-fd32-4ab0-90cd-200dbd8356fd\",\"5f946118-7578-4dbc-a6e3-a7be2469e4de\",\"1f636603-62e0-4bf2-a7c1-0c84f88743ba\"],\"columns\":{\"1f636603-62e0-4bf2-a7c1-0c84f88743ba\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Events -24h\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"timeShift\":\"1d\"},\"2e4f2692-fd32-4ab0-90cd-200dbd8356fd\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":true,\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"5f946118-7578-4dbc-a6e3-a7be2469e4de\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Events\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"timeShift\":\"\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"5f946118-7578-4dbc-a6e3-a7be2469e4de\",\"1f636603-62e0-4bf2-a7c1-0c84f88743ba\"],\"layerId\":\"70d7d4e3-d581-41d1-81d1-834b8f5f3ab9\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"area\",\"showGridlines\":false,\"xAccessor\":\"2e4f2692-fd32-4ab0-90cd-200dbd8356fd\",\"yConfig\":[{\"axisMode\":\"auto\",\"forAccessor\":\"1f636603-62e0-4bf2-a7c1-0c84f88743ba\"}]}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"area\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"action\":{\"config\":{\"openInNewTab\":false,\"useCurrentDateRange\":true,\"useCurrentFilters\":false},\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"View Integrations Dashboard\"},\"eventId\":\"00799702-30ac-4ab1-9a3e-a82aa1f0d507\",\"triggers\":[\"FILTER_TRIGGER\"]}]}},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Ingest Rates\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":14,\"i\":\"9ea33099-240d-4f37-b154-216aaccb6f4a\",\"w\":20,\"x\":28,\"y\":4},\"panelIndex\":\"9ea33099-240d-4f37-b154-216aaccb6f4a\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-06e5675e-d8f9-45b5-ba57-bae75a6eab02\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"0769541a-e3f2-49c1-beb8-aaf9ecf101e2\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"06e5675e-d8f9-45b5-ba57-bae75a6eab02\":{\"columnOrder\":[\"e8cc2c73-3c70-4ca4-b651-cee619a24dee\",\"49a1a6af-5e02-4aa7-98f1-1cdca13b41d9\"],\"columns\":{\"49a1a6af-5e02-4aa7-98f1-1cdca13b41d9\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"e8cc2c73-3c70-4ca4-b651-cee619a24dee\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 15 values of data_stream.dataset\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"49a1a6af-5e02-4aa7-98f1-1cdca13b41d9\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":15},\"scale\":\"ordinal\",\"sourceField\":\"data_stream.dataset\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"0769541a-e3f2-49c1-beb8-aaf9ecf101e2\",\"key\":\"data_stream.dataset\",\"negate\":true,\"params\":{\"query\":\"elastic_agent*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"elastic_agent*\"}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"06e5675e-d8f9-45b5-ba57-bae75a6eab02\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"legendSize\":\"large\",\"metrics\":[\"49a1a6af-5e02-4aa7-98f1-1cdca13b41d9\"],\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"e8cc2c73-3c70-4ca4-b651-cee619a24dee\"],\"truncateLegend\":false}],\"shape\":\"donut\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"action\":{\"config\":{\"openInNewTab\":false,\"useCurrentDateRange\":true,\"useCurrentFilters\":false},\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"View Integrations Dashboard\"},\"eventId\":\"7c5aeb9a-d5d0-4e3a-89c0-98bb2f46e6cc\",\"triggers\":[\"FILTER_TRIGGER\"]}]}},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Most Active Integrations\"}]","timeRestore":false,"title":"[Elastic Agent] Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"elastic_agent-a148dc70-6b3c-11ed-98de-67bdecd21824","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"106d153c-b2ce-497f-92a2-a6e37f3fee48:indexpattern-datasource-layer-7a3dc055-1f15-4a42-b451-90a79c11e49c","type":"index-pattern"},{"id":"logs-*","name":"106d153c-b2ce-497f-92a2-a6e37f3fee48:cb5da399-620a-4db3-91d2-13febb4e0811","type":"index-pattern"},{"id":"elastic_agent-1a4e7280-6b5e-11ed-98de-67bdecd21824","name":"106d153c-b2ce-497f-92a2-a6e37f3fee48:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:9ecd8fe7-916e-468c-a071-4ea76cf09520:dashboardId","type":"dashboard"},{"id":"logs-*","name":"f7fb14c3-542a-4dcb-a141-ea6f57f7ec50:indexpattern-datasource-layer-87b97f29-3b44-4769-8c7c-469a4d9a906f","type":"index-pattern"},{"id":"elastic_agent-1a4e7280-6b5e-11ed-98de-67bdecd21824","name":"f7fb14c3-542a-4dcb-a141-ea6f57f7ec50:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:34bc44f3-8bfe-424b-ada8-225ec0ca67a6:dashboardId","type":"dashboard"},{"id":"logs-*","name":"d9875e32-dd5f-4084-81c5-262f7bd0ccba:indexpattern-datasource-layer-468dc136-5f5c-4cd1-8569-cc8529881e52","type":"index-pattern"},{"id":"elastic_agent-0600ffa0-6b5e-11ed-98de-67bdecd21824","name":"d9875e32-dd5f-4084-81c5-262f7bd0ccba:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:ff1c170b-d997-40ef-9093-ca8265c8c031:dashboardId","type":"dashboard"},{"id":"logs-*","name":"e8be8d39-4557-4077-bf45-e8c481f90699:indexpattern-datasource-layer-87b97f29-3b44-4769-8c7c-469a4d9a906f","type":"index-pattern"},{"id":"logs-*","name":"e8be8d39-4557-4077-bf45-e8c481f90699:3f0b51ab-5242-4904-8e6c-c8654c68bbec","type":"index-pattern"},{"id":"elastic_agent-0600ffa0-6b5e-11ed-98de-67bdecd21824","name":"e8be8d39-4557-4077-bf45-e8c481f90699:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:1c9c2911-505b-4aae-92d9-ae278ab4a378:dashboardId","type":"dashboard"},{"id":"logs-*","name":"b197eb2e-ee86-490c-afe1-605ce8e2edc1:indexpattern-datasource-layer-6c39da5e-0bfa-4ac0-b52c-75491ad21e8a","type":"index-pattern"},{"id":"logs-*","name":"b197eb2e-ee86-490c-afe1-605ce8e2edc1:fbb56fc8-f301-483f-8d45-f6b2203ed246","type":"index-pattern"},{"id":"elastic_agent-0600ffa0-6b5e-11ed-98de-67bdecd21824","name":"b197eb2e-ee86-490c-afe1-605ce8e2edc1:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:8b6dea27-19d8-4cbd-bc1a-cc1f5dd63544:dashboardId","type":"dashboard"},{"id":"logs-*","name":"6e1bf032-bd2e-45e3-804b-d630d460228a:indexpattern-datasource-layer-70d7d4e3-d581-41d1-81d1-834b8f5f3ab9","type":"index-pattern"},{"id":"elastic_agent-1a4e7280-6b5e-11ed-98de-67bdecd21824","name":"6e1bf032-bd2e-45e3-804b-d630d460228a:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:00799702-30ac-4ab1-9a3e-a82aa1f0d507:dashboardId","type":"dashboard"},{"id":"logs-*","name":"9ea33099-240d-4f37-b154-216aaccb6f4a:indexpattern-datasource-layer-06e5675e-d8f9-45b5-ba57-bae75a6eab02","type":"index-pattern"},{"id":"logs-*","name":"9ea33099-240d-4f37-b154-216aaccb6f4a:0769541a-e3f2-49c1-beb8-aaf9ecf101e2","type":"index-pattern"},{"id":"elastic_agent-1a4e7280-6b5e-11ed-98de-67bdecd21824","name":"9ea33099-240d-4f37-b154-216aaccb6f4a:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:7c5aeb9a-d5d0-4e3a-89c0-98bb2f46e6cc:dashboardId","type":"dashboard"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-elastic_agent-default","name":"tag-ref-fleet-pkg-elastic_agent-default","type":"tag"}],"sort":[1688154054424,7439],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3NDAsMV0="}
-{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{\"2678bf39-3def-453e-9f30-2904bc88efe9\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"agent.name\",\"title\":\"Agent Hostname\",\"id\":\"2678bf39-3def-453e-9f30-2904bc88efe9\",\"enhancements\":{},\"selectedOptions\":[]}}}"},"description":"Elastic Agent metrics dashboard","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":27,\"i\":\"443b1597-9d5f-4b9c-8848-643d0381b2f4\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"443b1597-9d5f-4b9c-8848-643d0381b2f4\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"**Navigation**\\n\\n**Agent Health**  \\n\\n[Overview](/app/dashboards#/view/elastic_agent-a148dc70-6b3c-11ed-98de-67bdecd21824)  \\n[Agent Info](/app/dashboards#/view/elastic_agent-0600ffa0-6b5e-11ed-98de-67bdecd21824)  \\n**[Agent Metrics](/app/dashboards#/view/elastic_agent-f47f18cc-9c7d-4278-b2ea-a6dee816d395)**  \\n[Integrations](/app/dashboards#/view/elastic_agent-1a4e7280-6b5e-11ed-98de-67bdecd21824)  \\n\\n**Overview**\\n\\nThis dashboard is used to show detailed metrics related to the specific agent used in the filter.\\n\\n\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Table of Contents\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":9,\"i\":\"59d829a2-c460-450d-b3f1-e24463ca8fbc\",\"w\":40,\"x\":8,\"y\":9},\"panelIndex\":\"59d829a2-c460-450d-b3f1-e24463ca8fbc\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-c8958799-403d-41b6-9b7a-836c6de65bb6\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"c8958799-403d-41b6-9b7a-836c6de65bb6\":{\"columnOrder\":[\"30880bcc-bda9-4cb3-b86c-e1ec9f01f4a5\",\"c59ea682-bc16-4391-a1db-366fe40591e4\",\"401c5798-78b4-40ea-8ff7-debce9f4dbeb\"],\"columns\":{\"30880bcc-bda9-4cb3-b86c-e1ec9f01f4a5\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 values of elastic_agent.process\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"401c5798-78b4-40ea-8ff7-debce9f4dbeb\",\"type\":\"column\"},\"orderDirection\":\"asc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"elastic_agent.process\"},\"401c5798-78b4-40ea-8ff7-debce9f4dbeb\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Memory Usage\",\"operationType\":\"max\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}},\"scale\":\"ratio\",\"sourceField\":\"system.process.memory.size\"},\"c59ea682-bc16-4391-a1db-366fe40591e4\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":true,\"includeEmptyRows\":false,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"401c5798-78b4-40ea-8ff7-debce9f4dbeb\"],\"layerId\":\"c8958799-403d-41b6-9b7a-836c6de65bb6\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"area_stacked\",\"showGridlines\":false,\"splitAccessor\":\"30880bcc-bda9-4cb3-b86c-e1ec9f01f4a5\",\"xAccessor\":\"c59ea682-bc16-4391-a1db-366fe40591e4\"}],\"legend\":{\"isInside\":false,\"isVisible\":true,\"legendSize\":\"large\",\"position\":\"right\",\"shouldTruncate\":true,\"showSingleSeries\":true},\"preferredSeriesType\":\"area_stacked\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"valuesInLegend\":true}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"[Elastic Agent] Memory Usage\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":9,\"i\":\"3f8fc111-60c1-4886-bb6d-3b83cdcf88c5\",\"w\":40,\"x\":8,\"y\":18},\"panelIndex\":\"3f8fc111-60c1-4886-bb6d-3b83cdcf88c5\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-46ce3b62-69c2-45c5-bfb2-8eadce526ad1\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"46ce3b62-69c2-45c5-bfb2-8eadce526ad1\":{\"columnOrder\":[\"089affc6-b838-4335-af8e-c8c6da056c5a\",\"1ccaf97b-1693-4ab1-824b-c364b73b901e\",\"2c4fab1b-eb92-4949-bcc2-225d2c0bdb24\"],\"columns\":{\"089affc6-b838-4335-af8e-c8c6da056c5a\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 values of elastic_agent.process\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"2c4fab1b-eb92-4949-bcc2-225d2c0bdb24\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"elastic_agent.process\"},\"1ccaf97b-1693-4ab1-824b-c364b73b901e\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":true,\"includeEmptyRows\":false,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"2c4fab1b-eb92-4949-bcc2-225d2c0bdb24\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Maximum of system.process.fd.open\",\"operationType\":\"max\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"system.process.fd.open\"}},\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"accessors\":[\"2c4fab1b-eb92-4949-bcc2-225d2c0bdb24\"],\"layerId\":\"46ce3b62-69c2-45c5-bfb2-8eadce526ad1\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"area_stacked\",\"showGridlines\":false,\"splitAccessor\":\"089affc6-b838-4335-af8e-c8c6da056c5a\",\"xAccessor\":\"1ccaf97b-1693-4ab1-824b-c364b73b901e\"}],\"legend\":{\"isVisible\":true,\"legendSize\":\"large\",\"position\":\"right\",\"shouldTruncate\":true,\"showSingleSeries\":true},\"preferredSeriesType\":\"area_stacked\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\",\"valuesInLegend\":true}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"[Elastic Agent] Open Handles\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":9,\"i\":\"6f1753a7-612d-4e25-a33f-8aa3542d3c39\",\"w\":24,\"x\":0,\"y\":27},\"panelIndex\":\"6f1753a7-612d-4e25-a33f-8aa3542d3c39\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-ad65be36-0be3-4937-8f41-ec9e48adfce6\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"1f53ae6d-f631-4ef1-8da4-e1918fd352af\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"ad65be36-0be3-4937-8f41-ec9e48adfce6\":{\"columnOrder\":[\"2e112c50-5bc4-4c0b-a69b-8c17e0f9fc0a\",\"49cd060d-6f21-4d81-ad6b-1c8462c97353\",\"e201a210-6e89-4d72-9d9c-a00b036fb0eb\",\"f5cbe487-2a43-425b-9cd1-40283e5e596c\"],\"columns\":{\"2e112c50-5bc4-4c0b-a69b-8c17e0f9fc0a\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of beat.type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"fallback\":true,\"type\":\"alphabetical\"},\"orderDirection\":\"asc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"beat.type\"},\"49cd060d-6f21-4d81-ad6b-1c8462c97353\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":true,\"includeEmptyRows\":false,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"e201a210-6e89-4d72-9d9c-a00b036fb0eb\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"elastic_agent.*\\\" \"},\"isBucketed\":false,\"label\":\"Events Rate /s\",\"operationType\":\"counter_rate\",\"references\":[\"f5cbe487-2a43-425b-9cd1-40283e5e596c\"],\"scale\":\"ratio\",\"timeScale\":\"s\"},\"f5cbe487-2a43-425b-9cd1-40283e5e596c\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Maximum of beat.stats.libbeat.output.events.total\",\"operationType\":\"max\",\"scale\":\"ratio\",\"sourceField\":\"beat.stats.libbeat.output.events.total\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"1f53ae6d-f631-4ef1-8da4-e1918fd352af\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"elastic_agent.*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"elastic_agent.*\"}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"e201a210-6e89-4d72-9d9c-a00b036fb0eb\"],\"layerId\":\"ad65be36-0be3-4937-8f41-ec9e48adfce6\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"2e112c50-5bc4-4c0b-a69b-8c17e0f9fc0a\",\"xAccessor\":\"49cd060d-6f21-4d81-ad6b-1c8462c97353\"}],\"legend\":{\"isVisible\":true,\"legendSize\":\"large\",\"position\":\"right\",\"showSingleSeries\":true},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"valuesInLegend\":true,\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"[Elastic Agent] Total events rate /s\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":9,\"i\":\"daff36f6-d0b5-45e8-b0d9-910bace3c15b\",\"w\":24,\"x\":24,\"y\":27},\"panelIndex\":\"daff36f6-d0b5-45e8-b0d9-910bace3c15b\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-47363713-6910-43c5-9f85-328b9ee18f0d\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"4984682b-b209-448b-a8bc-239d1858c0ae\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"47363713-6910-43c5-9f85-328b9ee18f0d\":{\"columnOrder\":[\"009f999d-bdb4-4b3f-a031-06d2a7173a57\",\"754d7a35-095e-4905-ad7d-23d89edaf74f\",\"c601246c-06f3-4f94-9d2a-a950eb4d499e\",\"672c59a5-1ad7-4f2b-89a5-cb3920d94e4b\"],\"columns\":{\"009f999d-bdb4-4b3f-a031-06d2a7173a57\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of beat.type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"fallback\":true,\"type\":\"alphabetical\"},\"orderDirection\":\"asc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"beat.type\"},\"672c59a5-1ad7-4f2b-89a5-cb3920d94e4b\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Maximum of beat.stats.libbeat.output.write.bytes\",\"operationType\":\"max\",\"scale\":\"ratio\",\"sourceField\":\"beat.stats.libbeat.output.write.bytes\"},\"754d7a35-095e-4905-ad7d-23d89edaf74f\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":true,\"includeEmptyRows\":false,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"c601246c-06f3-4f94-9d2a-a950eb4d499e\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"elastic_agent.*\\\" \"},\"isBucketed\":false,\"label\":\"Bytes sent/s\",\"operationType\":\"counter_rate\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}},\"references\":[\"672c59a5-1ad7-4f2b-89a5-cb3920d94e4b\"],\"scale\":\"ratio\",\"timeScale\":\"s\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"4984682b-b209-448b-a8bc-239d1858c0ae\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"elastic_agent.*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"elastic_agent.*\"}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"c601246c-06f3-4f94-9d2a-a950eb4d499e\"],\"layerId\":\"47363713-6910-43c5-9f85-328b9ee18f0d\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"009f999d-bdb4-4b3f-a031-06d2a7173a57\",\"xAccessor\":\"754d7a35-095e-4905-ad7d-23d89edaf74f\"}],\"legend\":{\"isVisible\":true,\"legendSize\":\"large\",\"position\":\"right\",\"showSingleSeries\":true},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"valuesInLegend\":true,\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"[Elastic Agent] Output write throughput\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":9,\"i\":\"0165de2d-694a-40f5-95e1-855ce4ebd03e\",\"w\":24,\"x\":0,\"y\":36},\"panelIndex\":\"0165de2d-694a-40f5-95e1-855ce4ebd03e\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-ad65be36-0be3-4937-8f41-ec9e48adfce6\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"9ef414bb-7c9f-40b2-a01f-da090834917a\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"ad65be36-0be3-4937-8f41-ec9e48adfce6\":{\"columnOrder\":[\"cb2f461c-587a-4f6a-8ad4-e4b0f61c9541\",\"49cd060d-6f21-4d81-ad6b-1c8462c97353\",\"e201a210-6e89-4d72-9d9c-a00b036fb0eb\",\"f5cbe487-2a43-425b-9cd1-40283e5e596c\"],\"columns\":{\"49cd060d-6f21-4d81-ad6b-1c8462c97353\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":true,\"includeEmptyRows\":false,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"cb2f461c-587a-4f6a-8ad4-e4b0f61c9541\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Beat types\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"fallback\":true,\"type\":\"alphabetical\"},\"orderDirection\":\"asc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"beat.type\"},\"e201a210-6e89-4d72-9d9c-a00b036fb0eb\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"elastic_agent.*\\\" \"},\"isBucketed\":false,\"label\":\"Output Errors\",\"operationType\":\"counter_rate\",\"references\":[\"f5cbe487-2a43-425b-9cd1-40283e5e596c\"],\"scale\":\"ratio\",\"timeScale\":\"s\"},\"f5cbe487-2a43-425b-9cd1-40283e5e596c\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Maximum of beat.stats.libbeat.output.write.errors\",\"operationType\":\"max\",\"scale\":\"ratio\",\"sourceField\":\"beat.stats.libbeat.output.write.errors\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"9ef414bb-7c9f-40b2-a01f-da090834917a\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"elastic_agent.*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"elastic_agent.*\"}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"e201a210-6e89-4d72-9d9c-a00b036fb0eb\"],\"layerId\":\"ad65be36-0be3-4937-8f41-ec9e48adfce6\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"cb2f461c-587a-4f6a-8ad4-e4b0f61c9541\",\"xAccessor\":\"49cd060d-6f21-4d81-ad6b-1c8462c97353\"}],\"legend\":{\"isVisible\":true,\"legendSize\":\"large\",\"position\":\"right\",\"showSingleSeries\":true},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"valuesInLegend\":true,\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"[Elastic Agent] Output write errors\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":9,\"i\":\"b1dcfde7-66f1-41fb-bc7d-d3deef840d4f\",\"w\":24,\"x\":24,\"y\":36},\"panelIndex\":\"b1dcfde7-66f1-41fb-bc7d-d3deef840d4f\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-ad65be36-0be3-4937-8f41-ec9e48adfce6\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"d8c4f995-b5b9-4da1-9c7c-32fd11cfbcee\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"ad65be36-0be3-4937-8f41-ec9e48adfce6\":{\"columnOrder\":[\"2e112c50-5bc4-4c0b-a69b-8c17e0f9fc0a\",\"49cd060d-6f21-4d81-ad6b-1c8462c97353\",\"e201a210-6e89-4d72-9d9c-a00b036fb0eb\",\"f5cbe487-2a43-425b-9cd1-40283e5e596c\"],\"columns\":{\"2e112c50-5bc4-4c0b-a69b-8c17e0f9fc0a\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of beat.type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"fallback\":true,\"type\":\"alphabetical\"},\"orderDirection\":\"asc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"beat.type\"},\"49cd060d-6f21-4d81-ad6b-1c8462c97353\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":true,\"includeEmptyRows\":false,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"e201a210-6e89-4d72-9d9c-a00b036fb0eb\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"elastic_agent.*\\\" \"},\"isBucketed\":false,\"label\":\"Events Rate /s\",\"operationType\":\"counter_rate\",\"references\":[\"f5cbe487-2a43-425b-9cd1-40283e5e596c\"],\"scale\":\"ratio\",\"timeScale\":\"s\"},\"f5cbe487-2a43-425b-9cd1-40283e5e596c\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Maximum of beat.stats.libbeat.output.events.acked\",\"operationType\":\"max\",\"scale\":\"ratio\",\"sourceField\":\"beat.stats.libbeat.output.events.acked\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"d8c4f995-b5b9-4da1-9c7c-32fd11cfbcee\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"elastic_agent.*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"elastic_agent.*\"}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"e201a210-6e89-4d72-9d9c-a00b036fb0eb\"],\"layerId\":\"ad65be36-0be3-4937-8f41-ec9e48adfce6\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"2e112c50-5bc4-4c0b-a69b-8c17e0f9fc0a\",\"xAccessor\":\"49cd060d-6f21-4d81-ad6b-1c8462c97353\"}],\"legend\":{\"isVisible\":true,\"legendSize\":\"large\",\"position\":\"right\",\"showSingleSeries\":true},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"valuesInLegend\":true,\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"[Elastic Agent] Events acknowledged rate /s\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"42ec7297-eb0f-492b-bb18-d1301fa1ead7\",\"w\":24,\"x\":0,\"y\":45},\"panelIndex\":\"42ec7297-eb0f-492b-bb18-d1301fa1ead7\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"elastic_agent.elastic_agent\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"elastic_agent.elastic_agent\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"id\":\"f0383b91-4a09-4b03-a013-f5938add6bfa\",\"index_pattern_ref_name\":\"metrics_42ec7297-eb0f-492b-bb18-d1301fa1ead7_0_index_pattern\",\"interval\":\"\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"formatter\":\"number\",\"id\":\"a35c4256-5cee-4b6a-ae21-bdd0f0f6d4a2\",\"label\":\"Cgroup CPU usage\",\"line_width\":1,\"metrics\":[{\"field\":\"system.process.cgroup.cpuacct.total.ns\",\"id\":\"458710e3-e78d-4ebf-b9c7-3b1ca8bfc55a\",\"type\":\"max\"},{\"field\":\"system.process.cgroup.cpu.cfs.quota.us\",\"id\":\"5a08b810-fc31-11eb-9d3e-9d72967e3395\",\"type\":\"min\"},{\"field\":\"458710e3-e78d-4ebf-b9c7-3b1ca8bfc55a\",\"id\":\"391dc9f0-fc32-11eb-9d3e-9d72967e3395\",\"type\":\"derivative\",\"unit\":\"1s\"},{\"field\":\"90f31960-fc31-11eb-9d3e-9d72967e3395\",\"id\":\"4661f000-fc32-11eb-9d3e-9d72967e3395\",\"type\":\"derivative\",\"unit\":\"1s\"},{\"field\":\"system.process.cgroup.cpu.stats.periods\",\"id\":\"90f31960-fc31-11eb-9d3e-9d72967e3395\",\"type\":\"max\"},{\"id\":\"5c737680-fc31-11eb-9d3e-9d72967e3395\",\"script\":\"\\n      if (params.deltaUsageDerivNormalizedValue > 0 && params.periodsDerivNormalizedValue >0  && params.quota > 0) {\\n        // if throttling is configured\\n        double  factor = params.deltaUsageDerivNormalizedValue / (params.periodsDerivNormalizedValue * params.quota * 1000); \\n\\n        return factor * 100; \\n      }\\n\\n      return null;\",\"type\":\"calculation\",\"variables\":[{\"field\":\"391dc9f0-fc32-11eb-9d3e-9d72967e3395\",\"id\":\"60300950-fc31-11eb-9d3e-9d72967e3395\",\"name\":\"deltaUsageDerivNormalizedValue\"},{\"field\":\"4661f000-fc32-11eb-9d3e-9d72967e3395\",\"id\":\"d6060d50-fc31-11eb-9d3e-9d72967e3395\",\"name\":\"periodsDerivNormalizedValue\"},{\"field\":\"5a08b810-fc31-11eb-9d3e-9d72967e3395\",\"id\":\"e3368450-fc31-11eb-9d3e-9d72967e3395\",\"name\":\"quota\"}]}],\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"point_size\":1,\"separate_axis\":0,\"split_mode\":\"terms\",\"stacked\":\"stacked\",\"terms_field\":\"elastic_agent.process\",\"time_range_mode\":\"entire_time_range\",\"type\":\"timeseries\",\"value_template\":\"{{value}}%\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"timeseries\",\"use_kibana_indexes\":true},\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"[Elastic Agent] CGroup CPU Usage\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":9,\"i\":\"e651fb9f-763d-4c9d-80d7-7c56adb98883\",\"w\":24,\"x\":24,\"y\":45},\"panelIndex\":\"e651fb9f-763d-4c9d-80d7-7c56adb98883\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-fa212775-2294-4cb0-a671-eb76e6856d14\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-c7cc9cd8-585a-4078-a86f-8b0213c874fd\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"c7cc9cd8-585a-4078-a86f-8b0213c874fd\":{\"columnOrder\":[\"ba13a1db-763d-4a12-88c2-a5247a612c66\"],\"columns\":{\"ba13a1db-763d-4a12-88c2-a5247a612c66\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Container Limit\",\"operationType\":\"max\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"system.process.cgroup.memory.mem.limit.bytes\"}},\"incompleteColumns\":{},\"linkToLayers\":[],\"sampling\":1},\"fa212775-2294-4cb0-a671-eb76e6856d14\":{\"columnOrder\":[\"3495fd36-d74d-4daf-9dae-1e84e63bc31e\",\"a084070f-a15a-473c-abf4-d2e52e84c6ae\",\"90bc620d-c329-4607-90d4-5245a7cc7e69\"],\"columns\":{\"3495fd36-d74d-4daf-9dae-1e84e63bc31e\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 values of elastic_agent.process\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"90bc620d-c329-4607-90d4-5245a7cc7e69\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"elastic_agent.process\"},\"90bc620d-c329-4607-90d4-5245a7cc7e69\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Memory Usage\",\"operationType\":\"max\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}},\"scale\":\"ratio\",\"sourceField\":\"system.process.cgroup.memory.mem.usage.bytes\"},\"a084070f-a15a-473c-abf4-d2e52e84c6ae\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":true,\"includeEmptyRows\":false,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":false},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":false},\"layers\":[{\"accessors\":[\"90bc620d-c329-4607-90d4-5245a7cc7e69\"],\"layerId\":\"fa212775-2294-4cb0-a671-eb76e6856d14\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"area_stacked\",\"showGridlines\":false,\"splitAccessor\":\"3495fd36-d74d-4daf-9dae-1e84e63bc31e\",\"xAccessor\":\"a084070f-a15a-473c-abf4-d2e52e84c6ae\"},{\"accessors\":[\"ba13a1db-763d-4a12-88c2-a5247a612c66\"],\"layerId\":\"c7cc9cd8-585a-4078-a86f-8b0213c874fd\",\"layerType\":\"referenceLine\",\"yConfig\":[{\"axisMode\":\"left\",\"forAccessor\":\"ba13a1db-763d-4a12-88c2-a5247a612c66\"}]}],\"legend\":{\"isVisible\":true,\"legendSize\":\"large\",\"position\":\"right\",\"shouldTruncate\":true,\"showSingleSeries\":true},\"preferredSeriesType\":\"area_stacked\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":false},\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\",\"valuesInLegend\":true,\"yRightTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"[Elastic Agent] Cgroup Memory Usage\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"6b8f954e-e930-4830-b13d-7df1466ad92f\",\"w\":40,\"x\":8,\"y\":0},\"panelIndex\":\"6b8f954e-e930-4830-b13d-7df1466ad92f\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"elastic_agent.elastic_agent\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"elastic_agent.elastic_agent\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":0,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"formatter\":\"percent\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"CPU usage\",\"line_width\":1,\"metrics\":[{\"field\":\"system.process.cpu.total.value\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"max\"},{\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"id\":\"42fea6f0-3da7-11eb-a63c-0f13e40aab83\",\"type\":\"derivative\",\"unit\":\"\"},{\"id\":\"48fd6190-3da7-11eb-a63c-0f13e40aab83\",\"script\":\"if (params.cpu_total > 0) {\\n  return params.cpu_total / params._interval  \\n}\\n\\n\",\"type\":\"calculation\",\"variables\":[{\"field\":\"42fea6f0-3da7-11eb-a63c-0f13e40aab83\",\"id\":\"4b81c280-3da7-11eb-a63c-0f13e40aab83\",\"name\":\"cpu_total\"}]}],\"point_size\":1,\"separate_axis\":0,\"series_index_pattern\":\"\",\"split_color_mode\":\"kibana\",\"split_mode\":\"terms\",\"stacked\":\"stacked\",\"terms_field\":\"elastic_agent.process\",\"time_range_mode\":\"entire_time_range\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"[Elastic Agent] CPU Usage\"}]","timeRestore":false,"title":"[Elastic Agent] Agent metrics","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"elastic_agent-f47f18cc-9c7d-4278-b2ea-a6dee816d395","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"metrics-*","name":"59d829a2-c460-450d-b3f1-e24463ca8fbc:indexpattern-datasource-layer-c8958799-403d-41b6-9b7a-836c6de65bb6","type":"index-pattern"},{"id":"metrics-*","name":"3f8fc111-60c1-4886-bb6d-3b83cdcf88c5:indexpattern-datasource-layer-46ce3b62-69c2-45c5-bfb2-8eadce526ad1","type":"index-pattern"},{"id":"metrics-*","name":"6f1753a7-612d-4e25-a33f-8aa3542d3c39:indexpattern-datasource-layer-ad65be36-0be3-4937-8f41-ec9e48adfce6","type":"index-pattern"},{"id":"metrics-*","name":"6f1753a7-612d-4e25-a33f-8aa3542d3c39:1f53ae6d-f631-4ef1-8da4-e1918fd352af","type":"index-pattern"},{"id":"metrics-*","name":"daff36f6-d0b5-45e8-b0d9-910bace3c15b:indexpattern-datasource-layer-47363713-6910-43c5-9f85-328b9ee18f0d","type":"index-pattern"},{"id":"metrics-*","name":"daff36f6-d0b5-45e8-b0d9-910bace3c15b:4984682b-b209-448b-a8bc-239d1858c0ae","type":"index-pattern"},{"id":"metrics-*","name":"0165de2d-694a-40f5-95e1-855ce4ebd03e:indexpattern-datasource-layer-ad65be36-0be3-4937-8f41-ec9e48adfce6","type":"index-pattern"},{"id":"metrics-*","name":"0165de2d-694a-40f5-95e1-855ce4ebd03e:9ef414bb-7c9f-40b2-a01f-da090834917a","type":"index-pattern"},{"id":"metrics-*","name":"b1dcfde7-66f1-41fb-bc7d-d3deef840d4f:indexpattern-datasource-layer-ad65be36-0be3-4937-8f41-ec9e48adfce6","type":"index-pattern"},{"id":"metrics-*","name":"b1dcfde7-66f1-41fb-bc7d-d3deef840d4f:d8c4f995-b5b9-4da1-9c7c-32fd11cfbcee","type":"index-pattern"},{"id":"metrics-*","name":"42ec7297-eb0f-492b-bb18-d1301fa1ead7:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"42ec7297-eb0f-492b-bb18-d1301fa1ead7:metrics_42ec7297-eb0f-492b-bb18-d1301fa1ead7_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"e651fb9f-763d-4c9d-80d7-7c56adb98883:indexpattern-datasource-layer-fa212775-2294-4cb0-a671-eb76e6856d14","type":"index-pattern"},{"id":"metrics-*","name":"e651fb9f-763d-4c9d-80d7-7c56adb98883:indexpattern-datasource-layer-c7cc9cd8-585a-4078-a86f-8b0213c874fd","type":"index-pattern"},{"id":"metrics-*","name":"6b8f954e-e930-4830-b13d-7df1466ad92f:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"controlGroup_2678bf39-3def-453e-9f30-2904bc88efe9:optionsListDataView","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-elastic_agent-default","name":"tag-ref-fleet-pkg-elastic_agent-default","type":"tag"}],"sort":[1688154054424,7458],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3NDEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Kerberos - Server","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Kerberos - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"service.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"f0178840-35bb-11e7-b9ee-834112670159","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,7460],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3NDIsMV0="}
-{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.3.0\",\"gridData\":{\"w\":8,\"h\":44,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.3.0\",\"gridData\":{\"w\":40,\"h\":40,\"x\":8,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[24.84656534821976,0.17578125],\"mapZoom\":2,\"enhancements\":{}},\"panelRefName\":\"panel_1\"}]","timeRestore":false,"title":"Connections - Source - Sum of Total Bytes","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"f042ad60-46c6-11e7-946f-1bfb1be7c36b","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"1156b1e0-46c7-11e7-946f-1bfb1be7c36b","name":"panel_1","type":"visualization"}],"sort":[1688154054424,7463],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3NDMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSL - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSL - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"f0700840-365a-11e7-8bd0-1db2c55fb7a1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,7465],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3NDQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMTP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"f18a0480-3bd0-11e7-9c09-4f161b0766dd","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,7467],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3NDUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FTP - Destination Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"FTP - Destination Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"f1d3d070-367a-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,7469],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3NDYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:smb*\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"4f0e2e7d-aeee-4de8-82f0-9faffa596a05\"},\"panelIndex\":\"4f0e2e7d-aeee-4de8-82f0-9faffa596a05\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4f0e2e7d-aeee-4de8-82f0-9faffa596a05\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":13,\"y\":0,\"w\":16,\"h\":8,\"i\":\"efd2f5f0-c795-41e8-b0d7-7a3012e04d4d\"},\"panelIndex\":\"efd2f5f0-c795-41e8-b0d7-7a3012e04d4d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_efd2f5f0-c795-41e8-b0d7-7a3012e04d4d\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":8,\"i\":\"c4342fbe-e949-42d7-959c-c1ce6978033a\"},\"panelIndex\":\"c4342fbe-e949-42d7-959c-c1ce6978033a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_c4342fbe-e949-42d7-959c-c1ce6978033a\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":8,\"w\":9,\"h\":19,\"i\":\"f59a811c-5a72-4337-84bd-32a5d1dce308\"},\"panelIndex\":\"f59a811c-5a72-4337-84bd-32a5d1dce308\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f59a811c-5a72-4337-84bd-32a5d1dce308\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":8,\"w\":9,\"h\":19,\"i\":\"5bb49dfa-0703-448b-a249-6cebb45e101c\"},\"panelIndex\":\"5bb49dfa-0703-448b-a249-6cebb45e101c\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5bb49dfa-0703-448b-a249-6cebb45e101c\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":18,\"y\":8,\"w\":10,\"h\":19,\"i\":\"4f886675-43c8-46c9-a471-717010d40e67\"},\"panelIndex\":\"4f886675-43c8-46c9-a471-717010d40e67\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4f886675-43c8-46c9-a471-717010d40e67\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":8,\"w\":10,\"h\":19,\"i\":\"f00a4afd-cd5f-48a4-a8d3-bc80f7367285\"},\"panelIndex\":\"f00a4afd-cd5f-48a4-a8d3-bc80f7367285\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f00a4afd-cd5f-48a4-a8d3-bc80f7367285\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":38,\"y\":8,\"w\":10,\"h\":19,\"i\":\"c88f8f9f-c3d9-43c1-bfb1-bb2b7f64b92f\"},\"panelIndex\":\"c88f8f9f-c3d9-43c1-bfb1-bb2b7f64b92f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_c88f8f9f-c3d9-43c1-bfb1-bb2b7f64b92f\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":20,\"i\":\"d76e30ec-3114-4100-a806-2a77ba987bbe\"},\"panelIndex\":\"d76e30ec-3114-4100-a806-2a77ba987bbe\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_d76e30ec-3114-4100-a806-2a77ba987bbe\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":47,\"w\":48,\"h\":29,\"i\":\"b48f25cd-4353-46f1-ba89-12da381a65eb\"},\"panelIndex\":\"b48f25cd-4353-46f1-ba89-12da381a65eb\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b48f25cd-4353-46f1-ba89-12da381a65eb\"}]","timeRestore":false,"title":"Security Onion - SMB","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"f24d7b80-75c6-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"4f0e2e7d-aeee-4de8-82f0-9faffa596a05:panel_4f0e2e7d-aeee-4de8-82f0-9faffa596a05","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"efd2f5f0-c795-41e8-b0d7-7a3012e04d4d:panel_efd2f5f0-c795-41e8-b0d7-7a3012e04d4d","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"c4342fbe-e949-42d7-959c-c1ce6978033a:panel_c4342fbe-e949-42d7-959c-c1ce6978033a","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"f59a811c-5a72-4337-84bd-32a5d1dce308:panel_f59a811c-5a72-4337-84bd-32a5d1dce308","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"5bb49dfa-0703-448b-a249-6cebb45e101c:panel_5bb49dfa-0703-448b-a249-6cebb45e101c","type":"visualization"},{"id":"34762420-75f0-11ea-9565-7315f4ee5cac","name":"4f886675-43c8-46c9-a471-717010d40e67:panel_4f886675-43c8-46c9-a471-717010d40e67","type":"visualization"},{"id":"1c6567b0-75f0-11ea-9565-7315f4ee5cac","name":"f00a4afd-cd5f-48a4-a8d3-bc80f7367285:panel_f00a4afd-cd5f-48a4-a8d3-bc80f7367285","type":"visualization"},{"id":"ed215680-75ef-11ea-9565-7315f4ee5cac","name":"c88f8f9f-c3d9-43c1-bfb1-bb2b7f64b92f:panel_c88f8f9f-c3d9-43c1-bfb1-bb2b7f64b92f","type":"visualization"},{"id":"052df440-75f0-11ea-9565-7315f4ee5cac","name":"d76e30ec-3114-4100-a806-2a77ba987bbe:panel_d76e30ec-3114-4100-a806-2a77ba987bbe","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"b48f25cd-4353-46f1-ba89-12da381a65eb:panel_b48f25cd-4353-46f1-ba89-12da381a65eb","type":"search"}],"sort":[1688154054424,7480],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3NDcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DCE/RPC - Round Trip Time","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DCE/RPC - Round Trip Time\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rtt\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Round Trip Time\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"f275f490-3af3-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688154054424,7482],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3NDgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NTLM - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NTLM - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"f3a92f50-3af1-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688154054424,7484],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3NDksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:alert AND event.module:playbook\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":8,\"i\":\"c2172038-7740-458c-977a-98d139c438c2\"},\"panelIndex\":\"c2172038-7740-458c-977a-98d139c438c2\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security Onion - Alert Data\",\"panelRefName\":\"panel_c2172038-7740-458c-977a-98d139c438c2\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":8,\"y\":0,\"w\":18,\"h\":8,\"i\":\"b18f1671-c1a0-44c8-946b-71bc21e62482\"},\"panelIndex\":\"b18f1671-c1a0-44c8-946b-71bc21e62482\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b18f1671-c1a0-44c8-946b-71bc21e62482\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":26,\"y\":0,\"w\":22,\"h\":8,\"i\":\"b26faccc-11d5-4cc3-8fd2-484b5e3659bc\"},\"panelIndex\":\"b26faccc-11d5-4cc3-8fd2-484b5e3659bc\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b26faccc-11d5-4cc3-8fd2-484b5e3659bc\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":8,\"w\":26,\"h\":18,\"i\":\"1f88747a-06f5-4450-8d08-150d0cd37667\"},\"panelIndex\":\"1f88747a-06f5-4450-8d08-150d0cd37667\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1f88747a-06f5-4450-8d08-150d0cd37667\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":26,\"y\":8,\"w\":22,\"h\":18,\"i\":\"0b5a83d1-8f56-4616-b0aa-af25a1995379\"},\"panelIndex\":\"0b5a83d1-8f56-4616-b0aa-af25a1995379\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0b5a83d1-8f56-4616-b0aa-af25a1995379\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":26,\"w\":48,\"h\":21,\"i\":\"28431fa5-4ce9-40db-a190-541b3390f9d0\"},\"panelIndex\":\"28431fa5-4ce9-40db-a190-541b3390f9d0\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_28431fa5-4ce9-40db-a190-541b3390f9d0\"}]","timeRestore":false,"title":"Security Onion - Playbook","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"f449f0a0-c77c-11ea-bebb-37c5ab5894ea","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"30df00e0-7733-11ea-bee5-af7f7c7b8e05","name":"c2172038-7740-458c-977a-98d139c438c2:panel_c2172038-7740-458c-977a-98d139c438c2","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"b18f1671-c1a0-44c8-946b-71bc21e62482:panel_b18f1671-c1a0-44c8-946b-71bc21e62482","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"b26faccc-11d5-4cc3-8fd2-484b5e3659bc:panel_b26faccc-11d5-4cc3-8fd2-484b5e3659bc","type":"visualization"},{"id":"508fb520-72af-11ea-8dd2-9d8795a1200b","name":"1f88747a-06f5-4450-8d08-150d0cd37667:panel_1f88747a-06f5-4450-8d08-150d0cd37667","type":"visualization"},{"id":"f7e1d570-72ae-11ea-8dd2-9d8795a1200b","name":"0b5a83d1-8f56-4616-b0aa-af25a1995379:panel_0b5a83d1-8f56-4616-b0aa-af25a1995379","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"28431fa5-4ce9-40db-a190-541b3390f9d0:panel_28431fa5-4ce9-40db-a190-541b3390f9d0","type":"search"}],"sort":[1688154054424,7491],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3NTAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SIP - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SIP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"f5166880-374f-11e7-b74a-f5057991ccd2","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,7493],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3NTEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DCE/RPC - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DCE/RPC - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"f52f8bc0-3af2-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688154054424,7495],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3NTIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Tunnels - Country","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Tunnels - Country\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Country\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"f60e0c40-6e34-11e7-9a19-a5996f8250c6","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d26d5510-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,7497],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3NTMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"IRC - Destination Country","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"IRC - Destination Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Country\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_geo.city_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination City\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"f625b7b0-4a56-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"344c6010-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,7499],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3NTQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastAlert - Alert Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastAlert - Alert Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"alert_info.type.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Alert Type\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"f7998d60-7dce-11e7-a1a2-3be6827d22ce","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:elastalert_status*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,7501],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3NTUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Kerberos - Service","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Kerberos - Service\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"service.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Service\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"f7c48a20-6e19-11e7-89e4-613b96f597e1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,7503],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3NTYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Logstash - Processing Performance","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Logstash - Processing Performance\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"rotate\":75,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Log Type\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Average processing time\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"},{\"data\":{\"id\":\"4\",\"label\":\"Standard Deviation of logstash_time\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"stacked\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"\"},\"type\":\"value\"}],\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"logstash_time\",\"customLabel\":\"Average processing time\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"event_type.keyword\",\"size\":20,\"orderAgg\":{\"id\":\"2-orderAgg\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"orderAgg\",\"params\":{\"field\":\"logstash_time\"}},\"order\":\"desc\",\"orderBy\":\"custom\",\"customLabel\":\"Log Type\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"std_dev\",\"schema\":\"metric\",\"params\":{\"field\":\"logstash_time\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"f86bc870-46ce-11e7-946f-1bfb1be7c36b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"aa05e920-3433-11e7-8867-29a39c0f86b2","name":"search_0","type":"search"}],"sort":[1688154054424,7505],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3NTcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Firewall - Protocol","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Firewall - Protocol\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"ipv4_protocol.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"f8f0dbc0-6d82-11e7-912f-0950e6d5c322","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"37c16940-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688154054424,7507],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3NTgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FTP - Username","uiStateJSON":"{\n  \"vis\": {\n    \"params\": {\n      \"sort\": {\n        \"columnIndex\": null,\n        \"direction\": null\n      }\n    }\n  }\n}","version":1,"visState":"{\"title\":\"FTP - Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"f9904390-3bff-11e7-be35-e7fc4052ff75","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,7509],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3NTksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RDP - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RDP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"f9a16c80-371b-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,7511],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3NjAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Zeek - Notice Action","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Zeek - Notice Action\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"notice.p: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"notice.action.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"fafba910-7a84-11ea-9d13-57f5db13d1ed","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,7513],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3NjEsMV0="}
-{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:notice AND event.module:zeek\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":8,\"i\":\"3c981b35-b930-4523-bef4-7f5193148816\"},\"panelIndex\":\"3c981b35-b930-4523-bef4-7f5193148816\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":16,\"h\":8,\"i\":\"eb1b234a-2d6b-46af-9afe-a420a389dad1\"},\"panelIndex\":\"eb1b234a-2d6b-46af-9afe-a420a389dad1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":8,\"i\":\"7d323b2f-3502-4397-93fd-b430d9011d92\"},\"panelIndex\":\"7d323b2f-3502-4397-93fd-b430d9011d92\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":8,\"w\":19,\"h\":18,\"i\":\"298b9cf4-5e54-45f5-805c-e04b31044401\"},\"panelIndex\":\"298b9cf4-5e54-45f5-805c-e04b31044401\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":19,\"y\":8,\"w\":29,\"h\":18,\"i\":\"1fa5b7c2-2680-4dd0-9c07-a714d8d8968a\"},\"panelIndex\":\"1fa5b7c2-2680-4dd0-9c07-a714d8d8968a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":26,\"w\":11,\"h\":23,\"i\":\"9056cf20-d882-4316-ba02-91ecbd1d4df9\"},\"panelIndex\":\"9056cf20-d882-4316-ba02-91ecbd1d4df9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":11,\"y\":26,\"w\":11,\"h\":23,\"i\":\"5f855acb-fec5-4155-b2ef-0961a6d9a89c\"},\"panelIndex\":\"5f855acb-fec5-4155-b2ef-0961a6d9a89c\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":22,\"y\":26,\"w\":10,\"h\":23,\"i\":\"208bc4b2-013a-4aab-b72c-45a618077791\"},\"panelIndex\":\"208bc4b2-013a-4aab-b72c-45a618077791\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":32,\"y\":26,\"w\":16,\"h\":23,\"i\":\"5429bbba-3d62-4a93-9932-4a2cc4369775\"},\"panelIndex\":\"5429bbba-3d62-4a93-9932-4a2cc4369775\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":49,\"w\":48,\"h\":20,\"i\":\"e08f3143-7e05-49ab-882f-d63e24e622bb\"},\"panelIndex\":\"e08f3143-7e05-49ab-882f-d63e24e622bb\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"}]","timeRestore":false,"title":"Security Onion - Zeek - Notices","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"fa9ed760-7734-11ea-bee5-af7f7c7b8e05","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"30df00e0-7733-11ea-bee5-af7f7c7b8e05","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"9c6ccff0-7a84-11ea-9d13-57f5db13d1ed","name":"panel_3","type":"visualization"},{"id":"c8039090-7a84-11ea-9d13-57f5db13d1ed","name":"panel_4","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_5","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_6","type":"visualization"},{"id":"f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_7","type":"visualization"},{"id":"fafba910-7a84-11ea-9d13-57f5db13d1ed","name":"panel_8","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_9","type":"search"}],"sort":[1688154054424,7524],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3NjIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.module.keyword\",\"negate\":true,\"params\":{\"query\":\"suricata\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"event.module.keyword\":\"suricata\"}}}]}"},"savedSearchRefName":"search_0","title":"Security Onion - Playbook - Rules","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.module.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Module\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rule.name.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"title\":\"Security Onion - Playbook - Rules\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"faaf66e0-c77d-11ea-bebb-37c5ab5894ea","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"5c3effd0-72ae-11ea-8dd2-9d8795a1200b","name":"search_0","type":"search"}],"sort":[1688154054424,7527],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3NjMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"X.509 - Certificate Subject","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"X.509 - Certificate Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"certificate_subject.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Subject\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"fab4b560-37d8-11e7-9efb-91e89505091f","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"f5038cc0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,7529],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3NjQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Syslog - Severity (Donut)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"syslog.severity_label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Severity\"}}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"syslog.severity_label: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Security Onion - Syslog - Severity (Donut)\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"fc8d41a0-777b-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688154054424,7531],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3NjUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Firewall - Destination Port","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Firewall - Destination Port\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"fcf75bc0-6d75-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"37c16940-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688154054424,7533],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3NjYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RDP - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"RDP - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"fd549d70-363f-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,7535],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3NjcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Connections - Top Source IPs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Connections - Top Source IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"source.ip: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"fd8b4640-6e9f-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1688154054424,7537],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3NjgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DNS - Answers","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNS - Answers\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"answers.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Answer\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"ff2af9b0-2927-11e8-b2a2-09f3986ae284","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688154054424,7539],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3NjksMV0="}
-{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.module:strelka\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":7,\"i\":\"a2e0a619-a5c5-40d9-8593-e60f13ae22bf\"},\"panelIndex\":\"a2e0a619-a5c5-40d9-8593-e60f13ae22bf\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":21,\"h\":7,\"i\":\"566a9d04-f2dc-4868-9625-97a19d985703\"},\"panelIndex\":\"566a9d04-f2dc-4868-9625-97a19d985703\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":7,\"i\":\"f247ec64-c278-4e05-ac4d-983bea9dfb7d\"},\"panelIndex\":\"f247ec64-c278-4e05-ac4d-983bea9dfb7d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":7,\"w\":12,\"h\":20,\"i\":\"6e80a142-ab0e-4fd3-891c-e495b78a1625\"},\"panelIndex\":\"6e80a142-ab0e-4fd3-891c-e495b78a1625\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":12,\"y\":7,\"w\":11,\"h\":20,\"i\":\"292cc879-6bc0-4541-ba92-3b3c5f4e3368\"},\"panelIndex\":\"292cc879-6bc0-4541-ba92-3b3c5f4e3368\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":23,\"y\":7,\"w\":14,\"h\":20,\"i\":\"66979b2c-e7c1-4291-91ac-16537b7f9ec3\"},\"panelIndex\":\"66979b2c-e7c1-4291-91ac-16537b7f9ec3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":37,\"y\":7,\"w\":11,\"h\":20,\"i\":\"8bb1cf98-0401-4a2d-9dd8-deca08205a22\"},\"panelIndex\":\"8bb1cf98-0401-4a2d-9dd8-deca08205a22\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":27,\"w\":8,\"h\":20,\"i\":\"393f3cec-3ee0-4275-b319-f307e7a260c6\"},\"panelIndex\":\"393f3cec-3ee0-4275-b319-f307e7a260c6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":27,\"w\":15,\"h\":20,\"i\":\"0e8800a9-a6f5-4a79-8370-61713f584886\"},\"panelIndex\":\"0e8800a9-a6f5-4a79-8370-61713f584886\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":23,\"y\":27,\"w\":25,\"h\":20,\"i\":\"be9a0a2a-d8c6-4d15-b5d7-d5599d0482a3\"},\"panelIndex\":\"be9a0a2a-d8c6-4d15-b5d7-d5599d0482a3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":47,\"w\":48,\"h\":27,\"i\":\"40296d2b-cb6f-423f-989c-3fdaa82d2aad\"},\"panelIndex\":\"40296d2b-cb6f-423f-989c-3fdaa82d2aad\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"}]","timeRestore":false,"title":"Security Onion - Strelka","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"ff689c50-75f3-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"8cfec8c0-6ec2-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"7a88adc0-75f0-11ea-9565-7315f4ee5cac","name":"panel_3","type":"visualization"},{"id":"49cfe850-772c-11ea-bee5-af7f7c7b8e05","name":"panel_4","type":"visualization"},{"id":"70243970-772c-11ea-bee5-af7f7c7b8e05","name":"panel_5","type":"visualization"},{"id":"ce9e03f0-772c-11ea-bee5-af7f7c7b8e05","name":"panel_6","type":"visualization"},{"id":"a7ebb450-772c-11ea-bee5-af7f7c7b8e05","name":"panel_7","type":"visualization"},{"id":"08c0b770-772e-11ea-bee5-af7f7c7b8e05","name":"panel_8","type":"visualization"},{"id":"e087c7d0-772d-11ea-bee5-af7f7c7b8e05","name":"panel_9","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_10","type":"search"}],"sort":[1688154054424,7551],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3NzAsMV0="}
-{"attributes":{"columns":["user.name","user.target.name","github.org","event.action"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.audit\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.audit\"}}},{\"$state\":{\"store\":\"appState\"},\"exists\":{\"field\":\"user.target.name\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"user.target.name\",\"negate\":false,\"type\":\"exists\",\"value\":\"exists\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"sort":[["@timestamp","desc"]],"title":"GitHub Audit Users","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"github-173f1050-20ae-11ec-8b10-11a4c5e322a0","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-github-default","name":"tag-ref-fleet-pkg-github-default","type":"tag"}],"sort":[1688154054424,7557],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3NzEsMV0="}
-{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{\"93a8183f-ab74-4636-9f63-9e30c35bfa6b\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.owner.login\",\"title\":\"Owner/Organization\",\"id\":\"93a8183f-ab74-4636-9f63-9e30c35bfa6b\",\"enhancements\":{}}},\"965171e3-e02b-49ff-a2f7-6ddfa5159eee\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.name\",\"title\":\"Repository\",\"id\":\"965171e3-e02b-49ff-a2f7-6ddfa5159eee\",\"enhancements\":{}}},\"8fb8d319-c120-4bcb-849d-6d45f3f5406a\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.state\",\"title\":\"State\",\"id\":\"8fb8d319-c120-4bcb-849d-6d45f3f5406a\",\"enhancements\":{}}},\"3d506940-8d8f-4f4f-8fa8-5ac070d1dc36\":{\"order\":3,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.severity\",\"title\":\"Severity\",\"id\":\"3d506940-8d8f-4f4f-8fa8-5ac070d1dc36\",\"enhancements\":{}}}}"},"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"Code Scanning\",\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.action\",\"negate\":false,\"params\":[\"code_scanning\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.action\":\"code_scanning\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":5,\"i\":\"dc15f49d-29b1-4e2e-8787-51ffbab5b4ac\",\"w\":14,\"x\":0,\"y\":0},\"panelIndex\":\"dc15f49d-29b1-4e2e-8787-51ffbab5b4ac\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"2c60b75b-1f6f-4bee-8a9c-6b7fdcbc905e\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"3f8b858f-a1ee-4d69-a100-d59282acd94d\":{\"columnOrder\":[\"ccdc8558-1d3f-4c8b-a31e-d59ac78d0212\"],\"columns\":{\"ccdc8558-1d3f-4c8b-a31e-d59ac78d0212\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Total Alerts\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"2c60b75b-1f6f-4bee-8a9c-6b7fdcbc905e\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.code_scanning\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"ccdc8558-1d3f-4c8b-a31e-d59ac78d0212\",\"layerId\":\"3f8b858f-a1ee-4d69-a100-d59282acd94d\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"top\"}},\"title\":\"Total Alerts Created [GitHub Code Scanning]\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":5,\"i\":\"85cbbb74-4d3c-44e0-98f6-be076e31aea3\",\"w\":14,\"x\":14,\"y\":0},\"panelIndex\":\"85cbbb74-4d3c-44e0-98f6-be076e31aea3\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"4fa3d8de-226f-4ff3-ab95-b9167e6ff115\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\":{\"columnOrder\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\",\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\",\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1\",\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2\"],\"columns\":{\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Alerts Found/Fixed Ratio\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"number\",\"params\":{\"decimals\":2}},\"formula\":\"count()/count(kql='github.state:dismissed')\",\"isFormulaBroken\":false},\"references\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2\"],\"scale\":\"ratio\"},\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Resolved/Dismissed Alerts\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"github.state:dismissed\"},\"isBucketed\":false,\"label\":\"Part of Resolved/Dismissed Alerts\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Resolved/Dismissed Alerts\",\"operationType\":\"math\",\"params\":{\"tinymathAst\":{\"args\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\",\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1\"],\"location\":{\"max\":43,\"min\":0},\"name\":\"divide\",\"text\":\"count()/count(kql='github.state:dismissed')\",\"type\":\"function\"}},\"references\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\",\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1\"],\"scale\":\"ratio\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"4fa3d8de-226f-4ff3-ab95-b9167e6ff115\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.code_scanning\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\",\"colorMode\":\"None\",\"layerId\":\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"layerType\":\"data\",\"textAlign\":\"center\"}},\"title\":\"Alerts Found/Fixed Ratio [GitHub Code Scanning]\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"1b501988-f932-4d80-8625-d2a1c8cd7321\",\"w\":20,\"x\":28,\"y\":0},\"panelIndex\":\"1b501988-f932-4d80-8625-d2a1c8cd7321\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-cbc5557e-f6b9-4140-90b2-3100f33083c4\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"5b02c858-e981-4dc4-a3bc-1d563549180a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"cbc5557e-f6b9-4140-90b2-3100f33083c4\":{\"columnOrder\":[\"3ef214a7-820c-42e3-b2b0-5daa7566fedc\",\"4525c4ae-5f82-4b4d-9867-48e4aba462fd\"],\"columns\":{\"3ef214a7-820c-42e3-b2b0-5daa7566fedc\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Open vs Resolved\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"4525c4ae-5f82-4b4d-9867-48e4aba462fd\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.code_scanning.most_recent_instance.state\"},\"4525c4ae-5f82-4b4d-9867-48e4aba462fd\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"5b02c858-e981-4dc4-a3bc-1d563549180a\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.code_scanning\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"emptySizeRatio\":0.54,\"layerId\":\"cbc5557e-f6b9-4140-90b2-3100f33083c4\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"legendPosition\":\"right\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":true,\"primaryGroups\":[\"3ef214a7-820c-42e3-b2b0-5daa7566fedc\"],\"metrics\":[\"4525c4ae-5f82-4b4d-9867-48e4aba462fd\"]}],\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"shape\":\"donut\"}},\"title\":\"Open vs Resolved/Dismissed [GitHub Code Scanning]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":5,\"i\":\"12c18b92-9f7b-4832-b85f-aad64720ea87\",\"w\":14,\"x\":0,\"y\":5},\"panelIndex\":\"12c18b92-9f7b-4832-b85f-aad64720ea87\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"5d417c98-6b80-42b4-9183-15bf539c9c46\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"c10f8d54-f8a4-45cf-8c17-527a0b914e14\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\":{\"columnOrder\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\"],\"columns\":{\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Open Alerts\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}}},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"5d417c98-6b80-42b4-9183-15bf539c9c46\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.code_scanning\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"c10f8d54-f8a4-45cf-8c17-527a0b914e14\",\"key\":\"github.code_scanning.state\",\"negate\":false,\"params\":{\"query\":\"open\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"github.code_scanning.state\":\"open\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\",\"colorMode\":\"Labels\",\"layerId\":\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"layerType\":\"data\",\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#209280\",\"stop\":0},{\"color\":\"#d6bf57\",\"stop\":1},{\"color\":\"#cc5642\",\"stop\":1000}],\"continuity\":\"above\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":0,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#209280\",\"stop\":1},{\"color\":\"#d6bf57\",\"stop\":1000},{\"color\":\"#cc5642\",\"stop\":1001}]},\"type\":\"palette\"},\"textAlign\":\"center\"}},\"title\":\"Open Alerts Count [GitHub Code Scanning]\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":5,\"i\":\"7131e4d3-c168-480d-9496-1463ceaaa97a\",\"w\":14,\"x\":14,\"y\":5},\"panelIndex\":\"7131e4d3-c168-480d-9496-1463ceaaa97a\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"1d49d476-9ca6-44e0-8501-35c7f63ed984\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"a0505379-6e67-41c4-b3c8-b7e6bd3efa7d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\":{\"columnOrder\":[\"e33d2853-5b3d-4be9-9312-2d8da64d9523\"],\"columns\":{\"e33d2853-5b3d-4be9-9312-2d8da64d9523\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Mean time to resolve an alert\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"github.code_scanning.time_to_resolution.sec\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"1d49d476-9ca6-44e0-8501-35c7f63ed984\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.code_scanning\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"a0505379-6e67-41c4-b3c8-b7e6bd3efa7d\",\"key\":\"github.code_scanning.time_to_resolution.sec\",\"negate\":false,\"type\":\"exists\",\"value\":\"exists\"},\"query\":{\"exists\":{\"field\":\"github.code_scanning.time_to_resolution.sec\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"e33d2853-5b3d-4be9-9312-2d8da64d9523\",\"colorMode\":\"None\",\"layerId\":\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"layerType\":\"data\",\"textAlign\":\"center\"}},\"title\":\"Mean Time to Resolution [GitHub Code Scanning]\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Mean Time To Resolution [GitHub Code Scanning]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":5,\"i\":\"c3e8ea64-b6f9-470c-9004-02f8909672eb\",\"w\":14,\"x\":0,\"y\":10},\"panelIndex\":\"c3e8ea64-b6f9-470c-9004-02f8909672eb\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"bff2e3f5-8f9b-49f4-ba88-b0e937089c2f\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"960abe90-416f-4075-aaef-2cc0a3af1707\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\":{\"columnOrder\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\",\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\"],\"columns\":{\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Resolved/Dismissed Alerts\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}},\"formula\":\"count()\",\"isFormulaBroken\":false},\"references\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\"],\"scale\":\"ratio\"},\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Dismissed Alerts\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"bff2e3f5-8f9b-49f4-ba88-b0e937089c2f\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.code_scanning\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"960abe90-416f-4075-aaef-2cc0a3af1707\",\"key\":\"github.state\",\"negate\":false,\"params\":[\"dismissed\",\"resolved\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"github.state\":\"dismissed\"}},{\"match_phrase\":{\"github.state\":\"resolved\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\",\"colorMode\":\"Labels\",\"layerId\":\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"layerType\":\"data\",\"palette\":{\"name\":\"positive\",\"params\":{\"continuity\":\"above\",\"maxSteps\":5,\"name\":\"positive\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":0,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#bbdad3\",\"stop\":0},{\"color\":\"#77b6a8\",\"stop\":8},{\"color\":\"#209280\",\"stop\":16}]},\"type\":\"palette\"},\"textAlign\":\"center\"}},\"title\":\"Resolved/Dismissed Alerts Count [GitHub Code Scanning]\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":5,\"i\":\"46dc58eb-4994-442d-a6b4-4b3699b74bf1\",\"w\":14,\"x\":14,\"y\":10},\"panelIndex\":\"46dc58eb-4994-442d-a6b4-4b3699b74bf1\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-d8a21374-4117-4796-96e2-ecd47f2babd2\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"2ce8a419-debd-4a37-85e6-c7b49e61604f\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"d8a21374-4117-4796-96e2-ecd47f2babd2\":{\"columnOrder\":[\"c96796ed-ded2-4cb6-9e7d-4ffbc1def264\",\"c96796ed-ded2-4cb6-9e7d-4ffbc1def264X0\",\"c96796ed-ded2-4cb6-9e7d-4ffbc1def264X1\",\"c96796ed-ded2-4cb6-9e7d-4ffbc1def264X2\"],\"columns\":{\"c96796ed-ded2-4cb6-9e7d-4ffbc1def264\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Ratio between the alerts generated and the number of commits\",\"operationType\":\"formula\",\"params\":{\"formula\":\"count()/unique_count(github.code_scanning.most_recent_instance.commit_sha)\",\"isFormulaBroken\":false},\"references\":[\"c96796ed-ded2-4cb6-9e7d-4ffbc1def264X2\"],\"scale\":\"ratio\"},\"c96796ed-ded2-4cb6-9e7d-4ffbc1def264X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Ratio between the alerts and the number of commits generated\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"c96796ed-ded2-4cb6-9e7d-4ffbc1def264X1\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Ratio between the alerts and the number of commits generated\",\"operationType\":\"unique_count\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"github.code_scanning.most_recent_instance.commit_sha\"},\"c96796ed-ded2-4cb6-9e7d-4ffbc1def264X2\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Ratio between the alerts and the number of commits generated\",\"operationType\":\"math\",\"params\":{\"tinymathAst\":{\"args\":[\"c96796ed-ded2-4cb6-9e7d-4ffbc1def264X0\",\"c96796ed-ded2-4cb6-9e7d-4ffbc1def264X1\"],\"location\":{\"max\":74,\"min\":0},\"name\":\"divide\",\"text\":\"count()/unique_count(github.code_scanning.most_recent_instance.commit_sha)\",\"type\":\"function\"}},\"references\":[\"c96796ed-ded2-4cb6-9e7d-4ffbc1def264X0\",\"c96796ed-ded2-4cb6-9e7d-4ffbc1def264X1\"],\"scale\":\"ratio\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"2ce8a419-debd-4a37-85e6-c7b49e61604f\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.code_scanning\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"c96796ed-ded2-4cb6-9e7d-4ffbc1def264\",\"layerId\":\"d8a21374-4117-4796-96e2-ecd47f2babd2\",\"layerType\":\"data\",\"textAlign\":\"center\"}},\"title\":\"Alert/Commit Ratio [GitHub Code Scanning]\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":12,\"i\":\"9a3577e8-d452-46cc-b2dd-9424ec80c871\",\"w\":25,\"x\":0,\"y\":15},\"panelIndex\":\"9a3577e8-d452-46cc-b2dd-9424ec80c871\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"1d50dadb-a088-4e8b-842f-8d84e6378658\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"2592c6ef-cf07-4080-b4fe-014cc142e3c8\":{\"columnOrder\":[\"1e393f28-24a9-40af-830b-654785bf6236\",\"727c7778-d3ac-48b4-a1e9-fd2308ad7bf2\",\"2e911c1d-57e0-4dab-b9f2-3e8660f1527c\",\"2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0\"],\"columns\":{\"1e393f28-24a9-40af-830b-654785bf6236\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Owner\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"fallback\":true,\"type\":\"alphabetical\"},\"orderDirection\":\"asc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":20},\"scale\":\"ordinal\",\"sourceField\":\"github.repository.owner.login\"},\"2e911c1d-57e0-4dab-b9f2-3e8660f1527c\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Alerts count by repository\",\"operationType\":\"formula\",\"params\":{\"formula\":\"count()\",\"isFormulaBroken\":false},\"references\":[\"2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0\"],\"scale\":\"ratio\"},\"2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Alerts count \",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"727c7778-d3ac-48b4-a1e9-fd2308ad7bf2\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of github.repository.owner.login + 1 other\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"fallback\":true,\"type\":\"alphabetical\"},\"orderDirection\":\"asc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"multi_terms\"},\"secondaryFields\":[\"github.repository.name\"],\"size\":50},\"scale\":\"ordinal\",\"sourceField\":\"github.repository.owner.login\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"1d50dadb-a088-4e8b-842f-8d84e6378658\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.code_scanning\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"2e911c1d-57e0-4dab-b9f2-3e8660f1527c\"],\"layerId\":\"2592c6ef-cf07-4080-b4fe-014cc142e3c8\",\"layerType\":\"data\",\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"seriesType\":\"bar\",\"splitAccessor\":\"727c7778-d3ac-48b4-a1e9-fd2308ad7bf2\",\"xAccessor\":\"1e393f28-24a9-40af-830b-654785bf6236\"}],\"legend\":{\"isVisible\":true,\"maxLines\":5,\"position\":\"right\",\"shouldTruncate\":true,\"showSingleSeries\":true},\"preferredSeriesType\":\"bar\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"Alerts count by owner and by repository [GitHub Code Scanning]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":12,\"i\":\"ae814e70-2e8e-43df-b62e-e32d1c26f676\",\"w\":23,\"x\":25,\"y\":15},\"panelIndex\":\"ae814e70-2e8e-43df-b62e-e32d1c26f676\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"63aad513-3506-45e9-8c13-d2ee49f689ab\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"91e1a389-34e8-4332-9dbb-bd883d71dd85\":{\"columnOrder\":[\"894fb0b1-f0bd-4dbe-885b-0b41c339e84f\",\"8cca4d83-a822-4b67-97cd-27649e1d7c68\",\"c53bee8d-06ca-4728-b6bc-2761d77a9ef5\"],\"columns\":{\"894fb0b1-f0bd-4dbe-885b-0b41c339e84f\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top repositories contributing to alerts by owner\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"c53bee8d-06ca-4728-b6bc-2761d77a9ef5\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":20},\"scale\":\"ordinal\",\"sourceField\":\"github.repository.owner.login\"},\"8cca4d83-a822-4b67-97cd-27649e1d7c68\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 values of github.repository.name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"c53bee8d-06ca-4728-b6bc-2761d77a9ef5\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.repository.name\"},\"c53bee8d-06ca-4728-b6bc-2761d77a9ef5\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"63aad513-3506-45e9-8c13-d2ee49f689ab\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.code_scanning\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"91e1a389-34e8-4332-9dbb-bd883d71dd85\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"894fb0b1-f0bd-4dbe-885b-0b41c339e84f\",\"8cca4d83-a822-4b67-97cd-27649e1d7c68\"],\"metrics\":[\"c53bee8d-06ca-4728-b6bc-2761d77a9ef5\"]}],\"shape\":\"pie\"}},\"title\":\"Aerts % by owner and by repository [GitHub Code Scanning]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Alerts % by owner and by repository [GitHub Code Scanning]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":13,\"i\":\"4e77167a-4642-4cbb-8430-2197e2f31666\",\"w\":14,\"x\":0,\"y\":27},\"panelIndex\":\"4e77167a-4642-4cbb-8430-2197e2f31666\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"14d80078-f238-406f-9a34-bae0f8616bc0\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"631035e6-8678-47ee-9a8c-c6a87f6c1757\":{\"columnOrder\":[\"257a7d8d-1315-4775-97d9-e679c0f3aa79\",\"e1d8072b-7268-444a-864e-ef1117b17b65\"],\"columns\":{\"257a7d8d-1315-4775-97d9-e679c0f3aa79\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Tool\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e1d8072b-7268-444a-864e-ef1117b17b65\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.code_scanning.tool.name\"},\"e1d8072b-7268-444a-864e-ef1117b17b65\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Alert count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"14d80078-f238-406f-9a34-bae0f8616bc0\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.code_scanning\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"e1d8072b-7268-444a-864e-ef1117b17b65\"],\"layerId\":\"631035e6-8678-47ee-9a8c-c6a87f6c1757\",\"layerType\":\"data\",\"seriesType\":\"bar\",\"xAccessor\":\"257a7d8d-1315-4775-97d9-e679c0f3aa79\",\"yConfig\":[{\"color\":\"#6dc9cd\",\"forAccessor\":\"e1d8072b-7268-444a-864e-ef1117b17b65\"}]}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"Tool Contribution Count [GitHub Code Scanning]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Tool Contribution [GitHub Code Scanning]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":13,\"i\":\"5135da2a-0093-4b71-a35a-c2b8877d22dd\",\"w\":11,\"x\":14,\"y\":27},\"panelIndex\":\"5135da2a-0093-4b71-a35a-c2b8877d22dd\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"e696efc1-4a91-44d3-ad68-618f00d80703\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"631035e6-8678-47ee-9a8c-c6a87f6c1757\":{\"columnOrder\":[\"257a7d8d-1315-4775-97d9-e679c0f3aa79\",\"e1d8072b-7268-444a-864e-ef1117b17b65\"],\"columns\":{\"257a7d8d-1315-4775-97d9-e679c0f3aa79\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 5 values of github.code_scanning.tool.name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e1d8072b-7268-444a-864e-ef1117b17b65\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"github.code_scanning.tool.name\"},\"e1d8072b-7268-444a-864e-ef1117b17b65\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"e696efc1-4a91-44d3-ad68-618f00d80703\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.code_scanning\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"emptySizeRatio\":0.3,\"layerId\":\"631035e6-8678-47ee-9a8c-c6a87f6c1757\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"legendMaxLines\":2,\"legendPosition\":\"right\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":true,\"primaryGroups\":[\"257a7d8d-1315-4775-97d9-e679c0f3aa79\"],\"metrics\":[\"e1d8072b-7268-444a-864e-ef1117b17b65\"]}],\"shape\":\"donut\"}},\"title\":\"Tool Contribution [GitHub Code Scanning]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":13,\"i\":\"7a3f8c53-407b-4862-9dc3-10dccfe06426\",\"w\":23,\"x\":25,\"y\":27},\"panelIndex\":\"7a3f8c53-407b-4862-9dc3-10dccfe06426\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"a9c37a5a-574a-411d-9420-2e53045288f3\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"631035e6-8678-47ee-9a8c-c6a87f6c1757\":{\"columnOrder\":[\"00866684-5176-499e-9517-eff9e9102155\",\"257a7d8d-1315-4775-97d9-e679c0f3aa79\",\"e1d8072b-7268-444a-864e-ef1117b17b65\"],\"columns\":{\"00866684-5176-499e-9517-eff9e9102155\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 values of github.code_scanning.tool.name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e1d8072b-7268-444a-864e-ef1117b17b65\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.code_scanning.tool.name\"},\"257a7d8d-1315-4775-97d9-e679c0f3aa79\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":false,\"interval\":\"d\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"e1d8072b-7268-444a-864e-ef1117b17b65\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Alert count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"a9c37a5a-574a-411d-9420-2e53045288f3\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.code_scanning\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"e1d8072b-7268-444a-864e-ef1117b17b65\"],\"layerId\":\"631035e6-8678-47ee-9a8c-c6a87f6c1757\",\"layerType\":\"data\",\"seriesType\":\"bar\",\"splitAccessor\":\"00866684-5176-499e-9517-eff9e9102155\",\"xAccessor\":\"257a7d8d-1315-4775-97d9-e679c0f3aa79\",\"yConfig\":[{\"color\":\"#6dc9cd\",\"forAccessor\":\"e1d8072b-7268-444a-864e-ef1117b17b65\"}]}],\"legend\":{\"isVisible\":true,\"maxLines\":5,\"position\":\"right\"},\"preferredSeriesType\":\"bar\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"Daily Tool Contribution [GitHub Code Scanning]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":13,\"i\":\"9653b170-7606-461f-9ac4-bf58547f30db\",\"w\":14,\"x\":0,\"y\":40},\"panelIndex\":\"9653b170-7606-461f-9ac4-bf58547f30db\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"c1f5c308-cb41-49d7-9d2b-034ddea6eec8\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"04d54e71-2f6e-462a-8858-74d8668335df\":{\"columnOrder\":[\"713d9fda-d630-485d-b2af-f6aa22ea7a71\",\"21ef31d9-60e5-4fe1-8767-950697790bab\"],\"columns\":{\"21ef31d9-60e5-4fe1-8767-950697790bab\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Alerts Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"713d9fda-d630-485d-b2af-f6aa22ea7a71\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Severity\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"21ef31d9-60e5-4fe1-8767-950697790bab\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.severity\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"c1f5c308-cb41-49d7-9d2b-034ddea6eec8\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.code_scanning\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"21ef31d9-60e5-4fe1-8767-950697790bab\"],\"layerId\":\"04d54e71-2f6e-462a-8858-74d8668335df\",\"layerType\":\"data\",\"seriesType\":\"bar\",\"xAccessor\":\"713d9fda-d630-485d-b2af-f6aa22ea7a71\",\"yConfig\":[{\"axisMode\":\"auto\",\"color\":\"#b9a888\",\"forAccessor\":\"21ef31d9-60e5-4fe1-8767-950697790bab\"}]}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"showSingleSeries\":false},\"preferredSeriesType\":\"bar\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"show\"}},\"title\":\"Alert Severity Count [GitHub Code Scanning]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":13,\"i\":\"563a073c-7de0-4095-b0ac-127caed562f2\",\"w\":11,\"x\":14,\"y\":40},\"panelIndex\":\"563a073c-7de0-4095-b0ac-127caed562f2\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"3ad0255d-c017-4880-b3dd-d60cb17375c1\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"04d54e71-2f6e-462a-8858-74d8668335df\":{\"columnOrder\":[\"713d9fda-d630-485d-b2af-f6aa22ea7a71\",\"21ef31d9-60e5-4fe1-8767-950697790bab\"],\"columns\":{\"21ef31d9-60e5-4fe1-8767-950697790bab\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Alerts Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"713d9fda-d630-485d-b2af-f6aa22ea7a71\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Severity\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"21ef31d9-60e5-4fe1-8767-950697790bab\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.severity\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"3ad0255d-c017-4880-b3dd-d60cb17375c1\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.code_scanning\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"emptySizeRatio\":0.3,\"layerId\":\"04d54e71-2f6e-462a-8858-74d8668335df\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"legendMaxLines\":1,\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"713d9fda-d630-485d-b2af-f6aa22ea7a71\"],\"metrics\":[\"21ef31d9-60e5-4fe1-8767-950697790bab\"]}],\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"shape\":\"donut\"}},\"title\":\"Alert Severity % [GitHub Code Scanning]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":13,\"i\":\"d5326dec-bbfa-4a0c-b820-f6d915d5a9c5\",\"w\":23,\"x\":25,\"y\":40},\"panelIndex\":\"d5326dec-bbfa-4a0c-b820-f6d915d5a9c5\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"8a760085-cbc8-4b89-8401-4eb7f686cc80\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"631035e6-8678-47ee-9a8c-c6a87f6c1757\":{\"columnOrder\":[\"00866684-5176-499e-9517-eff9e9102155\",\"257a7d8d-1315-4775-97d9-e679c0f3aa79\",\"e1d8072b-7268-444a-864e-ef1117b17b65\"],\"columns\":{\"00866684-5176-499e-9517-eff9e9102155\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 values of github.severity\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e1d8072b-7268-444a-864e-ef1117b17b65\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.severity\"},\"257a7d8d-1315-4775-97d9-e679c0f3aa79\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":false,\"interval\":\"d\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"e1d8072b-7268-444a-864e-ef1117b17b65\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Alert count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"8a760085-cbc8-4b89-8401-4eb7f686cc80\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.code_scanning\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"e1d8072b-7268-444a-864e-ef1117b17b65\"],\"layerId\":\"631035e6-8678-47ee-9a8c-c6a87f6c1757\",\"layerType\":\"data\",\"seriesType\":\"bar\",\"splitAccessor\":\"00866684-5176-499e-9517-eff9e9102155\",\"xAccessor\":\"257a7d8d-1315-4775-97d9-e679c0f3aa79\",\"yConfig\":[{\"color\":\"#6dc9cd\",\"forAccessor\":\"e1d8072b-7268-444a-864e-ef1117b17b65\"}]}],\"legend\":{\"isVisible\":true,\"maxLines\":5,\"position\":\"right\"},\"preferredSeriesType\":\"bar\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"Daily Alerts Count by Severity [GitHub Code Scanning]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":13,\"i\":\"c8b71fb6-3611-4788-a05f-fc9336b277f5\",\"w\":14,\"x\":0,\"y\":53},\"panelIndex\":\"c8b71fb6-3611-4788-a05f-fc9336b277f5\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"d3c21fb5-7785-4c13-b684-0eebfa9a8ea9\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"04d54e71-2f6e-462a-8858-74d8668335df\":{\"columnOrder\":[\"713d9fda-d630-485d-b2af-f6aa22ea7a71\",\"21ef31d9-60e5-4fe1-8767-950697790bab\"],\"columns\":{\"21ef31d9-60e5-4fe1-8767-950697790bab\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Alerts Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"713d9fda-d630-485d-b2af-f6aa22ea7a71\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Severity\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"21ef31d9-60e5-4fe1-8767-950697790bab\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.code_scanning.rule.severity\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"d3c21fb5-7785-4c13-b684-0eebfa9a8ea9\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.code_scanning\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"21ef31d9-60e5-4fe1-8767-950697790bab\"],\"layerId\":\"04d54e71-2f6e-462a-8858-74d8668335df\",\"layerType\":\"data\",\"seriesType\":\"bar\",\"xAccessor\":\"713d9fda-d630-485d-b2af-f6aa22ea7a71\",\"yConfig\":[{\"axisMode\":\"auto\",\"color\":\"#f1ceb0\",\"forAccessor\":\"21ef31d9-60e5-4fe1-8767-950697790bab\"}]}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"showSingleSeries\":false},\"preferredSeriesType\":\"bar\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"show\"}},\"title\":\"Rule Severity [GitHub Code Scanning]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":13,\"i\":\"26c79a62-100e-4eb4-b878-621e2be8570d\",\"w\":34,\"x\":14,\"y\":53},\"panelIndex\":\"26c79a62-100e-4eb4-b878-621e2be8570d\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a5a3e567-da48-48df-902a-28bb45019016\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"68463b79-453f-4a36-a9a5-e747691dbbc9\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5a3e567-da48-48df-902a-28bb45019016\":{\"columnOrder\":[\"df4b45ce-a7f4-4e1c-a5e5-92fd8dbd329b\",\"9797f885-5bd5-4511-8dba-7867ef8fd09a\"],\"columns\":{\"9797f885-5bd5-4511-8dba-7867ef8fd09a\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Alert Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"df4b45ce-a7f4-4e1c-a5e5-92fd8dbd329b\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 Rules\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"9797f885-5bd5-4511-8dba-7867ef8fd09a\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"rule.name\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"68463b79-453f-4a36-a9a5-e747691dbbc9\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.code_scanning\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"9797f885-5bd5-4511-8dba-7867ef8fd09a\"],\"layerId\":\"a5a3e567-da48-48df-902a-28bb45019016\",\"layerType\":\"data\",\"seriesType\":\"bar_horizontal\",\"xAccessor\":\"df4b45ce-a7f4-4e1c-a5e5-92fd8dbd329b\"}],\"legend\":{\"floatingColumns\":1,\"horizontalAlignment\":\"right\",\"isInside\":true,\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":true,\"showSingleSeries\":false,\"verticalAlignment\":\"top\"},\"preferredSeriesType\":\"bar_horizontal\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"Top Rules [GitHub Code Scanning]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"41578b87-d820-42df-92d5-69af2643d793\",\"w\":36,\"x\":0,\"y\":66},\"panelIndex\":\"41578b87-d820-42df-92d5-69af2643d793\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-17dc082e-1cb5-4483-901a-9c220d911bac\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"1fdc2685-af71-4ebd-ad31-9a9f0aa8a12f\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"17dc082e-1cb5-4483-901a-9c220d911bac\":{\"columnOrder\":[\"576f9e4c-0341-4fae-b2f9-2fa4dd4ce6f5\",\"b907d8f2-1395-4737-a7db-25bd080be94d\"],\"columns\":{\"576f9e4c-0341-4fae-b2f9-2fa4dd4ce6f5\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top files responsible for alerts\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"b907d8f2-1395-4737-a7db-25bd080be94d\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.code_scanning.most_recent_instance.location.path\"},\"b907d8f2-1395-4737-a7db-25bd080be94d\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Alert Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"1fdc2685-af71-4ebd-ad31-9a9f0aa8a12f\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.code_scanning\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"b907d8f2-1395-4737-a7db-25bd080be94d\"],\"layerId\":\"17dc082e-1cb5-4483-901a-9c220d911bac\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"xAccessor\":\"576f9e4c-0341-4fae-b2f9-2fa4dd4ce6f5\"}],\"legend\":{\"isInside\":false,\"isVisible\":true,\"position\":\"right\",\"showSingleSeries\":false},\"preferredSeriesType\":\"bar_horizontal\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"Top files [GitHub Code Scanning]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"4f4ecefc-738e-4b86-8013-4b78bcb6d79b\",\"w\":12,\"x\":36,\"y\":66},\"panelIndex\":\"4f4ecefc-738e-4b86-8013-4b78bcb6d79b\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-2321cd3f-039b-44be-90a5-03028195d49e\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"eeb76646-d085-43fb-bad2-e7e78e3470fa\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"2321cd3f-039b-44be-90a5-03028195d49e\":{\"columnOrder\":[\"37a962c0-4797-484d-b2e6-00a280b3edc2\",\"871b560f-f208-41a2-978b-b97664f99807\"],\"columns\":{\"37a962c0-4797-484d-b2e6-00a280b3edc2\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"User\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"871b560f-f208-41a2-978b-b97664f99807\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.code_scanning.dismissed_by.login\"},\"871b560f-f208-41a2-978b-b97664f99807\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Alerts count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"eeb76646-d085-43fb-bad2-e7e78e3470fa\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.code_scanning\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"871b560f-f208-41a2-978b-b97664f99807\"],\"layerId\":\"2321cd3f-039b-44be-90a5-03028195d49e\",\"layerType\":\"data\",\"seriesType\":\"bar_horizontal\",\"xAccessor\":\"37a962c0-4797-484d-b2e6-00a280b3edc2\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_horizontal\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"Top users dismissing alerts [GitHub Code Scanning]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":12,\"i\":\"234754b7-9ffa-44b0-b7f7-7ed6ec6a6d32\",\"w\":48,\"x\":0,\"y\":81},\"panelIndex\":\"234754b7-9ffa-44b0-b7f7-7ed6ec6a6d32\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-ebd4f001-671a-4772-a2c4-b07f94e34845\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"deab5558-7fec-4cfa-b152-24203a046301\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"ebd4f001-671a-4772-a2c4-b07f94e34845\":{\"columnOrder\":[\"fc40a758-e2ae-45db-88c1-439660cb7f66\",\"5caf7916-eab1-42d2-b591-41039ee8ed72\"],\"columns\":{\"5caf7916-eab1-42d2-b591-41039ee8ed72\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"fc40a758-e2ae-45db-88c1-439660cb7f66\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"deab5558-7fec-4cfa-b152-24203a046301\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.code_scanning\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"5caf7916-eab1-42d2-b591-41039ee8ed72\"],\"layerId\":\"ebd4f001-671a-4772-a2c4-b07f94e34845\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"xAccessor\":\"fc40a758-e2ae-45db-88c1-439660cb7f66\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"Events Timeline [GitHub Code Scanning]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"}}]","timeRestore":false,"title":"[GitHub] Code Scanning Alerts","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"github-4da91aa0-12fc-11ed-af77-016e1a977d80","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"dc15f49d-29b1-4e2e-8787-51ffbab5b4ac:indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d","type":"index-pattern"},{"id":"logs-*","name":"dc15f49d-29b1-4e2e-8787-51ffbab5b4ac:2c60b75b-1f6f-4bee-8a9c-6b7fdcbc905e","type":"index-pattern"},{"id":"logs-*","name":"85cbbb74-4d3c-44e0-98f6-be076e31aea3:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95","type":"index-pattern"},{"id":"logs-*","name":"85cbbb74-4d3c-44e0-98f6-be076e31aea3:4fa3d8de-226f-4ff3-ab95-b9167e6ff115","type":"index-pattern"},{"id":"logs-*","name":"1b501988-f932-4d80-8625-d2a1c8cd7321:indexpattern-datasource-layer-cbc5557e-f6b9-4140-90b2-3100f33083c4","type":"index-pattern"},{"id":"logs-*","name":"1b501988-f932-4d80-8625-d2a1c8cd7321:5b02c858-e981-4dc4-a3bc-1d563549180a","type":"index-pattern"},{"id":"logs-*","name":"12c18b92-9f7b-4832-b85f-aad64720ea87:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95","type":"index-pattern"},{"id":"logs-*","name":"12c18b92-9f7b-4832-b85f-aad64720ea87:5d417c98-6b80-42b4-9183-15bf539c9c46","type":"index-pattern"},{"id":"logs-*","name":"12c18b92-9f7b-4832-b85f-aad64720ea87:c10f8d54-f8a4-45cf-8c17-527a0b914e14","type":"index-pattern"},{"id":"logs-*","name":"7131e4d3-c168-480d-9496-1463ceaaa97a:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95","type":"index-pattern"},{"id":"logs-*","name":"7131e4d3-c168-480d-9496-1463ceaaa97a:1d49d476-9ca6-44e0-8501-35c7f63ed984","type":"index-pattern"},{"id":"logs-*","name":"7131e4d3-c168-480d-9496-1463ceaaa97a:a0505379-6e67-41c4-b3c8-b7e6bd3efa7d","type":"index-pattern"},{"id":"logs-*","name":"c3e8ea64-b6f9-470c-9004-02f8909672eb:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95","type":"index-pattern"},{"id":"logs-*","name":"c3e8ea64-b6f9-470c-9004-02f8909672eb:bff2e3f5-8f9b-49f4-ba88-b0e937089c2f","type":"index-pattern"},{"id":"logs-*","name":"c3e8ea64-b6f9-470c-9004-02f8909672eb:960abe90-416f-4075-aaef-2cc0a3af1707","type":"index-pattern"},{"id":"logs-*","name":"46dc58eb-4994-442d-a6b4-4b3699b74bf1:indexpattern-datasource-layer-d8a21374-4117-4796-96e2-ecd47f2babd2","type":"index-pattern"},{"id":"logs-*","name":"46dc58eb-4994-442d-a6b4-4b3699b74bf1:2ce8a419-debd-4a37-85e6-c7b49e61604f","type":"index-pattern"},{"id":"logs-*","name":"9a3577e8-d452-46cc-b2dd-9424ec80c871:indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8","type":"index-pattern"},{"id":"logs-*","name":"9a3577e8-d452-46cc-b2dd-9424ec80c871:1d50dadb-a088-4e8b-842f-8d84e6378658","type":"index-pattern"},{"id":"logs-*","name":"ae814e70-2e8e-43df-b62e-e32d1c26f676:indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85","type":"index-pattern"},{"id":"logs-*","name":"ae814e70-2e8e-43df-b62e-e32d1c26f676:63aad513-3506-45e9-8c13-d2ee49f689ab","type":"index-pattern"},{"id":"logs-*","name":"4e77167a-4642-4cbb-8430-2197e2f31666:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757","type":"index-pattern"},{"id":"logs-*","name":"4e77167a-4642-4cbb-8430-2197e2f31666:14d80078-f238-406f-9a34-bae0f8616bc0","type":"index-pattern"},{"id":"logs-*","name":"5135da2a-0093-4b71-a35a-c2b8877d22dd:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757","type":"index-pattern"},{"id":"logs-*","name":"5135da2a-0093-4b71-a35a-c2b8877d22dd:e696efc1-4a91-44d3-ad68-618f00d80703","type":"index-pattern"},{"id":"logs-*","name":"7a3f8c53-407b-4862-9dc3-10dccfe06426:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757","type":"index-pattern"},{"id":"logs-*","name":"7a3f8c53-407b-4862-9dc3-10dccfe06426:a9c37a5a-574a-411d-9420-2e53045288f3","type":"index-pattern"},{"id":"logs-*","name":"9653b170-7606-461f-9ac4-bf58547f30db:indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df","type":"index-pattern"},{"id":"logs-*","name":"9653b170-7606-461f-9ac4-bf58547f30db:c1f5c308-cb41-49d7-9d2b-034ddea6eec8","type":"index-pattern"},{"id":"logs-*","name":"563a073c-7de0-4095-b0ac-127caed562f2:indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df","type":"index-pattern"},{"id":"logs-*","name":"563a073c-7de0-4095-b0ac-127caed562f2:3ad0255d-c017-4880-b3dd-d60cb17375c1","type":"index-pattern"},{"id":"logs-*","name":"d5326dec-bbfa-4a0c-b820-f6d915d5a9c5:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757","type":"index-pattern"},{"id":"logs-*","name":"d5326dec-bbfa-4a0c-b820-f6d915d5a9c5:8a760085-cbc8-4b89-8401-4eb7f686cc80","type":"index-pattern"},{"id":"logs-*","name":"c8b71fb6-3611-4788-a05f-fc9336b277f5:indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df","type":"index-pattern"},{"id":"logs-*","name":"c8b71fb6-3611-4788-a05f-fc9336b277f5:d3c21fb5-7785-4c13-b684-0eebfa9a8ea9","type":"index-pattern"},{"id":"logs-*","name":"26c79a62-100e-4eb4-b878-621e2be8570d:indexpattern-datasource-layer-a5a3e567-da48-48df-902a-28bb45019016","type":"index-pattern"},{"id":"logs-*","name":"26c79a62-100e-4eb4-b878-621e2be8570d:68463b79-453f-4a36-a9a5-e747691dbbc9","type":"index-pattern"},{"id":"logs-*","name":"41578b87-d820-42df-92d5-69af2643d793:indexpattern-datasource-layer-17dc082e-1cb5-4483-901a-9c220d911bac","type":"index-pattern"},{"id":"logs-*","name":"41578b87-d820-42df-92d5-69af2643d793:1fdc2685-af71-4ebd-ad31-9a9f0aa8a12f","type":"index-pattern"},{"id":"logs-*","name":"4f4ecefc-738e-4b86-8013-4b78bcb6d79b:indexpattern-datasource-layer-2321cd3f-039b-44be-90a5-03028195d49e","type":"index-pattern"},{"id":"logs-*","name":"4f4ecefc-738e-4b86-8013-4b78bcb6d79b:eeb76646-d085-43fb-bad2-e7e78e3470fa","type":"index-pattern"},{"id":"logs-*","name":"234754b7-9ffa-44b0-b7f7-7ed6ec6a6d32:indexpattern-datasource-layer-ebd4f001-671a-4772-a2c4-b07f94e34845","type":"index-pattern"},{"id":"logs-*","name":"234754b7-9ffa-44b0-b7f7-7ed6ec6a6d32:deab5558-7fec-4cfa-b152-24203a046301","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_93a8183f-ab74-4636-9f63-9e30c35bfa6b:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_965171e3-e02b-49ff-a2f7-6ddfa5159eee:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_8fb8d319-c120-4bcb-849d-6d45f3f5406a:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_3d506940-8d8f-4f4f-8fa8-5ac070d1dc36:optionsListDataView","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-github-default","name":"tag-ref-fleet-pkg-github-default","type":"tag"}],"sort":[1688154054424,7608],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3NzIsMV0="}
-{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{\"66d2324e-be32-41be-b685-54ba2cc58c2b\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.owner.login\",\"title\":\"Owner/Organization\",\"id\":\"66d2324e-be32-41be-b685-54ba2cc58c2b\",\"enhancements\":{}}},\"54e33c68-ad08-412f-852a-f669391018b0\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.name\",\"title\":\"Repository\",\"id\":\"54e33c68-ad08-412f-852a-f669391018b0\",\"enhancements\":{}}},\"9fd25971-d168-4a50-985f-9e1bb266c93e\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.state\",\"title\":\"State\",\"id\":\"9fd25971-d168-4a50-985f-9e1bb266c93e\",\"enhancements\":{}}},\"bcb03b9e-5278-4d66-a4da-762d41ec13cd\":{\"order\":3,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.severity\",\"title\":\"Severity\",\"id\":\"bcb03b9e-5278-4d66-a4da-762d41ec13cd\",\"enhancements\":{}}}}"},"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"Secret Scanning\",\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.action\",\"negate\":false,\"params\":[\"secret_scanning\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.action\":\"secret_scanning\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":5,\"i\":\"77e597be-8cdc-4fa3-9dee-4e4ed1103e55\",\"w\":14,\"x\":0,\"y\":0},\"panelIndex\":\"77e597be-8cdc-4fa3-9dee-4e4ed1103e55\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"a27a9357-b353-46a3-9116-530f354b09b9\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"3f8b858f-a1ee-4d69-a100-d59282acd94d\":{\"columnOrder\":[\"ccdc8558-1d3f-4c8b-a31e-d59ac78d0212\"],\"columns\":{\"ccdc8558-1d3f-4c8b-a31e-d59ac78d0212\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Total Secrets Found\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"a27a9357-b353-46a3-9116-530f354b09b9\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.secret_scanning\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.secret_scanning\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"ccdc8558-1d3f-4c8b-a31e-d59ac78d0212\",\"layerId\":\"3f8b858f-a1ee-4d69-a100-d59282acd94d\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"top\"}},\"title\":\"Total Secrets Found [GitHub Secret Scanning]\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":5,\"i\":\"277a4af7-61c6-40d9-80a6-2d73df097618\",\"w\":14,\"x\":14,\"y\":0},\"panelIndex\":\"277a4af7-61c6-40d9-80a6-2d73df097618\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"ef2a4614-151f-42d0-8707-257d009298ea\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\":{\"columnOrder\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\",\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\",\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1\",\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2\"],\"columns\":{\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Secrets Found/Fixed Ratio\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"number\",\"params\":{\"decimals\":2}},\"formula\":\"count()/count(kql='github.state:dismissed or github.state:resolved')\",\"isFormulaBroken\":false},\"references\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2\"],\"scale\":\"ratio\"},\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Secrets Found/Fixed Ratio\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"github.state:dismissed or github.state:resolved\"},\"isBucketed\":false,\"label\":\"Part of Secrets Found/Fixed Ratio\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Secrets Found/Fixed Ratio\",\"operationType\":\"math\",\"params\":{\"tinymathAst\":{\"args\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\",\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1\"],\"location\":{\"max\":68,\"min\":0},\"name\":\"divide\",\"text\":\"count()/count(kql='github.state:dismissed or github.state:resolved')\",\"type\":\"function\"}},\"references\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\",\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1\"],\"scale\":\"ratio\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"ef2a4614-151f-42d0-8707-257d009298ea\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.secret_scanning\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.secret_scanning\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\",\"colorMode\":\"None\",\"layerId\":\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"layerType\":\"data\",\"textAlign\":\"center\"}},\"title\":\"Secrets Found/Fixed Ratio [GitHub Secret Scanning]\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"51a087d0-9c56-4047-9404-b4b7b37497b0\",\"w\":20,\"x\":28,\"y\":0},\"panelIndex\":\"51a087d0-9c56-4047-9404-b4b7b37497b0\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-cbc5557e-f6b9-4140-90b2-3100f33083c4\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"d7c9ae82-adc1-4169-a1ac-2fea90204f25\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"cbc5557e-f6b9-4140-90b2-3100f33083c4\":{\"columnOrder\":[\"3ef214a7-820c-42e3-b2b0-5daa7566fedc\",\"4525c4ae-5f82-4b4d-9867-48e4aba462fd\"],\"columns\":{\"3ef214a7-820c-42e3-b2b0-5daa7566fedc\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Open vs Resolved\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"4525c4ae-5f82-4b4d-9867-48e4aba462fd\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.state\"},\"4525c4ae-5f82-4b4d-9867-48e4aba462fd\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"d7c9ae82-adc1-4169-a1ac-2fea90204f25\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.secret_scanning\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.secret_scanning\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"emptySizeRatio\":0.3,\"layerId\":\"cbc5557e-f6b9-4140-90b2-3100f33083c4\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"legendPosition\":\"right\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":true,\"primaryGroups\":[\"3ef214a7-820c-42e3-b2b0-5daa7566fedc\"],\"metrics\":[\"4525c4ae-5f82-4b4d-9867-48e4aba462fd\"]}],\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"shape\":\"donut\"}},\"title\":\"Open vs Fixed/Resolved Secrets[GitHub Secret Scanning]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":5,\"i\":\"3c9e482b-4cd2-43e2-a1aa-5a6d66050c16\",\"w\":14,\"x\":0,\"y\":5},\"panelIndex\":\"3c9e482b-4cd2-43e2-a1aa-5a6d66050c16\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"b2d41cbe-238c-4c90-994d-d8e8f1668a44\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"d4cc48c0-fb83-4b1d-9c91-369a087165c4\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\":{\"columnOrder\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\"],\"columns\":{\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Open Alerts\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}}},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"b2d41cbe-238c-4c90-994d-d8e8f1668a44\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.secret_scanning\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.secret_scanning\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"d4cc48c0-fb83-4b1d-9c91-369a087165c4\",\"key\":\"github.state\",\"negate\":false,\"params\":{\"query\":\"open\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"github.state\":\"open\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\",\"colorMode\":\"Labels\",\"layerId\":\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"layerType\":\"data\",\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#209280\",\"stop\":0},{\"color\":\"#d6bf57\",\"stop\":1},{\"color\":\"#cc5642\",\"stop\":1000}],\"continuity\":\"above\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":0,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#209280\",\"stop\":1},{\"color\":\"#d6bf57\",\"stop\":1000},{\"color\":\"#cc5642\",\"stop\":1001}]},\"type\":\"palette\"},\"textAlign\":\"center\"}},\"title\":\"Open Secrets Count [GitHub Secret Scanning]\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":10,\"i\":\"e6cb0087-c5ba-49f2-8ae9-b206d2346609\",\"w\":14,\"x\":14,\"y\":5},\"panelIndex\":\"e6cb0087-c5ba-49f2-8ae9-b206d2346609\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"9c0d6963-bc22-4d2d-9028-20e603d307e7\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"dac33af7-8640-4326-8c95-afddf6194657\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\":{\"columnOrder\":[\"e33d2853-5b3d-4be9-9312-2d8da64d9523\"],\"columns\":{\"e33d2853-5b3d-4be9-9312-2d8da64d9523\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Mean time to resolve an alert\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"github.secret_scanning.time_to_resolution.sec\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"9c0d6963-bc22-4d2d-9028-20e603d307e7\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.secret_scanning\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.secret_scanning\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"dac33af7-8640-4326-8c95-afddf6194657\",\"key\":\"github.secret_scanning.time_to_resolution.sec\",\"negate\":false,\"type\":\"exists\",\"value\":\"exists\"},\"query\":{\"exists\":{\"field\":\"github.secret_scanning.time_to_resolution.sec\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"e33d2853-5b3d-4be9-9312-2d8da64d9523\",\"colorMode\":\"None\",\"layerId\":\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"layerType\":\"data\",\"textAlign\":\"center\"}},\"title\":\"Mean Time to Resolution [GitHub Secret Scanning]\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":5,\"i\":\"892ed6dd-afe7-4685-bebb-5f1a70b44692\",\"w\":14,\"x\":0,\"y\":10},\"panelIndex\":\"892ed6dd-afe7-4685-bebb-5f1a70b44692\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"e9f91f71-3727-4bf1-9d0a-2742347e223f\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"f34d1f77-a34c-4ac9-ab7a-6892d9505a80\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\":{\"columnOrder\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\",\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\"],\"columns\":{\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Resolved/Dismissed Alerts\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}},\"formula\":\"count()\",\"isFormulaBroken\":false},\"references\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\"],\"scale\":\"ratio\"},\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Dismissed Alerts\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"e9f91f71-3727-4bf1-9d0a-2742347e223f\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.secret_scanning\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.secret_scanning\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"f34d1f77-a34c-4ac9-ab7a-6892d9505a80\",\"key\":\"github.state\",\"negate\":false,\"params\":[\"dismissed\",\"resolved\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"github.state\":\"dismissed\"}},{\"match_phrase\":{\"github.state\":\"resolved\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\",\"colorMode\":\"Labels\",\"layerId\":\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"layerType\":\"data\",\"palette\":{\"name\":\"positive\",\"params\":{\"continuity\":\"above\",\"maxSteps\":5,\"name\":\"positive\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":0,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#bbdad3\",\"stop\":0},{\"color\":\"#77b6a8\",\"stop\":8},{\"color\":\"#209280\",\"stop\":16}]},\"type\":\"palette\"},\"textAlign\":\"center\"}},\"title\":\"Fixed Secrets Count [GitHub Secret Scanning]\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":12,\"i\":\"429f2ded-1aca-42cd-9190-9afddb03eabf\",\"w\":24,\"x\":0,\"y\":15},\"panelIndex\":\"429f2ded-1aca-42cd-9190-9afddb03eabf\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"89debdad-d323-4640-918b-2c38d061e212\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"2592c6ef-cf07-4080-b4fe-014cc142e3c8\":{\"columnOrder\":[\"1e393f28-24a9-40af-830b-654785bf6236\",\"727c7778-d3ac-48b4-a1e9-fd2308ad7bf2\",\"2e911c1d-57e0-4dab-b9f2-3e8660f1527c\",\"2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0\"],\"columns\":{\"1e393f28-24a9-40af-830b-654785bf6236\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Owner\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"fallback\":true,\"type\":\"alphabetical\"},\"orderDirection\":\"asc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":20},\"scale\":\"ordinal\",\"sourceField\":\"github.repository.owner.login\"},\"2e911c1d-57e0-4dab-b9f2-3e8660f1527c\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Found Secrets by repository\",\"operationType\":\"formula\",\"params\":{\"formula\":\"count()\",\"isFormulaBroken\":false},\"references\":[\"2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0\"],\"scale\":\"ratio\"},\"2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Alerts count by repository\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"727c7778-d3ac-48b4-a1e9-fd2308ad7bf2\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of github.repository.owner.login + 1 other\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"fallback\":true,\"type\":\"alphabetical\"},\"orderDirection\":\"asc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"multi_terms\"},\"secondaryFields\":[\"github.repository.name\"],\"size\":50},\"scale\":\"ordinal\",\"sourceField\":\"github.repository.owner.login\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"89debdad-d323-4640-918b-2c38d061e212\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.secret_scanning\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.secret_scanning\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"2e911c1d-57e0-4dab-b9f2-3e8660f1527c\"],\"layerId\":\"2592c6ef-cf07-4080-b4fe-014cc142e3c8\",\"layerType\":\"data\",\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"seriesType\":\"bar\",\"splitAccessor\":\"727c7778-d3ac-48b4-a1e9-fd2308ad7bf2\",\"xAccessor\":\"1e393f28-24a9-40af-830b-654785bf6236\"}],\"legend\":{\"isVisible\":true,\"maxLines\":5,\"position\":\"right\",\"shouldTruncate\":true,\"showSingleSeries\":true},\"preferredSeriesType\":\"bar\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"Found Secrets count by owner and by repository [GitHub Secret Scanning]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":12,\"i\":\"a7adc099-113f-4113-b592-24b5ceff484e\",\"w\":24,\"x\":24,\"y\":15},\"panelIndex\":\"a7adc099-113f-4113-b592-24b5ceff484e\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"11287d36-4d96-447c-b336-56ae03fcbc16\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"91e1a389-34e8-4332-9dbb-bd883d71dd85\":{\"columnOrder\":[\"894fb0b1-f0bd-4dbe-885b-0b41c339e84f\",\"8cca4d83-a822-4b67-97cd-27649e1d7c68\",\"c53bee8d-06ca-4728-b6bc-2761d77a9ef5\"],\"columns\":{\"894fb0b1-f0bd-4dbe-885b-0b41c339e84f\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top repositories contributing to alerts by owner\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"c53bee8d-06ca-4728-b6bc-2761d77a9ef5\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":20},\"scale\":\"ordinal\",\"sourceField\":\"github.repository.owner.login\"},\"8cca4d83-a822-4b67-97cd-27649e1d7c68\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 values of github.repository.name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"c53bee8d-06ca-4728-b6bc-2761d77a9ef5\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.repository.name\"},\"c53bee8d-06ca-4728-b6bc-2761d77a9ef5\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"11287d36-4d96-447c-b336-56ae03fcbc16\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.secret_scanning\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.secret_scanning\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"91e1a389-34e8-4332-9dbb-bd883d71dd85\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"894fb0b1-f0bd-4dbe-885b-0b41c339e84f\",\"8cca4d83-a822-4b67-97cd-27649e1d7c68\"],\"metrics\":[\"c53bee8d-06ca-4728-b6bc-2761d77a9ef5\"]}],\"shape\":\"pie\"}},\"title\":\"Found Secrets % by owner and by repository [GitHub Secret Scanning]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":13,\"i\":\"883397dd-0064-48f2-b257-c8ed4295b0b9\",\"w\":24,\"x\":0,\"y\":27},\"panelIndex\":\"883397dd-0064-48f2-b257-c8ed4295b0b9\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"25c2db0c-d286-407e-9c0b-55252a2ad165\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"82cbb0d6-87ad-47e3-bed4-84e8d7f812d1\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"631035e6-8678-47ee-9a8c-c6a87f6c1757\":{\"columnOrder\":[\"257a7d8d-1315-4775-97d9-e679c0f3aa79\",\"e1d8072b-7268-444a-864e-ef1117b17b65\"],\"columns\":{\"257a7d8d-1315-4775-97d9-e679c0f3aa79\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Secret Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e1d8072b-7268-444a-864e-ef1117b17b65\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.secret_scanning.secret_type_display_name\"},\"e1d8072b-7268-444a-864e-ef1117b17b65\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Found Secrets\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"25c2db0c-d286-407e-9c0b-55252a2ad165\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.secret_scanning\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.secret_scanning\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"82cbb0d6-87ad-47e3-bed4-84e8d7f812d1\",\"key\":\"github.state\",\"negate\":false,\"params\":{\"query\":\"open\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"github.state\":\"open\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"e1d8072b-7268-444a-864e-ef1117b17b65\"],\"layerId\":\"631035e6-8678-47ee-9a8c-c6a87f6c1757\",\"layerType\":\"data\",\"seriesType\":\"bar_horizontal\",\"xAccessor\":\"257a7d8d-1315-4775-97d9-e679c0f3aa79\",\"yConfig\":[{\"color\":\"#6dc9cd\",\"forAccessor\":\"e1d8072b-7268-444a-864e-ef1117b17b65\"}]}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_horizontal\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"Open Secrets Count by Type [GitHub Secret Scanning]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":13,\"i\":\"d0ec4a50-b9da-4775-9f64-5389f898aee3\",\"w\":24,\"x\":24,\"y\":27},\"panelIndex\":\"d0ec4a50-b9da-4775-9f64-5389f898aee3\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"acfd1c9a-be16-4275-ae7d-0ad42b060de0\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"42fcf4b5-0905-4d97-baa9-c08a61bc3b7a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"631035e6-8678-47ee-9a8c-c6a87f6c1757\":{\"columnOrder\":[\"257a7d8d-1315-4775-97d9-e679c0f3aa79\",\"e1d8072b-7268-444a-864e-ef1117b17b65\"],\"columns\":{\"257a7d8d-1315-4775-97d9-e679c0f3aa79\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Secrets by Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e1d8072b-7268-444a-864e-ef1117b17b65\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.secret_scanning.secret_type_display_name\"},\"e1d8072b-7268-444a-864e-ef1117b17b65\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"acfd1c9a-be16-4275-ae7d-0ad42b060de0\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.secret_scanning\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.secret_scanning\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"42fcf4b5-0905-4d97-baa9-c08a61bc3b7a\",\"key\":\"github.state\",\"negate\":false,\"params\":{\"query\":\"open\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"github.state\":\"open\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"emptySizeRatio\":0.3,\"layerId\":\"631035e6-8678-47ee-9a8c-c6a87f6c1757\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"legendMaxLines\":5,\"legendPosition\":\"right\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":true,\"primaryGroups\":[\"257a7d8d-1315-4775-97d9-e679c0f3aa79\"],\"metrics\":[\"e1d8072b-7268-444a-864e-ef1117b17b65\"]}],\"shape\":\"donut\"}},\"title\":\"Open Secrets % by Type [GitHub Secret Scanning]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"7cccdf3a-7c20-4bb6-8adb-3b2d83c7a0b8\",\"w\":48,\"x\":0,\"y\":40},\"panelIndex\":\"7cccdf3a-7c20-4bb6-8adb-3b2d83c7a0b8\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-725aa594-f41c-4b3e-a6cf-8c115b602f57\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"c26ebed6-b942-43ed-9f00-ccf3c5842f5f\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"54bf50e3-8882-4a5e-a4ad-e4d684c3abaa\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"725aa594-f41c-4b3e-a6cf-8c115b602f57\":{\"columnOrder\":[\"98acffa4-7380-4b18-9f9a-4025ca8ac0c6\",\"197c6dc3-cb49-4482-8381-a89e27cc960f\",\"e81fb515-1196-411c-818d-8f4d837ce000\",\"2059204b-f8ae-4a1f-911e-c7ed705f2ba9\",\"753cfcd3-a745-4003-9d55-c19e0ffbd43f\",\"5cf0999f-989a-465c-a12d-3549cad8584a\",\"308e4990-dd31-471d-a467-d9c8a775476d\",\"432976f9-4218-49dc-9922-f7dc093cbaa1\"],\"columns\":{\"197c6dc3-cb49-4482-8381-a89e27cc960f\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Owner/Organization\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"308e4990-dd31-471d-a467-d9c8a775476d\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":1},\"scale\":\"ordinal\",\"sourceField\":\"github.repository.owner.login\"},\"2059204b-f8ae-4a1f-911e-c7ed705f2ba9\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"308e4990-dd31-471d-a467-d9c8a775476d\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":1},\"scale\":\"ordinal\",\"sourceField\":\"github.secret_scanning.secret_type_display_name\"},\"308e4990-dd31-471d-a467-d9c8a775476d\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"432976f9-4218-49dc-9922-f7dc093cbaa1\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"github.secret_scanning.time_to_resolution.sec: *\"},\"isBucketed\":false,\"label\":\"Time To Resolution\",\"operationType\":\"last_value\",\"params\":{\"sortField\":\"@timestamp\"},\"scale\":\"ratio\",\"sourceField\":\"github.secret_scanning.time_to_resolution.sec\"},\"5cf0999f-989a-465c-a12d-3549cad8584a\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Resolved By User\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"308e4990-dd31-471d-a467-d9c8a775476d\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":1},\"scale\":\"ordinal\",\"sourceField\":\"github.secret_scanning.resolved_by.login\"},\"753cfcd3-a745-4003-9d55-c19e0ffbd43f\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Resolution\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"308e4990-dd31-471d-a467-d9c8a775476d\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":1},\"scale\":\"ordinal\",\"sourceField\":\"github.secret_scanning.resolution\"},\"98acffa4-7380-4b18-9f9a-4025ca8ac0c6\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Fixed Secret\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"308e4990-dd31-471d-a467-d9c8a775476d\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":1000},\"scale\":\"ordinal\",\"sourceField\":\"github.secret_scanning.secret\"},\"e81fb515-1196-411c-818d-8f4d837ce000\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Repository\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"308e4990-dd31-471d-a467-d9c8a775476d\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":1},\"scale\":\"ordinal\",\"sourceField\":\"github.repository.name\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"c26ebed6-b942-43ed-9f00-ccf3c5842f5f\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.secret_scanning\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.secret_scanning\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"54bf50e3-8882-4a5e-a4ad-e4d684c3abaa\",\"key\":\"github.state\",\"negate\":false,\"params\":[\"dismissed\",\"resolved\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"github.state\":\"dismissed\"}},{\"match_phrase\":{\"github.state\":\"resolved\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"alignment\":\"left\",\"columnId\":\"98acffa4-7380-4b18-9f9a-4025ca8ac0c6\",\"hidden\":false,\"isTransposed\":false,\"width\":242.75},{\"columnId\":\"197c6dc3-cb49-4482-8381-a89e27cc960f\",\"isTransposed\":false},{\"columnId\":\"e81fb515-1196-411c-818d-8f4d837ce000\",\"isTransposed\":false},{\"columnId\":\"753cfcd3-a745-4003-9d55-c19e0ffbd43f\",\"isTransposed\":false},{\"columnId\":\"5cf0999f-989a-465c-a12d-3549cad8584a\",\"isTransposed\":false},{\"columnId\":\"2059204b-f8ae-4a1f-911e-c7ed705f2ba9\",\"isTransposed\":false},{\"columnId\":\"308e4990-dd31-471d-a467-d9c8a775476d\",\"hidden\":true,\"isTransposed\":false},{\"columnId\":\"432976f9-4218-49dc-9922-f7dc093cbaa1\",\"isTransposed\":false}],\"layerId\":\"725aa594-f41c-4b3e-a6cf-8c115b602f57\",\"layerType\":\"data\"}},\"title\":\"Fixed Secrets [GitHub Secret Scanning]\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"991aa388-e5d6-469b-911a-1cbcd1b84417\",\"w\":48,\"x\":0,\"y\":55},\"panelIndex\":\"991aa388-e5d6-469b-911a-1cbcd1b84417\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-725aa594-f41c-4b3e-a6cf-8c115b602f57\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"ee8e512a-72ec-4ab7-9c01-8bc987dc2b42\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"94bf6c5a-a948-40c1-95a7-52d11ef68bad\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"725aa594-f41c-4b3e-a6cf-8c115b602f57\":{\"columnOrder\":[\"98acffa4-7380-4b18-9f9a-4025ca8ac0c6\",\"197c6dc3-cb49-4482-8381-a89e27cc960f\",\"e81fb515-1196-411c-818d-8f4d837ce000\",\"4b29a17b-d4c4-4d29-a120-296f69b2875e\",\"3b3eb320-881a-4786-bcb3-d2400e38a3d3\",\"308e4990-dd31-471d-a467-d9c8a775476d\"],\"columns\":{\"197c6dc3-cb49-4482-8381-a89e27cc960f\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Owner/Organization\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"308e4990-dd31-471d-a467-d9c8a775476d\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":1},\"scale\":\"ordinal\",\"sourceField\":\"github.repository.owner.login\"},\"308e4990-dd31-471d-a467-d9c8a775476d\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"3b3eb320-881a-4786-bcb3-d2400e38a3d3\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Alert URL\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"308e4990-dd31-471d-a467-d9c8a775476d\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":1},\"scale\":\"ordinal\",\"sourceField\":\"github.secret_scanning.url\"},\"4b29a17b-d4c4-4d29-a120-296f69b2875e\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"308e4990-dd31-471d-a467-d9c8a775476d\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":1},\"scale\":\"ordinal\",\"sourceField\":\"github.secret_scanning.secret_type_display_name\"},\"98acffa4-7380-4b18-9f9a-4025ca8ac0c6\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Found Secret\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"308e4990-dd31-471d-a467-d9c8a775476d\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":1000},\"scale\":\"ordinal\",\"sourceField\":\"github.secret_scanning.secret\"},\"e81fb515-1196-411c-818d-8f4d837ce000\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Repository\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"308e4990-dd31-471d-a467-d9c8a775476d\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":1},\"scale\":\"ordinal\",\"sourceField\":\"github.repository.name\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"ee8e512a-72ec-4ab7-9c01-8bc987dc2b42\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.secret_scanning\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.secret_scanning\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"94bf6c5a-a948-40c1-95a7-52d11ef68bad\",\"key\":\"github.state\",\"negate\":false,\"params\":[\"open\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"github.state\":\"open\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"alignment\":\"left\",\"columnId\":\"98acffa4-7380-4b18-9f9a-4025ca8ac0c6\",\"hidden\":false,\"isTransposed\":false,\"width\":242.75},{\"columnId\":\"197c6dc3-cb49-4482-8381-a89e27cc960f\",\"isTransposed\":false},{\"columnId\":\"e81fb515-1196-411c-818d-8f4d837ce000\",\"isTransposed\":false},{\"columnId\":\"3b3eb320-881a-4786-bcb3-d2400e38a3d3\",\"isTransposed\":false},{\"columnId\":\"4b29a17b-d4c4-4d29-a120-296f69b2875e\",\"isTransposed\":false},{\"columnId\":\"308e4990-dd31-471d-a467-d9c8a775476d\",\"hidden\":true,\"isTransposed\":false}],\"layerId\":\"725aa594-f41c-4b3e-a6cf-8c115b602f57\",\"layerType\":\"data\",\"paging\":{\"enabled\":true,\"size\":10},\"rowHeight\":\"custom\",\"rowHeightLines\":2}},\"title\":\"Found Secrets [GitHub Secret Scanning]\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"ff2747ad-ec9c-44a5-b8f9-9347be86c98b\",\"w\":15,\"x\":33,\"y\":70},\"panelIndex\":\"ff2747ad-ec9c-44a5-b8f9-9347be86c98b\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-2321cd3f-039b-44be-90a5-03028195d49e\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"8908ff94-5bd3-4a76-b219-1ba7128998c6\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"2321cd3f-039b-44be-90a5-03028195d49e\":{\"columnOrder\":[\"37a962c0-4797-484d-b2e6-00a280b3edc2\",\"871b560f-f208-41a2-978b-b97664f99807\"],\"columns\":{\"37a962c0-4797-484d-b2e6-00a280b3edc2\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"User\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"871b560f-f208-41a2-978b-b97664f99807\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.secret_scanning.resolved_by.login\"},\"871b560f-f208-41a2-978b-b97664f99807\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Fixed Secrets Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"8908ff94-5bd3-4a76-b219-1ba7128998c6\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.secret_scanning\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.secret_scanning\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"871b560f-f208-41a2-978b-b97664f99807\"],\"layerId\":\"2321cd3f-039b-44be-90a5-03028195d49e\",\"layerType\":\"data\",\"seriesType\":\"bar_horizontal\",\"xAccessor\":\"37a962c0-4797-484d-b2e6-00a280b3edc2\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_horizontal\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"Top users resolving secrets [GitHub Secret Scanning]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"36cee00b-70b3-4bb5-a4b3-2448061135f8\",\"w\":33,\"x\":0,\"y\":70},\"panelIndex\":\"36cee00b-70b3-4bb5-a4b3-2448061135f8\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-ebd4f001-671a-4772-a2c4-b07f94e34845\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"6a77e887-9ac6-4cc2-90b9-9013fb2bf30a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"ebd4f001-671a-4772-a2c4-b07f94e34845\":{\"columnOrder\":[\"fc40a758-e2ae-45db-88c1-439660cb7f66\",\"5caf7916-eab1-42d2-b591-41039ee8ed72\"],\"columns\":{\"5caf7916-eab1-42d2-b591-41039ee8ed72\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"fc40a758-e2ae-45db-88c1-439660cb7f66\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"6a77e887-9ac6-4cc2-90b9-9013fb2bf30a\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.secret_scanning\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.secret_scanning\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"5caf7916-eab1-42d2-b591-41039ee8ed72\"],\"layerId\":\"ebd4f001-671a-4772-a2c4-b07f94e34845\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"xAccessor\":\"fc40a758-e2ae-45db-88c1-439660cb7f66\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"Events Timeline [GitHub Secret Scanning]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"}}]","timeRestore":false,"title":"[GitHub] Secret Scanning Alerts","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"github-591d69e0-17b6-11ed-809a-7b4be950fe9c","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"991aa388-e5d6-469b-911a-1cbcd1b84417:indexpattern-datasource-layer-725aa594-f41c-4b3e-a6cf-8c115b602f57","type":"index-pattern"},{"id":"logs-*","name":"991aa388-e5d6-469b-911a-1cbcd1b84417:99882a8f-757f-4692-b7dd-56e561a7a5ac","type":"index-pattern"},{"id":"logs-*","name":"991aa388-e5d6-469b-911a-1cbcd1b84417:fac9d156-24f2-409d-9f1b-200dbd5a9b5a","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_66d2324e-be32-41be-b685-54ba2cc58c2b:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_54e33c68-ad08-412f-852a-f669391018b0:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_9fd25971-d168-4a50-985f-9e1bb266c93e:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_bcb03b9e-5278-4d66-a4da-762d41ec13cd:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"77e597be-8cdc-4fa3-9dee-4e4ed1103e55:indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d","type":"index-pattern"},{"id":"logs-*","name":"77e597be-8cdc-4fa3-9dee-4e4ed1103e55:a27a9357-b353-46a3-9116-530f354b09b9","type":"index-pattern"},{"id":"logs-*","name":"277a4af7-61c6-40d9-80a6-2d73df097618:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95","type":"index-pattern"},{"id":"logs-*","name":"277a4af7-61c6-40d9-80a6-2d73df097618:ef2a4614-151f-42d0-8707-257d009298ea","type":"index-pattern"},{"id":"logs-*","name":"51a087d0-9c56-4047-9404-b4b7b37497b0:indexpattern-datasource-layer-cbc5557e-f6b9-4140-90b2-3100f33083c4","type":"index-pattern"},{"id":"logs-*","name":"51a087d0-9c56-4047-9404-b4b7b37497b0:d7c9ae82-adc1-4169-a1ac-2fea90204f25","type":"index-pattern"},{"id":"logs-*","name":"3c9e482b-4cd2-43e2-a1aa-5a6d66050c16:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95","type":"index-pattern"},{"id":"logs-*","name":"3c9e482b-4cd2-43e2-a1aa-5a6d66050c16:b2d41cbe-238c-4c90-994d-d8e8f1668a44","type":"index-pattern"},{"id":"logs-*","name":"3c9e482b-4cd2-43e2-a1aa-5a6d66050c16:d4cc48c0-fb83-4b1d-9c91-369a087165c4","type":"index-pattern"},{"id":"logs-*","name":"e6cb0087-c5ba-49f2-8ae9-b206d2346609:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95","type":"index-pattern"},{"id":"logs-*","name":"e6cb0087-c5ba-49f2-8ae9-b206d2346609:9c0d6963-bc22-4d2d-9028-20e603d307e7","type":"index-pattern"},{"id":"logs-*","name":"e6cb0087-c5ba-49f2-8ae9-b206d2346609:dac33af7-8640-4326-8c95-afddf6194657","type":"index-pattern"},{"id":"logs-*","name":"892ed6dd-afe7-4685-bebb-5f1a70b44692:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95","type":"index-pattern"},{"id":"logs-*","name":"892ed6dd-afe7-4685-bebb-5f1a70b44692:e9f91f71-3727-4bf1-9d0a-2742347e223f","type":"index-pattern"},{"id":"logs-*","name":"892ed6dd-afe7-4685-bebb-5f1a70b44692:f34d1f77-a34c-4ac9-ab7a-6892d9505a80","type":"index-pattern"},{"id":"logs-*","name":"429f2ded-1aca-42cd-9190-9afddb03eabf:indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8","type":"index-pattern"},{"id":"logs-*","name":"429f2ded-1aca-42cd-9190-9afddb03eabf:89debdad-d323-4640-918b-2c38d061e212","type":"index-pattern"},{"id":"logs-*","name":"a7adc099-113f-4113-b592-24b5ceff484e:indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85","type":"index-pattern"},{"id":"logs-*","name":"a7adc099-113f-4113-b592-24b5ceff484e:11287d36-4d96-447c-b336-56ae03fcbc16","type":"index-pattern"},{"id":"logs-*","name":"883397dd-0064-48f2-b257-c8ed4295b0b9:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757","type":"index-pattern"},{"id":"logs-*","name":"883397dd-0064-48f2-b257-c8ed4295b0b9:25c2db0c-d286-407e-9c0b-55252a2ad165","type":"index-pattern"},{"id":"logs-*","name":"883397dd-0064-48f2-b257-c8ed4295b0b9:82cbb0d6-87ad-47e3-bed4-84e8d7f812d1","type":"index-pattern"},{"id":"logs-*","name":"d0ec4a50-b9da-4775-9f64-5389f898aee3:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757","type":"index-pattern"},{"id":"logs-*","name":"d0ec4a50-b9da-4775-9f64-5389f898aee3:acfd1c9a-be16-4275-ae7d-0ad42b060de0","type":"index-pattern"},{"id":"logs-*","name":"d0ec4a50-b9da-4775-9f64-5389f898aee3:42fcf4b5-0905-4d97-baa9-c08a61bc3b7a","type":"index-pattern"},{"id":"logs-*","name":"7cccdf3a-7c20-4bb6-8adb-3b2d83c7a0b8:indexpattern-datasource-layer-725aa594-f41c-4b3e-a6cf-8c115b602f57","type":"index-pattern"},{"id":"logs-*","name":"7cccdf3a-7c20-4bb6-8adb-3b2d83c7a0b8:c26ebed6-b942-43ed-9f00-ccf3c5842f5f","type":"index-pattern"},{"id":"logs-*","name":"7cccdf3a-7c20-4bb6-8adb-3b2d83c7a0b8:54bf50e3-8882-4a5e-a4ad-e4d684c3abaa","type":"index-pattern"},{"id":"logs-*","name":"991aa388-e5d6-469b-911a-1cbcd1b84417:indexpattern-datasource-layer-725aa594-f41c-4b3e-a6cf-8c115b602f57","type":"index-pattern"},{"id":"logs-*","name":"991aa388-e5d6-469b-911a-1cbcd1b84417:ee8e512a-72ec-4ab7-9c01-8bc987dc2b42","type":"index-pattern"},{"id":"logs-*","name":"991aa388-e5d6-469b-911a-1cbcd1b84417:94bf6c5a-a948-40c1-95a7-52d11ef68bad","type":"index-pattern"},{"id":"logs-*","name":"ff2747ad-ec9c-44a5-b8f9-9347be86c98b:indexpattern-datasource-layer-2321cd3f-039b-44be-90a5-03028195d49e","type":"index-pattern"},{"id":"logs-*","name":"ff2747ad-ec9c-44a5-b8f9-9347be86c98b:8908ff94-5bd3-4a76-b219-1ba7128998c6","type":"index-pattern"},{"id":"logs-*","name":"36cee00b-70b3-4bb5-a4b3-2448061135f8:indexpattern-datasource-layer-ebd4f001-671a-4772-a2c4-b07f94e34845","type":"index-pattern"},{"id":"logs-*","name":"36cee00b-70b3-4bb5-a4b3-2448061135f8:6a77e887-9ac6-4cc2-90b9-9013fb2bf30a","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-github-default","name":"tag-ref-fleet-pkg-github-default","type":"tag"}],"sort":[1688154054424,7654],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3NzMsMV0="}
-{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{\"2132f9ab-9cce-423a-beed-e02e6d4d5ed9\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.state\",\"title\":\"State\",\"id\":\"2132f9ab-9cce-423a-beed-e02e6d4d5ed9\",\"enhancements\":{},\"selectedOptions\":[]}},\"2f1b6c0b-96fc-479a-b7ef-145c84df585e\":{\"order\":3,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.severity\",\"title\":\"Severity\",\"id\":\"2f1b6c0b-96fc-479a-b7ef-145c84df585e\",\"enhancements\":{},\"selectedOptions\":[]}},\"91415c25-696a-4928-92e3-2c578e14c7a3\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.owner.login\",\"title\":\"Owner/Organization\",\"id\":\"91415c25-696a-4928-92e3-2c578e14c7a3\",\"enhancements\":{}}},\"a1e7b5ed-b636-4db8-87e1-779863061f45\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.name\",\"title\":\"Repository\",\"id\":\"a1e7b5ed-b636-4db8-87e1-779863061f45\",\"enhancements\":{},\"selectedOptions\":[]}}}"},"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"Dependabot\",\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.action\",\"negate\":false,\"params\":[\"dependabot\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.action\":\"dependabot\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":5,\"i\":\"a7d99fc1-400a-4e55-8bbb-76d9aad7eedc\",\"w\":14,\"x\":0,\"y\":0},\"panelIndex\":\"a7d99fc1-400a-4e55-8bbb-76d9aad7eedc\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"85aacdea-d37b-4e6a-ae32-81077ddccb60\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"3f8b858f-a1ee-4d69-a100-d59282acd94d\":{\"columnOrder\":[\"ccdc8558-1d3f-4c8b-a31e-d59ac78d0212\"],\"columns\":{\"ccdc8558-1d3f-4c8b-a31e-d59ac78d0212\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Total Alerts\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"85aacdea-d37b-4e6a-ae32-81077ddccb60\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.dependabot\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.dependabot\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"ccdc8558-1d3f-4c8b-a31e-d59ac78d0212\",\"layerId\":\"3f8b858f-a1ee-4d69-a100-d59282acd94d\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"top\"}},\"title\":\"Total Alerts Created [GitHub Dependabot]\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"85cbbb74-4d3c-44e0-98f6-be076e31aea3\",\"w\":14,\"x\":14,\"y\":0},\"panelIndex\":\"85cbbb74-4d3c-44e0-98f6-be076e31aea3\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"a849fd8c-6f48-4f51-9f6f-ab6e7862171c\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\":{\"columnOrder\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\",\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\",\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1\",\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2\"],\"columns\":{\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Alerts Found/Fixed Ratio\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"number\",\"params\":{\"decimals\":2}},\"formula\":\"count()/count(kql='github.state:dismissed')\",\"isFormulaBroken\":false},\"references\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2\"],\"scale\":\"ratio\"},\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Resolved/Dismissed Alerts\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"github.state:dismissed\"},\"isBucketed\":false,\"label\":\"Part of Resolved/Dismissed Alerts\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Resolved/Dismissed Alerts\",\"operationType\":\"math\",\"params\":{\"tinymathAst\":{\"args\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\",\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1\"],\"location\":{\"max\":43,\"min\":0},\"name\":\"divide\",\"text\":\"count()/count(kql='github.state:dismissed')\",\"type\":\"function\"}},\"references\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\",\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1\"],\"scale\":\"ratio\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"a849fd8c-6f48-4f51-9f6f-ab6e7862171c\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.dependabot\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.dependabot\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\",\"colorMode\":\"None\",\"layerId\":\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"layerType\":\"data\",\"textAlign\":\"center\"}},\"title\":\"Alerts Found/Fixed Ratio [GitHub Dependabot]\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"1b501988-f932-4d80-8625-d2a1c8cd7321\",\"w\":20,\"x\":28,\"y\":0},\"panelIndex\":\"1b501988-f932-4d80-8625-d2a1c8cd7321\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-cbc5557e-f6b9-4140-90b2-3100f33083c4\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"ee0d69d7-f2ce-4a24-aaae-9d8934f3368e\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"cbc5557e-f6b9-4140-90b2-3100f33083c4\":{\"columnOrder\":[\"3ef214a7-820c-42e3-b2b0-5daa7566fedc\",\"4525c4ae-5f82-4b4d-9867-48e4aba462fd\"],\"columns\":{\"3ef214a7-820c-42e3-b2b0-5daa7566fedc\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Open vs Resolved\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"4525c4ae-5f82-4b4d-9867-48e4aba462fd\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.state\"},\"4525c4ae-5f82-4b4d-9867-48e4aba462fd\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"ee0d69d7-f2ce-4a24-aaae-9d8934f3368e\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.dependabot\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.dependabot\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"emptySizeRatio\":0.54,\"layerId\":\"cbc5557e-f6b9-4140-90b2-3100f33083c4\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"legendPosition\":\"right\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":true,\"primaryGroups\":[\"3ef214a7-820c-42e3-b2b0-5daa7566fedc\"],\"metrics\":[\"4525c4ae-5f82-4b4d-9867-48e4aba462fd\"]}],\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"shape\":\"donut\"}},\"title\":\"Open vs Resolved/Dismissed [GitHub Dependabot]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":5,\"i\":\"12c18b92-9f7b-4832-b85f-aad64720ea87\",\"w\":14,\"x\":0,\"y\":5},\"panelIndex\":\"12c18b92-9f7b-4832-b85f-aad64720ea87\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"9e8fb4bd-1d35-4c80-80cc-d52bef7f7771\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"bbb4d277-741b-49c1-bc79-77a6ee15e94d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\":{\"columnOrder\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\"],\"columns\":{\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Open Alerts\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}}},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"9e8fb4bd-1d35-4c80-80cc-d52bef7f7771\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.dependabot\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.dependabot\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"bbb4d277-741b-49c1-bc79-77a6ee15e94d\",\"key\":\"github.state\",\"negate\":false,\"params\":[\"open\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"github.state\":\"open\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\",\"colorMode\":\"Labels\",\"layerId\":\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"layerType\":\"data\",\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#209280\",\"stop\":0},{\"color\":\"#d6bf57\",\"stop\":1},{\"color\":\"#cc5642\",\"stop\":1000}],\"continuity\":\"above\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":0,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#209280\",\"stop\":1},{\"color\":\"#d6bf57\",\"stop\":1000},{\"color\":\"#cc5642\",\"stop\":1001}]},\"type\":\"palette\"},\"textAlign\":\"center\"}},\"title\":\"Open Alerts Count [GitHub Dependabot]\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":5,\"i\":\"c3e8ea64-b6f9-470c-9004-02f8909672eb\",\"w\":14,\"x\":0,\"y\":10},\"panelIndex\":\"c3e8ea64-b6f9-470c-9004-02f8909672eb\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"7196f033-fe4d-41cb-b3c7-4c45300d6a68\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"8977fa6e-37e6-4a2b-a032-d181646ef8cf\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\":{\"columnOrder\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\",\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\"],\"columns\":{\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Resolved/Dismissed Alerts\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}},\"formula\":\"count()\",\"isFormulaBroken\":false},\"references\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\"],\"scale\":\"ratio\"},\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Dismissed Alerts\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"7196f033-fe4d-41cb-b3c7-4c45300d6a68\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.dependabot\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.dependabot\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"8977fa6e-37e6-4a2b-a032-d181646ef8cf\",\"key\":\"github.state\",\"negate\":false,\"params\":[\"dismissed\",\"resolved\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"github.state\":\"dismissed\"}},{\"match_phrase\":{\"github.state\":\"resolved\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\",\"colorMode\":\"Labels\",\"layerId\":\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"layerType\":\"data\",\"palette\":{\"name\":\"positive\",\"params\":{\"continuity\":\"above\",\"maxSteps\":5,\"name\":\"positive\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":0,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#bbdad3\",\"stop\":0},{\"color\":\"#77b6a8\",\"stop\":8},{\"color\":\"#209280\",\"stop\":16}]},\"type\":\"palette\"},\"textAlign\":\"center\"}},\"title\":\"Resolved/Dismissed Alerts Count [GitHub Dependabot]\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"7131e4d3-c168-480d-9496-1463ceaaa97a\",\"w\":14,\"x\":14,\"y\":8},\"panelIndex\":\"7131e4d3-c168-480d-9496-1463ceaaa97a\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"03a792fe-87d1-4d81-8a7c-0c9d22b41a1b\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"006ef10a-8064-4e48-8ff1-413c550d6204\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\":{\"columnOrder\":[\"e33d2853-5b3d-4be9-9312-2d8da64d9523\"],\"columns\":{\"e33d2853-5b3d-4be9-9312-2d8da64d9523\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Mean time to resolve an alert\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"event.duration\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"03a792fe-87d1-4d81-8a7c-0c9d22b41a1b\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.dependabot\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.dependabot\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"006ef10a-8064-4e48-8ff1-413c550d6204\",\"key\":\"event.duration\",\"negate\":false,\"type\":\"exists\",\"value\":\"exists\"},\"query\":{\"exists\":{\"field\":\"event.duration\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"e33d2853-5b3d-4be9-9312-2d8da64d9523\",\"colorMode\":\"None\",\"layerId\":\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"layerType\":\"data\",\"textAlign\":\"center\"}},\"title\":\"Mean Time to Resolution [GitHub Dependabot]\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Mean Time To Resolution [GitHub Dependabot]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":12,\"i\":\"9a3577e8-d452-46cc-b2dd-9424ec80c871\",\"w\":25,\"x\":0,\"y\":15},\"panelIndex\":\"9a3577e8-d452-46cc-b2dd-9424ec80c871\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"d3e8e716-b6e8-4db6-8948-87e49827aebb\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"2592c6ef-cf07-4080-b4fe-014cc142e3c8\":{\"columnOrder\":[\"1e393f28-24a9-40af-830b-654785bf6236\",\"727c7778-d3ac-48b4-a1e9-fd2308ad7bf2\",\"2e911c1d-57e0-4dab-b9f2-3e8660f1527c\",\"2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0\"],\"columns\":{\"1e393f28-24a9-40af-830b-654785bf6236\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Owner\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"fallback\":true,\"type\":\"alphabetical\"},\"orderDirection\":\"asc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":20},\"scale\":\"ordinal\",\"sourceField\":\"github.repository.owner.login\"},\"2e911c1d-57e0-4dab-b9f2-3e8660f1527c\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Alerts count by repository\",\"operationType\":\"formula\",\"params\":{\"formula\":\"count()\",\"isFormulaBroken\":false},\"references\":[\"2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0\"],\"scale\":\"ratio\"},\"2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Alerts count by repository\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"727c7778-d3ac-48b4-a1e9-fd2308ad7bf2\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of github.repository.owner.login + 1 other\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"fallback\":true,\"type\":\"alphabetical\"},\"orderDirection\":\"asc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"multi_terms\"},\"secondaryFields\":[\"github.repository.name\"],\"size\":50},\"scale\":\"ordinal\",\"sourceField\":\"github.repository.owner.login\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"d3e8e716-b6e8-4db6-8948-87e49827aebb\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.dependabot\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.dependabot\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"2e911c1d-57e0-4dab-b9f2-3e8660f1527c\"],\"layerId\":\"2592c6ef-cf07-4080-b4fe-014cc142e3c8\",\"layerType\":\"data\",\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"seriesType\":\"bar\",\"splitAccessor\":\"727c7778-d3ac-48b4-a1e9-fd2308ad7bf2\",\"xAccessor\":\"1e393f28-24a9-40af-830b-654785bf6236\"}],\"legend\":{\"isVisible\":true,\"maxLines\":5,\"position\":\"right\",\"shouldTruncate\":true,\"showSingleSeries\":true},\"preferredSeriesType\":\"bar\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"Alerts count by owner and by repository [GitHub Dependabot]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":12,\"i\":\"ae814e70-2e8e-43df-b62e-e32d1c26f676\",\"w\":23,\"x\":25,\"y\":15},\"panelIndex\":\"ae814e70-2e8e-43df-b62e-e32d1c26f676\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"badbb3b4-d90f-44b5-bf22-2e47716a3e09\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"91e1a389-34e8-4332-9dbb-bd883d71dd85\":{\"columnOrder\":[\"894fb0b1-f0bd-4dbe-885b-0b41c339e84f\",\"8cca4d83-a822-4b67-97cd-27649e1d7c68\",\"c53bee8d-06ca-4728-b6bc-2761d77a9ef5\"],\"columns\":{\"894fb0b1-f0bd-4dbe-885b-0b41c339e84f\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top repositories contributing to alerts by owner\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"c53bee8d-06ca-4728-b6bc-2761d77a9ef5\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":20},\"scale\":\"ordinal\",\"sourceField\":\"github.repository.owner.login\"},\"8cca4d83-a822-4b67-97cd-27649e1d7c68\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 values of github.repository.name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"c53bee8d-06ca-4728-b6bc-2761d77a9ef5\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.repository.name\"},\"c53bee8d-06ca-4728-b6bc-2761d77a9ef5\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"badbb3b4-d90f-44b5-bf22-2e47716a3e09\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.dependabot\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.dependabot\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"91e1a389-34e8-4332-9dbb-bd883d71dd85\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"894fb0b1-f0bd-4dbe-885b-0b41c339e84f\",\"8cca4d83-a822-4b67-97cd-27649e1d7c68\"],\"metrics\":[\"c53bee8d-06ca-4728-b6bc-2761d77a9ef5\"]}],\"shape\":\"pie\"}},\"title\":\"Aerts % by owner and by repository [GitHub Dependabot]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":13,\"i\":\"9653b170-7606-461f-9ac4-bf58547f30db\",\"w\":14,\"x\":0,\"y\":27},\"panelIndex\":\"9653b170-7606-461f-9ac4-bf58547f30db\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"fc66a292-57a3-4510-b6f8-681eeb768e10\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"04d54e71-2f6e-462a-8858-74d8668335df\":{\"columnOrder\":[\"713d9fda-d630-485d-b2af-f6aa22ea7a71\",\"21ef31d9-60e5-4fe1-8767-950697790bab\"],\"columns\":{\"21ef31d9-60e5-4fe1-8767-950697790bab\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Alerts Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"713d9fda-d630-485d-b2af-f6aa22ea7a71\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Severity\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"21ef31d9-60e5-4fe1-8767-950697790bab\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.severity\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"fc66a292-57a3-4510-b6f8-681eeb768e10\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.dependabot\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.dependabot\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"21ef31d9-60e5-4fe1-8767-950697790bab\"],\"layerId\":\"04d54e71-2f6e-462a-8858-74d8668335df\",\"layerType\":\"data\",\"seriesType\":\"bar\",\"xAccessor\":\"713d9fda-d630-485d-b2af-f6aa22ea7a71\",\"yConfig\":[{\"axisMode\":\"auto\",\"color\":\"#b9a888\",\"forAccessor\":\"21ef31d9-60e5-4fe1-8767-950697790bab\"}]}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"showSingleSeries\":false},\"preferredSeriesType\":\"bar\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"show\"}},\"title\":\"Alert Severity Count [GitHub Dependabot]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":13,\"i\":\"563a073c-7de0-4095-b0ac-127caed562f2\",\"w\":11,\"x\":14,\"y\":27},\"panelIndex\":\"563a073c-7de0-4095-b0ac-127caed562f2\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"d7218e2e-18ae-4710-8364-1a4cbfee519c\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"04d54e71-2f6e-462a-8858-74d8668335df\":{\"columnOrder\":[\"713d9fda-d630-485d-b2af-f6aa22ea7a71\",\"21ef31d9-60e5-4fe1-8767-950697790bab\"],\"columns\":{\"21ef31d9-60e5-4fe1-8767-950697790bab\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Alerts Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"713d9fda-d630-485d-b2af-f6aa22ea7a71\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Severity\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"21ef31d9-60e5-4fe1-8767-950697790bab\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.severity\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"d7218e2e-18ae-4710-8364-1a4cbfee519c\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.dependabot\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.dependabot\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"emptySizeRatio\":0.3,\"layerId\":\"04d54e71-2f6e-462a-8858-74d8668335df\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"legendMaxLines\":1,\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"713d9fda-d630-485d-b2af-f6aa22ea7a71\"],\"metrics\":[\"21ef31d9-60e5-4fe1-8767-950697790bab\"]}],\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"shape\":\"donut\"}},\"title\":\"Alert Severity % [GitHub Dependabot]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":13,\"i\":\"d5326dec-bbfa-4a0c-b820-f6d915d5a9c5\",\"w\":23,\"x\":25,\"y\":27},\"panelIndex\":\"d5326dec-bbfa-4a0c-b820-f6d915d5a9c5\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"1f3f8544-c39b-4384-985e-d45107d279fb\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"631035e6-8678-47ee-9a8c-c6a87f6c1757\":{\"columnOrder\":[\"00866684-5176-499e-9517-eff9e9102155\",\"257a7d8d-1315-4775-97d9-e679c0f3aa79\",\"e1d8072b-7268-444a-864e-ef1117b17b65\"],\"columns\":{\"00866684-5176-499e-9517-eff9e9102155\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 values of github.severity\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e1d8072b-7268-444a-864e-ef1117b17b65\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.severity\"},\"257a7d8d-1315-4775-97d9-e679c0f3aa79\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":false,\"interval\":\"d\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"e1d8072b-7268-444a-864e-ef1117b17b65\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Alert count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"1f3f8544-c39b-4384-985e-d45107d279fb\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.dependabot\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.dependabot\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"e1d8072b-7268-444a-864e-ef1117b17b65\"],\"layerId\":\"631035e6-8678-47ee-9a8c-c6a87f6c1757\",\"layerType\":\"data\",\"seriesType\":\"bar\",\"splitAccessor\":\"00866684-5176-499e-9517-eff9e9102155\",\"xAccessor\":\"257a7d8d-1315-4775-97d9-e679c0f3aa79\",\"yConfig\":[{\"color\":\"#6dc9cd\",\"forAccessor\":\"e1d8072b-7268-444a-864e-ef1117b17b65\"}]}],\"legend\":{\"isVisible\":true,\"maxLines\":5,\"position\":\"right\"},\"preferredSeriesType\":\"bar\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"Daily Alerts Count by Severity [GitHub Dependabot]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"41578b87-d820-42df-92d5-69af2643d793\",\"w\":36,\"x\":0,\"y\":40},\"panelIndex\":\"41578b87-d820-42df-92d5-69af2643d793\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-17dc082e-1cb5-4483-901a-9c220d911bac\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"09303186-e13c-4afb-b6f1-bf3eeb7d1423\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"17dc082e-1cb5-4483-901a-9c220d911bac\":{\"columnOrder\":[\"576f9e4c-0341-4fae-b2f9-2fa4dd4ce6f5\",\"b907d8f2-1395-4737-a7db-25bd080be94d\"],\"columns\":{\"576f9e4c-0341-4fae-b2f9-2fa4dd4ce6f5\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top files responsible for alerts\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"b907d8f2-1395-4737-a7db-25bd080be94d\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.dependabot.vulnerable_manifest_path\"},\"b907d8f2-1395-4737-a7db-25bd080be94d\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Alert Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"09303186-e13c-4afb-b6f1-bf3eeb7d1423\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.dependabot\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.dependabot\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"b907d8f2-1395-4737-a7db-25bd080be94d\"],\"layerId\":\"17dc082e-1cb5-4483-901a-9c220d911bac\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"xAccessor\":\"576f9e4c-0341-4fae-b2f9-2fa4dd4ce6f5\"}],\"legend\":{\"isInside\":false,\"isVisible\":true,\"position\":\"right\",\"showSingleSeries\":false},\"preferredSeriesType\":\"bar_horizontal\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"Top files [GitHub Dependabot]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"4f4ecefc-738e-4b86-8013-4b78bcb6d79b\",\"w\":12,\"x\":36,\"y\":40},\"panelIndex\":\"4f4ecefc-738e-4b86-8013-4b78bcb6d79b\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-2321cd3f-039b-44be-90a5-03028195d49e\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"2074f8e1-7a11-4232-9ac4-09bfe773beb8\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"2321cd3f-039b-44be-90a5-03028195d49e\":{\"columnOrder\":[\"37a962c0-4797-484d-b2e6-00a280b3edc2\",\"871b560f-f208-41a2-978b-b97664f99807\"],\"columns\":{\"37a962c0-4797-484d-b2e6-00a280b3edc2\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"User\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"871b560f-f208-41a2-978b-b97664f99807\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.dependabot.dismisser.login\"},\"871b560f-f208-41a2-978b-b97664f99807\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Alerts count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"2074f8e1-7a11-4232-9ac4-09bfe773beb8\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.dependabot\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.dependabot\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"871b560f-f208-41a2-978b-b97664f99807\"],\"layerId\":\"2321cd3f-039b-44be-90a5-03028195d49e\",\"layerType\":\"data\",\"seriesType\":\"bar_horizontal\",\"xAccessor\":\"37a962c0-4797-484d-b2e6-00a280b3edc2\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_horizontal\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"Top users dismissing alerts [GitHub Dependabot]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"12673c47-9148-47a4-a8ab-07a7f06304c7\",\"w\":48,\"x\":0,\"y\":55},\"panelIndex\":\"12673c47-9148-47a4-a8ab-07a7f06304c7\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-ebd4f001-671a-4772-a2c4-b07f94e34845\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"349014a7-1097-4c4b-9805-13b39d46d0bd\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"ebd4f001-671a-4772-a2c4-b07f94e34845\":{\"columnOrder\":[\"fc40a758-e2ae-45db-88c1-439660cb7f66\",\"5caf7916-eab1-42d2-b591-41039ee8ed72\"],\"columns\":{\"5caf7916-eab1-42d2-b591-41039ee8ed72\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"fc40a758-e2ae-45db-88c1-439660cb7f66\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"349014a7-1097-4c4b-9805-13b39d46d0bd\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.dependabot\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.dependabot\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"5caf7916-eab1-42d2-b591-41039ee8ed72\"],\"layerId\":\"ebd4f001-671a-4772-a2c4-b07f94e34845\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"xAccessor\":\"fc40a758-e2ae-45db-88c1-439660cb7f66\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"Events Timeline [GitHub Dependabot]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"}}]","timeRestore":false,"title":"[GitHub] Dependabot Alerts","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"github-6197be80-220c-11ed-88c4-e3caca48250a","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"85cbbb74-4d3c-44e0-98f6-be076e31aea3:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95","type":"index-pattern"},{"id":"logs-*","name":"85cbbb74-4d3c-44e0-98f6-be076e31aea3:bff2e3f5-8f9b-49f4-ba88-b0e937089c2f","type":"index-pattern"},{"id":"logs-*","name":"85cbbb74-4d3c-44e0-98f6-be076e31aea3:960abe90-416f-4075-aaef-2cc0a3af1707","type":"index-pattern"},{"id":"logs-*","name":"c3e8ea64-b6f9-470c-9004-02f8909672eb:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95","type":"index-pattern"},{"id":"logs-*","name":"c3e8ea64-b6f9-470c-9004-02f8909672eb:17e2088a-3bc2-4868-bc76-7cf83644301c","type":"index-pattern"},{"id":"logs-*","name":"c3e8ea64-b6f9-470c-9004-02f8909672eb:ba32e691-eaea-469b-8dd5-3aeb2fbc2cd7","type":"index-pattern"},{"id":"logs-*","name":"7131e4d3-c168-480d-9496-1463ceaaa97a:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95","type":"index-pattern"},{"id":"logs-*","name":"7131e4d3-c168-480d-9496-1463ceaaa97a:dd40a269-9585-4d63-ad58-7a70f2bf3cfc","type":"index-pattern"},{"id":"logs-*","name":"7131e4d3-c168-480d-9496-1463ceaaa97a:0922f2e7-6ee9-45a2-baa6-42dde24c181d","type":"index-pattern"},{"id":"logs-*","name":"9a3577e8-d452-46cc-b2dd-9424ec80c871:indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8","type":"index-pattern"},{"id":"logs-*","name":"ae814e70-2e8e-43df-b62e-e32d1c26f676:indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85","type":"index-pattern"},{"id":"logs-*","name":"9653b170-7606-461f-9ac4-bf58547f30db:indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df","type":"index-pattern"},{"id":"logs-*","name":"9653b170-7606-461f-9ac4-bf58547f30db:6ff40899-6691-449c-afa9-e266b9f272f6","type":"index-pattern"},{"id":"logs-*","name":"563a073c-7de0-4095-b0ac-127caed562f2:indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df","type":"index-pattern"},{"id":"logs-*","name":"563a073c-7de0-4095-b0ac-127caed562f2:351f20af-163e-47d3-831f-f02b469287b3","type":"index-pattern"},{"id":"logs-*","name":"d5326dec-bbfa-4a0c-b820-f6d915d5a9c5:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757","type":"index-pattern"},{"id":"logs-*","name":"d5326dec-bbfa-4a0c-b820-f6d915d5a9c5:a9c37a5a-574a-411d-9420-2e53045288f3","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_2132f9ab-9cce-423a-beed-e02e6d4d5ed9:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_2f1b6c0b-96fc-479a-b7ef-145c84df585e:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_91415c25-696a-4928-92e3-2c578e14c7a3:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_a1e7b5ed-b636-4db8-87e1-779863061f45:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"a7d99fc1-400a-4e55-8bbb-76d9aad7eedc:indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d","type":"index-pattern"},{"id":"logs-*","name":"a7d99fc1-400a-4e55-8bbb-76d9aad7eedc:85aacdea-d37b-4e6a-ae32-81077ddccb60","type":"index-pattern"},{"id":"logs-*","name":"85cbbb74-4d3c-44e0-98f6-be076e31aea3:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95","type":"index-pattern"},{"id":"logs-*","name":"85cbbb74-4d3c-44e0-98f6-be076e31aea3:a849fd8c-6f48-4f51-9f6f-ab6e7862171c","type":"index-pattern"},{"id":"logs-*","name":"1b501988-f932-4d80-8625-d2a1c8cd7321:indexpattern-datasource-layer-cbc5557e-f6b9-4140-90b2-3100f33083c4","type":"index-pattern"},{"id":"logs-*","name":"1b501988-f932-4d80-8625-d2a1c8cd7321:ee0d69d7-f2ce-4a24-aaae-9d8934f3368e","type":"index-pattern"},{"id":"logs-*","name":"12c18b92-9f7b-4832-b85f-aad64720ea87:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95","type":"index-pattern"},{"id":"logs-*","name":"12c18b92-9f7b-4832-b85f-aad64720ea87:9e8fb4bd-1d35-4c80-80cc-d52bef7f7771","type":"index-pattern"},{"id":"logs-*","name":"12c18b92-9f7b-4832-b85f-aad64720ea87:bbb4d277-741b-49c1-bc79-77a6ee15e94d","type":"index-pattern"},{"id":"logs-*","name":"c3e8ea64-b6f9-470c-9004-02f8909672eb:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95","type":"index-pattern"},{"id":"logs-*","name":"c3e8ea64-b6f9-470c-9004-02f8909672eb:7196f033-fe4d-41cb-b3c7-4c45300d6a68","type":"index-pattern"},{"id":"logs-*","name":"c3e8ea64-b6f9-470c-9004-02f8909672eb:8977fa6e-37e6-4a2b-a032-d181646ef8cf","type":"index-pattern"},{"id":"logs-*","name":"7131e4d3-c168-480d-9496-1463ceaaa97a:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95","type":"index-pattern"},{"id":"logs-*","name":"7131e4d3-c168-480d-9496-1463ceaaa97a:03a792fe-87d1-4d81-8a7c-0c9d22b41a1b","type":"index-pattern"},{"id":"logs-*","name":"7131e4d3-c168-480d-9496-1463ceaaa97a:006ef10a-8064-4e48-8ff1-413c550d6204","type":"index-pattern"},{"id":"logs-*","name":"9a3577e8-d452-46cc-b2dd-9424ec80c871:indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8","type":"index-pattern"},{"id":"logs-*","name":"9a3577e8-d452-46cc-b2dd-9424ec80c871:d3e8e716-b6e8-4db6-8948-87e49827aebb","type":"index-pattern"},{"id":"logs-*","name":"ae814e70-2e8e-43df-b62e-e32d1c26f676:indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85","type":"index-pattern"},{"id":"logs-*","name":"ae814e70-2e8e-43df-b62e-e32d1c26f676:badbb3b4-d90f-44b5-bf22-2e47716a3e09","type":"index-pattern"},{"id":"logs-*","name":"9653b170-7606-461f-9ac4-bf58547f30db:indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df","type":"index-pattern"},{"id":"logs-*","name":"9653b170-7606-461f-9ac4-bf58547f30db:fc66a292-57a3-4510-b6f8-681eeb768e10","type":"index-pattern"},{"id":"logs-*","name":"563a073c-7de0-4095-b0ac-127caed562f2:indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df","type":"index-pattern"},{"id":"logs-*","name":"563a073c-7de0-4095-b0ac-127caed562f2:d7218e2e-18ae-4710-8364-1a4cbfee519c","type":"index-pattern"},{"id":"logs-*","name":"d5326dec-bbfa-4a0c-b820-f6d915d5a9c5:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757","type":"index-pattern"},{"id":"logs-*","name":"d5326dec-bbfa-4a0c-b820-f6d915d5a9c5:1f3f8544-c39b-4384-985e-d45107d279fb","type":"index-pattern"},{"id":"logs-*","name":"41578b87-d820-42df-92d5-69af2643d793:indexpattern-datasource-layer-17dc082e-1cb5-4483-901a-9c220d911bac","type":"index-pattern"},{"id":"logs-*","name":"41578b87-d820-42df-92d5-69af2643d793:09303186-e13c-4afb-b6f1-bf3eeb7d1423","type":"index-pattern"},{"id":"logs-*","name":"4f4ecefc-738e-4b86-8013-4b78bcb6d79b:indexpattern-datasource-layer-2321cd3f-039b-44be-90a5-03028195d49e","type":"index-pattern"},{"id":"logs-*","name":"4f4ecefc-738e-4b86-8013-4b78bcb6d79b:2074f8e1-7a11-4232-9ac4-09bfe773beb8","type":"index-pattern"},{"id":"logs-*","name":"12673c47-9148-47a4-a8ab-07a7f06304c7:indexpattern-datasource-layer-ebd4f001-671a-4772-a2c4-b07f94e34845","type":"index-pattern"},{"id":"logs-*","name":"12673c47-9148-47a4-a8ab-07a7f06304c7:349014a7-1097-4c4b-9805-13b39d46d0bd","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-github-default","name":"tag-ref-fleet-pkg-github-default","type":"tag"}],"sort":[1688154054424,7710],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3NzQsMV0="}
-{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{\"2b7c10cd-1a6d-4dff-8cf9-848904b101d7\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.owner.login\",\"title\":\"Owner/ Organization\",\"id\":\"2b7c10cd-1a6d-4dff-8cf9-848904b101d7\",\"enhancements\":{},\"selectedOptions\":[]}},\"05d7ed66-221a-437a-9e07-5094ce9d57e0\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.name\",\"title\":\"Repository\",\"id\":\"05d7ed66-221a-437a-9e07-5094ce9d57e0\",\"enhancements\":{}}},\"b1a338bb-89af-425e-91eb-1c8a32641422\":{\"order\":3,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.state\",\"title\":\"State\",\"id\":\"b1a338bb-89af-425e-91eb-1c8a32641422\",\"selectedOptions\":[],\"enhancements\":{}}},\"5c430006-8043-4e34-96dd-34b596dcba61\":{\"order\":4,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.severity\",\"title\":\"Severity\",\"id\":\"5c430006-8043-4e34-96dd-34b596dcba61\",\"enhancements\":{},\"selectedOptions\":[]}},\"81297eab-88c0-477b-8132-39cbb430b6c7\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"event.action\",\"title\":\"Alert Type\",\"id\":\"81297eab-88c0-477b-8132-39cbb430b6c7\",\"selectedOptions\":[],\"enhancements\":{}}}}"},"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":5,\"i\":\"908a8fcb-8a78-41ae-bb14-c0fba31aa562\",\"w\":14,\"x\":0,\"y\":0},\"panelIndex\":\"908a8fcb-8a78-41ae-bb14-c0fba31aa562\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"efd3c729-3f58-4e1f-b05f-4178051021ee\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"3f8b858f-a1ee-4d69-a100-d59282acd94d\":{\"columnOrder\":[\"ccdc8558-1d3f-4c8b-a31e-d59ac78d0212\"],\"columns\":{\"ccdc8558-1d3f-4c8b-a31e-d59ac78d0212\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Total Alerts\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"efd3c729-3f58-4e1f-b05f-4178051021ee\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.code_scanning\",\"github.secret_scanning\",\"github.dependabot\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}},{\"match_phrase\":{\"data_stream.dataset\":\"github.secret_scanning\"}},{\"match_phrase\":{\"data_stream.dataset\":\"github.dependabot\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"ccdc8558-1d3f-4c8b-a31e-d59ac78d0212\",\"layerId\":\"3f8b858f-a1ee-4d69-a100-d59282acd94d\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"top\"}},\"title\":\"Total Alerts Count [GitHub Advanced Security]\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"84209174-8b73-47ed-9324-45e7713370d0\",\"w\":16,\"x\":14,\"y\":0},\"panelIndex\":\"84209174-8b73-47ed-9324-45e7713370d0\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-e125b149-a8ea-47b7-914c-508a7972c074\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"68c402d4-a28c-4161-9f6c-663cd4930df6\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"e125b149-a8ea-47b7-914c-508a7972c074\":{\"columnOrder\":[\"25824925-c28e-4f16-b354-5e6e25ecea6a\",\"aaa67d72-aba4-4af4-a4f5-66e37fffed84\"],\"columns\":{\"25824925-c28e-4f16-b354-5e6e25ecea6a\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Severity\",\"operationType\":\"filters\",\"params\":{\"filters\":[{\"input\":{\"language\":\"kuery\",\"query\":\"github.severity : \\\"critical\\\" \"},\"label\":\"Critical\"},{\"input\":{\"language\":\"kuery\",\"query\":\"github.severity : \\\"high\\\" \"},\"label\":\"High\"},{\"input\":{\"language\":\"kuery\",\"query\":\"github.severity : \\\"medium\\\" \"},\"label\":\"Medium\"},{\"input\":{\"language\":\"kuery\",\"query\":\"github.severity : \\\"low\\\"\"},\"label\":\"Low\"},{\"input\":{\"language\":\"kuery\",\"query\":\"github.severity : \\\"undefined\\\"  \"},\"label\":\"Undefined\"}]},\"scale\":\"ordinal\"},\"aaa67d72-aba4-4af4-a4f5-66e37fffed84\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Alerts Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"68c402d4-a28c-4161-9f6c-663cd4930df6\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.code_scanning\",\"github.secret_scanning\",\"github.dependabot\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}},{\"match_phrase\":{\"data_stream.dataset\":\"github.secret_scanning\"}},{\"match_phrase\":{\"data_stream.dataset\":\"github.dependabot\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"aaa67d72-aba4-4af4-a4f5-66e37fffed84\"],\"layerId\":\"e125b149-a8ea-47b7-914c-508a7972c074\",\"layerType\":\"data\",\"seriesType\":\"bar_stacked\",\"xAccessor\":\"25824925-c28e-4f16-b354-5e6e25ecea6a\",\"yConfig\":[{\"color\":\"#ca8eae\",\"forAccessor\":\"aaa67d72-aba4-4af4-a4f5-66e37fffed84\"}]}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"Open Alerts Count by Severity [GitHub Advanced Security]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"5ef67f15-a8c1-4ce5-a676-3a27f61fa7dd\",\"w\":18,\"x\":30,\"y\":0},\"panelIndex\":\"5ef67f15-a8c1-4ce5-a676-3a27f61fa7dd\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-e125b149-a8ea-47b7-914c-508a7972c074\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"408457e7-219e-4fb4-9352-7dc82c8d514c\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"e125b149-a8ea-47b7-914c-508a7972c074\":{\"columnOrder\":[\"25824925-c28e-4f16-b354-5e6e25ecea6a\",\"aaa67d72-aba4-4af4-a4f5-66e37fffed84\"],\"columns\":{\"25824925-c28e-4f16-b354-5e6e25ecea6a\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Severity\",\"operationType\":\"filters\",\"params\":{\"filters\":[{\"input\":{\"language\":\"kuery\",\"query\":\"github.severity : \\\"critical\\\" \"},\"label\":\"Critical\"},{\"input\":{\"language\":\"kuery\",\"query\":\"github.severity : \\\"high\\\" \"},\"label\":\"High\"},{\"input\":{\"language\":\"kuery\",\"query\":\"github.severity : \\\"medium\\\" \"},\"label\":\"Medium\"},{\"input\":{\"language\":\"kuery\",\"query\":\"github.severity : \\\"low\\\"\"},\"label\":\"Low\"},{\"input\":{\"language\":\"kuery\",\"query\":\"github.severity : \\\"undefined\\\"  \"},\"label\":\"Undefined\"}]},\"scale\":\"ordinal\"},\"aaa67d72-aba4-4af4-a4f5-66e37fffed84\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Alerts Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"408457e7-219e-4fb4-9352-7dc82c8d514c\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.code_scanning\",\"github.secret_scanning\",\"github.dependabot\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}},{\"match_phrase\":{\"data_stream.dataset\":\"github.secret_scanning\"}},{\"match_phrase\":{\"data_stream.dataset\":\"github.dependabot\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"emptySizeRatio\":0.3,\"layerId\":\"e125b149-a8ea-47b7-914c-508a7972c074\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"percentDecimals\":1,\"primaryGroups\":[\"25824925-c28e-4f16-b354-5e6e25ecea6a\"],\"metrics\":[\"aaa67d72-aba4-4af4-a4f5-66e37fffed84\"]}],\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"shape\":\"donut\"}},\"title\":\"Open Alerts % by Severity [GitHub Advanced Security]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":5,\"i\":\"c5e57455-3945-4457-973f-7b6a1e5579d8\",\"w\":14,\"x\":0,\"y\":5},\"panelIndex\":\"c5e57455-3945-4457-973f-7b6a1e5579d8\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"ab223632-68bc-4417-a2d3-0c3cd145a537\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"8676bd1a-86f1-4fac-ab02-6c382be33410\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\":{\"columnOrder\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\"],\"columns\":{\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Open Alerts\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}}},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"ab223632-68bc-4417-a2d3-0c3cd145a537\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.code_scanning\",\"github.secret_scanning\",\"github.dependabot\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}},{\"match_phrase\":{\"data_stream.dataset\":\"github.secret_scanning\"}},{\"match_phrase\":{\"data_stream.dataset\":\"github.dependabot\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"8676bd1a-86f1-4fac-ab02-6c382be33410\",\"key\":\"github.state\",\"negate\":false,\"params\":[\"open\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"github.state\":\"open\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\",\"colorMode\":\"Labels\",\"layerId\":\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"layerType\":\"data\",\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#209280\",\"stop\":0},{\"color\":\"#d6bf57\",\"stop\":1},{\"color\":\"#cc5642\",\"stop\":1000}],\"continuity\":\"above\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":0,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#209280\",\"stop\":1},{\"color\":\"#d6bf57\",\"stop\":1000},{\"color\":\"#cc5642\",\"stop\":1001}]},\"type\":\"palette\"},\"textAlign\":\"center\"}},\"title\":\"Open Alerts Count [GitHub Advanced Security]\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":5,\"i\":\"c15d5d40-d18a-4960-8b6d-d47da3611f99\",\"w\":14,\"x\":0,\"y\":10},\"panelIndex\":\"c15d5d40-d18a-4960-8b6d-d47da3611f99\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"45e7ae11-a8b3-4f60-a280-de442326d1ec\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"0753d483-b32c-441f-87dc-bb862221e11c\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\":{\"columnOrder\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\",\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\"],\"columns\":{\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Resolved/Dismissed Alerts\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}},\"formula\":\"count()\",\"isFormulaBroken\":false},\"references\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\"],\"scale\":\"ratio\"},\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Dismissed Alerts\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"45e7ae11-a8b3-4f60-a280-de442326d1ec\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.code_scanning\",\"github.secret_scanning\",\"github.dependabot\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}},{\"match_phrase\":{\"data_stream.dataset\":\"github.secret_scanning\"}},{\"match_phrase\":{\"data_stream.dataset\":\"github.dependabot\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"0753d483-b32c-441f-87dc-bb862221e11c\",\"key\":\"github.state\",\"negate\":false,\"params\":[\"dismissed\",\"resolved\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"github.state\":\"dismissed\"}},{\"match_phrase\":{\"github.state\":\"resolved\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\",\"colorMode\":\"Labels\",\"layerId\":\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"layerType\":\"data\",\"palette\":{\"name\":\"positive\",\"params\":{\"continuity\":\"above\",\"maxSteps\":5,\"name\":\"positive\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":0,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#bbdad3\",\"stop\":0},{\"color\":\"#77b6a8\",\"stop\":8},{\"color\":\"#209280\",\"stop\":16}]},\"type\":\"palette\"},\"textAlign\":\"center\"}},\"title\":\"Resolved/Dismissed Alerts Count [GitHub Advanced Security]\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"5f8d7b7b-c370-4e38-ae2a-80f1495598fe\",\"w\":24,\"x\":0,\"y\":15},\"panelIndex\":\"5f8d7b7b-c370-4e38-ae2a-80f1495598fe\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"656c4d05-b350-45a5-aa87-f83fbdbf2f26\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"a3e44335-794f-455e-9e40-c22201daaa1c\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"2592c6ef-cf07-4080-b4fe-014cc142e3c8\":{\"columnOrder\":[\"1e393f28-24a9-40af-830b-654785bf6236\",\"727c7778-d3ac-48b4-a1e9-fd2308ad7bf2\",\"2e911c1d-57e0-4dab-b9f2-3e8660f1527c\",\"2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0\"],\"columns\":{\"1e393f28-24a9-40af-830b-654785bf6236\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Owner\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"fallback\":true,\"type\":\"alphabetical\"},\"orderDirection\":\"asc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":20},\"scale\":\"ordinal\",\"sourceField\":\"github.repository.owner.login\"},\"2e911c1d-57e0-4dab-b9f2-3e8660f1527c\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Alerts count by repository\",\"operationType\":\"formula\",\"params\":{\"formula\":\"count()\",\"isFormulaBroken\":false},\"references\":[\"2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0\"],\"scale\":\"ratio\"},\"2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Alerts count by repository\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"727c7778-d3ac-48b4-a1e9-fd2308ad7bf2\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of github.repository.owner.login + 1 other\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"fallback\":true,\"type\":\"alphabetical\"},\"orderDirection\":\"asc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"multi_terms\"},\"secondaryFields\":[\"github.repository.name\"],\"size\":50},\"scale\":\"ordinal\",\"sourceField\":\"github.repository.owner.login\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"656c4d05-b350-45a5-aa87-f83fbdbf2f26\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.code_scanning\",\"github.secret_scanning\",\"github.dependabot\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}},{\"match_phrase\":{\"data_stream.dataset\":\"github.secret_scanning\"}},{\"match_phrase\":{\"data_stream.dataset\":\"github.dependabot\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"a3e44335-794f-455e-9e40-c22201daaa1c\",\"key\":\"github.state\",\"negate\":false,\"params\":{\"query\":\"open\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"github.state\":\"open\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"2e911c1d-57e0-4dab-b9f2-3e8660f1527c\"],\"layerId\":\"2592c6ef-cf07-4080-b4fe-014cc142e3c8\",\"layerType\":\"data\",\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"seriesType\":\"bar\",\"splitAccessor\":\"727c7778-d3ac-48b4-a1e9-fd2308ad7bf2\",\"xAccessor\":\"1e393f28-24a9-40af-830b-654785bf6236\"}],\"legend\":{\"isVisible\":true,\"maxLines\":5,\"position\":\"right\",\"shouldTruncate\":true,\"showSingleSeries\":true},\"preferredSeriesType\":\"bar\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"Open Alerts count by owner and by repository [GitHub Advanced Security]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"35bcc34c-a0d8-40fd-aa9d-52f0df0ebc5a\",\"w\":24,\"x\":24,\"y\":15},\"panelIndex\":\"35bcc34c-a0d8-40fd-aa9d-52f0df0ebc5a\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"e8ef33ad-82e2-4282-ae42-1ee5b478bde8\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"69dd980b-29ae-4a8c-b2e9-f4566786f5d3\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"91e1a389-34e8-4332-9dbb-bd883d71dd85\":{\"columnOrder\":[\"894fb0b1-f0bd-4dbe-885b-0b41c339e84f\",\"e0343042-35ac-4a43-9fe5-639da6a8ee6e\",\"c53bee8d-06ca-4728-b6bc-2761d77a9ef5\"],\"columns\":{\"894fb0b1-f0bd-4dbe-885b-0b41c339e84f\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Owner\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"c53bee8d-06ca-4728-b6bc-2761d77a9ef5\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.repository.owner.login\"},\"c53bee8d-06ca-4728-b6bc-2761d77a9ef5\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Alerts Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"e0343042-35ac-4a43-9fe5-639da6a8ee6e\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Repository\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"c53bee8d-06ca-4728-b6bc-2761d77a9ef5\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.repository.name\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"e8ef33ad-82e2-4282-ae42-1ee5b478bde8\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.code_scanning\",\"github.secret_scanning\",\"github.dependabot\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}},{\"match_phrase\":{\"data_stream.dataset\":\"github.secret_scanning\"}},{\"match_phrase\":{\"data_stream.dataset\":\"github.dependabot\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"69dd980b-29ae-4a8c-b2e9-f4566786f5d3\",\"key\":\"github.state\",\"negate\":false,\"params\":{\"query\":\"open\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"github.state\":\"open\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"91e1a389-34e8-4332-9dbb-bd883d71dd85\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"894fb0b1-f0bd-4dbe-885b-0b41c339e84f\",\"e0343042-35ac-4a43-9fe5-639da6a8ee6e\"],\"metrics\":[\"c53bee8d-06ca-4728-b6bc-2761d77a9ef5\"]}],\"shape\":\"pie\"}},\"title\":\"Open Alerts % by owner and by repository [GitHub Advanced Security]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"54ab8e3f-ba53-4cf0-8769-745688302f45\",\"w\":24,\"x\":0,\"y\":30},\"panelIndex\":\"54ab8e3f-ba53-4cf0-8769-745688302f45\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a1e90df6-e435-44e9-b298-d77ce349f33b\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"bbb675c9-c535-483e-9337-69a2a81eb2da\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"288f00c3-3a7a-4b8a-bb49-75818491a337\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a1e90df6-e435-44e9-b298-d77ce349f33b\":{\"columnOrder\":[\"2d80e2e5-e516-4746-9f9a-113f2c4ef2cb\",\"155686d5-4e87-48a3-b7d2-540deed5a270\"],\"columns\":{\"155686d5-4e87-48a3-b7d2-540deed5a270\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Alerts Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"2d80e2e5-e516-4746-9f9a-113f2c4ef2cb\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Alert Type\",\"operationType\":\"filters\",\"params\":{\"filters\":[{\"input\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"github.code_scanning\\\" \"},\"label\":\"Code Scanning\"},{\"input\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"github.secret_scanning\\\" \"},\"label\":\"Secret Scanning\"},{\"input\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"github.dependabot\\\" \"},\"label\":\"Dependabot\"}]},\"scale\":\"ordinal\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"bbb675c9-c535-483e-9337-69a2a81eb2da\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.code_scanning\",\"github.secret_scanning\",\"github.dependabot\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}},{\"match_phrase\":{\"data_stream.dataset\":\"github.secret_scanning\"}},{\"match_phrase\":{\"data_stream.dataset\":\"github.dependabot\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"288f00c3-3a7a-4b8a-bb49-75818491a337\",\"key\":\"github.state\",\"negate\":false,\"params\":{\"query\":\"open\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"github.state\":\"open\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"accessors\":[\"155686d5-4e87-48a3-b7d2-540deed5a270\"],\"layerId\":\"a1e90df6-e435-44e9-b298-d77ce349f33b\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"2d80e2e5-e516-4746-9f9a-113f2c4ef2cb\",\"yConfig\":[{\"color\":\"#e9b78b\",\"forAccessor\":\"155686d5-4e87-48a3-b7d2-540deed5a270\"}]}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\"}},\"title\":\"Open Alerts by Type [GitHub Advanced Security]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"96fbd44d-b93e-4605-86ef-d5c3dd36660f\",\"w\":24,\"x\":24,\"y\":30},\"panelIndex\":\"96fbd44d-b93e-4605-86ef-d5c3dd36660f\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"34b1f197-92c5-4838-ae73-3ba9e9260015\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"14e0ee55-38aa-4727-a0a5-a9af42b8b0ca\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"91e1a389-34e8-4332-9dbb-bd883d71dd85\":{\"columnOrder\":[\"894fb0b1-f0bd-4dbe-885b-0b41c339e84f\",\"c53bee8d-06ca-4728-b6bc-2761d77a9ef5\"],\"columns\":{\"894fb0b1-f0bd-4dbe-885b-0b41c339e84f\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Filters\",\"operationType\":\"filters\",\"params\":{\"filters\":[{\"input\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"github.code_scanning\\\" \"},\"label\":\"Code Scanning\"},{\"input\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"github.secret_scanning\\\" \"},\"label\":\"Secret Scanning\"},{\"input\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"github.dependabot\\\" \"},\"label\":\"Dependabot\"}]},\"scale\":\"ordinal\"},\"c53bee8d-06ca-4728-b6bc-2761d77a9ef5\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Alerts Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"34b1f197-92c5-4838-ae73-3ba9e9260015\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.code_scanning\",\"github.secret_scanning\",\"github.dependabot\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}},{\"match_phrase\":{\"data_stream.dataset\":\"github.secret_scanning\"}},{\"match_phrase\":{\"data_stream.dataset\":\"github.dependabot\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"14e0ee55-38aa-4727-a0a5-a9af42b8b0ca\",\"key\":\"github.state\",\"negate\":false,\"params\":{\"query\":\"open\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"github.state\":\"open\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"emptySizeRatio\":0.3,\"layerId\":\"91e1a389-34e8-4332-9dbb-bd883d71dd85\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"legendMaxLines\":5,\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"percentDecimals\":1,\"primaryGroups\":[\"894fb0b1-f0bd-4dbe-885b-0b41c339e84f\"],\"metrics\":[\"c53bee8d-06ca-4728-b6bc-2761d77a9ef5\"]}],\"shape\":\"donut\"}},\"title\":\"Open Alerts % by Type [GitHub Advanced Security]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"}}]","timeRestore":false,"title":"[GitHub] Advanced Security Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"github-6a6d7c40-17ab-11ed-809a-7b4be950fe9c","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"96fbd44d-b93e-4605-86ef-d5c3dd36660f:indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85","type":"index-pattern"},{"id":"logs-*","name":"96fbd44d-b93e-4605-86ef-d5c3dd36660f:7593b627-5a3f-46a0-a8f9-33e6b6acc9a5","type":"index-pattern"},{"id":"logs-*","name":"96fbd44d-b93e-4605-86ef-d5c3dd36660f:3aea78d1-4e8f-47cb-a54b-11acf0506c06","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_2b7c10cd-1a6d-4dff-8cf9-848904b101d7:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_05d7ed66-221a-437a-9e07-5094ce9d57e0:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_b1a338bb-89af-425e-91eb-1c8a32641422:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_5c430006-8043-4e34-96dd-34b596dcba61:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_81297eab-88c0-477b-8132-39cbb430b6c7:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"908a8fcb-8a78-41ae-bb14-c0fba31aa562:indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d","type":"index-pattern"},{"id":"logs-*","name":"908a8fcb-8a78-41ae-bb14-c0fba31aa562:efd3c729-3f58-4e1f-b05f-4178051021ee","type":"index-pattern"},{"id":"logs-*","name":"84209174-8b73-47ed-9324-45e7713370d0:indexpattern-datasource-layer-e125b149-a8ea-47b7-914c-508a7972c074","type":"index-pattern"},{"id":"logs-*","name":"84209174-8b73-47ed-9324-45e7713370d0:68c402d4-a28c-4161-9f6c-663cd4930df6","type":"index-pattern"},{"id":"logs-*","name":"5ef67f15-a8c1-4ce5-a676-3a27f61fa7dd:indexpattern-datasource-layer-e125b149-a8ea-47b7-914c-508a7972c074","type":"index-pattern"},{"id":"logs-*","name":"5ef67f15-a8c1-4ce5-a676-3a27f61fa7dd:408457e7-219e-4fb4-9352-7dc82c8d514c","type":"index-pattern"},{"id":"logs-*","name":"c5e57455-3945-4457-973f-7b6a1e5579d8:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95","type":"index-pattern"},{"id":"logs-*","name":"c5e57455-3945-4457-973f-7b6a1e5579d8:ab223632-68bc-4417-a2d3-0c3cd145a537","type":"index-pattern"},{"id":"logs-*","name":"c5e57455-3945-4457-973f-7b6a1e5579d8:8676bd1a-86f1-4fac-ab02-6c382be33410","type":"index-pattern"},{"id":"logs-*","name":"c15d5d40-d18a-4960-8b6d-d47da3611f99:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95","type":"index-pattern"},{"id":"logs-*","name":"c15d5d40-d18a-4960-8b6d-d47da3611f99:45e7ae11-a8b3-4f60-a280-de442326d1ec","type":"index-pattern"},{"id":"logs-*","name":"c15d5d40-d18a-4960-8b6d-d47da3611f99:0753d483-b32c-441f-87dc-bb862221e11c","type":"index-pattern"},{"id":"logs-*","name":"5f8d7b7b-c370-4e38-ae2a-80f1495598fe:indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8","type":"index-pattern"},{"id":"logs-*","name":"5f8d7b7b-c370-4e38-ae2a-80f1495598fe:656c4d05-b350-45a5-aa87-f83fbdbf2f26","type":"index-pattern"},{"id":"logs-*","name":"5f8d7b7b-c370-4e38-ae2a-80f1495598fe:a3e44335-794f-455e-9e40-c22201daaa1c","type":"index-pattern"},{"id":"logs-*","name":"35bcc34c-a0d8-40fd-aa9d-52f0df0ebc5a:indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85","type":"index-pattern"},{"id":"logs-*","name":"35bcc34c-a0d8-40fd-aa9d-52f0df0ebc5a:e8ef33ad-82e2-4282-ae42-1ee5b478bde8","type":"index-pattern"},{"id":"logs-*","name":"35bcc34c-a0d8-40fd-aa9d-52f0df0ebc5a:69dd980b-29ae-4a8c-b2e9-f4566786f5d3","type":"index-pattern"},{"id":"logs-*","name":"54ab8e3f-ba53-4cf0-8769-745688302f45:indexpattern-datasource-layer-a1e90df6-e435-44e9-b298-d77ce349f33b","type":"index-pattern"},{"id":"logs-*","name":"54ab8e3f-ba53-4cf0-8769-745688302f45:bbb675c9-c535-483e-9337-69a2a81eb2da","type":"index-pattern"},{"id":"logs-*","name":"54ab8e3f-ba53-4cf0-8769-745688302f45:288f00c3-3a7a-4b8a-bb49-75818491a337","type":"index-pattern"},{"id":"logs-*","name":"96fbd44d-b93e-4605-86ef-d5c3dd36660f:indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85","type":"index-pattern"},{"id":"logs-*","name":"96fbd44d-b93e-4605-86ef-d5c3dd36660f:34b1f197-92c5-4838-ae73-3ba9e9260015","type":"index-pattern"},{"id":"logs-*","name":"96fbd44d-b93e-4605-86ef-d5c3dd36660f:14e0ee55-38aa-4727-a0a5-a9af42b8b0ca","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-github-default","name":"tag-ref-fleet-pkg-github-default","type":"tag"}],"sort":[1688154054424,7745],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3NzUsMV0="}
-{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"af01806a-78b1-4068-8d69-fa2ca952f365\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"af01806a-78b1-4068-8d69-fa2ca952f365\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.audit\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.audit\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"github.org\",\"id\":\"1632831213212\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"Organization\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"github.repo\",\"id\":\"1632831234336\",\"indexPatternRefName\":\"control_1_index_pattern\",\"label\":\"Repository\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"user.name\",\"id\":\"1632872599896\",\"indexPatternRefName\":\"control_2_index_pattern\",\"label\":\"Actor\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"user.target.name\",\"id\":\"1632872564349\",\"indexPatternRefName\":\"control_3_index_pattern\",\"label\":\"Users\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"event.action\",\"id\":\"1632874177516\",\"indexPatternRefName\":\"control_4_index_pattern\",\"label\":\"Action\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":false,\"useTimeFilter\":false},\"title\":\"Controls Audit [GitHub]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"7d42442c-83c9-420d-8ef4-883eeb150687\",\"w\":24,\"x\":0,\"y\":7},\"panelIndex\":\"7d42442c-83c9-420d-8ef4-883eeb150687\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"event.action\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":1000},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addTooltip\":true,\"distinctColors\":false,\"isDonut\":false,\"labels\":{\"last_level\":false,\"percentDecimals\":0,\"position\":\"default\",\"show\":true,\"truncate\":100,\"values\":true,\"valuesFormat\":\"value\"},\"legendDisplay\":\"hide\",\"legendPosition\":\"right\",\"legendSize\":\"auto\",\"maxLegendLines\":1,\"nestedLegend\":false,\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"truncateLegend\":true,\"type\":\"pie\"},\"title\":\"User Changes [GitHub]\",\"type\":\"pie\",\"uiState\":{}},\"vis\":{\"legendOpen\":false},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"76db3a0d-7562-4436-acd5-3cbfd4f6d044\",\"w\":24,\"x\":24,\"y\":7},\"panelIndex\":\"76db3a0d-7562-4436-acd5-3cbfd4f6d044\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"scaleMetricValues\":false,\"timeRange\":{\"from\":\"now-18M\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"used_interval\":\"1w\"},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"event.action\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":1000},\"schema\":\"group\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"detailedTooltip\":true,\"grid\":{\"categoryLines\":false},\"labels\":{\"show\":false},\"legendPosition\":\"right\",\"legendSize\":\"auto\",\"maxLegendLines\":1,\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"radiusRatio\":0,\"seriesParams\":[{\"circlesRadius\":3,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"stacked\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"truncateLegend\":true,\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}]},\"title\":\"User Change Timeline [GitHub]\",\"type\":\"histogram\",\"uiState\":{}},\"type\":\"visualization\"}},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":15,\"i\":\"1e435c96-c37f-4eb5-a4e5-2d446b2bf464\",\"w\":48,\"x\":0,\"y\":22},\"panelIndex\":\"1e435c96-c37f-4eb5-a4e5-2d446b2bf464\",\"panelRefName\":\"panel_1e435c96-c37f-4eb5-a4e5-2d446b2bf464\",\"type\":\"search\",\"version\":\"7.16.0\"}]","timeRestore":false,"title":"[GitHub] User Change Audit","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"github-8bfd8310-205c-11ec-8b10-11a4c5e322a0","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"github-173f1050-20ae-11ec-8b10-11a4c5e322a0","name":"1e435c96-c37f-4eb5-a4e5-2d446b2bf464:panel_1e435c96-c37f-4eb5-a4e5-2d446b2bf464","type":"search"},{"id":"logs-*","name":"af01806a-78b1-4068-8d69-fa2ca952f365:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"af01806a-78b1-4068-8d69-fa2ca952f365:control_0_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"af01806a-78b1-4068-8d69-fa2ca952f365:control_1_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"af01806a-78b1-4068-8d69-fa2ca952f365:control_2_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"af01806a-78b1-4068-8d69-fa2ca952f365:control_3_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"af01806a-78b1-4068-8d69-fa2ca952f365:control_4_index_pattern","type":"index-pattern"},{"id":"github-173f1050-20ae-11ec-8b10-11a4c5e322a0","name":"7d42442c-83c9-420d-8ef4-883eeb150687:search_0","type":"search"},{"id":"github-173f1050-20ae-11ec-8b10-11a4c5e322a0","name":"76db3a0d-7562-4436-acd5-3cbfd4f6d044:search_0","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-github-default","name":"tag-ref-fleet-pkg-github-default","type":"tag"}],"sort":[1688154054424,7757],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3NzYsMV0="}
-{"attributes":{"columns":[],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.audit\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.audit\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"sort":[["@timestamp","desc"]],"title":"GitHub Audit","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"github-a5f3d9b0-20af-11ec-8b10-11a4c5e322a0","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-github-default","name":"tag-ref-fleet-pkg-github-default","type":"tag"}],"sort":[1688154054424,7762],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3NzcsMV0="}
-{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"63210180-c999-4d93-8d7a-f2fcb810ad1b\",\"w\":41,\"x\":0,\"y\":0},\"panelIndex\":\"63210180-c999-4d93-8d7a-f2fcb810ad1b\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.audit\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.audit\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"github.org\",\"id\":\"1632831213212\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"Organization\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"github.repo\",\"id\":\"1632831234336\",\"indexPatternRefName\":\"control_1_index_pattern\",\"label\":\"Repository\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"user.name\",\"id\":\"1632872599896\",\"indexPatternRefName\":\"control_2_index_pattern\",\"label\":\"Actor\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"user.target.name\",\"id\":\"1632872564349\",\"indexPatternRefName\":\"control_3_index_pattern\",\"label\":\"Users\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"event.action\",\"id\":\"1632874177516\",\"indexPatternRefName\":\"control_4_index_pattern\",\"label\":\"Action\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":false,\"useTimeFilter\":false},\"title\":\"Controls Audit [GitHub]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"b37e0c71-2cc3-4895-b839-383ce53561a8\",\"w\":7,\"x\":41,\"y\":0},\"panelIndex\":\"b37e0c71-2cc3-4895-b839-383ce53561a8\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\" \"},\"schema\":\"metric\",\"type\":\"count\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Total Events [GitHub]\",\"type\":\"metric\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":19,\"i\":\"fb1ebb7a-c8bf-419d-be8f-ff5d2a741cc9\",\"w\":48,\"x\":0,\"y\":7},\"panelIndex\":\"fb1ebb7a-c8bf-419d-be8f-ff5d2a741cc9\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"scaleMetricValues\":false,\"timeRange\":{\"from\":\"now-18M\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"used_interval\":\"1w\"},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"event.action\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":1000},\"schema\":\"group\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"detailedTooltip\":true,\"grid\":{\"categoryLines\":false},\"labels\":{\"show\":false},\"legendPosition\":\"right\",\"legendSize\":\"auto\",\"maxLegendLines\":1,\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"radiusRatio\":0,\"seriesParams\":[{\"circlesRadius\":3,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"stacked\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"truncateLegend\":true,\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}]},\"title\":\"Events over time [GitHub]\",\"type\":\"histogram\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"map\",\"gridData\":{\"h\":18,\"i\":\"88887e58-b192-4c9b-85c7-14d18a6c1c0d\",\"w\":37,\"x\":0,\"y\":26},\"panelIndex\":\"88887e58-b192-4c9b-85c7-14d18a6c1c0d\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"layerListJSON\":\"[{\\\"alpha\\\":0.75,\\\"id\\\":\\\"a427cb7d-077b-4c8a-8741-74f8f03283e2\\\",\\\"includeInFitToBounds\\\":true,\\\"joins\\\":[],\\\"label\\\":null,\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"sourceDescriptor\\\":{\\\"id\\\":\\\"world_countries\\\",\\\"tooltipProperties\\\":[\\\"name\\\"],\\\"type\\\":\\\"EMS_FILE\\\"},\\\"style\\\":{\\\"isTimeAware\\\":true,\\\"properties\\\":{\\\"fillColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#6092C0\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"icon\\\":{\\\"options\\\":{\\\"value\\\":\\\"marker\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"iconOrientation\\\":{\\\"options\\\":{\\\"orientation\\\":0},\\\"type\\\":\\\"STATIC\\\"},\\\"iconSize\\\":{\\\"options\\\":{\\\"size\\\":6},\\\"type\\\":\\\"STATIC\\\"},\\\"labelBorderColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#FFFFFF\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"labelBorderSize\\\":{\\\"options\\\":{\\\"size\\\":\\\"SMALL\\\"}},\\\"labelColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#000000\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"labelSize\\\":{\\\"options\\\":{\\\"size\\\":14},\\\"type\\\":\\\"STATIC\\\"},\\\"labelText\\\":{\\\"options\\\":{\\\"value\\\":\\\"\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"lineColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#4379aa\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"lineWidth\\\":{\\\"options\\\":{\\\"size\\\":1},\\\"type\\\":\\\"STATIC\\\"},\\\"symbolizeAs\\\":{\\\"options\\\":{\\\"value\\\":\\\"circle\\\"}}},\\\"type\\\":\\\"VECTOR\\\"},\\\"type\\\":\\\"GEOJSON_VECTOR\\\",\\\"visible\\\":true},{\\\"alpha\\\":0.75,\\\"id\\\":\\\"a0ea096b-e0eb-43dd-8f75-c0d8c0e4ac9a\\\",\\\"includeInFitToBounds\\\":true,\\\"joins\\\":[{\\\"leftField\\\":\\\"iso2\\\",\\\"right\\\":{\\\"applyGlobalQuery\\\":true,\\\"applyGlobalTime\\\":true,\\\"id\\\":\\\"167d9148-ad58-4fa1-99eb-c3e75fc75f96\\\",\\\"indexPatternRefName\\\":\\\"layer_1_join_0_index_pattern\\\",\\\"indexPatternTitle\\\":\\\"logs-*\\\",\\\"term\\\":\\\"client.geo.country_iso_code\\\",\\\"type\\\":\\\"ES_TERM_SOURCE\\\"}}],\\\"label\\\":\\\"Events by Country\\\",\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"sourceDescriptor\\\":{\\\"id\\\":\\\"world_countries\\\",\\\"tooltipProperties\\\":[\\\"name\\\"],\\\"type\\\":\\\"EMS_FILE\\\"},\\\"style\\\":{\\\"isTimeAware\\\":true,\\\"properties\\\":{\\\"fillColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#54B399\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"icon\\\":{\\\"options\\\":{\\\"value\\\":\\\"marker\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"iconOrientation\\\":{\\\"options\\\":{\\\"orientation\\\":0},\\\"type\\\":\\\"STATIC\\\"},\\\"iconSize\\\":{\\\"options\\\":{\\\"size\\\":6},\\\"type\\\":\\\"STATIC\\\"},\\\"labelBorderColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#FFFFFF\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"labelBorderSize\\\":{\\\"options\\\":{\\\"size\\\":\\\"SMALL\\\"}},\\\"labelColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#000000\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"labelSize\\\":{\\\"options\\\":{\\\"size\\\":14},\\\"type\\\":\\\"STATIC\\\"},\\\"labelText\\\":{\\\"options\\\":{\\\"value\\\":\\\"\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"lineColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#41937c\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"lineWidth\\\":{\\\"options\\\":{\\\"size\\\":1},\\\"type\\\":\\\"STATIC\\\"},\\\"symbolizeAs\\\":{\\\"options\\\":{\\\"value\\\":\\\"circle\\\"}}},\\\"type\\\":\\\"VECTOR\\\"},\\\"type\\\":\\\"GEOJSON_VECTOR\\\",\\\"visible\\\":true}]\",\"mapStateJSON\":\"{\\\"center\\\":{\\\"lat\\\":0,\\\"lon\\\":-29.82486},\\\"filters\\\":[{\\\"$state\\\":{\\\"store\\\":\\\"appState\\\"},\\\"meta\\\":{\\\"alias\\\":null,\\\"disabled\\\":false,\\\"index\\\":\\\"logs-*\\\",\\\"key\\\":\\\"data_stream.dataset\\\",\\\"negate\\\":false,\\\"params\\\":{\\\"query\\\":\\\"github.audit\\\"},\\\"type\\\":\\\"phrase\\\"},\\\"query\\\":{\\\"match_phrase\\\":{\\\"data_stream.dataset\\\":\\\"github.audit\\\"}}}],\\\"query\\\":{\\\"language\\\":\\\"kuery\\\",\\\"query\\\":\\\"\\\"},\\\"refreshConfig\\\":{\\\"interval\\\":0,\\\"isPaused\\\":true},\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false,\\\"backgroundColor\\\":\\\"#ffffff\\\",\\\"browserLocation\\\":{\\\"zoom\\\":2},\\\"disableInteractive\\\":false,\\\"disableTooltipControl\\\":false,\\\"fixedLocation\\\":{\\\"lat\\\":0,\\\"lon\\\":0,\\\"zoom\\\":2},\\\"hideLayerControl\\\":false,\\\"hideToolbarOverlay\\\":false,\\\"hideViewControl\\\":false,\\\"initialLocation\\\":\\\"LAST_SAVED_LOCATION\\\",\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"showScaleControl\\\":false,\\\"showSpatialFilters\\\":true,\\\"showTimesliderToggleButton\\\":true,\\\"spatialFiltersAlpa\\\":0.3,\\\"spatialFiltersFillColor\\\":\\\"#DA8B45\\\",\\\"spatialFiltersLineColor\\\":\\\"#DA8B45\\\"},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-18M\\\",\\\"to\\\":\\\"now\\\"},\\\"zoom\\\":0.56}\",\"title\":\"Activity Map by Actor Location [GitHub]\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[]}\"},\"enhancements\":{},\"hiddenLayers\":[],\"isLayerTOCOpen\":false,\"mapBuffer\":{\"maxLat\":85.05113,\"maxLon\":360,\"minLat\":-85.05113,\"minLon\":-540},\"mapCenter\":{\"lat\":27.08856,\"lon\":-30.5613,\"zoom\":1},\"openTOCDetails\":[],\"type\":\"map\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":18,\"i\":\"0c469087-fb3f-46d3-8962-c49d2e50f70c\",\"w\":11,\"x\":37,\"y\":26},\"panelIndex\":\"0c469087-fb3f-46d3-8962-c49d2e50f70c\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"github.org\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10000},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addTooltip\":true,\"distinctColors\":false,\"isDonut\":false,\"labels\":{\"last_level\":false,\"percentDecimals\":2,\"position\":\"default\",\"show\":true,\"truncate\":100,\"values\":true,\"valuesFormat\":\"value\"},\"legendDisplay\":\"hide\",\"legendPosition\":\"right\",\"legendSize\":\"auto\",\"maxLegendLines\":1,\"nestedLegend\":false,\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"truncateLegend\":true,\"type\":\"pie\"},\"title\":\"Events per Organization [GitHub]\",\"type\":\"pie\",\"uiState\":{}},\"vis\":{\"legendOpen\":false},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":19,\"i\":\"108cd1b7-ce79-4558-ae38-5f1bb93961fe\",\"w\":25,\"x\":0,\"y\":44},\"panelIndex\":\"108cd1b7-ce79-4558-ae38-5f1bb93961fe\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"\"},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"\",\"field\":\"event.action\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":200},\"position\":\"left\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"detailedTooltip\":true,\"grid\":{\"categoryLines\":false},\"labels\":{},\"legendPosition\":\"right\",\"legendSize\":\"auto\",\"maxLegendLines\":1,\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"radiusRatio\":0,\"seriesParams\":[{\"circlesRadius\":3,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"truncateLegend\":true,\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":true,\"rotate\":75,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"bottom\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}]},\"title\":\"Top 5 Event Types [GitHub]\",\"type\":\"horizontal_bar\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":19,\"i\":\"9ed1cfce-9337-4813-8df5-14a1280bb351\",\"w\":23,\"x\":25,\"y\":44},\"panelIndex\":\"9ed1cfce-9337-4813-8df5-14a1280bb351\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"user.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":200},\"position\":\"left\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"detailedTooltip\":true,\"grid\":{\"categoryLines\":false},\"labels\":{},\"legendPosition\":\"right\",\"legendSize\":\"auto\",\"maxLegendLines\":1,\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"radiusRatio\":0,\"seriesParams\":[{\"circlesRadius\":3,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"truncateLegend\":true,\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":true,\"rotate\":75,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"bottom\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}]},\"title\":\"Top 5 Active Users [GitHub]\",\"type\":\"horizontal_bar\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":17,\"i\":\"d48a66a5-50e7-4cab-9b16-767bfa427860\",\"w\":48,\"x\":0,\"y\":63},\"panelIndex\":\"d48a66a5-50e7-4cab-9b16-767bfa427860\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Repository\",\"field\":\"github.repo\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"rotate\":0,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"detailedTooltip\":true,\"grid\":{\"categoryLines\":false},\"labels\":{\"show\":false},\"legendPosition\":\"right\",\"legendSize\":\"auto\",\"maxLegendLines\":1,\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"radiusRatio\":0,\"seriesParams\":[{\"circlesRadius\":3,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"stacked\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"truncateLegend\":true,\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}]},\"title\":\"Top 10 Active Repositories [GitHub]\",\"type\":\"histogram\",\"uiState\":{}},\"type\":\"visualization\"}}]","timeRestore":false,"title":"[GitHub] Audit Log Activity","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"github-dcee84c0-2059-11ec-8b10-11a4c5e322a0","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"63210180-c999-4d93-8d7a-f2fcb810ad1b:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"63210180-c999-4d93-8d7a-f2fcb810ad1b:control_0_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"63210180-c999-4d93-8d7a-f2fcb810ad1b:control_1_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"63210180-c999-4d93-8d7a-f2fcb810ad1b:control_2_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"63210180-c999-4d93-8d7a-f2fcb810ad1b:control_3_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"63210180-c999-4d93-8d7a-f2fcb810ad1b:control_4_index_pattern","type":"index-pattern"},{"id":"github-a5f3d9b0-20af-11ec-8b10-11a4c5e322a0","name":"b37e0c71-2cc3-4895-b839-383ce53561a8:search_0","type":"search"},{"id":"github-a5f3d9b0-20af-11ec-8b10-11a4c5e322a0","name":"fb1ebb7a-c8bf-419d-be8f-ff5d2a741cc9:search_0","type":"search"},{"id":"logs-*","name":"88887e58-b192-4c9b-85c7-14d18a6c1c0d:layer_1_join_0_index_pattern","type":"index-pattern"},{"id":"github-a5f3d9b0-20af-11ec-8b10-11a4c5e322a0","name":"0c469087-fb3f-46d3-8962-c49d2e50f70c:search_0","type":"search"},{"id":"github-a5f3d9b0-20af-11ec-8b10-11a4c5e322a0","name":"108cd1b7-ce79-4558-ae38-5f1bb93961fe:search_0","type":"search"},{"id":"github-a5f3d9b0-20af-11ec-8b10-11a4c5e322a0","name":"9ed1cfce-9337-4813-8df5-14a1280bb351:search_0","type":"search"},{"id":"github-a5f3d9b0-20af-11ec-8b10-11a4c5e322a0","name":"d48a66a5-50e7-4cab-9b16-767bfa427860:search_0","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-github-default","name":"tag-ref-fleet-pkg-github-default","type":"tag"}],"sort":[1688154054424,7778],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3NzgsMV0="}
-{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{\"93a8183f-ab74-4636-9f63-9e30c35bfa6b\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.owner.login\",\"title\":\"Owner/Organization\",\"id\":\"93a8183f-ab74-4636-9f63-9e30c35bfa6b\",\"enhancements\":{}}},\"965171e3-e02b-49ff-a2f7-6ddfa5159eee\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.name\",\"title\":\"Repository\",\"id\":\"965171e3-e02b-49ff-a2f7-6ddfa5159eee\",\"enhancements\":{}}},\"8fb8d319-c120-4bcb-849d-6d45f3f5406a\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.state\",\"title\":\"State\",\"id\":\"8fb8d319-c120-4bcb-849d-6d45f3f5406a\",\"enhancements\":{},\"selectedOptions\":[]}}}"},"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"Github Issues\",\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.issues\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.issues\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":5,\"i\":\"dc15f49d-29b1-4e2e-8787-51ffbab5b4ac\",\"w\":14,\"x\":0,\"y\":0},\"panelIndex\":\"dc15f49d-29b1-4e2e-8787-51ffbab5b4ac\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"5c48f008-d4c0-4386-a853-a83f49efe49f\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"3f8b858f-a1ee-4d69-a100-d59282acd94d\":{\"columnOrder\":[\"ccdc8558-1d3f-4c8b-a31e-d59ac78d0212\"],\"columns\":{\"ccdc8558-1d3f-4c8b-a31e-d59ac78d0212\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Total Issues\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"5c48f008-d4c0-4386-a853-a83f49efe49f\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.issues\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.issues\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"ccdc8558-1d3f-4c8b-a31e-d59ac78d0212\",\"layerId\":\"3f8b858f-a1ee-4d69-a100-d59282acd94d\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"top\"}},\"title\":\"Total Alerts Created [GitHub Code Scanning]\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Issues Created [GitHub Issues]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"85cbbb74-4d3c-44e0-98f6-be076e31aea3\",\"w\":14,\"x\":14,\"y\":0},\"panelIndex\":\"85cbbb74-4d3c-44e0-98f6-be076e31aea3\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"583b3dcc-776c-48a8-90a8-14a1cdf69d5e\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\":{\"columnOrder\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\",\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\",\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1\",\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2\"],\"columns\":{\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Issues Created/Closed Ratio\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"number\",\"params\":{\"decimals\":2}},\"formula\":\"count()/count(kql='github.state:closed')\",\"isFormulaBroken\":false},\"references\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2\"],\"scale\":\"ratio\"},\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Alerts Found/Fixed Ratio\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"github.state:closed\"},\"isBucketed\":false,\"label\":\"Part of Alerts Found/Fixed Ratio\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Alerts Found/Fixed Ratio\",\"operationType\":\"math\",\"params\":{\"tinymathAst\":{\"args\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\",\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1\"],\"location\":{\"max\":40,\"min\":0},\"name\":\"divide\",\"text\":\"count()/count(kql='github.state:closed')\",\"type\":\"function\"}},\"references\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\",\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1\"],\"scale\":\"ratio\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"583b3dcc-776c-48a8-90a8-14a1cdf69d5e\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.issues\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.issues\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\",\"colorMode\":\"None\",\"layerId\":\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"layerType\":\"data\",\"textAlign\":\"center\"}},\"title\":\"Alerts Found/Fixed Ratio [GitHub Code Scanning]\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Issues Created/Closed Ratio [GitHub Issues]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"1b501988-f932-4d80-8625-d2a1c8cd7321\",\"w\":20,\"x\":28,\"y\":0},\"panelIndex\":\"1b501988-f932-4d80-8625-d2a1c8cd7321\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-cbc5557e-f6b9-4140-90b2-3100f33083c4\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"acb267f3-3c77-47f8-bf79-98920679368c\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"cbc5557e-f6b9-4140-90b2-3100f33083c4\":{\"columnOrder\":[\"3ef214a7-820c-42e3-b2b0-5daa7566fedc\",\"4525c4ae-5f82-4b4d-9867-48e4aba462fd\"],\"columns\":{\"3ef214a7-820c-42e3-b2b0-5daa7566fedc\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Open vs Closed\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"4525c4ae-5f82-4b4d-9867-48e4aba462fd\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.state\"},\"4525c4ae-5f82-4b4d-9867-48e4aba462fd\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"acb267f3-3c77-47f8-bf79-98920679368c\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.issues\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.issues\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"emptySizeRatio\":0.54,\"layerId\":\"cbc5557e-f6b9-4140-90b2-3100f33083c4\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"legendPosition\":\"right\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":true,\"primaryGroups\":[\"3ef214a7-820c-42e3-b2b0-5daa7566fedc\"],\"metrics\":[\"4525c4ae-5f82-4b4d-9867-48e4aba462fd\"]}],\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"shape\":\"donut\"}},\"title\":\"Open vs Resolved/Dismissed [GitHub Code Scanning]\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Open vs Closed [GitHub Issues]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":5,\"i\":\"12c18b92-9f7b-4832-b85f-aad64720ea87\",\"w\":14,\"x\":0,\"y\":5},\"panelIndex\":\"12c18b92-9f7b-4832-b85f-aad64720ea87\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"c9577613-d758-45ed-be30-d9d3bfe47f77\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"c58d5e58-16ac-44f6-9fae-35770b969600\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\":{\"columnOrder\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\"],\"columns\":{\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Open Issues\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}}},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"c9577613-d758-45ed-be30-d9d3bfe47f77\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.issues\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.issues\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"c58d5e58-16ac-44f6-9fae-35770b969600\",\"key\":\"github.state\",\"negate\":false,\"params\":{\"query\":\"open\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"github.state\":\"open\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\",\"colorMode\":\"Labels\",\"layerId\":\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"layerType\":\"data\",\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#209280\",\"stop\":0},{\"color\":\"#d6bf57\",\"stop\":1},{\"color\":\"#cc5642\",\"stop\":1000}],\"continuity\":\"above\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":0,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#209280\",\"stop\":1},{\"color\":\"#d6bf57\",\"stop\":1000},{\"color\":\"#cc5642\",\"stop\":1001}]},\"type\":\"palette\"},\"textAlign\":\"center\"}},\"title\":\"Open Alerts Count [GitHub Code Scanning]\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Open Issues Count [GitHub Issues]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"7131e4d3-c168-480d-9496-1463ceaaa97a\",\"w\":14,\"x\":14,\"y\":7},\"panelIndex\":\"7131e4d3-c168-480d-9496-1463ceaaa97a\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"cd19d7a9-cf26-43bf-9c56-e5cc7b6bb638\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"f3c66899-a26d-4da8-89b4-8dfe417dc588\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\":{\"columnOrder\":[\"e33d2853-5b3d-4be9-9312-2d8da64d9523\",\"e33d2853-5b3d-4be9-9312-2d8da64d9523X0\",\"e33d2853-5b3d-4be9-9312-2d8da64d9523X1\"],\"columns\":{\"e33d2853-5b3d-4be9-9312-2d8da64d9523\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Mean time to close an issue\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"number\",\"params\":{\"decimals\":2,\"suffix\":\" days\"}},\"formula\":\"round(average(github.issues.time_to_close.sec))/86400\",\"isFormulaBroken\":false},\"references\":[\"e33d2853-5b3d-4be9-9312-2d8da64d9523X1\"],\"scale\":\"ratio\"},\"e33d2853-5b3d-4be9-9312-2d8da64d9523X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Mean time to close an issue\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"github.issues.time_to_close.sec\"},\"e33d2853-5b3d-4be9-9312-2d8da64d9523X1\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Mean time to close an issue\",\"operationType\":\"math\",\"params\":{\"tinymathAst\":{\"args\":[{\"args\":[\"e33d2853-5b3d-4be9-9312-2d8da64d9523X0\"],\"location\":{\"max\":47,\"min\":0},\"name\":\"round\",\"text\":\"round(average(github.issues.time_to_close.sec))\",\"type\":\"function\"},86400],\"location\":{\"max\":53,\"min\":0},\"name\":\"divide\",\"text\":\"round(average(github.issues.time_to_close.sec))/86400\",\"type\":\"function\"}},\"references\":[\"e33d2853-5b3d-4be9-9312-2d8da64d9523X0\"],\"scale\":\"ratio\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"cd19d7a9-cf26-43bf-9c56-e5cc7b6bb638\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.issues\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.issues\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"f3c66899-a26d-4da8-89b4-8dfe417dc588\",\"key\":\"github.issues.time_to_close.sec\",\"negate\":false,\"type\":\"exists\",\"value\":\"exists\"},\"query\":{\"exists\":{\"field\":\"github.issues.time_to_close.sec\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"e33d2853-5b3d-4be9-9312-2d8da64d9523\",\"colorMode\":\"None\",\"layerId\":\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"layerType\":\"data\",\"textAlign\":\"center\"}},\"title\":\"Mean Time to Resolution [GitHub Code Scanning]\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Mean Time To Close Issues [GitHub Issues]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":5,\"i\":\"c3e8ea64-b6f9-470c-9004-02f8909672eb\",\"w\":14,\"x\":0,\"y\":10},\"panelIndex\":\"c3e8ea64-b6f9-470c-9004-02f8909672eb\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"658f3ec5-1f8c-4cca-a794-7d1fedb00bd0\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"5620f741-77e6-4967-a417-ebc51bd0e047\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\":{\"columnOrder\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\",\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\"],\"columns\":{\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Closed Issues\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}},\"formula\":\"count()\",\"isFormulaBroken\":false},\"references\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\"],\"scale\":\"ratio\"},\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Resolved/Dismissed Alerts\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"658f3ec5-1f8c-4cca-a794-7d1fedb00bd0\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.issues\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.issues\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"5620f741-77e6-4967-a417-ebc51bd0e047\",\"key\":\"github.state\",\"negate\":false,\"params\":[\"closed\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"github.state\":\"closed\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\",\"colorMode\":\"Labels\",\"layerId\":\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"layerType\":\"data\",\"palette\":{\"name\":\"positive\",\"params\":{\"continuity\":\"above\",\"maxSteps\":5,\"name\":\"positive\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":0,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#bbdad3\",\"stop\":0},{\"color\":\"#77b6a8\",\"stop\":8},{\"color\":\"#209280\",\"stop\":16}]},\"type\":\"palette\"},\"textAlign\":\"center\"}},\"title\":\"Resolved/Dismissed Alerts Count [GitHub Code Scanning]\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Closed Issues Count [GitHub Issues]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"4e77167a-4642-4cbb-8430-2197e2f31666\",\"w\":19,\"x\":0,\"y\":15},\"panelIndex\":\"4e77167a-4642-4cbb-8430-2197e2f31666\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"d5e367bd-d27a-4e61-9878-93e20c4489bf\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"631035e6-8678-47ee-9a8c-c6a87f6c1757\":{\"columnOrder\":[\"1d6cb347-2ab1-4d23-b268-9bd2530493e1\",\"e1d8072b-7268-444a-864e-ef1117b17b65\"],\"columns\":{\"1d6cb347-2ab1-4d23-b268-9bd2530493e1\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 labels\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e1d8072b-7268-444a-864e-ef1117b17b65\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.issues.labels.name\"},\"e1d8072b-7268-444a-864e-ef1117b17b65\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Issues count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"d5e367bd-d27a-4e61-9878-93e20c4489bf\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.issues\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.issues\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"e1d8072b-7268-444a-864e-ef1117b17b65\"],\"layerId\":\"631035e6-8678-47ee-9a8c-c6a87f6c1757\",\"layerType\":\"data\",\"seriesType\":\"bar_horizontal\",\"xAccessor\":\"1d6cb347-2ab1-4d23-b268-9bd2530493e1\",\"yConfig\":[{\"color\":\"#6dc9cd\",\"forAccessor\":\"e1d8072b-7268-444a-864e-ef1117b17b65\"}]}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_horizontal\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"Tool Contribution Count [GitHub Code Scanning]\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Issues by labels [GitHub Issues]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"5135da2a-0093-4b71-a35a-c2b8877d22dd\",\"w\":14,\"x\":19,\"y\":15},\"panelIndex\":\"5135da2a-0093-4b71-a35a-c2b8877d22dd\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"d1569ab7-96b8-4e3d-b843-ee21f8f657c7\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"631035e6-8678-47ee-9a8c-c6a87f6c1757\":{\"columnOrder\":[\"257a7d8d-1315-4775-97d9-e679c0f3aa79\",\"e1d8072b-7268-444a-864e-ef1117b17b65\"],\"columns\":{\"257a7d8d-1315-4775-97d9-e679c0f3aa79\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 values of github.issues.labels.name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e1d8072b-7268-444a-864e-ef1117b17b65\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.issues.labels.name\"},\"e1d8072b-7268-444a-864e-ef1117b17b65\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"d1569ab7-96b8-4e3d-b843-ee21f8f657c7\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.issues\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.issues\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"emptySizeRatio\":0.3,\"layerId\":\"631035e6-8678-47ee-9a8c-c6a87f6c1757\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"legendMaxLines\":2,\"legendPosition\":\"right\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":true,\"primaryGroups\":[\"257a7d8d-1315-4775-97d9-e679c0f3aa79\"],\"metrics\":[\"e1d8072b-7268-444a-864e-ef1117b17b65\"]}],\"shape\":\"donut\"}},\"title\":\"Tool Contribution [GitHub Code Scanning]\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Issues % by labels [GitHub Issues]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"342298f7-3cf9-4d79-9654-901a769ac7c7\",\"w\":15,\"x\":33,\"y\":15},\"panelIndex\":\"342298f7-3cf9-4d79-9654-901a769ac7c7\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"2b9bd05e-fb45-43ed-9698-8698c33e3c34\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"631035e6-8678-47ee-9a8c-c6a87f6c1757\":{\"columnOrder\":[\"257a7d8d-1315-4775-97d9-e679c0f3aa79\",\"e1d8072b-7268-444a-864e-ef1117b17b65\"],\"columns\":{\"257a7d8d-1315-4775-97d9-e679c0f3aa79\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Label\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e1d8072b-7268-444a-864e-ef1117b17b65\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":1000},\"scale\":\"ordinal\",\"sourceField\":\"github.issues.labels.name\"},\"e1d8072b-7268-444a-864e-ef1117b17b65\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Issues Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"2b9bd05e-fb45-43ed-9698-8698c33e3c34\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.issues\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.issues\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"257a7d8d-1315-4775-97d9-e679c0f3aa79\"},{\"columnId\":\"e1d8072b-7268-444a-864e-ef1117b17b65\"}],\"layerId\":\"631035e6-8678-47ee-9a8c-c6a87f6c1757\",\"layerType\":\"data\"}},\"title\":\"Tool Contribution [GitHub Code Scanning]\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Issues Count by labels [GitHub Issues]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"ca116a6a-6146-40d8-b9d3-83c775d22456\",\"w\":17,\"x\":0,\"y\":26},\"panelIndex\":\"ca116a6a-6146-40d8-b9d3-83c775d22456\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"6a68e03e-88f2-4710-b493-4364dd0bd102\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"631035e6-8678-47ee-9a8c-c6a87f6c1757\":{\"columnOrder\":[\"6adc9b2a-664a-4740-8d59-d6677dd36e24\",\"e1d8072b-7268-444a-864e-ef1117b17b65\"],\"columns\":{\"6adc9b2a-664a-4740-8d59-d6677dd36e24\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"User\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e1d8072b-7268-444a-864e-ef1117b17b65\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.issues.user.login\"},\"e1d8072b-7268-444a-864e-ef1117b17b65\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Issues count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"6a68e03e-88f2-4710-b493-4364dd0bd102\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.issues\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.issues\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"e1d8072b-7268-444a-864e-ef1117b17b65\"],\"layerId\":\"631035e6-8678-47ee-9a8c-c6a87f6c1757\",\"layerType\":\"data\",\"seriesType\":\"bar_horizontal\",\"xAccessor\":\"6adc9b2a-664a-4740-8d59-d6677dd36e24\",\"yConfig\":[{\"color\":\"#6dc9cd\",\"forAccessor\":\"e1d8072b-7268-444a-864e-ef1117b17b65\"}]}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_horizontal\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"Tool Contribution Count [GitHub Code Scanning]\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Users Creating Issues [GitHub Issues]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"4f987036-b757-47ce-967c-c417b7c95f3a\",\"w\":17,\"x\":17,\"y\":26},\"panelIndex\":\"4f987036-b757-47ce-967c-c417b7c95f3a\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"ecc24cb3-c482-43c4-a46d-3932fa8da9a7\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"631035e6-8678-47ee-9a8c-c6a87f6c1757\":{\"columnOrder\":[\"f913a108-01c0-4764-9743-61a69b3ded42\",\"e1d8072b-7268-444a-864e-ef1117b17b65\"],\"columns\":{\"e1d8072b-7268-444a-864e-ef1117b17b65\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Issues count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"f913a108-01c0-4764-9743-61a69b3ded42\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"User\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e1d8072b-7268-444a-864e-ef1117b17b65\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.issues.assignees.login\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"ecc24cb3-c482-43c4-a46d-3932fa8da9a7\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.issues\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.issues\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"e1d8072b-7268-444a-864e-ef1117b17b65\"],\"layerId\":\"631035e6-8678-47ee-9a8c-c6a87f6c1757\",\"layerType\":\"data\",\"seriesType\":\"bar_horizontal\",\"xAccessor\":\"f913a108-01c0-4764-9743-61a69b3ded42\",\"yConfig\":[{\"color\":\"#6dc9cd\",\"forAccessor\":\"e1d8072b-7268-444a-864e-ef1117b17b65\"}]}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_horizontal\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"Tool Contribution Count [GitHub Code Scanning]\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top users with assigned issues [GitHub Issues]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"0cc3c355-192b-4fc8-be0e-0a899c6ffcff\",\"w\":14,\"x\":34,\"y\":26},\"panelIndex\":\"0cc3c355-192b-4fc8-be0e-0a899c6ffcff\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"11d97294-f73e-42d5-9dbb-ae041743ba96\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"22540369-91b3-442d-be46-f9813f4fd273\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"631035e6-8678-47ee-9a8c-c6a87f6c1757\":{\"columnOrder\":[\"eb192673-a397-4681-b973-121148e23546\",\"e1d8072b-7268-444a-864e-ef1117b17b65\"],\"columns\":{\"e1d8072b-7268-444a-864e-ef1117b17b65\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Issues count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"eb192673-a397-4681-b973-121148e23546\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"User\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e1d8072b-7268-444a-864e-ef1117b17b65\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.issues.closed_by.login\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"11d97294-f73e-42d5-9dbb-ae041743ba96\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.issues\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.issues\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"22540369-91b3-442d-be46-f9813f4fd273\",\"key\":\"github.issues.closed_at\",\"negate\":false,\"type\":\"exists\",\"value\":\"exists\"},\"query\":{\"exists\":{\"field\":\"github.issues.closed_at\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"e1d8072b-7268-444a-864e-ef1117b17b65\"],\"layerId\":\"631035e6-8678-47ee-9a8c-c6a87f6c1757\",\"layerType\":\"data\",\"seriesType\":\"bar_horizontal\",\"xAccessor\":\"eb192673-a397-4681-b973-121148e23546\",\"yConfig\":[{\"color\":\"#6dc9cd\",\"forAccessor\":\"e1d8072b-7268-444a-864e-ef1117b17b65\"}]}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_horizontal\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"Tool Contribution Count [GitHub Code Scanning]\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top users closing the issues [GitHub Issues]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":12,\"i\":\"234754b7-9ffa-44b0-b7f7-7ed6ec6a6d32\",\"w\":48,\"x\":0,\"y\":37},\"panelIndex\":\"234754b7-9ffa-44b0-b7f7-7ed6ec6a6d32\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-ebd4f001-671a-4772-a2c4-b07f94e34845\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"2f34a072-a5f1-4b91-afdc-77fa1ddf168a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"ebd4f001-671a-4772-a2c4-b07f94e34845\":{\"columnOrder\":[\"fc40a758-e2ae-45db-88c1-439660cb7f66\",\"5caf7916-eab1-42d2-b591-41039ee8ed72\"],\"columns\":{\"5caf7916-eab1-42d2-b591-41039ee8ed72\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"fc40a758-e2ae-45db-88c1-439660cb7f66\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"2f34a072-a5f1-4b91-afdc-77fa1ddf168a\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.issues\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.issues\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"5caf7916-eab1-42d2-b591-41039ee8ed72\"],\"layerId\":\"ebd4f001-671a-4772-a2c4-b07f94e34845\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"xAccessor\":\"fc40a758-e2ae-45db-88c1-439660cb7f66\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"Events Timeline [GitHub Code Scanning]\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Events Timeline [GitHub Issues]\"}]","timeRestore":false,"title":"[GitHub] Issues","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"github-f0104680-ae18-11ed-83fa-df5d96a45724","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"dc15f49d-29b1-4e2e-8787-51ffbab5b4ac:indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d","type":"index-pattern"},{"id":"logs-*","name":"dc15f49d-29b1-4e2e-8787-51ffbab5b4ac:5c48f008-d4c0-4386-a853-a83f49efe49f","type":"index-pattern"},{"id":"logs-*","name":"85cbbb74-4d3c-44e0-98f6-be076e31aea3:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95","type":"index-pattern"},{"id":"logs-*","name":"85cbbb74-4d3c-44e0-98f6-be076e31aea3:583b3dcc-776c-48a8-90a8-14a1cdf69d5e","type":"index-pattern"},{"id":"logs-*","name":"1b501988-f932-4d80-8625-d2a1c8cd7321:indexpattern-datasource-layer-cbc5557e-f6b9-4140-90b2-3100f33083c4","type":"index-pattern"},{"id":"logs-*","name":"1b501988-f932-4d80-8625-d2a1c8cd7321:acb267f3-3c77-47f8-bf79-98920679368c","type":"index-pattern"},{"id":"logs-*","name":"12c18b92-9f7b-4832-b85f-aad64720ea87:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95","type":"index-pattern"},{"id":"logs-*","name":"12c18b92-9f7b-4832-b85f-aad64720ea87:c9577613-d758-45ed-be30-d9d3bfe47f77","type":"index-pattern"},{"id":"logs-*","name":"12c18b92-9f7b-4832-b85f-aad64720ea87:c58d5e58-16ac-44f6-9fae-35770b969600","type":"index-pattern"},{"id":"logs-*","name":"7131e4d3-c168-480d-9496-1463ceaaa97a:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95","type":"index-pattern"},{"id":"logs-*","name":"7131e4d3-c168-480d-9496-1463ceaaa97a:cd19d7a9-cf26-43bf-9c56-e5cc7b6bb638","type":"index-pattern"},{"id":"logs-*","name":"7131e4d3-c168-480d-9496-1463ceaaa97a:f3c66899-a26d-4da8-89b4-8dfe417dc588","type":"index-pattern"},{"id":"logs-*","name":"c3e8ea64-b6f9-470c-9004-02f8909672eb:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95","type":"index-pattern"},{"id":"logs-*","name":"c3e8ea64-b6f9-470c-9004-02f8909672eb:658f3ec5-1f8c-4cca-a794-7d1fedb00bd0","type":"index-pattern"},{"id":"logs-*","name":"c3e8ea64-b6f9-470c-9004-02f8909672eb:5620f741-77e6-4967-a417-ebc51bd0e047","type":"index-pattern"},{"id":"logs-*","name":"4e77167a-4642-4cbb-8430-2197e2f31666:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757","type":"index-pattern"},{"id":"logs-*","name":"4e77167a-4642-4cbb-8430-2197e2f31666:d5e367bd-d27a-4e61-9878-93e20c4489bf","type":"index-pattern"},{"id":"logs-*","name":"5135da2a-0093-4b71-a35a-c2b8877d22dd:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757","type":"index-pattern"},{"id":"logs-*","name":"5135da2a-0093-4b71-a35a-c2b8877d22dd:d1569ab7-96b8-4e3d-b843-ee21f8f657c7","type":"index-pattern"},{"id":"logs-*","name":"342298f7-3cf9-4d79-9654-901a769ac7c7:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757","type":"index-pattern"},{"id":"logs-*","name":"342298f7-3cf9-4d79-9654-901a769ac7c7:2b9bd05e-fb45-43ed-9698-8698c33e3c34","type":"index-pattern"},{"id":"logs-*","name":"ca116a6a-6146-40d8-b9d3-83c775d22456:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757","type":"index-pattern"},{"id":"logs-*","name":"ca116a6a-6146-40d8-b9d3-83c775d22456:6a68e03e-88f2-4710-b493-4364dd0bd102","type":"index-pattern"},{"id":"logs-*","name":"4f987036-b757-47ce-967c-c417b7c95f3a:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757","type":"index-pattern"},{"id":"logs-*","name":"4f987036-b757-47ce-967c-c417b7c95f3a:ecc24cb3-c482-43c4-a46d-3932fa8da9a7","type":"index-pattern"},{"id":"logs-*","name":"0cc3c355-192b-4fc8-be0e-0a899c6ffcff:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757","type":"index-pattern"},{"id":"logs-*","name":"0cc3c355-192b-4fc8-be0e-0a899c6ffcff:11d97294-f73e-42d5-9dbb-ae041743ba96","type":"index-pattern"},{"id":"logs-*","name":"0cc3c355-192b-4fc8-be0e-0a899c6ffcff:22540369-91b3-442d-be46-f9813f4fd273","type":"index-pattern"},{"id":"logs-*","name":"234754b7-9ffa-44b0-b7f7-7ed6ec6a6d32:indexpattern-datasource-layer-ebd4f001-671a-4772-a2c4-b07f94e34845","type":"index-pattern"},{"id":"logs-*","name":"234754b7-9ffa-44b0-b7f7-7ed6ec6a6d32:2f34a072-a5f1-4b91-afdc-77fa1ddf168a","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_93a8183f-ab74-4636-9f63-9e30c35bfa6b:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_965171e3-e02b-49ff-a2f7-6ddfa5159eee:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_8fb8d319-c120-4bcb-849d-6d45f3f5406a:optionsListDataView","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-github-default","name":"tag-ref-fleet-pkg-github-default","type":"tag"}],"sort":[1688154054424,7815],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3NzksMV0="}
-{"attributes":{"columns":["google_workspace.groups.email","google_workspace.groups.setting","google_workspace.groups.old_value","google_workspace.groups.new_value"],"description":"","grid":{"columns":{"google_workspace.groups.email":{"width":327},"google_workspace.groups.setting":{"width":327}}},"hideChart":false,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.action\",\"negate\":false,\"params\":{\"query\":\"change_identity_setting\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.action\":\"change_identity_setting\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.groups\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.groups\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"sort":[["@timestamp","desc"]],"title":"Group Identity Setting Changes [Logs Google Workspace]"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"google_workspace-10b37c00-3c03-11ed-8bdd-f5c5df6c1370","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688154054424,7821],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3ODAsMV0="}
-{"attributes":{"columns":["file.name","google_workspace.drive.old_value","google_workspace.drive.new_value","source.user.email","google_workspace.drive.target"],"description":"","grid":{"columns":{"@timestamp":{"width":210}}},"hideChart":false,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.drive\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.drive\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"event.action\",\"negate\":false,\"params\":{\"query\":\"change_user_access\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.action\":\"change_user_access\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"sort":[["@timestamp","desc"]],"title":"Documents Shared Outside of the Organization [Logs Google Workspace]"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"google_workspace-1cac9ed0-3b2f-11ed-8bdd-f5c5df6c1370","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688154054424,7827],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3ODEsMV0="}
-{"attributes":{"description":"Overview of Google Workspace Token.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.token\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.token\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"1ca11e02-f3a4-43cf-a962-bf84c3c6e650\",\"w\":24,\"x\":0,\"y\":0},\"panelIndex\":\"1ca11e02-f3a4-43cf-a962-bf84c3c6e650\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-09129e2b-bba2-4f41-8c9c-047aa949dee2\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"09129e2b-bba2-4f41-8c9c-047aa949dee2\":{\"columnOrder\":[\"9887703f-af94-4f55-b7d7-f977552dea98\"],\"columns\":{\"9887703f-af94-4f55-b7d7-f977552dea98\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Token Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"9887703f-af94-4f55-b7d7-f977552dea98\",\"layerId\":\"09129e2b-bba2-4f41-8c9c-047aa949dee2\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Token Count [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"7cfb8685-4632-4dec-bb4e-6b7475ed0227\",\"w\":24,\"x\":24,\"y\":0},\"panelIndex\":\"7cfb8685-4632-4dec-bb4e-6b7475ed0227\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-9df4100c-a031-4b57-9d3a-73fa0d385ab6\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"9df4100c-a031-4b57-9d3a-73fa0d385ab6\":{\"columnOrder\":[\"229fd203-04f3-46e1-a875-469430b40a22\",\"9592fd8f-45c8-4dfd-8008-52214c5a7aeb\"],\"columns\":{\"229fd203-04f3-46e1-a875-469430b40a22\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Event Action\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"9592fd8f-45c8-4dfd-8008-52214c5a7aeb\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"event.action\"},\"9592fd8f-45c8-4dfd-8008-52214c5a7aeb\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"9df4100c-a031-4b57-9d3a-73fa0d385ab6\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":false,\"primaryGroups\":[\"229fd203-04f3-46e1-a875-469430b40a22\"],\"metrics\":[\"9592fd8f-45c8-4dfd-8008-52214c5a7aeb\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Token Events by Event Action [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"35cea442-7a68-4d7c-ac87-dd3085d625ed\",\"w\":48,\"x\":0,\"y\":15},\"panelIndex\":\"35cea442-7a68-4d7c-ac87-dd3085d625ed\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-df1fecdd-ecef-4746-b5ec-852852f851f7\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"df1fecdd-ecef-4746-b5ec-852852f851f7\":{\"columnOrder\":[\"9aa178f0-63f8-47a9-80d3-55f340685455\",\"d2c89dd7-4b08-4d2b-aee7-e1de1c93b21f\"],\"columns\":{\"9aa178f0-63f8-47a9-80d3-55f340685455\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Client Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"d2c89dd7-4b08-4d2b-aee7-e1de1c93b21f\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.token.client.type\"},\"d2c89dd7-4b08-4d2b-aee7-e1de1c93b21f\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"accessors\":[\"d2c89dd7-4b08-4d2b-aee7-e1de1c93b21f\"],\"layerId\":\"df1fecdd-ecef-4746-b5ec-852852f851f7\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"9aa178f0-63f8-47a9-80d3-55f340685455\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false,\"showSingleSeries\":true},\"preferredSeriesType\":\"bar_stacked\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Token Events by Client Type [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"468dffd3-7212-4866-97a2-95eb4934f44c\",\"w\":48,\"x\":0,\"y\":30},\"panelIndex\":\"468dffd3-7212-4866-97a2-95eb4934f44c\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-9df4100c-a031-4b57-9d3a-73fa0d385ab6\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"9df4100c-a031-4b57-9d3a-73fa0d385ab6\":{\"columnOrder\":[\"229fd203-04f3-46e1-a875-469430b40a22\",\"9592fd8f-45c8-4dfd-8008-52214c5a7aeb\"],\"columns\":{\"229fd203-04f3-46e1-a875-469430b40a22\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"App Name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"9592fd8f-45c8-4dfd-8008-52214c5a7aeb\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.token.app_name\"},\"9592fd8f-45c8-4dfd-8008-52214c5a7aeb\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"9592fd8f-45c8-4dfd-8008-52214c5a7aeb\"],\"layerId\":\"9df4100c-a031-4b57-9d3a-73fa0d385ab6\",\"layerType\":\"data\",\"seriesType\":\"bar_horizontal\",\"xAccessor\":\"229fd203-04f3-46e1-a875-469430b40a22\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false,\"showSingleSeries\":true},\"preferredSeriesType\":\"bar_horizontal\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Token Events by App Name [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"4bc1506b-1ce5-44c5-88cd-63a383011434\",\"w\":24,\"x\":24,\"y\":45},\"panelIndex\":\"4bc1506b-1ce5-44c5-88cd-63a383011434\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-9df4100c-a031-4b57-9d3a-73fa0d385ab6\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"9df4100c-a031-4b57-9d3a-73fa0d385ab6\":{\"columnOrder\":[\"229fd203-04f3-46e1-a875-469430b40a22\",\"9592fd8f-45c8-4dfd-8008-52214c5a7aeb\"],\"columns\":{\"229fd203-04f3-46e1-a875-469430b40a22\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"API Name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"9592fd8f-45c8-4dfd-8008-52214c5a7aeb\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.token.api_name\"},\"9592fd8f-45c8-4dfd-8008-52214c5a7aeb\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"9df4100c-a031-4b57-9d3a-73fa0d385ab6\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":false,\"primaryGroups\":[\"229fd203-04f3-46e1-a875-469430b40a22\"],\"metrics\":[\"9592fd8f-45c8-4dfd-8008-52214c5a7aeb\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Token Events by API Name [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"a6c35112-c754-479b-af22-9e0fe7c8291a\",\"w\":24,\"x\":0,\"y\":45},\"panelIndex\":\"a6c35112-c754-479b-af22-9e0fe7c8291a\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-9df4100c-a031-4b57-9d3a-73fa0d385ab6\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"9df4100c-a031-4b57-9d3a-73fa0d385ab6\":{\"columnOrder\":[\"229fd203-04f3-46e1-a875-469430b40a22\",\"9592fd8f-45c8-4dfd-8008-52214c5a7aeb\"],\"columns\":{\"229fd203-04f3-46e1-a875-469430b40a22\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Method Name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"9592fd8f-45c8-4dfd-8008-52214c5a7aeb\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.token.method_name\"},\"9592fd8f-45c8-4dfd-8008-52214c5a7aeb\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"9df4100c-a031-4b57-9d3a-73fa0d385ab6\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":false,\"primaryGroups\":[\"229fd203-04f3-46e1-a875-469430b40a22\"],\"metrics\":[\"9592fd8f-45c8-4dfd-8008-52214c5a7aeb\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Token Events by Method Name [Logs Google Workspace]\"}]","timeRestore":false,"title":"[Logs Google Workspace] Token","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"google_workspace-26c10e40-8cbc-11ed-add3-0fec96545f1c","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"1ca11e02-f3a4-43cf-a962-bf84c3c6e650:indexpattern-datasource-layer-09129e2b-bba2-4f41-8c9c-047aa949dee2","type":"index-pattern"},{"id":"logs-*","name":"7cfb8685-4632-4dec-bb4e-6b7475ed0227:indexpattern-datasource-layer-9df4100c-a031-4b57-9d3a-73fa0d385ab6","type":"index-pattern"},{"id":"logs-*","name":"35cea442-7a68-4d7c-ac87-dd3085d625ed:indexpattern-datasource-layer-df1fecdd-ecef-4746-b5ec-852852f851f7","type":"index-pattern"},{"id":"logs-*","name":"468dffd3-7212-4866-97a2-95eb4934f44c:indexpattern-datasource-layer-9df4100c-a031-4b57-9d3a-73fa0d385ab6","type":"index-pattern"},{"id":"logs-*","name":"4bc1506b-1ce5-44c5-88cd-63a383011434:indexpattern-datasource-layer-9df4100c-a031-4b57-9d3a-73fa0d385ab6","type":"index-pattern"},{"id":"logs-*","name":"a6c35112-c754-479b-af22-9e0fe7c8291a:indexpattern-datasource-layer-9df4100c-a031-4b57-9d3a-73fa0d385ab6","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688154054424,7837],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3ODIsMV0="}
-{"attributes":{"columns":["event.action","google_workspace.event.type","event.provider","source.user.email"],"description":"","grid":{},"hideChart":false,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.action\",\"negate\":false,\"params\":{\"query\":\"login_success\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.action\":\"login_success\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.login\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.login\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"sort":[["@timestamp","desc"]],"title":"Successful Logins by Compromised Users [Logs Google Workspace]"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"google_workspace-2c0d5bc0-3b0d-11ed-8bdd-f5c5df6c1370","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688154054424,7843],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3ODMsMV0="}
-{"attributes":{"columns":["event.action","file.name","google_workspace.drive.old_value","google_workspace.drive.new_value","source.user.email"],"description":"","grid":{"columns":{"@timestamp":{"width":210}}},"hideChart":false,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.action\",\"negate\":false,\"params\":{\"query\":\"acl_change\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.action\":\"acl_change\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.drive\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.drive\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"sort":[["@timestamp","desc"]],"title":"ACL Changes [Logs Google Workspace]"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"google_workspace-2c40f770-3b24-11ed-8bdd-f5c5df6c1370","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688154054424,7849],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3ODQsMV0="}
-{"attributes":{"description":"Overview of Google Workspace Rules.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.rules\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.rules\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":9,\"i\":\"123197a0-8c1a-4b5f-9328-f42cff317429\",\"w\":24,\"x\":0,\"y\":0},\"panelIndex\":\"123197a0-8c1a-4b5f-9328-f42cff317429\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-49d52ffc-77d4-4564-b467-21113069fd3f\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"49d52ffc-77d4-4564-b467-21113069fd3f\":{\"columnOrder\":[\"ac717c64-0a2d-486d-b00f-8d5fd9ceddd5\"],\"columns\":{\"ac717c64-0a2d-486d-b00f-8d5fd9ceddd5\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Severity\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"google_workspace.rules.severity\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"ac717c64-0a2d-486d-b00f-8d5fd9ceddd5\",\"layerId\":\"49d52ffc-77d4-4564-b467-21113069fd3f\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Severity [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"a995f12f-5ce4-4fbf-9d8c-411ee0fe691f\",\"w\":24,\"x\":24,\"y\":0},\"panelIndex\":\"a995f12f-5ce4-4fbf-9d8c-411ee0fe691f\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-91b13cbe-d02c-49f3-bdc7-60e804a3576a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"91b13cbe-d02c-49f3-bdc7-60e804a3576a\":{\"columnOrder\":[\"c792ccd0-e339-4a57-9b77-8ec01540876c\",\"fb52ca0a-d8cc-4d5f-83c0-c28cefb0f8ce\"],\"columns\":{\"c792ccd0-e339-4a57-9b77-8ec01540876c\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Severity\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"fb52ca0a-d8cc-4d5f-83c0-c28cefb0f8ce\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.rules.severity\"},\"fb52ca0a-d8cc-4d5f-83c0-c28cefb0f8ce\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"91b13cbe-d02c-49f3-bdc7-60e804a3576a\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"c792ccd0-e339-4a57-9b77-8ec01540876c\"],\"metrics\":[\"fb52ca0a-d8cc-4d5f-83c0-c28cefb0f8ce\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Rules by Severity [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":6,\"i\":\"c82a2b25-eb5e-40b2-b3b2-650d74c936f9\",\"w\":24,\"x\":0,\"y\":9},\"panelIndex\":\"c82a2b25-eb5e-40b2-b3b2-650d74c936f9\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-788b8016-043d-4d6d-945c-3f2e1dc365d3\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"788b8016-043d-4d6d-945c-3f2e1dc365d3\":{\"columnOrder\":[\"f4aeb862-4b10-40a9-8fbe-c9d68bf4be55\",\"2b54f274-eb68-4fe8-960b-d9acded9b6f0\"],\"columns\":{\"2b54f274-eb68-4fe8-960b-d9acded9b6f0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Rule Severity\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"f4aeb862-4b10-40a9-8fbe-c9d68bf4be55\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Severity\",\"operationType\":\"filters\",\"params\":{\"filters\":[{\"input\":{\"language\":\"kuery\",\"query\":\"google_workspace.rules.severity : \\\"HIGH\\\" \"},\"label\":\"HIGH\"},{\"input\":{\"language\":\"kuery\",\"query\":\"google_workspace.rules.severity : \\\"MEDIUM\\\" \"},\"label\":\"MEDIUM\"},{\"input\":{\"language\":\"kuery\",\"query\":\"google_workspace.rules.severity : \\\"LOW\\\" \"},\"label\":\"LOW\"}]},\"scale\":\"ordinal\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"breakdownByAccessor\":\"f4aeb862-4b10-40a9-8fbe-c9d68bf4be55\",\"layerId\":\"788b8016-043d-4d6d-945c-3f2e1dc365d3\",\"layerType\":\"data\",\"maxCols\":3,\"metricAccessor\":\"2b54f274-eb68-4fe8-960b-d9acded9b6f0\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"3c4011fa-9c5c-48e6-abae-693bf685851e\",\"w\":24,\"x\":0,\"y\":15},\"panelIndex\":\"3c4011fa-9c5c-48e6-abae-693bf685851e\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-568a0980-a917-48ad-bde5-ebb17d8e623a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"568a0980-a917-48ad-bde5-ebb17d8e623a\":{\"columnOrder\":[\"959dbeaa-f55c-45e8-9b38-b98952a1612b\",\"414f2299-b09f-409a-8855-ff346d86f770\"],\"columns\":{\"414f2299-b09f-409a-8855-ff346d86f770\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"959dbeaa-f55c-45e8-9b38-b98952a1612b\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Device Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"414f2299-b09f-409a-8855-ff346d86f770\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.rules.device.type\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"568a0980-a917-48ad-bde5-ebb17d8e623a\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"959dbeaa-f55c-45e8-9b38-b98952a1612b\"],\"metrics\":[\"414f2299-b09f-409a-8855-ff346d86f770\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Rules by Device Type [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"6cb8bd6f-be16-43ef-85dc-1f5007ca46ef\",\"w\":24,\"x\":24,\"y\":15},\"panelIndex\":\"6cb8bd6f-be16-43ef-85dc-1f5007ca46ef\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-e0b93956-6fd4-4842-a441-e185bd29c77c\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"e0b93956-6fd4-4842-a441-e185bd29c77c\":{\"columnOrder\":[\"37b9483a-d496-4993-99e3-a2487dfcc9de\",\"5be194b7-6d94-4677-b820-ebe7fdc33582\"],\"columns\":{\"37b9483a-d496-4993-99e3-a2487dfcc9de\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Event Action\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"5be194b7-6d94-4677-b820-ebe7fdc33582\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"event.action\"},\"5be194b7-6d94-4677-b820-ebe7fdc33582\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"e0b93956-6fd4-4842-a441-e185bd29c77c\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"37b9483a-d496-4993-99e3-a2487dfcc9de\"],\"metrics\":[\"5be194b7-6d94-4677-b820-ebe7fdc33582\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Rules by Event Action [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"a2806b00-58d7-4fb8-97c4-59c3da0220a0\",\"w\":24,\"x\":0,\"y\":30},\"panelIndex\":\"a2806b00-58d7-4fb8-97c4-59c3da0220a0\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b04c4c24-d9f1-4a60-9b0f-8bd4fb9f80a4\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b04c4c24-d9f1-4a60-9b0f-8bd4fb9f80a4\":{\"columnOrder\":[\"087501c1-0b44-4947-824d-23d688acd8b0\",\"c9367b78-19e4-4f77-aeb3-bc453bc5a289\"],\"columns\":{\"087501c1-0b44-4947-824d-23d688acd8b0\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Rule Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"c9367b78-19e4-4f77-aeb3-bc453bc5a289\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.rules.type\"},\"c9367b78-19e4-4f77-aeb3-bc453bc5a289\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"b04c4c24-d9f1-4a60-9b0f-8bd4fb9f80a4\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"087501c1-0b44-4947-824d-23d688acd8b0\"],\"metrics\":[\"c9367b78-19e4-4f77-aeb3-bc453bc5a289\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Rules by Rule Type [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"4e8cd032-411a-4a42-92b4-ee98a8f803af\",\"w\":24,\"x\":24,\"y\":30},\"panelIndex\":\"4e8cd032-411a-4a42-92b4-ee98a8f803af\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-f2ade8d5-c408-4496-afd1-cecb15659a59\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"f2ade8d5-c408-4496-afd1-cecb15659a59\":{\"columnOrder\":[\"e75c13c9-7a45-4339-9076-455ddc337225\",\"351f6b1e-5758-4aae-9110-edb5a3e357c0\"],\"columns\":{\"351f6b1e-5758-4aae-9110-edb5a3e357c0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"e75c13c9-7a45-4339-9076-455ddc337225\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Data Source\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"351f6b1e-5758-4aae-9110-edb5a3e357c0\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.rules.data_source\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"351f6b1e-5758-4aae-9110-edb5a3e357c0\"],\"layerId\":\"f2ade8d5-c408-4496-afd1-cecb15659a59\",\"layerType\":\"data\",\"seriesType\":\"bar_stacked\",\"xAccessor\":\"e75c13c9-7a45-4339-9076-455ddc337225\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Rules by Data Source [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"554995d9-c1b1-4a58-9bea-a82cefc57583\",\"w\":24,\"x\":0,\"y\":45},\"panelIndex\":\"554995d9-c1b1-4a58-9bea-a82cefc57583\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-58c070e1-e2d0-4496-8b94-249b85491fb2\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"58c070e1-e2d0-4496-8b94-249b85491fb2\":{\"columnOrder\":[\"a87c4d55-df7d-4f2c-9921-aa3749be256e\",\"e5c683c3-dba5-44ca-a638-fe7a80eccee6\"],\"columns\":{\"a87c4d55-df7d-4f2c-9921-aa3749be256e\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Resource Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e5c683c3-dba5-44ca-a638-fe7a80eccee6\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.rules.resource.type\"},\"e5c683c3-dba5-44ca-a638-fe7a80eccee6\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"58c070e1-e2d0-4496-8b94-249b85491fb2\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"a87c4d55-df7d-4f2c-9921-aa3749be256e\"],\"metrics\":[\"e5c683c3-dba5-44ca-a638-fe7a80eccee6\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Rules by Resource Type [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"1759911d-52c6-4cae-895c-d6bc9c90d8ed\",\"w\":24,\"x\":24,\"y\":45},\"panelIndex\":\"1759911d-52c6-4cae-895c-d6bc9c90d8ed\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-47571350-d5fe-468c-b53e-aab0f4883775\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"47571350-d5fe-468c-b53e-aab0f4883775\":{\"columnOrder\":[\"eaf232c1-34a5-4a66-ac64-83f23d75db51\",\"ab05f76a-e76b-43e8-a234-e34d658d1709\"],\"columns\":{\"ab05f76a-e76b-43e8-a234-e34d658d1709\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"eaf232c1-34a5-4a66-ac64-83f23d75db51\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Organization Domain\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"ab05f76a-e76b-43e8-a234-e34d658d1709\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.organization.domain\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"eaf232c1-34a5-4a66-ac64-83f23d75db51\",\"isTransposed\":false},{\"columnId\":\"ab05f76a-e76b-43e8-a234-e34d658d1709\",\"isTransposed\":false}],\"layerId\":\"47571350-d5fe-468c-b53e-aab0f4883775\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top 10 Organization Domain [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"bede3b5c-48c7-48b9-94fd-0d60bcd6761f\",\"w\":24,\"x\":0,\"y\":60},\"panelIndex\":\"bede3b5c-48c7-48b9-94fd-0d60bcd6761f\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-c032fb76-0265-4e61-9008-5ae30772f62f\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"c032fb76-0265-4e61-9008-5ae30772f62f\":{\"columnOrder\":[\"8978c239-b005-47c3-a4a4-df17a7132bf8\",\"6140ef40-3eb6-45e3-b440-4920f0605429\"],\"columns\":{\"6140ef40-3eb6-45e3-b440-4920f0605429\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"8978c239-b005-47c3-a4a4-df17a7132bf8\":{\"customLabel\":true,\"dataType\":\"ip\",\"isBucketed\":true,\"label\":\"User IP\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"6140ef40-3eb6-45e3-b440-4920f0605429\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"source.ip\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"8978c239-b005-47c3-a4a4-df17a7132bf8\",\"isTransposed\":false},{\"columnId\":\"6140ef40-3eb6-45e3-b440-4920f0605429\",\"isTransposed\":false}],\"layerId\":\"c032fb76-0265-4e61-9008-5ae30772f62f\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top 10 User IP [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"918fbb38-c024-4a02-9451-e24d2f821105\",\"w\":24,\"x\":24,\"y\":60},\"panelIndex\":\"918fbb38-c024-4a02-9451-e24d2f821105\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-2b72303a-7466-4238-acdc-376df532b930\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"2b72303a-7466-4238-acdc-376df532b930\":{\"columnOrder\":[\"2eb34b3a-230d-4897-96aa-8dcd4a64716b\",\"fcc8bb7a-a697-40e2-82a4-3d090881730d\"],\"columns\":{\"2eb34b3a-230d-4897-96aa-8dcd4a64716b\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Trigger of the Rule Evaluation\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"fcc8bb7a-a697-40e2-82a4-3d090881730d\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.rules.matched.trigger\"},\"fcc8bb7a-a697-40e2-82a4-3d090881730d\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"2eb34b3a-230d-4897-96aa-8dcd4a64716b\"},{\"columnId\":\"fcc8bb7a-a697-40e2-82a4-3d090881730d\"}],\"layerId\":\"2b72303a-7466-4238-acdc-376df532b930\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top 10 Trigger of the Rule Evaluation [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":18,\"i\":\"a770d1b0-ce49-4e7c-9b2f-d61438af1415\",\"w\":48,\"x\":0,\"y\":75},\"panelIndex\":\"a770d1b0-ce49-4e7c-9b2f-d61438af1415\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"annotations\":[],\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"767fa210-34e3-11ed-99ee-6d37de6553b1\"}],\"bar_color_rules\":[{\"id\":\"7412e7d0-34e3-11ed-99ee-6d37de6553b1\"}],\"drop_last_bucket\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"gauge_color_rules\":[{\"id\":\"789059a0-34e3-11ed-99ee-6d37de6553b1\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"id\":\"27f31679-7606-4f1e-b1d3-acc503edc784\",\"index_pattern_ref_name\":\"metrics_a770d1b0-ce49-4e7c-9b2f-d61438af1415_0_index_pattern\",\"interval\":\"\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"default\",\"id\":\"e8e519c9-71f7-4662-8cbc-7b22c4b7965d\",\"label\":\"Triggered Rules by Severity\",\"line_width\":1,\"metrics\":[{\"agg_with\":\"noop\",\"field\":\"google_workspace.rules.matched.trigger\",\"id\":\"86d42c61-1989-446d-b39c-638c17283ab1\",\"order\":\"desc\",\"type\":\"cardinality\"}],\"override_index_pattern\":0,\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"point_size\":1,\"separate_axis\":0,\"series_drop_last_bucket\":0,\"series_index_pattern\":{\"id\":\"logs-*\"},\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"google_workspace.rules.severity\",\"terms_size\":\"10\",\"time_range_mode\":\"entire_time_range\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"timeseries\",\"use_kibana_indexes\":true},\"title\":\"\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Triggered Rules by Severity Over Time [Logs Google Workspace]\"}]","timeRestore":false,"title":"[Logs Google Workspace] Rules","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"google_workspace-3be0b490-3430-11ed-9f31-c9178ccae8cd","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"123197a0-8c1a-4b5f-9328-f42cff317429:indexpattern-datasource-layer-49d52ffc-77d4-4564-b467-21113069fd3f","type":"index-pattern"},{"id":"logs-*","name":"a995f12f-5ce4-4fbf-9d8c-411ee0fe691f:indexpattern-datasource-layer-91b13cbe-d02c-49f3-bdc7-60e804a3576a","type":"index-pattern"},{"id":"logs-*","name":"c82a2b25-eb5e-40b2-b3b2-650d74c936f9:indexpattern-datasource-layer-788b8016-043d-4d6d-945c-3f2e1dc365d3","type":"index-pattern"},{"id":"logs-*","name":"3c4011fa-9c5c-48e6-abae-693bf685851e:indexpattern-datasource-layer-568a0980-a917-48ad-bde5-ebb17d8e623a","type":"index-pattern"},{"id":"logs-*","name":"6cb8bd6f-be16-43ef-85dc-1f5007ca46ef:indexpattern-datasource-layer-e0b93956-6fd4-4842-a441-e185bd29c77c","type":"index-pattern"},{"id":"logs-*","name":"a2806b00-58d7-4fb8-97c4-59c3da0220a0:indexpattern-datasource-layer-b04c4c24-d9f1-4a60-9b0f-8bd4fb9f80a4","type":"index-pattern"},{"id":"logs-*","name":"4e8cd032-411a-4a42-92b4-ee98a8f803af:indexpattern-datasource-layer-f2ade8d5-c408-4496-afd1-cecb15659a59","type":"index-pattern"},{"id":"logs-*","name":"554995d9-c1b1-4a58-9bea-a82cefc57583:indexpattern-datasource-layer-58c070e1-e2d0-4496-8b94-249b85491fb2","type":"index-pattern"},{"id":"logs-*","name":"1759911d-52c6-4cae-895c-d6bc9c90d8ed:indexpattern-datasource-layer-47571350-d5fe-468c-b53e-aab0f4883775","type":"index-pattern"},{"id":"logs-*","name":"bede3b5c-48c7-48b9-94fd-0d60bcd6761f:indexpattern-datasource-layer-c032fb76-0265-4e61-9008-5ae30772f62f","type":"index-pattern"},{"id":"logs-*","name":"918fbb38-c024-4a02-9451-e24d2f821105:indexpattern-datasource-layer-2b72303a-7466-4238-acdc-376df532b930","type":"index-pattern"},{"id":"logs-*","name":"a770d1b0-ce49-4e7c-9b2f-d61438af1415:metrics_a770d1b0-ce49-4e7c-9b2f-d61438af1415_0_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688154054424,7865],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3ODUsMV0="}
-{"attributes":{"columns":["google_workspace.groups.email","google_workspace.groups.setting","google_workspace.groups.old_value","google_workspace.groups.new_value"],"description":"","grid":{"columns":{"google_workspace.groups.email":{"width":327},"google_workspace.groups.setting":{"width":327}}},"hideChart":false,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.action\",\"negate\":false,\"params\":{\"query\":\"change_spam_moderation_setting\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.action\":\"change_spam_moderation_setting\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.groups\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.groups\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"sort":[["@timestamp","desc"]],"title":"Group Spam Moderation Setting Changes [Logs Google Workspace]"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"google_workspace-3ceeeba0-3c04-11ed-8bdd-f5c5df6c1370","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688154054424,7871],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3ODYsMV0="}
-{"attributes":{"description":"Overview of Google Workspace Group Enterprise.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.group_enterprise\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.group_enterprise\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"732db5ab-2e3e-4a4c-b58a-eff4d690308e\",\"w\":24,\"x\":0,\"y\":0},\"panelIndex\":\"732db5ab-2e3e-4a4c-b58a-eff4d690308e\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-3bcf296c-5ae2-4d11-9cb1-07a081b29b2f\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"a967f1ea-0b32-4f97-94b1-dfdf4ade828d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"3bcf296c-5ae2-4d11-9cb1-07a081b29b2f\":{\"columnOrder\":[\"7a53b14c-bd89-441b-882b-3a0ab39d0e87\"],\"columns\":{\"7a53b14c-bd89-441b-882b-3a0ab39d0e87\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Group Enterprise Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"a967f1ea-0b32-4f97-94b1-dfdf4ade828d\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.group_enterprise\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.group_enterprise\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"7a53b14c-bd89-441b-882b-3a0ab39d0e87\",\"layerId\":\"3bcf296c-5ae2-4d11-9cb1-07a081b29b2f\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Group Enterprise Count [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"d321fa7c-a82c-4650-acd3-6219235a3959\",\"w\":24,\"x\":24,\"y\":15},\"panelIndex\":\"d321fa7c-a82c-4650-acd3-6219235a3959\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-015b3cd1-f202-4274-bfc3-9d904dda8ea9\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"015b3cd1-f202-4274-bfc3-9d904dda8ea9\":{\"columnOrder\":[\"249c33b5-4a34-411b-9b87-472f6d7ad38e\",\"de3bab7d-ee0b-4c6c-9f22-7b675972310c\"],\"columns\":{\"249c33b5-4a34-411b-9b87-472f6d7ad38e\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Member Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"de3bab7d-ee0b-4c6c-9f22-7b675972310c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.group_enterprise.member.type\"},\"de3bab7d-ee0b-4c6c-9f22-7b675972310c\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"015b3cd1-f202-4274-bfc3-9d904dda8ea9\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":false,\"primaryGroups\":[\"249c33b5-4a34-411b-9b87-472f6d7ad38e\"],\"metrics\":[\"de3bab7d-ee0b-4c6c-9f22-7b675972310c\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Group Enterprise Events by Member Type [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"1d21aa30-dc28-4752-aedd-c443dd87fb4a\",\"w\":24,\"x\":0,\"y\":15},\"panelIndex\":\"1d21aa30-dc28-4752-aedd-c443dd87fb4a\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-015b3cd1-f202-4274-bfc3-9d904dda8ea9\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"015b3cd1-f202-4274-bfc3-9d904dda8ea9\":{\"columnOrder\":[\"249c33b5-4a34-411b-9b87-472f6d7ad38e\",\"de3bab7d-ee0b-4c6c-9f22-7b675972310c\"],\"columns\":{\"249c33b5-4a34-411b-9b87-472f6d7ad38e\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Member Role\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"de3bab7d-ee0b-4c6c-9f22-7b675972310c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.group_enterprise.member.role\"},\"de3bab7d-ee0b-4c6c-9f22-7b675972310c\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"015b3cd1-f202-4274-bfc3-9d904dda8ea9\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":false,\"primaryGroups\":[\"249c33b5-4a34-411b-9b87-472f6d7ad38e\"],\"metrics\":[\"de3bab7d-ee0b-4c6c-9f22-7b675972310c\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Group Enterprise Events by Member Role [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"15f4fa4d-5d03-4372-8040-195ebe44fa62\",\"w\":24,\"x\":24,\"y\":0},\"panelIndex\":\"15f4fa4d-5d03-4372-8040-195ebe44fa62\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-cdb292b4-7101-484f-a0a9-57d4a83d0a0d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"cdb292b4-7101-484f-a0a9-57d4a83d0a0d\":{\"columnOrder\":[\"e7689431-8c2b-48b8-b7a0-5f5e187f018b\",\"ac6e01b4-4d1f-47cc-affd-a842ac8a5745\",\"d25b955c-6a25-427d-9038-6f9e4975459b\"],\"columns\":{\"ac6e01b4-4d1f-47cc-affd-a842ac8a5745\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"d25b955c-6a25-427d-9038-6f9e4975459b\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"e7689431-8c2b-48b8-b7a0-5f5e187f018b\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Event Action\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"d25b955c-6a25-427d-9038-6f9e4975459b\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":35},\"scale\":\"ordinal\",\"sourceField\":\"event.action\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"d25b955c-6a25-427d-9038-6f9e4975459b\"],\"layerId\":\"cdb292b4-7101-484f-a0a9-57d4a83d0a0d\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"splitAccessor\":\"e7689431-8c2b-48b8-b7a0-5f5e187f018b\",\"xAccessor\":\"ac6e01b4-4d1f-47cc-affd-a842ac8a5745\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Group Enterprise Events by Event Action [Logs Google Workspace]\"}]","timeRestore":false,"title":"[Logs Google Workspace] Group Enterprise","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"google_workspace-3fb94480-8cbc-11ed-add3-0fec96545f1c","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"732db5ab-2e3e-4a4c-b58a-eff4d690308e:indexpattern-datasource-layer-3bcf296c-5ae2-4d11-9cb1-07a081b29b2f","type":"index-pattern"},{"id":"logs-*","name":"732db5ab-2e3e-4a4c-b58a-eff4d690308e:a967f1ea-0b32-4f97-94b1-dfdf4ade828d","type":"index-pattern"},{"id":"logs-*","name":"d321fa7c-a82c-4650-acd3-6219235a3959:indexpattern-datasource-layer-015b3cd1-f202-4274-bfc3-9d904dda8ea9","type":"index-pattern"},{"id":"logs-*","name":"1d21aa30-dc28-4752-aedd-c443dd87fb4a:indexpattern-datasource-layer-015b3cd1-f202-4274-bfc3-9d904dda8ea9","type":"index-pattern"},{"id":"logs-*","name":"15f4fa4d-5d03-4372-8040-195ebe44fa62:indexpattern-datasource-layer-cdb292b4-7101-484f-a0a9-57d4a83d0a0d","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688154054424,7880],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3ODcsMV0="}
-{"attributes":{"description":"Overview of Google Workspace Device.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.device\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.device\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"de2b27df-ba29-409e-9f26-c547cea21c10\",\"w\":24,\"x\":0,\"y\":0},\"panelIndex\":\"de2b27df-ba29-409e-9f26-c547cea21c10\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-0aa843a1-6902-47e5-88d7-a9efd68ce2e3\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"0aa843a1-6902-47e5-88d7-a9efd68ce2e3\":{\"columnOrder\":[\"3158d245-f7ae-4266-b391-ca75016164cb\"],\"columns\":{\"3158d245-f7ae-4266-b391-ca75016164cb\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"3158d245-f7ae-4266-b391-ca75016164cb\",\"layerId\":\"0aa843a1-6902-47e5-88d7-a9efd68ce2e3\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Device Count [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"f5a25a0b-604e-467b-bf83-685ed7925c1d\",\"w\":24,\"x\":24,\"y\":0},\"panelIndex\":\"f5a25a0b-604e-467b-bf83-685ed7925c1d\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b4080c20-fb76-441d-a8d3-b772997c1a9d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b4080c20-fb76-441d-a8d3-b772997c1a9d\":{\"columnOrder\":[\"9579ebfd-7a45-4e45-8f9d-635ae78762be\",\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\"],\"columns\":{\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"9579ebfd-7a45-4e45-8f9d-635ae78762be\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Device Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.device.type\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\"],\"layerId\":\"b4080c20-fb76-441d-a8d3-b772997c1a9d\",\"layerType\":\"data\",\"seriesType\":\"bar\",\"xAccessor\":\"9579ebfd-7a45-4e45-8f9d-635ae78762be\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Device Events by Type [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"42da590b-25b7-4779-8aea-54dc9bd6731f\",\"w\":24,\"x\":0,\"y\":15},\"panelIndex\":\"42da590b-25b7-4779-8aea-54dc9bd6731f\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b4080c20-fb76-441d-a8d3-b772997c1a9d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b4080c20-fb76-441d-a8d3-b772997c1a9d\":{\"columnOrder\":[\"9579ebfd-7a45-4e45-8f9d-635ae78762be\",\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\"],\"columns\":{\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"9579ebfd-7a45-4e45-8f9d-635ae78762be\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Account State\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.device.account_state\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"b4080c20-fb76-441d-a8d3-b772997c1a9d\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":false,\"primaryGroups\":[\"9579ebfd-7a45-4e45-8f9d-635ae78762be\"],\"metrics\":[\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Device Events by Account State [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"00e49338-83b8-4b28-9035-635d382ec72a\",\"w\":24,\"x\":24,\"y\":15},\"panelIndex\":\"00e49338-83b8-4b28-9035-635d382ec72a\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-3301a3e3-33e1-4809-9280-7ee202b61d18\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"3301a3e3-33e1-4809-9280-7ee202b61d18\":{\"columnOrder\":[\"641ba828-307e-46c6-a459-c2ff096d711c\",\"c8328db5-c93e-486e-b74f-bccaca0c0626\"],\"columns\":{\"641ba828-307e-46c6-a459-c2ff096d711c\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Device ID\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"c8328db5-c93e-486e-b74f-bccaca0c0626\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.device.id\"},\"c8328db5-c93e-486e-b74f-bccaca0c0626\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Failed Password Attempts\",\"operationType\":\"max\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"google_workspace.device.failed_passwd_attempts\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"641ba828-307e-46c6-a459-c2ff096d711c\",\"isTransposed\":false},{\"alignment\":\"left\",\"columnId\":\"c8328db5-c93e-486e-b74f-bccaca0c0626\",\"isTransposed\":false}],\"layerId\":\"3301a3e3-33e1-4809-9280-7ee202b61d18\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top 10 Devices with Most Failed Password Attempts [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"e81c9c68-4e3e-48ed-b289-eaafb7af3752\",\"w\":24,\"x\":0,\"y\":30},\"panelIndex\":\"e81c9c68-4e3e-48ed-b289-eaafb7af3752\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-3301a3e3-33e1-4809-9280-7ee202b61d18\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"3301a3e3-33e1-4809-9280-7ee202b61d18\":{\"columnOrder\":[\"641ba828-307e-46c6-a459-c2ff096d711c\",\"5b18e655-fa6a-406d-a5cb-53ba2c9243fd\",\"e6233e8a-4716-40c6-9357-1cea503e99dd\"],\"columns\":{\"5b18e655-fa6a-406d-a5cb-53ba2c9243fd\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Device Deactivation Reason\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e6233e8a-4716-40c6-9357-1cea503e99dd\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.device.deactivation_reason\"},\"641ba828-307e-46c6-a459-c2ff096d711c\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Device Compliance\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e6233e8a-4716-40c6-9357-1cea503e99dd\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.device.compliance\"},\"e6233e8a-4716-40c6-9357-1cea503e99dd\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"641ba828-307e-46c6-a459-c2ff096d711c\",\"isTransposed\":false},{\"columnId\":\"5b18e655-fa6a-406d-a5cb-53ba2c9243fd\",\"isTransposed\":false},{\"alignment\":\"left\",\"columnId\":\"e6233e8a-4716-40c6-9357-1cea503e99dd\",\"hidden\":true,\"isTransposed\":false}],\"layerId\":\"3301a3e3-33e1-4809-9280-7ee202b61d18\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"List of Device Compliance and Device Deactivation Reason [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"427981ce-492c-49c6-83d0-40ee3a717a20\",\"w\":24,\"x\":24,\"y\":30},\"panelIndex\":\"427981ce-492c-49c6-83d0-40ee3a717a20\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-4ecc0135-8b3b-4420-a97b-07baf0ad169c\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"4ecc0135-8b3b-4420-a97b-07baf0ad169c\":{\"columnOrder\":[\"6bf48d8b-4d0f-47ba-a7d1-1425256c574e\",\"fe1f0681-2ceb-4d10-bbd0-51f6f1c6d975\"],\"columns\":{\"6bf48d8b-4d0f-47ba-a7d1-1425256c574e\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Event Action\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"fe1f0681-2ceb-4d10-bbd0-51f6f1c6d975\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":25},\"scale\":\"ordinal\",\"sourceField\":\"event.action\"},\"fe1f0681-2ceb-4d10-bbd0-51f6f1c6d975\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"accessors\":[\"fe1f0681-2ceb-4d10-bbd0-51f6f1c6d975\"],\"layerId\":\"4ecc0135-8b3b-4420-a97b-07baf0ad169c\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_horizontal_stacked\",\"showGridlines\":false,\"xAccessor\":\"6bf48d8b-4d0f-47ba-a7d1-1425256c574e\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false,\"showSingleSeries\":true},\"preferredSeriesType\":\"bar_horizontal_stacked\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Device Events by Event Action [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"88339376-e612-4096-b762-9b6bb7a19c1f\",\"w\":24,\"x\":0,\"y\":45},\"panelIndex\":\"88339376-e612-4096-b762-9b6bb7a19c1f\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b4080c20-fb76-441d-a8d3-b772997c1a9d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b4080c20-fb76-441d-a8d3-b772997c1a9d\":{\"columnOrder\":[\"9579ebfd-7a45-4e45-8f9d-635ae78762be\",\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\"],\"columns\":{\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"9579ebfd-7a45-4e45-8f9d-635ae78762be\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Security Patch Level\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.device.security.patch_level\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"b4080c20-fb76-441d-a8d3-b772997c1a9d\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":false,\"primaryGroups\":[\"9579ebfd-7a45-4e45-8f9d-635ae78762be\"],\"metrics\":[\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Device by Security Patch Level [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"794cfd69-290e-4a83-8e59-21a13e713fe6\",\"w\":24,\"x\":24,\"y\":45},\"panelIndex\":\"794cfd69-290e-4a83-8e59-21a13e713fe6\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-4ecc0135-8b3b-4420-a97b-07baf0ad169c\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"4ecc0135-8b3b-4420-a97b-07baf0ad169c\":{\"columnOrder\":[\"6bf48d8b-4d0f-47ba-a7d1-1425256c574e\",\"fe1f0681-2ceb-4d10-bbd0-51f6f1c6d975\"],\"columns\":{\"6bf48d8b-4d0f-47ba-a7d1-1425256c574e\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Potentially Harmful App Category\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"fe1f0681-2ceb-4d10-bbd0-51f6f1c6d975\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":25},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.device.pha_category\"},\"fe1f0681-2ceb-4d10-bbd0-51f6f1c6d975\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"accessors\":[\"fe1f0681-2ceb-4d10-bbd0-51f6f1c6d975\"],\"layerId\":\"4ecc0135-8b3b-4420-a97b-07baf0ad169c\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_horizontal_stacked\",\"showGridlines\":false,\"xAccessor\":\"6bf48d8b-4d0f-47ba-a7d1-1425256c574e\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false,\"showSingleSeries\":true},\"preferredSeriesType\":\"bar_horizontal_stacked\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Device Events by Potentially Harmful App Category [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"cdf1fd4d-d93a-4ad2-aa00-4959fe77be56\",\"w\":24,\"x\":0,\"y\":60},\"panelIndex\":\"cdf1fd4d-d93a-4ad2-aa00-4959fe77be56\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b4080c20-fb76-441d-a8d3-b772997c1a9d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b4080c20-fb76-441d-a8d3-b772997c1a9d\":{\"columnOrder\":[\"9579ebfd-7a45-4e45-8f9d-635ae78762be\",\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\"],\"columns\":{\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"9579ebfd-7a45-4e45-8f9d-635ae78762be\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Application State\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.device.application.state\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"b4080c20-fb76-441d-a8d3-b772997c1a9d\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":false,\"primaryGroups\":[\"9579ebfd-7a45-4e45-8f9d-635ae78762be\"],\"metrics\":[\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Device Events by Application State [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"6f6b8831-d79e-4291-9431-b2ea16be6dd7\",\"w\":24,\"x\":24,\"y\":60},\"panelIndex\":\"6f6b8831-d79e-4291-9431-b2ea16be6dd7\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-4ecc0135-8b3b-4420-a97b-07baf0ad169c\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"4ecc0135-8b3b-4420-a97b-07baf0ad169c\":{\"columnOrder\":[\"6bf48d8b-4d0f-47ba-a7d1-1425256c574e\",\"fe1f0681-2ceb-4d10-bbd0-51f6f1c6d975\"],\"columns\":{\"6bf48d8b-4d0f-47ba-a7d1-1425256c574e\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Action Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"fe1f0681-2ceb-4d10-bbd0-51f6f1c6d975\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":25},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.device.action.type\"},\"fe1f0681-2ceb-4d10-bbd0-51f6f1c6d975\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"accessors\":[\"fe1f0681-2ceb-4d10-bbd0-51f6f1c6d975\"],\"layerId\":\"4ecc0135-8b3b-4420-a97b-07baf0ad169c\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_horizontal_stacked\",\"showGridlines\":false,\"xAccessor\":\"6bf48d8b-4d0f-47ba-a7d1-1425256c574e\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false,\"showSingleSeries\":true},\"preferredSeriesType\":\"bar_horizontal_stacked\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Device Events by Action Type [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"f684b364-536f-44d4-a6a6-6975f964daae\",\"w\":24,\"x\":0,\"y\":75},\"panelIndex\":\"f684b364-536f-44d4-a6a6-6975f964daae\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b4080c20-fb76-441d-a8d3-b772997c1a9d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b4080c20-fb76-441d-a8d3-b772997c1a9d\":{\"columnOrder\":[\"9579ebfd-7a45-4e45-8f9d-635ae78762be\",\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\"],\"columns\":{\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"9579ebfd-7a45-4e45-8f9d-635ae78762be\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Application Report Severity\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.device.application.report.severity\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"b4080c20-fb76-441d-a8d3-b772997c1a9d\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":false,\"primaryGroups\":[\"9579ebfd-7a45-4e45-8f9d-635ae78762be\"],\"metrics\":[\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Device Events by Application Report Severity [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"4a4bf160-0594-40f8-ab4d-6242c41b79a2\",\"w\":24,\"x\":0,\"y\":90},\"panelIndex\":\"4a4bf160-0594-40f8-ab4d-6242c41b79a2\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b4080c20-fb76-441d-a8d3-b772997c1a9d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b4080c20-fb76-441d-a8d3-b772997c1a9d\":{\"columnOrder\":[\"9579ebfd-7a45-4e45-8f9d-635ae78762be\",\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\"],\"columns\":{\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"9579ebfd-7a45-4e45-8f9d-635ae78762be\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Device Policy App Privilege\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.device.register_privilege\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"b4080c20-fb76-441d-a8d3-b772997c1a9d\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":false,\"primaryGroups\":[\"9579ebfd-7a45-4e45-8f9d-635ae78762be\"],\"metrics\":[\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Device Events by Device Policy App Privilege [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"62e853e4-fa5e-49f0-8e5f-575c5c9bf3fc\",\"w\":24,\"x\":24,\"y\":75},\"panelIndex\":\"62e853e4-fa5e-49f0-8e5f-575c5c9bf3fc\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b4080c20-fb76-441d-a8d3-b772997c1a9d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b4080c20-fb76-441d-a8d3-b772997c1a9d\":{\"columnOrder\":[\"9579ebfd-7a45-4e45-8f9d-635ae78762be\",\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\"],\"columns\":{\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"9579ebfd-7a45-4e45-8f9d-635ae78762be\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Policy Status\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.device.policy.sync.result\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"b4080c20-fb76-441d-a8d3-b772997c1a9d\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":false,\"primaryGroups\":[\"9579ebfd-7a45-4e45-8f9d-635ae78762be\"],\"metrics\":[\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Device Events by Policy Status [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"06d83d34-1df0-4dc3-ac38-d8ce26f23b80\",\"w\":24,\"x\":0,\"y\":105},\"panelIndex\":\"06d83d34-1df0-4dc3-ac38-d8ce26f23b80\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b4080c20-fb76-441d-a8d3-b772997c1a9d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b4080c20-fb76-441d-a8d3-b772997c1a9d\":{\"columnOrder\":[\"9579ebfd-7a45-4e45-8f9d-635ae78762be\",\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\"],\"columns\":{\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"9579ebfd-7a45-4e45-8f9d-635ae78762be\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Policy Sync Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.device.policy.sync.type\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"b4080c20-fb76-441d-a8d3-b772997c1a9d\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":false,\"primaryGroups\":[\"9579ebfd-7a45-4e45-8f9d-635ae78762be\"],\"metrics\":[\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Device Events by Policy Sync Type [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"0e36eb8f-5d02-4ffd-90cb-4f7e094d300d\",\"w\":24,\"x\":24,\"y\":90},\"panelIndex\":\"0e36eb8f-5d02-4ffd-90cb-4f7e094d300d\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b4080c20-fb76-441d-a8d3-b772997c1a9d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b4080c20-fb76-441d-a8d3-b772997c1a9d\":{\"columnOrder\":[\"9579ebfd-7a45-4e45-8f9d-635ae78762be\",\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\"],\"columns\":{\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"9579ebfd-7a45-4e45-8f9d-635ae78762be\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Action Execution Status\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.device.action.execution_status\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\"],\"layerId\":\"b4080c20-fb76-441d-a8d3-b772997c1a9d\",\"layerType\":\"data\",\"seriesType\":\"bar\",\"xAccessor\":\"9579ebfd-7a45-4e45-8f9d-635ae78762be\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Device Events by Action Execution Status [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"b3e68758-292a-4392-8311-23a575fec922\",\"w\":24,\"x\":0,\"y\":120},\"panelIndex\":\"b3e68758-292a-4392-8311-23a575fec922\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b4080c20-fb76-441d-a8d3-b772997c1a9d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b4080c20-fb76-441d-a8d3-b772997c1a9d\":{\"columnOrder\":[\"9579ebfd-7a45-4e45-8f9d-635ae78762be\",\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\"],\"columns\":{\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"9579ebfd-7a45-4e45-8f9d-635ae78762be\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Device Ownership\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.device.ownership\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"b4080c20-fb76-441d-a8d3-b772997c1a9d\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":false,\"primaryGroups\":[\"9579ebfd-7a45-4e45-8f9d-635ae78762be\"],\"metrics\":[\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Device Events by Device Ownership [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"57f08755-8c84-4134-bbb4-af146826e55a\",\"w\":24,\"x\":24,\"y\":105},\"panelIndex\":\"57f08755-8c84-4134-bbb4-af146826e55a\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b4080c20-fb76-441d-a8d3-b772997c1a9d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b4080c20-fb76-441d-a8d3-b772997c1a9d\":{\"columnOrder\":[\"9579ebfd-7a45-4e45-8f9d-635ae78762be\",\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\"],\"columns\":{\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"9579ebfd-7a45-4e45-8f9d-635ae78762be\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"OS Property\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.device.os.property\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"b4080c20-fb76-441d-a8d3-b772997c1a9d\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":false,\"primaryGroups\":[\"9579ebfd-7a45-4e45-8f9d-635ae78762be\"],\"metrics\":[\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Device Events by OS Property [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"16b1f8bc-bd46-420c-9538-579c1339b9cb\",\"w\":24,\"x\":0,\"y\":135},\"panelIndex\":\"16b1f8bc-bd46-420c-9538-579c1339b9cb\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b4080c20-fb76-441d-a8d3-b772997c1a9d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b4080c20-fb76-441d-a8d3-b772997c1a9d\":{\"columnOrder\":[\"9579ebfd-7a45-4e45-8f9d-635ae78762be\",\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\"],\"columns\":{\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"9579ebfd-7a45-4e45-8f9d-635ae78762be\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Device Property\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.device.property\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\"],\"layerId\":\"b4080c20-fb76-441d-a8d3-b772997c1a9d\",\"layerType\":\"data\",\"seriesType\":\"bar\",\"xAccessor\":\"9579ebfd-7a45-4e45-8f9d-635ae78762be\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Device Events by Device Property [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"0df40626-ace9-4e3b-b839-8f865051bb87\",\"w\":24,\"x\":24,\"y\":120},\"panelIndex\":\"0df40626-ace9-4e3b-b839-8f865051bb87\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b4080c20-fb76-441d-a8d3-b772997c1a9d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b4080c20-fb76-441d-a8d3-b772997c1a9d\":{\"columnOrder\":[\"9579ebfd-7a45-4e45-8f9d-635ae78762be\",\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\"],\"columns\":{\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"9579ebfd-7a45-4e45-8f9d-635ae78762be\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Device Setting\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.device.setting\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"b4080c20-fb76-441d-a8d3-b772997c1a9d\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":false,\"primaryGroups\":[\"9579ebfd-7a45-4e45-8f9d-635ae78762be\"],\"metrics\":[\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Device Events by Device Setting [Logs Google Workspace]\"}]","timeRestore":false,"title":"[Logs Google Workspace] Device","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"google_workspace-4c5a4cc0-8cbc-11ed-add3-0fec96545f1c","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"de2b27df-ba29-409e-9f26-c547cea21c10:indexpattern-datasource-layer-0aa843a1-6902-47e5-88d7-a9efd68ce2e3","type":"index-pattern"},{"id":"logs-*","name":"f5a25a0b-604e-467b-bf83-685ed7925c1d:indexpattern-datasource-layer-b4080c20-fb76-441d-a8d3-b772997c1a9d","type":"index-pattern"},{"id":"logs-*","name":"42da590b-25b7-4779-8aea-54dc9bd6731f:indexpattern-datasource-layer-b4080c20-fb76-441d-a8d3-b772997c1a9d","type":"index-pattern"},{"id":"logs-*","name":"00e49338-83b8-4b28-9035-635d382ec72a:indexpattern-datasource-layer-3301a3e3-33e1-4809-9280-7ee202b61d18","type":"index-pattern"},{"id":"logs-*","name":"e81c9c68-4e3e-48ed-b289-eaafb7af3752:indexpattern-datasource-layer-3301a3e3-33e1-4809-9280-7ee202b61d18","type":"index-pattern"},{"id":"logs-*","name":"427981ce-492c-49c6-83d0-40ee3a717a20:indexpattern-datasource-layer-4ecc0135-8b3b-4420-a97b-07baf0ad169c","type":"index-pattern"},{"id":"logs-*","name":"88339376-e612-4096-b762-9b6bb7a19c1f:indexpattern-datasource-layer-b4080c20-fb76-441d-a8d3-b772997c1a9d","type":"index-pattern"},{"id":"logs-*","name":"794cfd69-290e-4a83-8e59-21a13e713fe6:indexpattern-datasource-layer-4ecc0135-8b3b-4420-a97b-07baf0ad169c","type":"index-pattern"},{"id":"logs-*","name":"cdf1fd4d-d93a-4ad2-aa00-4959fe77be56:indexpattern-datasource-layer-b4080c20-fb76-441d-a8d3-b772997c1a9d","type":"index-pattern"},{"id":"logs-*","name":"6f6b8831-d79e-4291-9431-b2ea16be6dd7:indexpattern-datasource-layer-4ecc0135-8b3b-4420-a97b-07baf0ad169c","type":"index-pattern"},{"id":"logs-*","name":"f684b364-536f-44d4-a6a6-6975f964daae:indexpattern-datasource-layer-b4080c20-fb76-441d-a8d3-b772997c1a9d","type":"index-pattern"},{"id":"logs-*","name":"4a4bf160-0594-40f8-ab4d-6242c41b79a2:indexpattern-datasource-layer-b4080c20-fb76-441d-a8d3-b772997c1a9d","type":"index-pattern"},{"id":"logs-*","name":"62e853e4-fa5e-49f0-8e5f-575c5c9bf3fc:indexpattern-datasource-layer-b4080c20-fb76-441d-a8d3-b772997c1a9d","type":"index-pattern"},{"id":"logs-*","name":"06d83d34-1df0-4dc3-ac38-d8ce26f23b80:indexpattern-datasource-layer-b4080c20-fb76-441d-a8d3-b772997c1a9d","type":"index-pattern"},{"id":"logs-*","name":"0e36eb8f-5d02-4ffd-90cb-4f7e094d300d:indexpattern-datasource-layer-b4080c20-fb76-441d-a8d3-b772997c1a9d","type":"index-pattern"},{"id":"logs-*","name":"b3e68758-292a-4392-8311-23a575fec922:indexpattern-datasource-layer-b4080c20-fb76-441d-a8d3-b772997c1a9d","type":"index-pattern"},{"id":"logs-*","name":"57f08755-8c84-4134-bbb4-af146826e55a:indexpattern-datasource-layer-b4080c20-fb76-441d-a8d3-b772997c1a9d","type":"index-pattern"},{"id":"logs-*","name":"16b1f8bc-bd46-420c-9538-579c1339b9cb:indexpattern-datasource-layer-b4080c20-fb76-441d-a8d3-b772997c1a9d","type":"index-pattern"},{"id":"logs-*","name":"0df40626-ace9-4e3b-b839-8f865051bb87:indexpattern-datasource-layer-b4080c20-fb76-441d-a8d3-b772997c1a9d","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688154054424,7903],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3ODgsMV0="}
-{"attributes":{"columns":["google_workspace.groups.email","google_workspace.groups.setting","google_workspace.groups.old_value","google_workspace.groups.new_value"],"description":"","grid":{"columns":{"google_workspace.groups.email":{"width":327},"google_workspace.groups.setting":{"width":327}}},"hideChart":false,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.action\",\"negate\":false,\"params\":{\"query\":\"change_info_setting\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.action\":\"change_info_setting\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.groups\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.groups\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"sort":[["@timestamp","desc"]],"title":"Group Info Settings Changes [Logs Google Workspace]"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"google_workspace-676e6980-3bfc-11ed-8bdd-f5c5df6c1370","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688154054424,7909],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3ODksMV0="}
-{"attributes":{"columns":["source.user.email"],"description":"","grid":{"columns":{"@timestamp":{"width":210}}},"hideChart":false,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.login\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.login\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"sort":[["@timestamp","desc"]],"title":"Login Failure by Types [Logs Google Workspace]"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"google_workspace-7ab25b80-3b13-11ed-8bdd-f5c5df6c1370","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688154054424,7914],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3OTAsMV0="}
-{"attributes":{"columns":["event.action","google_workspace.event.type","google_workspace.admin.old_value","google_workspace.admin.new_value"],"description":"","grid":{},"hideChart":false,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.admin\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.admin\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"sort":[["@timestamp","desc"]],"title":"Settings Changes [Logs Google Workspace]"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"google_workspace-ebb44680-3bf5-11ed-8bdd-f5c5df6c1370","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688154054424,7919],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3OTEsMV0="}
-{"attributes":{"description":"Overview of Google Workspace Admin.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.admin\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.admin\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"map\",\"gridData\":{\"h\":18,\"i\":\"db3ad227-f043-4cc0-9d48-69d67cdc63d4\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"db3ad227-f043-4cc0-9d48-69d67cdc63d4\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"layerListJSON\":\"[{\\\"locale\\\":\\\"autoselect\\\",\\\"sourceDescriptor\\\":{\\\"type\\\":\\\"EMS_TMS\\\",\\\"isAutoSelect\\\":true,\\\"lightModeDefault\\\":\\\"road_map_desaturated\\\"},\\\"id\\\":\\\"1b9a0ec2-a115-4f57-a731-62e35e588921\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":1,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"EMS_VECTOR_TILE\\\",\\\"color\\\":\\\"\\\"},\\\"includeInFitToBounds\\\":true,\\\"type\\\":\\\"EMS_VECTOR_TILE\\\"},{\\\"sourceDescriptor\\\":{\\\"geoField\\\":\\\"source.geo.location\\\",\\\"requestType\\\":\\\"heatmap\\\",\\\"resolution\\\":\\\"SUPER_FINE\\\",\\\"id\\\":\\\"9b7deb92-238b-47a2-a87d-5bd1aaf60862\\\",\\\"type\\\":\\\"ES_GEO_GRID\\\",\\\"applyGlobalQuery\\\":true,\\\"applyGlobalTime\\\":true,\\\"applyForceRefresh\\\":true,\\\"metrics\\\":[{\\\"type\\\":\\\"count\\\"}],\\\"indexPatternRefName\\\":\\\"layer_1_source_index_pattern\\\"},\\\"id\\\":\\\"1bb6bfcd-9dc9-4abb-b41d-bd8eafb59a67\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":0.75,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"HEATMAP\\\",\\\"colorRampName\\\":\\\"theclassic\\\"},\\\"includeInFitToBounds\\\":true,\\\"type\\\":\\\"HEATMAP\\\"}]\",\"mapStateJSON\":\"{\\\"zoom\\\":0.68,\\\"center\\\":{\\\"lon\\\":-91.00144,\\\"lat\\\":6.63298},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-15m\\\",\\\"to\\\":\\\"now\\\"},\\\"refreshConfig\\\":{\\\"isPaused\\\":true,\\\"interval\\\":0},\\\"query\\\":{\\\"query\\\":\\\"\\\",\\\"language\\\":\\\"kuery\\\"},\\\"filters\\\":[],\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false,\\\"backgroundColor\\\":\\\"#ffffff\\\",\\\"customIcons\\\":[],\\\"disableInteractive\\\":false,\\\"disableTooltipControl\\\":false,\\\"hideToolbarOverlay\\\":false,\\\"hideLayerControl\\\":false,\\\"hideViewControl\\\":false,\\\"initialLocation\\\":\\\"LAST_SAVED_LOCATION\\\",\\\"fixedLocation\\\":{\\\"lat\\\":0,\\\"lon\\\":0,\\\"zoom\\\":2},\\\"browserLocation\\\":{\\\"zoom\\\":2},\\\"keydownScrollZoom\\\":false,\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"showScaleControl\\\":false,\\\"showSpatialFilters\\\":true,\\\"showTimesliderToggleButton\\\":true,\\\"spatialFiltersAlpa\\\":0.3,\\\"spatialFiltersFillColor\\\":\\\"#DA8B45\\\",\\\"spatialFiltersLineColor\\\":\\\"#DA8B45\\\"}}\",\"title\":\"\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[\\\"1bb6bfcd-9dc9-4abb-b41d-bd8eafb59a67\\\"]}\"},\"enhancements\":{},\"hiddenLayers\":[],\"hidePanelTitles\":false,\"isLayerTOCOpen\":true,\"mapBuffer\":{\"maxLat\":85.05113,\"maxLon\":360,\"minLat\":-85.05113,\"minLon\":-540},\"mapCenter\":{\"lat\":15.6024,\"lon\":-91.00144,\"zoom\":0.68},\"openTOCDetails\":[\"1bb6bfcd-9dc9-4abb-b41d-bd8eafb59a67\"],\"type\":\"map\"},\"title\":\"Admin Activity by Location [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"542bc939-aff6-4f03-b85c-82cdc0b61c0d\",\"w\":24,\"x\":0,\"y\":18},\"panelIndex\":\"542bc939-aff6-4f03-b85c-82cdc0b61c0d\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-ac16649e-423f-457c-bc22-a70b87b3afb8\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"ac16649e-423f-457c-bc22-a70b87b3afb8\":{\"columnOrder\":[\"7d808e71-39e6-49fc-9aea-b6fd81b8729f\",\"29790544-b881-4932-9bf8-afe77aa456b3\"],\"columns\":{\"29790544-b881-4932-9bf8-afe77aa456b3\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"7d808e71-39e6-49fc-9aea-b6fd81b8729f\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Event Action\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"29790544-b881-4932-9bf8-afe77aa456b3\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"event.action\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"ac16649e-423f-457c-bc22-a70b87b3afb8\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"7d808e71-39e6-49fc-9aea-b6fd81b8729f\"],\"metrics\":[\"29790544-b881-4932-9bf8-afe77aa456b3\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Admin Events by Event Action [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"2dd48f01-fe23-4e26-8184-cae43aceb9f7\",\"w\":24,\"x\":24,\"y\":18},\"panelIndex\":\"2dd48f01-fe23-4e26-8184-cae43aceb9f7\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-bae06901-e65e-44de-bc42-376e6d4ac823\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"bae06901-e65e-44de-bc42-376e6d4ac823\":{\"columnOrder\":[\"808a404a-4e26-4fa9-9252-4d0b482177e3\",\"7d028f30-2071-4ae3-957f-7afab533a9dc\"],\"columns\":{\"7d028f30-2071-4ae3-957f-7afab533a9dc\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"808a404a-4e26-4fa9-9252-4d0b482177e3\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Data Source\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"7d028f30-2071-4ae3-957f-7afab533a9dc\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.event.type\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"808a404a-4e26-4fa9-9252-4d0b482177e3\"},{\"columnId\":\"7d028f30-2071-4ae3-957f-7afab533a9dc\"}],\"layerId\":\"bae06901-e65e-44de-bc42-376e6d4ac823\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top 10 Data Source [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"1bf4ea45-2339-4154-bbb4-cdcae8996a6b\",\"w\":24,\"x\":24,\"y\":33},\"panelIndex\":\"1bf4ea45-2339-4154-bbb4-cdcae8996a6b\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-37c9e2f8-0a5d-4fe5-b90a-3020bcf15de4\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"37c9e2f8-0a5d-4fe5-b90a-3020bcf15de4\":{\"columnOrder\":[\"b55b0541-7c14-4a92-a9a8-e488a57f0088\",\"59c7cf52-497c-4f6a-815b-3a77b1ec5734\"],\"columns\":{\"59c7cf52-497c-4f6a-815b-3a77b1ec5734\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"b55b0541-7c14-4a92-a9a8-e488a57f0088\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Domain\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"59c7cf52-497c-4f6a-815b-3a77b1ec5734\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.admin.domain.name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"59c7cf52-497c-4f6a-815b-3a77b1ec5734\"],\"layerId\":\"37c9e2f8-0a5d-4fe5-b90a-3020bcf15de4\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"b55b0541-7c14-4a92-a9a8-e488a57f0088\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Admin Events by Domain [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"533eb7c5-d127-4ed7-a1bf-3944ba07f73d\",\"w\":24,\"x\":0,\"y\":33},\"panelIndex\":\"533eb7c5-d127-4ed7-a1bf-3944ba07f73d\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-941b90b0-14c7-49f8-80a4-261b8d9489e5\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"941b90b0-14c7-49f8-80a4-261b8d9489e5\":{\"columnOrder\":[\"671d6acf-25ff-451f-8053-69c2978ed1e6\",\"83748527-ab97-4f00-b955-35661178e638\"],\"columns\":{\"671d6acf-25ff-451f-8053-69c2978ed1e6\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Device Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"83748527-ab97-4f00-b955-35661178e638\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.admin.device.type\"},\"83748527-ab97-4f00-b955-35661178e638\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"941b90b0-14c7-49f8-80a4-261b8d9489e5\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"671d6acf-25ff-451f-8053-69c2978ed1e6\"],\"metrics\":[\"83748527-ab97-4f00-b955-35661178e638\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Admin Events by Device Type [Logs Google Workspace]\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":20,\"i\":\"44df46b9-f301-4d3c-83db-8781aeb70d13\",\"w\":48,\"x\":0,\"y\":48},\"panelIndex\":\"44df46b9-f301-4d3c-83db-8781aeb70d13\",\"panelRefName\":\"panel_44df46b9-f301-4d3c-83db-8781aeb70d13\",\"type\":\"search\",\"version\":\"8.4.0\"}]","timeRestore":false,"title":"[Logs Google Workspace] Admin","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"google_workspace-8925d900-3b43-11ed-8bdd-f5c5df6c1370","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"db3ad227-f043-4cc0-9d48-69d67cdc63d4:layer_1_source_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"542bc939-aff6-4f03-b85c-82cdc0b61c0d:indexpattern-datasource-layer-ac16649e-423f-457c-bc22-a70b87b3afb8","type":"index-pattern"},{"id":"logs-*","name":"2dd48f01-fe23-4e26-8184-cae43aceb9f7:indexpattern-datasource-layer-bae06901-e65e-44de-bc42-376e6d4ac823","type":"index-pattern"},{"id":"logs-*","name":"1bf4ea45-2339-4154-bbb4-cdcae8996a6b:indexpattern-datasource-layer-37c9e2f8-0a5d-4fe5-b90a-3020bcf15de4","type":"index-pattern"},{"id":"logs-*","name":"533eb7c5-d127-4ed7-a1bf-3944ba07f73d:indexpattern-datasource-layer-941b90b0-14c7-49f8-80a4-261b8d9489e5","type":"index-pattern"},{"id":"google_workspace-ebb44680-3bf5-11ed-8bdd-f5c5df6c1370","name":"44df46b9-f301-4d3c-83db-8781aeb70d13:panel_44df46b9-f301-4d3c-83db-8781aeb70d13","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688154054424,7929],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3OTIsMV0="}
-{"attributes":{"columns":["google_workspace.groups.email","google_workspace.groups.setting","google_workspace.groups.old_value","google_workspace.groups.new_value"],"description":"","grid":{"columns":{"google_workspace.groups.email":{"width":327},"google_workspace.groups.setting":{"width":327}}},"hideChart":false,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.action\",\"negate\":false,\"params\":{\"query\":\"change_topic_setting\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.action\":\"change_topic_setting\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.groups\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.groups\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"sort":[["@timestamp","desc"]],"title":"Group Topic Setting Changes [Logs Google Workspace]"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"google_workspace-8e8f98d0-3c02-11ed-8bdd-f5c5df6c1370","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688154054424,7935],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3OTMsMV0="}
-{"attributes":{"columns":["user.email","google_workspace.alert.type"],"description":"","grid":{"columns":{"@timestamp":{"width":322},"user.email":{"width":495}}},"hideChart":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"google_workspace.alert\\\"\"}}"},"sort":[["@timestamp","desc"]],"title":"User Email and Alert Type [Logs Google Workspace]"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"google_workspace-8ec40930-0110-11ed-825d-df764a9c0c57","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688154054424,7939],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3OTQsMV0="}
-{"attributes":{"columns":["google_workspace.context_aware_access.application","google_workspace.context_aware_access.device.id","google_workspace.context_aware_access.device.state"],"description":"","grid":{},"hideChart":false,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.context_aware_access\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.context_aware_access\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"sort":[["@timestamp","desc"]],"title":"Context Aware Access [Logs Google Workspace]"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"google_workspace-c3960ae0-9586-11ed-82ba-c3ec829933e4","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688154054424,7944],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3OTUsMV0="}
-{"attributes":{"description":"Overview of Google Workspace User Account.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.user_accounts\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.user_accounts\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"map\",\"gridData\":{\"h\":18,\"i\":\"26ae43a3-589e-487d-a0d7-525634a754a6\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"26ae43a3-589e-487d-a0d7-525634a754a6\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"layerListJSON\":\"[{\\\"locale\\\":\\\"autoselect\\\",\\\"sourceDescriptor\\\":{\\\"type\\\":\\\"EMS_TMS\\\",\\\"isAutoSelect\\\":true,\\\"lightModeDefault\\\":\\\"road_map_desaturated\\\"},\\\"id\\\":\\\"707528d3-06d1-49af-8918-358001efd8f5\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":1,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"EMS_VECTOR_TILE\\\",\\\"color\\\":\\\"\\\"},\\\"includeInFitToBounds\\\":true,\\\"type\\\":\\\"EMS_VECTOR_TILE\\\"},{\\\"sourceDescriptor\\\":{\\\"geoField\\\":\\\"source.geo.location\\\",\\\"requestType\\\":\\\"heatmap\\\",\\\"resolution\\\":\\\"SUPER_FINE\\\",\\\"id\\\":\\\"b93e3b9e-f9e2-4895-9e4d-a44773daae0d\\\",\\\"type\\\":\\\"ES_GEO_GRID\\\",\\\"applyGlobalQuery\\\":true,\\\"applyGlobalTime\\\":true,\\\"applyForceRefresh\\\":true,\\\"metrics\\\":[{\\\"type\\\":\\\"count\\\"}],\\\"indexPatternRefName\\\":\\\"layer_1_source_index_pattern\\\"},\\\"id\\\":\\\"77ef5d1b-be38-442a-9286-322721644d0f\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":0.75,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"HEATMAP\\\",\\\"colorRampName\\\":\\\"theclassic\\\"},\\\"includeInFitToBounds\\\":true,\\\"type\\\":\\\"HEATMAP\\\"}]\",\"mapStateJSON\":\"{\\\"zoom\\\":1.54,\\\"center\\\":{\\\"lon\\\":0,\\\"lat\\\":19.94277},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-15m\\\",\\\"to\\\":\\\"now\\\"},\\\"refreshConfig\\\":{\\\"isPaused\\\":true,\\\"interval\\\":0},\\\"query\\\":{\\\"query\\\":\\\"\\\",\\\"language\\\":\\\"kuery\\\"},\\\"filters\\\":[],\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false,\\\"backgroundColor\\\":\\\"#ffffff\\\",\\\"customIcons\\\":[],\\\"disableInteractive\\\":false,\\\"disableTooltipControl\\\":false,\\\"hideToolbarOverlay\\\":false,\\\"hideLayerControl\\\":false,\\\"hideViewControl\\\":false,\\\"initialLocation\\\":\\\"LAST_SAVED_LOCATION\\\",\\\"fixedLocation\\\":{\\\"lat\\\":0,\\\"lon\\\":0,\\\"zoom\\\":2},\\\"browserLocation\\\":{\\\"zoom\\\":2},\\\"keydownScrollZoom\\\":false,\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"showScaleControl\\\":false,\\\"showSpatialFilters\\\":true,\\\"showTimesliderToggleButton\\\":true,\\\"spatialFiltersAlpa\\\":0.3,\\\"spatialFiltersFillColor\\\":\\\"#DA8B45\\\",\\\"spatialFiltersLineColor\\\":\\\"#DA8B45\\\"}}\",\"title\":\"\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[\\\"77ef5d1b-be38-442a-9286-322721644d0f\\\"]}\"},\"enhancements\":{},\"hiddenLayers\":[],\"hidePanelTitles\":false,\"isLayerTOCOpen\":true,\"mapBuffer\":{\"maxLat\":66.51326,\"maxLon\":180,\"minLat\":-66.51326,\"minLon\":-180},\"mapCenter\":{\"lat\":19.94277,\"lon\":0,\"zoom\":1.54},\"openTOCDetails\":[\"77ef5d1b-be38-442a-9286-322721644d0f\"],\"type\":\"map\"},\"title\":\"User Account Activity by Location [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"063f63f2-df3c-4d39-a49b-c0f79b5becf3\",\"w\":24,\"x\":0,\"y\":18},\"panelIndex\":\"063f63f2-df3c-4d39-a49b-c0f79b5becf3\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-552c1fa5-8dea-4d0d-a845-214b0f15beaf\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"552c1fa5-8dea-4d0d-a845-214b0f15beaf\":{\"columnOrder\":[\"1f3d0f09-fcda-4fe0-9534-741484a7c626\",\"48bd6463-e49e-4661-9792-98e02c6be994\"],\"columns\":{\"1f3d0f09-fcda-4fe0-9534-741484a7c626\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Event Action\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"48bd6463-e49e-4661-9792-98e02c6be994\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"event.action\"},\"48bd6463-e49e-4661-9792-98e02c6be994\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"552c1fa5-8dea-4d0d-a845-214b0f15beaf\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"1f3d0f09-fcda-4fe0-9534-741484a7c626\"],\"metrics\":[\"48bd6463-e49e-4661-9792-98e02c6be994\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of User Account Events by Event Action [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"d418d972-b396-4b34-92ba-79a3c8f5c5f7\",\"w\":24,\"x\":24,\"y\":18},\"panelIndex\":\"d418d972-b396-4b34-92ba-79a3c8f5c5f7\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-76ad4adb-bb8a-48e7-8787-ca9d7cd73a40\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"76ad4adb-bb8a-48e7-8787-ca9d7cd73a40\":{\"columnOrder\":[\"2b6d220f-5d57-4588-a496-0fa9c3d66b91\",\"258d75db-23b3-4cb9-a506-256a8490e546\"],\"columns\":{\"258d75db-23b3-4cb9-a506-256a8490e546\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"2b6d220f-5d57-4588-a496-0fa9c3d66b91\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Organization Domain\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"258d75db-23b3-4cb9-a506-256a8490e546\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.organization.domain\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"2b6d220f-5d57-4588-a496-0fa9c3d66b91\"},{\"columnId\":\"258d75db-23b3-4cb9-a506-256a8490e546\"}],\"layerId\":\"76ad4adb-bb8a-48e7-8787-ca9d7cd73a40\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top 10 Organization Domain [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"3c8d2701-a63b-4c7e-a158-a2bb4340915a\",\"w\":24,\"x\":0,\"y\":33},\"panelIndex\":\"3c8d2701-a63b-4c7e-a158-a2bb4340915a\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-8725877a-58ef-473d-9322-1e473840de8c\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"8725877a-58ef-473d-9322-1e473840de8c\":{\"columnOrder\":[\"afede701-0d06-4d84-8bb3-f3711ba91cb6\",\"acd3624b-32bb-4634-b97b-5f899b78f7ae\"],\"columns\":{\"acd3624b-32bb-4634-b97b-5f899b78f7ae\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"afede701-0d06-4d84-8bb3-f3711ba91cb6\":{\"customLabel\":true,\"dataType\":\"ip\",\"isBucketed\":true,\"label\":\"IP of User Account\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"acd3624b-32bb-4634-b97b-5f899b78f7ae\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"source.ip\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"afede701-0d06-4d84-8bb3-f3711ba91cb6\"},{\"columnId\":\"acd3624b-32bb-4634-b97b-5f899b78f7ae\"}],\"layerId\":\"8725877a-58ef-473d-9322-1e473840de8c\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top 10 IP of User Account [Logs Google Workspace]\"}]","timeRestore":false,"title":"[Logs Google Workspace] User Account","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"google_workspace-ca3ff140-3b3f-11ed-8bdd-f5c5df6c1370","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"26ae43a3-589e-487d-a0d7-525634a754a6:layer_1_source_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"063f63f2-df3c-4d39-a49b-c0f79b5becf3:indexpattern-datasource-layer-552c1fa5-8dea-4d0d-a845-214b0f15beaf","type":"index-pattern"},{"id":"logs-*","name":"d418d972-b396-4b34-92ba-79a3c8f5c5f7:indexpattern-datasource-layer-76ad4adb-bb8a-48e7-8787-ca9d7cd73a40","type":"index-pattern"},{"id":"logs-*","name":"3c8d2701-a63b-4c7e-a158-a2bb4340915a:indexpattern-datasource-layer-8725877a-58ef-473d-9322-1e473840de8c","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688154054424,7952],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3OTYsMV0="}
-{"attributes":{"columns":["google_workspace.groups.email","google_workspace.groups.setting","google_workspace.groups.old_value","google_workspace.groups.new_value"],"description":"","grid":{"columns":{"google_workspace.groups.email":{"width":327}}},"hideChart":false,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.action\",\"negate\":false,\"params\":{\"query\":\"change_new_members_restrictions_setting\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.action\":\"change_new_members_restrictions_setting\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.groups\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.groups\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"sort":[["@timestamp","desc"]],"title":"Group New Members Restrictions Setting Changes [Logs Google Workspace]"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"google_workspace-e3d44490-3bfc-11ed-8bdd-f5c5df6c1370","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688154054424,7958],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3OTcsMV0="}
-{"attributes":{"columns":["google_workspace.groups.acl_permission","google_workspace.groups.email","google_workspace.groups.old_value","google_workspace.groups.new_value"],"description":"","grid":{"columns":{"google_workspace.groups.email":{"width":327}}},"hideChart":false,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.action\",\"negate\":false,\"params\":{\"query\":\"change_acl_permission\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.action\":\"change_acl_permission\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.groups\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.groups\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"sort":[["@timestamp","desc"]],"title":"Group Permission Changes [Logs Google Workspace]"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"google_workspace-d542c8e0-3bfa-11ed-8bdd-f5c5df6c1370","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688154054424,7964],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3OTgsMV0="}
-{"attributes":{"description":"Overview of Google Workspace Groups.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.groups\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.groups\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"map\",\"gridData\":{\"h\":19,\"i\":\"afb88f80-4dc3-4dda-957a-42f50248c77c\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"afb88f80-4dc3-4dda-957a-42f50248c77c\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"layerListJSON\":\"[{\\\"locale\\\":\\\"autoselect\\\",\\\"sourceDescriptor\\\":{\\\"type\\\":\\\"EMS_TMS\\\",\\\"isAutoSelect\\\":true,\\\"lightModeDefault\\\":\\\"road_map_desaturated\\\"},\\\"id\\\":\\\"1b6b7889-8746-4131-b1e9-e324b4e78dfe\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":1,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"EMS_VECTOR_TILE\\\",\\\"color\\\":\\\"\\\"},\\\"includeInFitToBounds\\\":true,\\\"type\\\":\\\"EMS_VECTOR_TILE\\\"},{\\\"sourceDescriptor\\\":{\\\"geoField\\\":\\\"source.geo.location\\\",\\\"requestType\\\":\\\"heatmap\\\",\\\"resolution\\\":\\\"SUPER_FINE\\\",\\\"id\\\":\\\"ec262955-508f-44d9-a458-111c73323707\\\",\\\"type\\\":\\\"ES_GEO_GRID\\\",\\\"applyGlobalQuery\\\":true,\\\"applyGlobalTime\\\":true,\\\"applyForceRefresh\\\":true,\\\"metrics\\\":[{\\\"type\\\":\\\"count\\\"}],\\\"indexPatternRefName\\\":\\\"layer_1_source_index_pattern\\\"},\\\"id\\\":\\\"99127787-99fb-4fa9-82a3-3a30d74eee9a\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":0.75,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"HEATMAP\\\",\\\"colorRampName\\\":\\\"theclassic\\\"},\\\"includeInFitToBounds\\\":true,\\\"type\\\":\\\"HEATMAP\\\"}]\",\"mapStateJSON\":\"{\\\"zoom\\\":1.56,\\\"center\\\":{\\\"lon\\\":0.79396,\\\"lat\\\":18.74281},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-15y\\\",\\\"to\\\":\\\"now\\\"},\\\"refreshConfig\\\":{\\\"isPaused\\\":true,\\\"interval\\\":0},\\\"query\\\":{\\\"query\\\":\\\"\\\",\\\"language\\\":\\\"kuery\\\"},\\\"filters\\\":[],\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false,\\\"backgroundColor\\\":\\\"#ffffff\\\",\\\"customIcons\\\":[],\\\"disableInteractive\\\":false,\\\"disableTooltipControl\\\":false,\\\"hideToolbarOverlay\\\":false,\\\"hideLayerControl\\\":false,\\\"hideViewControl\\\":false,\\\"initialLocation\\\":\\\"LAST_SAVED_LOCATION\\\",\\\"fixedLocation\\\":{\\\"lat\\\":0,\\\"lon\\\":0,\\\"zoom\\\":2},\\\"browserLocation\\\":{\\\"zoom\\\":2},\\\"keydownScrollZoom\\\":false,\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"showScaleControl\\\":false,\\\"showSpatialFilters\\\":true,\\\"showTimesliderToggleButton\\\":true,\\\"spatialFiltersAlpa\\\":0.3,\\\"spatialFiltersFillColor\\\":\\\"#DA8B45\\\",\\\"spatialFiltersLineColor\\\":\\\"#DA8B45\\\"}}\",\"title\":\"\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[\\\"99127787-99fb-4fa9-82a3-3a30d74eee9a\\\"]}\"},\"enhancements\":{},\"hiddenLayers\":[],\"hidePanelTitles\":false,\"isLayerTOCOpen\":true,\"mapBuffer\":{\"maxLat\":66.51326,\"maxLon\":270,\"minLat\":-66.51326,\"minLon\":-270},\"mapCenter\":{\"lat\":18.74281,\"lon\":0.79396,\"zoom\":1.56},\"openTOCDetails\":[\"99127787-99fb-4fa9-82a3-3a30d74eee9a\"],\"type\":\"map\"},\"title\":\"Group Activity by Location [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"f9dbc5f6-21e9-4a47-8e96-38b51da23fc4\",\"w\":24,\"x\":0,\"y\":19},\"panelIndex\":\"f9dbc5f6-21e9-4a47-8e96-38b51da23fc4\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-7633317d-f40f-4529-9a3a-7a6ef0ad8c10\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"7633317d-f40f-4529-9a3a-7a6ef0ad8c10\":{\"columnOrder\":[\"c6720064-5b3a-4d61-90ee-897c0c9d281f\",\"9a0c0ebd-da40-4d91-8279-f6aa059deb2a\"],\"columns\":{\"9a0c0ebd-da40-4d91-8279-f6aa059deb2a\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"c6720064-5b3a-4d61-90ee-897c0c9d281f\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Event Action\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"9a0c0ebd-da40-4d91-8279-f6aa059deb2a\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"event.action\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"7633317d-f40f-4529-9a3a-7a6ef0ad8c10\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"c6720064-5b3a-4d61-90ee-897c0c9d281f\"],\"metrics\":[\"9a0c0ebd-da40-4d91-8279-f6aa059deb2a\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Groups Events by Event Action [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"c2e2430f-3be1-43f6-a2d4-fee6fc64232c\",\"w\":24,\"x\":24,\"y\":19},\"panelIndex\":\"c2e2430f-3be1-43f6-a2d4-fee6fc64232c\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-46c2ca78-5e2c-42b9-8d54-6f39c8a1b756\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"46c2ca78-5e2c-42b9-8d54-6f39c8a1b756\":{\"columnOrder\":[\"bc58f82f-057e-4715-a191-88e33bf91997\",\"ba66231e-10bf-43a1-b018-904416d0ff5c\"],\"columns\":{\"ba66231e-10bf-43a1-b018-904416d0ff5c\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"bc58f82f-057e-4715-a191-88e33bf91997\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"ACL Permissions\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"ba66231e-10bf-43a1-b018-904416d0ff5c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.groups.acl_permission\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"bc58f82f-057e-4715-a191-88e33bf91997\"},{\"columnId\":\"ba66231e-10bf-43a1-b018-904416d0ff5c\"}],\"layerId\":\"46c2ca78-5e2c-42b9-8d54-6f39c8a1b756\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top 10 ACL Permissions [Logs Google Workspace]\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":15,\"i\":\"8178a326-bde4-48d7-be24-4b1f26229cf9\",\"w\":24,\"x\":0,\"y\":34},\"panelIndex\":\"8178a326-bde4-48d7-be24-4b1f26229cf9\",\"panelRefName\":\"panel_8178a326-bde4-48d7-be24-4b1f26229cf9\",\"type\":\"search\",\"version\":\"8.4.0\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":15,\"i\":\"20424297-98c8-4286-b938-3b2cc4d97db0\",\"w\":24,\"x\":24,\"y\":34},\"panelIndex\":\"20424297-98c8-4286-b938-3b2cc4d97db0\",\"panelRefName\":\"panel_20424297-98c8-4286-b938-3b2cc4d97db0\",\"type\":\"search\",\"version\":\"8.4.0\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":19,\"i\":\"6f49ba9e-85aa-4425-8b49-03d21d459844\",\"w\":48,\"x\":0,\"y\":49},\"panelIndex\":\"6f49ba9e-85aa-4425-8b49-03d21d459844\",\"panelRefName\":\"panel_6f49ba9e-85aa-4425-8b49-03d21d459844\",\"type\":\"search\",\"version\":\"8.4.0\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":19,\"i\":\"8fa377dc-cbba-498e-a52e-7f871beafe44\",\"w\":48,\"x\":0,\"y\":68},\"panelIndex\":\"8fa377dc-cbba-498e-a52e-7f871beafe44\",\"panelRefName\":\"panel_8fa377dc-cbba-498e-a52e-7f871beafe44\",\"type\":\"search\",\"version\":\"8.4.0\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":19,\"i\":\"57346c0f-28a4-4300-92bf-7b8d50387bdb\",\"w\":48,\"x\":0,\"y\":87},\"panelIndex\":\"57346c0f-28a4-4300-92bf-7b8d50387bdb\",\"panelRefName\":\"panel_57346c0f-28a4-4300-92bf-7b8d50387bdb\",\"type\":\"search\",\"version\":\"8.4.0\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":19,\"i\":\"b0a5f751-2bbc-4059-a715-a62b27aa951f\",\"w\":48,\"x\":0,\"y\":106},\"panelIndex\":\"b0a5f751-2bbc-4059-a715-a62b27aa951f\",\"panelRefName\":\"panel_b0a5f751-2bbc-4059-a715-a62b27aa951f\",\"type\":\"search\",\"version\":\"8.4.0\"}]","timeRestore":false,"title":"[Logs Google Workspace] Groups","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"google_workspace-d3cf6d50-3bfb-11ed-8bdd-f5c5df6c1370","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"afb88f80-4dc3-4dda-957a-42f50248c77c:layer_1_source_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"f9dbc5f6-21e9-4a47-8e96-38b51da23fc4:indexpattern-datasource-layer-7633317d-f40f-4529-9a3a-7a6ef0ad8c10","type":"index-pattern"},{"id":"logs-*","name":"c2e2430f-3be1-43f6-a2d4-fee6fc64232c:indexpattern-datasource-layer-46c2ca78-5e2c-42b9-8d54-6f39c8a1b756","type":"index-pattern"},{"id":"google_workspace-e3d44490-3bfc-11ed-8bdd-f5c5df6c1370","name":"8178a326-bde4-48d7-be24-4b1f26229cf9:panel_8178a326-bde4-48d7-be24-4b1f26229cf9","type":"search"},{"id":"google_workspace-3ceeeba0-3c04-11ed-8bdd-f5c5df6c1370","name":"20424297-98c8-4286-b938-3b2cc4d97db0:panel_20424297-98c8-4286-b938-3b2cc4d97db0","type":"search"},{"id":"google_workspace-10b37c00-3c03-11ed-8bdd-f5c5df6c1370","name":"6f49ba9e-85aa-4425-8b49-03d21d459844:panel_6f49ba9e-85aa-4425-8b49-03d21d459844","type":"search"},{"id":"google_workspace-676e6980-3bfc-11ed-8bdd-f5c5df6c1370","name":"8fa377dc-cbba-498e-a52e-7f871beafe44:panel_8fa377dc-cbba-498e-a52e-7f871beafe44","type":"search"},{"id":"google_workspace-d542c8e0-3bfa-11ed-8bdd-f5c5df6c1370","name":"57346c0f-28a4-4300-92bf-7b8d50387bdb:panel_57346c0f-28a4-4300-92bf-7b8d50387bdb","type":"search"},{"id":"google_workspace-8e8f98d0-3c02-11ed-8bdd-f5c5df6c1370","name":"b0a5f751-2bbc-4059-a715-a62b27aa951f:panel_b0a5f751-2bbc-4059-a715-a62b27aa951f","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688154054424,7977],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ3OTksMV0="}
-{"attributes":{"columns":["event.id","google_workspace.alert.source","google_workspace.alert.type"],"description":"","grid":{},"hideChart":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"google_workspace.alert\\\"\"}}"},"sort":[["@timestamp","desc"]],"title":"Alert [Logs Google Workspace]"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"google_workspace-e013b790-010b-11ed-825d-df764a9c0c57","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688154054424,7981],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4MDAsMV0="}
-{"attributes":{"description":"Overview of Google Workspace Alert.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"google_workspace.alert\\\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"56b2ee3f-ebac-45fe-b858-dce50d80ec2c\",\"w\":24,\"x\":0,\"y\":0},\"panelIndex\":\"56b2ee3f-ebac-45fe-b858-dce50d80ec2c\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a1b37bdb-205d-4a62-8ec6-9f959262ee6f\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a1b37bdb-205d-4a62-8ec6-9f959262ee6f\":{\"columnOrder\":[\"f8f5d22a-5fda-43ab-a592-f485d006adca\",\"1753e5a5-24a4-48c9-bacf-467d9e5a7e19\",\"482dc9f7-a02d-4efe-884b-9540b978a570\"],\"columns\":{\"1753e5a5-24a4-48c9-bacf-467d9e5a7e19\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Alert Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"482dc9f7-a02d-4efe-884b-9540b978a570\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.alert.type\"},\"482dc9f7-a02d-4efe-884b-9540b978a570\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"f8f5d22a-5fda-43ab-a592-f485d006adca\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Customer ID\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"482dc9f7-a02d-4efe-884b-9540b978a570\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"organization.id\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"google_workspace.alert\\\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"f8f5d22a-5fda-43ab-a592-f485d006adca\",\"isTransposed\":false},{\"columnId\":\"1753e5a5-24a4-48c9-bacf-467d9e5a7e19\",\"isTransposed\":false},{\"alignment\":\"left\",\"columnId\":\"482dc9f7-a02d-4efe-884b-9540b978a570\",\"isTransposed\":false}],\"layerId\":\"a1b37bdb-205d-4a62-8ec6-9f959262ee6f\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top 10 Customer ID and Alert Type [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"6579eaad-0eb6-449e-8c7d-ccbd0982ef4e\",\"w\":16,\"x\":24,\"y\":0},\"panelIndex\":\"6579eaad-0eb6-449e-8c7d-ccbd0982ef4e\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-1b1a5743-7b56-4496-98e8-3226c635b02e\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"1b1a5743-7b56-4496-98e8-3226c635b02e\":{\"columnOrder\":[\"07a44659-9889-47ac-8722-facf15e17973\",\"84097520-fceb-4281-a3ff-68936e5ac1f2\"],\"columns\":{\"07a44659-9889-47ac-8722-facf15e17973\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Alert Status\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"84097520-fceb-4281-a3ff-68936e5ac1f2\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.alert.metadata.status\"},\"84097520-fceb-4281-a3ff-68936e5ac1f2\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"google_workspace.alert\\\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"1b1a5743-7b56-4496-98e8-3226c635b02e\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"legendPosition\":\"right\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":false,\"primaryGroups\":[\"07a44659-9889-47ac-8722-facf15e17973\"],\"metrics\":[\"84097520-fceb-4281-a3ff-68936e5ac1f2\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Alert Event by Alert Status [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"37d5ad5e-9fc7-43b9-99ae-cf0244e433e7\",\"w\":8,\"x\":40,\"y\":0},\"panelIndex\":\"37d5ad5e-9fc7-43b9-99ae-cf0244e433e7\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-dd17cab9-16f9-49f1-952a-fdf5b43fca61\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"dd17cab9-16f9-49f1-952a-fdf5b43fca61\":{\"columnOrder\":[\"7ab0f5e4-cf93-4cce-83d9-354cdc8832ca\"],\"columns\":{\"7ab0f5e4-cf93-4cce-83d9-354cdc8832ca\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Total Alert\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"google_workspace.alert\\\"\"},\"visualization\":{\"accessor\":\"7ab0f5e4-cf93-4cce-83d9-354cdc8832ca\",\"colorMode\":\"None\",\"layerId\":\"dd17cab9-16f9-49f1-952a-fdf5b43fca61\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Alert [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"f35cbdce-64f5-48ff-ac0e-7a26bc0ad7a8\",\"w\":24,\"x\":0,\"y\":15},\"panelIndex\":\"f35cbdce-64f5-48ff-ac0e-7a26bc0ad7a8\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-682c4ae9-c25f-4c6e-a02f-49ecadf23f79\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"682c4ae9-c25f-4c6e-a02f-49ecadf23f79\":{\"columnOrder\":[\"8f51b899-e4c4-436b-8cac-985156f8eba1\",\"58dab0b4-28cf-408b-b449-223f1f83878c\"],\"columns\":{\"58dab0b4-28cf-408b-b449-223f1f83878c\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"8f51b899-e4c4-436b-8cac-985156f8eba1\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Alert Source\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"58dab0b4-28cf-408b-b449-223f1f83878c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"event.action\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"google_workspace.alert\\\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"682c4ae9-c25f-4c6e-a02f-49ecadf23f79\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"8f51b899-e4c4-436b-8cac-985156f8eba1\"],\"metrics\":[\"58dab0b4-28cf-408b-b449-223f1f83878c\"]}],\"shape\":\"treemap\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Alert Event by Alert Source [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"76793002-1815-458b-84e2-77479aad6e3b\",\"w\":24,\"x\":24,\"y\":15},\"panelIndex\":\"76793002-1815-458b-84e2-77479aad6e3b\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-1de0ae32-4b53-4e68-a64e-a1137945ca37\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"1de0ae32-4b53-4e68-a64e-a1137945ca37\":{\"columnOrder\":[\"d32e217a-9bb3-46de-b925-53cbd0408ac4\",\"d217f394-c117-448a-a04e-2c1c124567c6\"],\"columns\":{\"d217f394-c117-448a-a04e-2c1c124567c6\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"d32e217a-9bb3-46de-b925-53cbd0408ac4\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Alert Severity\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"d217f394-c117-448a-a04e-2c1c124567c6\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.alert.metadata.severity\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"google_workspace.alert\\\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"1de0ae32-4b53-4e68-a64e-a1137945ca37\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":false,\"primaryGroups\":[\"d32e217a-9bb3-46de-b925-53cbd0408ac4\"],\"metrics\":[\"d217f394-c117-448a-a04e-2c1c124567c6\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Alert Event by Alert Severity [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"9025f50e-8c6f-4d4a-bb2f-329ca79da9ed\",\"w\":24,\"x\":0,\"y\":30},\"panelIndex\":\"9025f50e-8c6f-4d4a-bb2f-329ca79da9ed\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-c87edeb9-1c07-41c8-a627-14c4fc097da4\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"c87edeb9-1c07-41c8-a627-14c4fc097da4\":{\"columnOrder\":[\"e9d3707f-02f2-4334-8923-32890766f0e7\",\"809922ff-889c-430b-8c4d-9b59f79f146f\"],\"columns\":{\"809922ff-889c-430b-8c4d-9b59f79f146f\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"e9d3707f-02f2-4334-8923-32890766f0e7\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Alert Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"809922ff-889c-430b-8c4d-9b59f79f146f\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.alert.type\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"google_workspace.alert\\\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"e9d3707f-02f2-4334-8923-32890766f0e7\"},{\"alignment\":\"left\",\"columnId\":\"809922ff-889c-430b-8c4d-9b59f79f146f\"}],\"layerId\":\"c87edeb9-1c07-41c8-a627-14c4fc097da4\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top 10 Alert Type [Logs Google Workspace]\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":15,\"i\":\"9bd845b4-711f-41b8-8507-f2e2b9d42164\",\"w\":24,\"x\":24,\"y\":30},\"panelIndex\":\"9bd845b4-711f-41b8-8507-f2e2b9d42164\",\"panelRefName\":\"panel_9bd845b4-711f-41b8-8507-f2e2b9d42164\",\"type\":\"search\",\"version\":\"8.3.0\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"e44f86d0-eff4-4048-a976-d01587ff8e3f\",\"w\":24,\"x\":0,\"y\":45},\"panelIndex\":\"e44f86d0-eff4-4048-a976-d01587ff8e3f\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-c87edeb9-1c07-41c8-a627-14c4fc097da4\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"c87edeb9-1c07-41c8-a627-14c4fc097da4\":{\"columnOrder\":[\"e9d3707f-02f2-4334-8923-32890766f0e7\",\"809922ff-889c-430b-8c4d-9b59f79f146f\"],\"columns\":{\"809922ff-889c-430b-8c4d-9b59f79f146f\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"e9d3707f-02f2-4334-8923-32890766f0e7\":{\"customLabel\":true,\"dataType\":\"ip\",\"isBucketed\":true,\"label\":\"Source IP\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"809922ff-889c-430b-8c4d-9b59f79f146f\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"source.ip\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"google_workspace.alert\\\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"e9d3707f-02f2-4334-8923-32890766f0e7\"},{\"alignment\":\"left\",\"columnId\":\"809922ff-889c-430b-8c4d-9b59f79f146f\"}],\"layerId\":\"c87edeb9-1c07-41c8-a627-14c4fc097da4\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top 10 Source IP [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"f7e4ad57-5267-4e5f-923b-35a28c1bdafa\",\"w\":24,\"x\":24,\"y\":45},\"panelIndex\":\"f7e4ad57-5267-4e5f-923b-35a28c1bdafa\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-c87edeb9-1c07-41c8-a627-14c4fc097da4\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"c87edeb9-1c07-41c8-a627-14c4fc097da4\":{\"columnOrder\":[\"e9d3707f-02f2-4334-8923-32890766f0e7\",\"fe11ba28-0f22-4400-90ea-6167d17065c2\",\"809922ff-889c-430b-8c4d-9b59f79f146f\"],\"columns\":{\"809922ff-889c-430b-8c4d-9b59f79f146f\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"e9d3707f-02f2-4334-8923-32890766f0e7\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Alert Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"809922ff-889c-430b-8c4d-9b59f79f146f\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.alert.type\"},\"fe11ba28-0f22-4400-90ea-6167d17065c2\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Security Tool Link\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"809922ff-889c-430b-8c4d-9b59f79f146f\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.alert.security_investigation_tool_link\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"google_workspace.alert\\\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"e9d3707f-02f2-4334-8923-32890766f0e7\"},{\"alignment\":\"left\",\"columnId\":\"809922ff-889c-430b-8c4d-9b59f79f146f\"},{\"columnId\":\"fe11ba28-0f22-4400-90ea-6167d17065c2\",\"isTransposed\":false}],\"layerId\":\"c87edeb9-1c07-41c8-a627-14c4fc097da4\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top 10 Alert and Security Tool Link [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"3a937eaa-5f1c-46e7-8a03-0be62f440612\",\"w\":24,\"x\":0,\"y\":60},\"panelIndex\":\"3a937eaa-5f1c-46e7-8a03-0be62f440612\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-c87edeb9-1c07-41c8-a627-14c4fc097da4\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"c87edeb9-1c07-41c8-a627-14c4fc097da4\":{\"columnOrder\":[\"e9d3707f-02f2-4334-8923-32890766f0e7\",\"05eabd31-8ff6-4ecb-b00e-748d510c9291\",\"809922ff-889c-430b-8c4d-9b59f79f146f\"],\"columns\":{\"05eabd31-8ff6-4ecb-b00e-748d510c9291\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Rule Name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"809922ff-889c-430b-8c4d-9b59f79f146f\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"rule.name\"},\"809922ff-889c-430b-8c4d-9b59f79f146f\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"e9d3707f-02f2-4334-8923-32890766f0e7\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Alert Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"809922ff-889c-430b-8c4d-9b59f79f146f\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.alert.type\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"google_workspace.alert\\\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"e9d3707f-02f2-4334-8923-32890766f0e7\"},{\"alignment\":\"left\",\"columnId\":\"809922ff-889c-430b-8c4d-9b59f79f146f\"},{\"columnId\":\"05eabd31-8ff6-4ecb-b00e-748d510c9291\",\"isTransposed\":false}],\"layerId\":\"c87edeb9-1c07-41c8-a627-14c4fc097da4\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top 10 Rule Name and Alert Type [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"5c4a632a-2385-4da5-b66d-184a293e3120\",\"w\":24,\"x\":24,\"y\":60},\"panelIndex\":\"5c4a632a-2385-4da5-b66d-184a293e3120\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-6ca72cb8-dd53-4b53-b277-ee1eb429b475\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"6ca72cb8-dd53-4b53-b277-ee1eb429b475\":{\"columnOrder\":[\"f92bf4db-7cbb-4b3b-b160-f1dc431d8163\",\"5588c500-1188-40ad-8f57-3dbc17224146\",\"17b70b54-f338-497c-986e-6b443526012b\",\"3eedd4f7-6b18-4025-a35a-6468bcd8d7c4\"],\"columns\":{\"17b70b54-f338-497c-986e-6b443526012b\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Device ID\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"3eedd4f7-6b18-4025-a35a-6468bcd8d7c4\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.alert.data.events.device.id\"},\"3eedd4f7-6b18-4025-a35a-6468bcd8d7c4\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"5588c500-1188-40ad-8f57-3dbc17224146\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Device Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"3eedd4f7-6b18-4025-a35a-6468bcd8d7c4\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.alert.data.events.device.type\"},\"f92bf4db-7cbb-4b3b-b160-f1dc431d8163\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Device Model\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"3eedd4f7-6b18-4025-a35a-6468bcd8d7c4\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.alert.data.events.device.model\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"google_workspace.alert\\\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"f92bf4db-7cbb-4b3b-b160-f1dc431d8163\",\"isTransposed\":false},{\"alignment\":\"left\",\"columnId\":\"3eedd4f7-6b18-4025-a35a-6468bcd8d7c4\",\"isTransposed\":false},{\"columnId\":\"5588c500-1188-40ad-8f57-3dbc17224146\",\"isTransposed\":false},{\"columnId\":\"17b70b54-f338-497c-986e-6b443526012b\",\"isTransposed\":false}],\"layerId\":\"6ca72cb8-dd53-4b53-b277-ee1eb429b475\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top 10 Device Type, Device ID and Device Model [Logs Google Workspace]\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":15,\"i\":\"9b8c6a67-9021-44a8-93a9-84ba202964de\",\"w\":48,\"x\":0,\"y\":75},\"panelIndex\":\"9b8c6a67-9021-44a8-93a9-84ba202964de\",\"panelRefName\":\"panel_9b8c6a67-9021-44a8-93a9-84ba202964de\",\"type\":\"search\",\"version\":\"8.3.0\"}]","timeRestore":false,"title":"[Logs Google Workspace] Alert","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"google_workspace-d6287d50-0107-11ed-825d-df764a9c0c57","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"56b2ee3f-ebac-45fe-b858-dce50d80ec2c:indexpattern-datasource-layer-a1b37bdb-205d-4a62-8ec6-9f959262ee6f","type":"index-pattern"},{"id":"logs-*","name":"6579eaad-0eb6-449e-8c7d-ccbd0982ef4e:indexpattern-datasource-layer-1b1a5743-7b56-4496-98e8-3226c635b02e","type":"index-pattern"},{"id":"logs-*","name":"37d5ad5e-9fc7-43b9-99ae-cf0244e433e7:indexpattern-datasource-layer-dd17cab9-16f9-49f1-952a-fdf5b43fca61","type":"index-pattern"},{"id":"logs-*","name":"f35cbdce-64f5-48ff-ac0e-7a26bc0ad7a8:indexpattern-datasource-layer-682c4ae9-c25f-4c6e-a02f-49ecadf23f79","type":"index-pattern"},{"id":"logs-*","name":"76793002-1815-458b-84e2-77479aad6e3b:indexpattern-datasource-layer-1de0ae32-4b53-4e68-a64e-a1137945ca37","type":"index-pattern"},{"id":"logs-*","name":"9025f50e-8c6f-4d4a-bb2f-329ca79da9ed:indexpattern-datasource-layer-c87edeb9-1c07-41c8-a627-14c4fc097da4","type":"index-pattern"},{"id":"google_workspace-8ec40930-0110-11ed-825d-df764a9c0c57","name":"9bd845b4-711f-41b8-8507-f2e2b9d42164:panel_9bd845b4-711f-41b8-8507-f2e2b9d42164","type":"search"},{"id":"logs-*","name":"e44f86d0-eff4-4048-a976-d01587ff8e3f:indexpattern-datasource-layer-c87edeb9-1c07-41c8-a627-14c4fc097da4","type":"index-pattern"},{"id":"logs-*","name":"f7e4ad57-5267-4e5f-923b-35a28c1bdafa:indexpattern-datasource-layer-c87edeb9-1c07-41c8-a627-14c4fc097da4","type":"index-pattern"},{"id":"logs-*","name":"3a937eaa-5f1c-46e7-8a03-0be62f440612:indexpattern-datasource-layer-c87edeb9-1c07-41c8-a627-14c4fc097da4","type":"index-pattern"},{"id":"logs-*","name":"5c4a632a-2385-4da5-b66d-184a293e3120:indexpattern-datasource-layer-6ca72cb8-dd53-4b53-b277-ee1eb429b475","type":"index-pattern"},{"id":"google_workspace-e013b790-010b-11ed-825d-df764a9c0c57","name":"9b8c6a67-9021-44a8-93a9-84ba202964de:panel_9b8c6a67-9021-44a8-93a9-84ba202964de","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688154054424,7996],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4MDEsMV0="}
-{"attributes":{"description":"Overview of Google Workspace Context Aware Access.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.context_aware_access\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.context_aware_access\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"33c833bf-afb9-4c83-a205-7baf495aeb2d\",\"w\":24,\"x\":0,\"y\":0},\"panelIndex\":\"33c833bf-afb9-4c83-a205-7baf495aeb2d\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-52d472a0-b19c-474a-baca-a8d615842fe2\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"52d472a0-b19c-474a-baca-a8d615842fe2\":{\"columnOrder\":[\"cfe4f6eb-a896-4153-a38e-e5ffff54e82b\"],\"columns\":{\"cfe4f6eb-a896-4153-a38e-e5ffff54e82b\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of Context Aware Access\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"cfe4f6eb-a896-4153-a38e-e5ffff54e82b\",\"layerId\":\"52d472a0-b19c-474a-baca-a8d615842fe2\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Context Aware Access Count [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"3d627cfb-4158-44ea-af97-939ae549fc12\",\"w\":24,\"x\":24,\"y\":0},\"panelIndex\":\"3d627cfb-4158-44ea-af97-939ae549fc12\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b198159b-9fc8-43d7-85b5-1d837bc4dd1d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b198159b-9fc8-43d7-85b5-1d837bc4dd1d\":{\"columnOrder\":[\"3f7b8397-e2bc-4612-aabe-b86bc3292988\",\"0c1a8e5e-744a-4aee-ad9a-dcd9b67adc60\"],\"columns\":{\"0c1a8e5e-744a-4aee-ad9a-dcd9b67adc60\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"3f7b8397-e2bc-4612-aabe-b86bc3292988\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Event Action\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0c1a8e5e-744a-4aee-ad9a-dcd9b67adc60\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"event.action\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"b198159b-9fc8-43d7-85b5-1d837bc4dd1d\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":false,\"primaryGroups\":[\"3f7b8397-e2bc-4612-aabe-b86bc3292988\"],\"metrics\":[\"0c1a8e5e-744a-4aee-ad9a-dcd9b67adc60\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Context Aware Access Events by Event Action [Logs Google Workspace]\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":15,\"i\":\"ef3a9503-f97c-4635-ac10-0ca907d12ef1\",\"w\":48,\"x\":0,\"y\":15},\"panelIndex\":\"ef3a9503-f97c-4635-ac10-0ca907d12ef1\",\"panelRefName\":\"panel_ef3a9503-f97c-4635-ac10-0ca907d12ef1\",\"type\":\"search\",\"version\":\"8.4.0\"}]","timeRestore":false,"title":"[Logs Google Workspace] Context Aware Access","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"google_workspace-d79f1730-9585-11ed-82ba-c3ec829933e4","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"33c833bf-afb9-4c83-a205-7baf495aeb2d:indexpattern-datasource-layer-52d472a0-b19c-474a-baca-a8d615842fe2","type":"index-pattern"},{"id":"logs-*","name":"3d627cfb-4158-44ea-af97-939ae549fc12:indexpattern-datasource-layer-b198159b-9fc8-43d7-85b5-1d837bc4dd1d","type":"index-pattern"},{"id":"google_workspace-c3960ae0-9586-11ed-82ba-c3ec829933e4","name":"ef3a9503-f97c-4635-ac10-0ca907d12ef1:panel_ef3a9503-f97c-4635-ac10-0ca907d12ef1","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688154054424,8003],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4MDIsMV0="}
-{"attributes":{"description":"Overview of Google Workspace Access Transparency and GCP.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"b1d6603d-58b0-406d-bfee-36bdbfc0613e\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"b1d6603d-58b0-406d-bfee-36bdbfc0613e\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":25,\"markdown\":\"Access Transparency Logs\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"33c833bf-afb9-4c83-a205-7baf495aeb2d\",\"w\":24,\"x\":0,\"y\":4},\"panelIndex\":\"33c833bf-afb9-4c83-a205-7baf495aeb2d\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-52d472a0-b19c-474a-baca-a8d615842fe2\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"787386d9-9f5a-43f2-9fa4-6d61c80e61f0\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"52d472a0-b19c-474a-baca-a8d615842fe2\":{\"columnOrder\":[\"cfe4f6eb-a896-4153-a38e-e5ffff54e82b\"],\"columns\":{\"cfe4f6eb-a896-4153-a38e-e5ffff54e82b\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of Access Transparency\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"787386d9-9f5a-43f2-9fa4-6d61c80e61f0\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.access_transparency\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.access_transparency\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"cfe4f6eb-a896-4153-a38e-e5ffff54e82b\",\"layerId\":\"52d472a0-b19c-474a-baca-a8d615842fe2\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Access Transparency Count [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"3d627cfb-4158-44ea-af97-939ae549fc12\",\"w\":24,\"x\":24,\"y\":4},\"panelIndex\":\"3d627cfb-4158-44ea-af97-939ae549fc12\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b198159b-9fc8-43d7-85b5-1d837bc4dd1d\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"b55f097a-0337-4238-a95b-548d275f00c5\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b198159b-9fc8-43d7-85b5-1d837bc4dd1d\":{\"columnOrder\":[\"3f7b8397-e2bc-4612-aabe-b86bc3292988\",\"0c1a8e5e-744a-4aee-ad9a-dcd9b67adc60\"],\"columns\":{\"0c1a8e5e-744a-4aee-ad9a-dcd9b67adc60\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"3f7b8397-e2bc-4612-aabe-b86bc3292988\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Product Name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0c1a8e5e-744a-4aee-ad9a-dcd9b67adc60\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.access_transparency.gsuite_product_name\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"b55f097a-0337-4238-a95b-548d275f00c5\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.access_transparency\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.access_transparency\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"0c1a8e5e-744a-4aee-ad9a-dcd9b67adc60\"],\"layerId\":\"b198159b-9fc8-43d7-85b5-1d837bc4dd1d\",\"layerType\":\"data\",\"seriesType\":\"bar_horizontal\",\"xAccessor\":\"3f7b8397-e2bc-4612-aabe-b86bc3292988\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false,\"showSingleSeries\":true},\"preferredSeriesType\":\"bar_horizontal\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Access Transparency Events by Product Name [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"2454d096-efb5-4768-8370-c6ab3a0427d4\",\"w\":48,\"x\":0,\"y\":19},\"panelIndex\":\"2454d096-efb5-4768-8370-c6ab3a0427d4\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":25,\"markdown\":\"GCP Logs\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"db896a78-3616-45ad-9bc8-19b05e8fcfd8\",\"w\":24,\"x\":0,\"y\":23},\"panelIndex\":\"db896a78-3616-45ad-9bc8-19b05e8fcfd8\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b198159b-9fc8-43d7-85b5-1d837bc4dd1d\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"a42aa10f-1b9d-48a9-89ad-f046dcdc5c66\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b198159b-9fc8-43d7-85b5-1d837bc4dd1d\":{\"columnOrder\":[\"3f7b8397-e2bc-4612-aabe-b86bc3292988\",\"0c1a8e5e-744a-4aee-ad9a-dcd9b67adc60\"],\"columns\":{\"0c1a8e5e-744a-4aee-ad9a-dcd9b67adc60\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"3f7b8397-e2bc-4612-aabe-b86bc3292988\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Event Action\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0c1a8e5e-744a-4aee-ad9a-dcd9b67adc60\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"event.action\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"a42aa10f-1b9d-48a9-89ad-f046dcdc5c66\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.gcp\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.gcp\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"0c1a8e5e-744a-4aee-ad9a-dcd9b67adc60\"],\"layerId\":\"b198159b-9fc8-43d7-85b5-1d837bc4dd1d\",\"layerType\":\"data\",\"seriesType\":\"bar_horizontal\",\"xAccessor\":\"3f7b8397-e2bc-4612-aabe-b86bc3292988\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false,\"showSingleSeries\":true},\"preferredSeriesType\":\"bar_horizontal\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of GCP Events by Event Action [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"0d7a2a9c-878a-49ef-b6a1-36b775d31e9b\",\"w\":24,\"x\":24,\"y\":23},\"panelIndex\":\"0d7a2a9c-878a-49ef-b6a1-36b775d31e9b\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-35204d48-9325-4626-a8dd-27752514ba35\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"f94d3a60-02aa-4ebe-b4d9-5b5ff956555b\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"35204d48-9325-4626-a8dd-27752514ba35\":{\"columnOrder\":[\"a53b9c2c-fe48-46d9-a65e-7fd87bfe007d\",\"192da17a-f603-4d4f-b1bb-5fe9918c6659\"],\"columns\":{\"192da17a-f603-4d4f-b1bb-5fe9918c6659\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"a53b9c2c-fe48-46d9-a65e-7fd87bfe007d\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Filters\",\"operationType\":\"filters\",\"params\":{\"filters\":[{\"input\":{\"language\":\"kuery\",\"query\":\"event.action : \\\"DELETE_POSIX_ACCOUNT\\\"\"},\"label\":\"Delete Posix Account\"},{\"input\":{\"language\":\"kuery\",\"query\":\"event.action : \\\"DELETE_SSH_PUBLIC_KEY\\\"\"},\"label\":\"Delete SSH Public Key\"}]},\"scale\":\"ordinal\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"f94d3a60-02aa-4ebe-b4d9-5b5ff956555b\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.gcp\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.gcp\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"breakdownByAccessor\":\"a53b9c2c-fe48-46d9-a65e-7fd87bfe007d\",\"layerId\":\"35204d48-9325-4626-a8dd-27752514ba35\",\"layerType\":\"data\",\"maxCols\":2,\"metricAccessor\":\"192da17a-f603-4d4f-b1bb-5fe9918c6659\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Delete Posix Account and Delete SSH Public Key Count [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"42b780e5-b9e6-49e0-af59-a2d205d0cbce\",\"w\":24,\"x\":24,\"y\":31},\"panelIndex\":\"42b780e5-b9e6-49e0-af59-a2d205d0cbce\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-35204d48-9325-4626-a8dd-27752514ba35\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"3410ee9d-49ea-4f09-963b-85a9b7900a44\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"35204d48-9325-4626-a8dd-27752514ba35\":{\"columnOrder\":[\"a53b9c2c-fe48-46d9-a65e-7fd87bfe007d\",\"192da17a-f603-4d4f-b1bb-5fe9918c6659\"],\"columns\":{\"192da17a-f603-4d4f-b1bb-5fe9918c6659\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"a53b9c2c-fe48-46d9-a65e-7fd87bfe007d\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Filters\",\"operationType\":\"filters\",\"params\":{\"filters\":[{\"input\":{\"language\":\"kuery\",\"query\":\"event.action : \\\"GET_SSH_PUBLIC_KEY\\\"\"},\"label\":\"Retrieve SSH Public Key\"},{\"input\":{\"language\":\"kuery\",\"query\":\"event.action : \\\"GET_LOGIN_PROFILE\\\"\"},\"label\":\"Retrieve Login Profile\"}]},\"scale\":\"ordinal\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"3410ee9d-49ea-4f09-963b-85a9b7900a44\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.gcp\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.gcp\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"breakdownByAccessor\":\"a53b9c2c-fe48-46d9-a65e-7fd87bfe007d\",\"layerId\":\"35204d48-9325-4626-a8dd-27752514ba35\",\"layerType\":\"data\",\"maxCols\":2,\"metricAccessor\":\"192da17a-f603-4d4f-b1bb-5fe9918c6659\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Retrieve SSH Public Key and Retrieve Login Profile Count [Logs Google Workspace]\"}]","timeRestore":false,"title":"[Logs Google Workspace] Access Transparency and GCP","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"google_workspace-e9a62e70-9583-11ed-82ba-c3ec829933e4","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"33c833bf-afb9-4c83-a205-7baf495aeb2d:indexpattern-datasource-layer-52d472a0-b19c-474a-baca-a8d615842fe2","type":"index-pattern"},{"id":"logs-*","name":"33c833bf-afb9-4c83-a205-7baf495aeb2d:787386d9-9f5a-43f2-9fa4-6d61c80e61f0","type":"index-pattern"},{"id":"logs-*","name":"3d627cfb-4158-44ea-af97-939ae549fc12:indexpattern-datasource-layer-b198159b-9fc8-43d7-85b5-1d837bc4dd1d","type":"index-pattern"},{"id":"logs-*","name":"3d627cfb-4158-44ea-af97-939ae549fc12:b55f097a-0337-4238-a95b-548d275f00c5","type":"index-pattern"},{"id":"logs-*","name":"db896a78-3616-45ad-9bc8-19b05e8fcfd8:indexpattern-datasource-layer-b198159b-9fc8-43d7-85b5-1d837bc4dd1d","type":"index-pattern"},{"id":"logs-*","name":"db896a78-3616-45ad-9bc8-19b05e8fcfd8:a42aa10f-1b9d-48a9-89ad-f046dcdc5c66","type":"index-pattern"},{"id":"logs-*","name":"0d7a2a9c-878a-49ef-b6a1-36b775d31e9b:indexpattern-datasource-layer-35204d48-9325-4626-a8dd-27752514ba35","type":"index-pattern"},{"id":"logs-*","name":"0d7a2a9c-878a-49ef-b6a1-36b775d31e9b:f94d3a60-02aa-4ebe-b4d9-5b5ff956555b","type":"index-pattern"},{"id":"logs-*","name":"42b780e5-b9e6-49e0-af59-a2d205d0cbce:indexpattern-datasource-layer-35204d48-9325-4626-a8dd-27752514ba35","type":"index-pattern"},{"id":"logs-*","name":"42b780e5-b9e6-49e0-af59-a2d205d0cbce:3410ee9d-49ea-4f09-963b-85a9b7900a44","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688154054424,8016],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4MDMsMV0="}
-{"attributes":{"description":"Overview of Google Workspace SAML.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.saml\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.saml\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"map\",\"gridData\":{\"h\":21,\"i\":\"c40b49d0-6f01-4395-9d81-0de47dfa2290\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"c40b49d0-6f01-4395-9d81-0de47dfa2290\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"layerListJSON\":\"[{\\\"locale\\\":\\\"autoselect\\\",\\\"sourceDescriptor\\\":{\\\"type\\\":\\\"EMS_TMS\\\",\\\"isAutoSelect\\\":true,\\\"lightModeDefault\\\":\\\"road_map_desaturated\\\"},\\\"id\\\":\\\"0fd07aa5-f21a-43ff-99d0-42e0413407ae\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":1,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"EMS_VECTOR_TILE\\\",\\\"color\\\":\\\"\\\"},\\\"includeInFitToBounds\\\":true,\\\"type\\\":\\\"EMS_VECTOR_TILE\\\"},{\\\"sourceDescriptor\\\":{\\\"geoField\\\":\\\"source.geo.location\\\",\\\"requestType\\\":\\\"heatmap\\\",\\\"resolution\\\":\\\"SUPER_FINE\\\",\\\"id\\\":\\\"e9f2d621-2ca0-4119-a694-1861d45404b0\\\",\\\"type\\\":\\\"ES_GEO_GRID\\\",\\\"applyGlobalQuery\\\":true,\\\"applyGlobalTime\\\":true,\\\"applyForceRefresh\\\":true,\\\"metrics\\\":[{\\\"type\\\":\\\"count\\\"}],\\\"indexPatternRefName\\\":\\\"layer_1_source_index_pattern\\\"},\\\"id\\\":\\\"cfbd14c5-ad5b-4dae-ad9d-1a2730835edd\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":0.75,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"HEATMAP\\\",\\\"colorRampName\\\":\\\"theclassic\\\"},\\\"includeInFitToBounds\\\":true,\\\"type\\\":\\\"HEATMAP\\\"}]\",\"mapStateJSON\":\"{\\\"zoom\\\":1.9,\\\"center\\\":{\\\"lon\\\":8.28539,\\\"lat\\\":41.32621},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-15m\\\",\\\"to\\\":\\\"now\\\"},\\\"refreshConfig\\\":{\\\"isPaused\\\":true,\\\"interval\\\":0},\\\"query\\\":{\\\"query\\\":\\\"\\\",\\\"language\\\":\\\"kuery\\\"},\\\"filters\\\":[],\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false,\\\"backgroundColor\\\":\\\"#ffffff\\\",\\\"customIcons\\\":[],\\\"disableInteractive\\\":false,\\\"disableTooltipControl\\\":false,\\\"hideToolbarOverlay\\\":false,\\\"hideLayerControl\\\":false,\\\"hideViewControl\\\":false,\\\"initialLocation\\\":\\\"LAST_SAVED_LOCATION\\\",\\\"fixedLocation\\\":{\\\"lat\\\":0,\\\"lon\\\":0,\\\"zoom\\\":2},\\\"browserLocation\\\":{\\\"zoom\\\":2},\\\"keydownScrollZoom\\\":false,\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"showScaleControl\\\":false,\\\"showSpatialFilters\\\":true,\\\"showTimesliderToggleButton\\\":true,\\\"spatialFiltersAlpa\\\":0.3,\\\"spatialFiltersFillColor\\\":\\\"#DA8B45\\\",\\\"spatialFiltersLineColor\\\":\\\"#DA8B45\\\"}}\",\"title\":\"\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[\\\"cfbd14c5-ad5b-4dae-ad9d-1a2730835edd\\\"]}\"},\"enhancements\":{},\"hiddenLayers\":[],\"hidePanelTitles\":false,\"isLayerTOCOpen\":true,\"mapBuffer\":{\"maxLat\":85.05113,\"maxLon\":270,\"minLat\":-66.51326,\"minLon\":-180},\"mapCenter\":{\"lat\":41.32621,\"lon\":8.28539,\"zoom\":1.9},\"openTOCDetails\":[\"cfbd14c5-ad5b-4dae-ad9d-1a2730835edd\"],\"type\":\"map\"},\"title\":\"SAML Activity by Location [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"013b5322-a572-42db-8238-968dc7a8b2d0\",\"w\":24,\"x\":0,\"y\":21},\"panelIndex\":\"013b5322-a572-42db-8238-968dc7a8b2d0\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-90c540c3-ba1c-4d69-889b-60a40f55c2e5\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"4b0bafd4-a641-4dea-9615-81986d090331\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"90c540c3-ba1c-4d69-889b-60a40f55c2e5\":{\"columnOrder\":[\"00bf2ec4-4fab-44fa-afa9-00902061538a\"],\"columns\":{\"00bf2ec4-4fab-44fa-afa9-00902061538a\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"4b0bafd4-a641-4dea-9615-81986d090331\",\"key\":\"event.action\",\"negate\":false,\"params\":{\"query\":\"login_failure\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.action\":\"login_failure\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"00bf2ec4-4fab-44fa-afa9-00902061538a\",\"layerId\":\"90c540c3-ba1c-4d69-889b-60a40f55c2e5\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Failed sign-in Attempts [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"75928038-4f14-4612-8364-da5257f57fae\",\"w\":24,\"x\":24,\"y\":21},\"panelIndex\":\"75928038-4f14-4612-8364-da5257f57fae\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-ddd95dae-1e5c-4250-b131-3d0cc9d15274\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"ddd95dae-1e5c-4250-b131-3d0cc9d15274\":{\"columnOrder\":[\"d1197d6e-53bc-4550-aec3-4e9c93715140\",\"087eb712-d84b-4d26-9ebc-ab7603baff94\"],\"columns\":{\"087eb712-d84b-4d26-9ebc-ab7603baff94\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"d1197d6e-53bc-4550-aec3-4e9c93715140\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Requester of Authentication\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"087eb712-d84b-4d26-9ebc-ab7603baff94\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.saml.initiated_by\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"ddd95dae-1e5c-4250-b131-3d0cc9d15274\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"d1197d6e-53bc-4550-aec3-4e9c93715140\"],\"metrics\":[\"087eb712-d84b-4d26-9ebc-ab7603baff94\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of SAML Events by Requester of Authentication [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"1b94ed2d-bda6-401b-8053-a3964d8e6afd\",\"w\":24,\"x\":0,\"y\":36},\"panelIndex\":\"1b94ed2d-bda6-401b-8053-a3964d8e6afd\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-3197fe98-4987-4e70-8ffd-9ca3df75a1ca\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"3197fe98-4987-4e70-8ffd-9ca3df75a1ca\":{\"columnOrder\":[\"6cd80fbe-be11-49a0-bd2a-99c3cda6ab7c\",\"3e0b1422-5d09-4645-b90f-07882b0787e8\"],\"columns\":{\"3e0b1422-5d09-4645-b90f-07882b0787e8\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"6cd80fbe-be11-49a0-bd2a-99c3cda6ab7c\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Event Action\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"3e0b1422-5d09-4645-b90f-07882b0787e8\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"event.action\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"3197fe98-4987-4e70-8ffd-9ca3df75a1ca\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"6cd80fbe-be11-49a0-bd2a-99c3cda6ab7c\"],\"metrics\":[\"3e0b1422-5d09-4645-b90f-07882b0787e8\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of SAML Events by Event Action [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"d76c97f4-0b14-487e-8cdd-f27a00086096\",\"w\":24,\"x\":24,\"y\":36},\"panelIndex\":\"d76c97f4-0b14-487e-8cdd-f27a00086096\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-116d52a9-f986-4c80-9a99-d28e72a82bdd\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"116d52a9-f986-4c80-9a99-d28e72a82bdd\":{\"columnOrder\":[\"e534ccd5-8af3-409e-80bd-aac33a1bb172\",\"964c7c6d-2302-43c3-a363-cdcda9800aad\"],\"columns\":{\"964c7c6d-2302-43c3-a363-cdcda9800aad\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"e534ccd5-8af3-409e-80bd-aac33a1bb172\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Failure Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"964c7c6d-2302-43c3-a363-cdcda9800aad\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.saml.failure_type\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"116d52a9-f986-4c80-9a99-d28e72a82bdd\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"e534ccd5-8af3-409e-80bd-aac33a1bb172\"],\"metrics\":[\"964c7c6d-2302-43c3-a363-cdcda9800aad\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of SAML Events by Failure Type [Logs Google Workspace]\"}]","timeRestore":false,"title":"[Logs Google Workspace] SAML","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"google_workspace-ec193fd0-3ab6-11ed-8bdd-f5c5df6c1370","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"c40b49d0-6f01-4395-9d81-0de47dfa2290:layer_1_source_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"013b5322-a572-42db-8238-968dc7a8b2d0:indexpattern-datasource-layer-90c540c3-ba1c-4d69-889b-60a40f55c2e5","type":"index-pattern"},{"id":"logs-*","name":"013b5322-a572-42db-8238-968dc7a8b2d0:4b0bafd4-a641-4dea-9615-81986d090331","type":"index-pattern"},{"id":"logs-*","name":"75928038-4f14-4612-8364-da5257f57fae:indexpattern-datasource-layer-ddd95dae-1e5c-4250-b131-3d0cc9d15274","type":"index-pattern"},{"id":"logs-*","name":"1b94ed2d-bda6-401b-8053-a3964d8e6afd:indexpattern-datasource-layer-3197fe98-4987-4e70-8ffd-9ca3df75a1ca","type":"index-pattern"},{"id":"logs-*","name":"d76c97f4-0b14-487e-8cdd-f27a00086096:indexpattern-datasource-layer-116d52a9-f986-4c80-9a99-d28e72a82bdd","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688154054424,8026],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4MDQsMV0="}
-{"attributes":{"description":"Overview of Google Workspace Login.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.login\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.login\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"map\",\"gridData\":{\"h\":19,\"i\":\"29210aa9-bb90-4edc-b942-609f8e418f10\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"29210aa9-bb90-4edc-b942-609f8e418f10\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"layerListJSON\":\"[{\\\"locale\\\":\\\"autoselect\\\",\\\"sourceDescriptor\\\":{\\\"type\\\":\\\"EMS_TMS\\\",\\\"isAutoSelect\\\":true,\\\"lightModeDefault\\\":\\\"road_map_desaturated\\\"},\\\"id\\\":\\\"16f086bd-d15b-46ae-ad9a-69dac1c3034b\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":1,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"EMS_VECTOR_TILE\\\",\\\"color\\\":\\\"\\\"},\\\"includeInFitToBounds\\\":true,\\\"type\\\":\\\"EMS_VECTOR_TILE\\\"},{\\\"sourceDescriptor\\\":{\\\"geoField\\\":\\\"source.geo.location\\\",\\\"requestType\\\":\\\"heatmap\\\",\\\"resolution\\\":\\\"SUPER_FINE\\\",\\\"id\\\":\\\"2f93b217-9f4e-4efe-9a33-2d3ee12d621c\\\",\\\"type\\\":\\\"ES_GEO_GRID\\\",\\\"applyGlobalQuery\\\":true,\\\"applyGlobalTime\\\":true,\\\"applyForceRefresh\\\":true,\\\"metrics\\\":[{\\\"type\\\":\\\"count\\\"}],\\\"indexPatternRefName\\\":\\\"layer_1_source_index_pattern\\\"},\\\"id\\\":\\\"52758523-86c9-4f95-89d1-96f963d7a6bb\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":0.75,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"HEATMAP\\\",\\\"colorRampName\\\":\\\"theclassic\\\"},\\\"includeInFitToBounds\\\":true,\\\"type\\\":\\\"HEATMAP\\\"}]\",\"mapStateJSON\":\"{\\\"zoom\\\":1.54,\\\"center\\\":{\\\"lon\\\":0,\\\"lat\\\":19.94277},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-15m\\\",\\\"to\\\":\\\"now\\\"},\\\"refreshConfig\\\":{\\\"isPaused\\\":true,\\\"interval\\\":0},\\\"query\\\":{\\\"query\\\":\\\"\\\",\\\"language\\\":\\\"kuery\\\"},\\\"filters\\\":[],\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false,\\\"backgroundColor\\\":\\\"#ffffff\\\",\\\"customIcons\\\":[],\\\"disableInteractive\\\":false,\\\"disableTooltipControl\\\":false,\\\"hideToolbarOverlay\\\":false,\\\"hideLayerControl\\\":false,\\\"hideViewControl\\\":false,\\\"initialLocation\\\":\\\"LAST_SAVED_LOCATION\\\",\\\"fixedLocation\\\":{\\\"lat\\\":0,\\\"lon\\\":0,\\\"zoom\\\":2},\\\"browserLocation\\\":{\\\"zoom\\\":2},\\\"keydownScrollZoom\\\":false,\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"showScaleControl\\\":false,\\\"showSpatialFilters\\\":true,\\\"showTimesliderToggleButton\\\":true,\\\"spatialFiltersAlpa\\\":0.3,\\\"spatialFiltersFillColor\\\":\\\"#DA8B45\\\",\\\"spatialFiltersLineColor\\\":\\\"#DA8B45\\\"}}\",\"title\":\"\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[\\\"52758523-86c9-4f95-89d1-96f963d7a6bb\\\"]}\"},\"enhancements\":{},\"hiddenLayers\":[],\"hidePanelTitles\":false,\"isLayerTOCOpen\":true,\"mapBuffer\":{\"maxLat\":66.51326,\"maxLon\":180,\"minLat\":-66.51326,\"minLon\":-180},\"mapCenter\":{\"lat\":19.94277,\"lon\":0,\"zoom\":1.54},\"openTOCDetails\":[\"52758523-86c9-4f95-89d1-96f963d7a6bb\"],\"type\":\"map\"},\"title\":\"Login Activity by Location [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"28c54fde-6df9-4d31-9714-cc53a7672b57\",\"w\":24,\"x\":0,\"y\":19},\"panelIndex\":\"28c54fde-6df9-4d31-9714-cc53a7672b57\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-bad76b3a-acf1-48a7-9e09-1e8ed40cff65\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"2498e963-085a-4510-9236-bfaf40222a9c\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"bad76b3a-acf1-48a7-9e09-1e8ed40cff65\":{\"columnOrder\":[\"656a9403-137f-4f35-b9ac-76f5038c1b96\"],\"columns\":{\"656a9403-137f-4f35-b9ac-76f5038c1b96\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"2498e963-085a-4510-9236-bfaf40222a9c\",\"key\":\"event.action\",\"negate\":false,\"params\":{\"query\":\"login_success\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.action\":\"login_success\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"656a9403-137f-4f35-b9ac-76f5038c1b96\",\"layerId\":\"bad76b3a-acf1-48a7-9e09-1e8ed40cff65\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Successful Login [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"f44a5ab5-b955-4e18-8877-de9bbad1d8ee\",\"w\":24,\"x\":24,\"y\":19},\"panelIndex\":\"f44a5ab5-b955-4e18-8877-de9bbad1d8ee\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-ac23a8d1-ce4d-44fc-8b5a-c07cde2ad01e\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"355df87c-dfe1-469f-9aba-2e26c5c4947b\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"ac23a8d1-ce4d-44fc-8b5a-c07cde2ad01e\":{\"columnOrder\":[\"1a5ce547-26d3-4df3-92d1-4700add392c0\"],\"columns\":{\"1a5ce547-26d3-4df3-92d1-4700add392c0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"355df87c-dfe1-469f-9aba-2e26c5c4947b\",\"key\":\"event.action\",\"negate\":false,\"params\":{\"query\":\"login_failure\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.action\":\"login_failure\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"1a5ce547-26d3-4df3-92d1-4700add392c0\",\"layerId\":\"ac23a8d1-ce4d-44fc-8b5a-c07cde2ad01e\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Login Failures [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"7de60bed-66b1-4eac-94d5-9232075d966a\",\"w\":24,\"x\":0,\"y\":34},\"panelIndex\":\"7de60bed-66b1-4eac-94d5-9232075d966a\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-8eb1dd26-089b-4628-95b4-ab8fb896a34b\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"8eb1dd26-089b-4628-95b4-ab8fb896a34b\":{\"columnOrder\":[\"9f8cde90-d679-43e7-9522-6fb3e637eb93\",\"ce403b9a-1d45-4eec-8c00-efd610f7d4ad\"],\"columns\":{\"9f8cde90-d679-43e7-9522-6fb3e637eb93\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Login State\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"ce403b9a-1d45-4eec-8c00-efd610f7d4ad\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"event.action\"},\"ce403b9a-1d45-4eec-8c00-efd610f7d4ad\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"8eb1dd26-089b-4628-95b4-ab8fb896a34b\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"9f8cde90-d679-43e7-9522-6fb3e637eb93\"],\"metrics\":[\"ce403b9a-1d45-4eec-8c00-efd610f7d4ad\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Login Events by Login State [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"cc2db11e-631d-41fa-bb64-ef5765fbec67\",\"w\":24,\"x\":24,\"y\":34},\"panelIndex\":\"cc2db11e-631d-41fa-bb64-ef5765fbec67\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-cc29da28-7ee9-46e9-89aa-4f40a194579b\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"cc29da28-7ee9-46e9-89aa-4f40a194579b\":{\"columnOrder\":[\"a979f09f-fa90-4290-9969-ae3524fbee4d\",\"09967274-c8cd-4f44-8bbd-c934de3bc38e\"],\"columns\":{\"09967274-c8cd-4f44-8bbd-c934de3bc38e\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Login Activity\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"event.action\"},\"a979f09f-fa90-4290-9969-ae3524fbee4d\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"09967274-c8cd-4f44-8bbd-c934de3bc38e\"],\"layerId\":\"cc29da28-7ee9-46e9-89aa-4f40a194579b\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"a979f09f-fa90-4290-9969-ae3524fbee4d\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Login Activity Over Time [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"41d89e0c-8187-42db-a930-019746ce7f26\",\"w\":24,\"x\":0,\"y\":49},\"panelIndex\":\"41d89e0c-8187-42db-a930-019746ce7f26\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-499ed09d-4967-41a1-8f56-a925e856cf4e\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"499ed09d-4967-41a1-8f56-a925e856cf4e\":{\"columnOrder\":[\"43188990-0c24-4d05-aab6-0c2ec75811eb\",\"e1fa7253-404d-4269-a6b8-3784968c8863\",\"ddfc9b85-9534-42d7-89cc-fe74c912512b\"],\"columns\":{\"43188990-0c24-4d05-aab6-0c2ec75811eb\":{\"customLabel\":true,\"dataType\":\"ip\",\"isBucketed\":true,\"label\":\"IP Address\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"ddfc9b85-9534-42d7-89cc-fe74c912512b\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"source.ip\"},\"ddfc9b85-9534-42d7-89cc-fe74c912512b\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"e1fa7253-404d-4269-a6b8-3784968c8863\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"User Email\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"ddfc9b85-9534-42d7-89cc-fe74c912512b\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"user.email\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"43188990-0c24-4d05-aab6-0c2ec75811eb\"},{\"columnId\":\"ddfc9b85-9534-42d7-89cc-fe74c912512b\"},{\"columnId\":\"e1fa7253-404d-4269-a6b8-3784968c8863\",\"isTransposed\":false}],\"layerId\":\"499ed09d-4967-41a1-8f56-a925e856cf4e\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top 10 Login by IPs [Logs Google Workspace]\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":15,\"i\":\"acb1ca56-45a5-445f-906a-72af4f55acdc\",\"w\":24,\"x\":24,\"y\":49},\"panelIndex\":\"acb1ca56-45a5-445f-906a-72af4f55acdc\",\"panelRefName\":\"panel_acb1ca56-45a5-445f-906a-72af4f55acdc\",\"type\":\"search\",\"version\":\"8.4.0\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":17,\"i\":\"1036cea6-ecbc-4e89-8288-cdd1acaf8b92\",\"w\":48,\"x\":0,\"y\":64},\"panelIndex\":\"1036cea6-ecbc-4e89-8288-cdd1acaf8b92\",\"panelRefName\":\"panel_1036cea6-ecbc-4e89-8288-cdd1acaf8b92\",\"type\":\"search\",\"version\":\"8.4.0\"}]","timeRestore":false,"title":"[Logs Google Workspace] Login","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"google_workspace-f163f270-3b13-11ed-8bdd-f5c5df6c1370","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"29210aa9-bb90-4edc-b942-609f8e418f10:layer_1_source_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"28c54fde-6df9-4d31-9714-cc53a7672b57:indexpattern-datasource-layer-bad76b3a-acf1-48a7-9e09-1e8ed40cff65","type":"index-pattern"},{"id":"logs-*","name":"28c54fde-6df9-4d31-9714-cc53a7672b57:2498e963-085a-4510-9236-bfaf40222a9c","type":"index-pattern"},{"id":"logs-*","name":"f44a5ab5-b955-4e18-8877-de9bbad1d8ee:indexpattern-datasource-layer-ac23a8d1-ce4d-44fc-8b5a-c07cde2ad01e","type":"index-pattern"},{"id":"logs-*","name":"f44a5ab5-b955-4e18-8877-de9bbad1d8ee:355df87c-dfe1-469f-9aba-2e26c5c4947b","type":"index-pattern"},{"id":"logs-*","name":"7de60bed-66b1-4eac-94d5-9232075d966a:indexpattern-datasource-layer-8eb1dd26-089b-4628-95b4-ab8fb896a34b","type":"index-pattern"},{"id":"logs-*","name":"cc2db11e-631d-41fa-bb64-ef5765fbec67:indexpattern-datasource-layer-cc29da28-7ee9-46e9-89aa-4f40a194579b","type":"index-pattern"},{"id":"logs-*","name":"41d89e0c-8187-42db-a930-019746ce7f26:indexpattern-datasource-layer-499ed09d-4967-41a1-8f56-a925e856cf4e","type":"index-pattern"},{"id":"google_workspace-7ab25b80-3b13-11ed-8bdd-f5c5df6c1370","name":"acb1ca56-45a5-445f-906a-72af4f55acdc:panel_acb1ca56-45a5-445f-906a-72af4f55acdc","type":"search"},{"id":"google_workspace-2c0d5bc0-3b0d-11ed-8bdd-f5c5df6c1370","name":"1036cea6-ecbc-4e89-8288-cdd1acaf8b92:panel_1036cea6-ecbc-4e89-8288-cdd1acaf8b92","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688154054424,8040],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4MDUsMV0="}
-{"attributes":{"description":"Overview of Google Workspace Drive.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.drive\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.drive\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"map\",\"gridData\":{\"h\":17,\"i\":\"88d9b7a3-a631-4079-a36f-0ce9401f59d8\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"88d9b7a3-a631-4079-a36f-0ce9401f59d8\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"layerListJSON\":\"[{\\\"locale\\\":\\\"autoselect\\\",\\\"sourceDescriptor\\\":{\\\"type\\\":\\\"EMS_TMS\\\",\\\"isAutoSelect\\\":true,\\\"lightModeDefault\\\":\\\"road_map_desaturated\\\"},\\\"id\\\":\\\"bcfedb82-4cc4-436e-b6fb-81708bb72414\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":1,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"EMS_VECTOR_TILE\\\",\\\"color\\\":\\\"\\\"},\\\"includeInFitToBounds\\\":true,\\\"type\\\":\\\"EMS_VECTOR_TILE\\\"},{\\\"sourceDescriptor\\\":{\\\"geoField\\\":\\\"source.geo.location\\\",\\\"requestType\\\":\\\"heatmap\\\",\\\"resolution\\\":\\\"SUPER_FINE\\\",\\\"id\\\":\\\"05f00420-00c5-4794-ad57-57e7d8da73ae\\\",\\\"type\\\":\\\"ES_GEO_GRID\\\",\\\"applyGlobalQuery\\\":true,\\\"applyGlobalTime\\\":true,\\\"applyForceRefresh\\\":true,\\\"metrics\\\":[{\\\"type\\\":\\\"count\\\"}],\\\"indexPatternRefName\\\":\\\"layer_1_source_index_pattern\\\"},\\\"id\\\":\\\"c5d8e98c-79e7-4f79-8499-0f172f748378\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":0.75,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"HEATMAP\\\",\\\"colorRampName\\\":\\\"theclassic\\\"},\\\"includeInFitToBounds\\\":true,\\\"type\\\":\\\"HEATMAP\\\"}]\",\"mapStateJSON\":\"{\\\"zoom\\\":1.54,\\\"center\\\":{\\\"lon\\\":0,\\\"lat\\\":19.94277},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-15y\\\",\\\"to\\\":\\\"now\\\"},\\\"refreshConfig\\\":{\\\"isPaused\\\":true,\\\"interval\\\":0},\\\"query\\\":{\\\"query\\\":\\\"\\\",\\\"language\\\":\\\"kuery\\\"},\\\"filters\\\":[],\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false,\\\"backgroundColor\\\":\\\"#ffffff\\\",\\\"customIcons\\\":[],\\\"disableInteractive\\\":false,\\\"disableTooltipControl\\\":false,\\\"hideToolbarOverlay\\\":false,\\\"hideLayerControl\\\":false,\\\"hideViewControl\\\":false,\\\"initialLocation\\\":\\\"LAST_SAVED_LOCATION\\\",\\\"fixedLocation\\\":{\\\"lat\\\":0,\\\"lon\\\":0,\\\"zoom\\\":2},\\\"browserLocation\\\":{\\\"zoom\\\":2},\\\"keydownScrollZoom\\\":false,\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"showScaleControl\\\":false,\\\"showSpatialFilters\\\":true,\\\"showTimesliderToggleButton\\\":true,\\\"spatialFiltersAlpa\\\":0.3,\\\"spatialFiltersFillColor\\\":\\\"#DA8B45\\\",\\\"spatialFiltersLineColor\\\":\\\"#DA8B45\\\"}}\",\"title\":\"\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[\\\"c5d8e98c-79e7-4f79-8499-0f172f748378\\\"]}\"},\"enhancements\":{},\"hiddenLayers\":[],\"hidePanelTitles\":false,\"isLayerTOCOpen\":true,\"mapBuffer\":{\"maxLat\":66.51326,\"maxLon\":270,\"minLat\":-66.51326,\"minLon\":-270},\"mapCenter\":{\"lat\":15.95347,\"lon\":-1.96086,\"zoom\":1.56},\"openTOCDetails\":[\"c5d8e98c-79e7-4f79-8499-0f172f748378\"],\"type\":\"map\"},\"title\":\"Drive Activity by Location [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"13fdbdfd-2204-42e6-a0df-5ec6abd24eb2\",\"w\":24,\"x\":0,\"y\":17},\"panelIndex\":\"13fdbdfd-2204-42e6-a0df-5ec6abd24eb2\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-23370ea2-03f9-4302-8b0c-4c4ee6a81318\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"b3241535-72fc-4880-8186-e0e663c80620\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"23370ea2-03f9-4302-8b0c-4c4ee6a81318\":{\"columnOrder\":[\"d6471b8e-6e22-459d-a682-9b0a04757f64\",\"bd04ef7a-ea8e-4f46-b6e7-f824cacc5885\"],\"columns\":{\"bd04ef7a-ea8e-4f46-b6e7-f824cacc5885\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"d6471b8e-6e22-459d-a682-9b0a04757f64\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Document Title\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"bd04ef7a-ea8e-4f46-b6e7-f824cacc5885\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"file.name\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"b3241535-72fc-4880-8186-e0e663c80620\",\"key\":\"event.action\",\"negate\":false,\"params\":{\"query\":\"download\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.action\":\"download\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"23370ea2-03f9-4302-8b0c-4c4ee6a81318\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"d6471b8e-6e22-459d-a682-9b0a04757f64\"],\"metrics\":[\"bd04ef7a-ea8e-4f46-b6e7-f824cacc5885\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Document Downloads by Title [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"d59d4f9e-73e8-48ab-9f31-3f36a9b49d0e\",\"w\":24,\"x\":24,\"y\":17},\"panelIndex\":\"d59d4f9e-73e8-48ab-9f31-3f36a9b49d0e\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-18651fd1-ac7a-4ab0-8610-1e890b4b9846\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"18651fd1-ac7a-4ab0-8610-1e890b4b9846\":{\"columnOrder\":[\"1871eda3-319f-46ab-949b-2e2bf749c54d\",\"0aab9f3f-951e-4d6f-8597-64dc7f874ef9\"],\"columns\":{\"0aab9f3f-951e-4d6f-8597-64dc7f874ef9\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"1871eda3-319f-46ab-949b-2e2bf749c54d\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Event Action\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0aab9f3f-951e-4d6f-8597-64dc7f874ef9\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"event.action\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"18651fd1-ac7a-4ab0-8610-1e890b4b9846\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"1871eda3-319f-46ab-949b-2e2bf749c54d\"],\"metrics\":[\"0aab9f3f-951e-4d6f-8597-64dc7f874ef9\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Drive Events by Event Action [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"f334e21c-1d4d-426c-953e-dbb45d99219e\",\"w\":24,\"x\":0,\"y\":32},\"panelIndex\":\"f334e21c-1d4d-426c-953e-dbb45d99219e\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":0,\"id\":\"8b7f0824-9e4a-41c8-b2b9-b0a7d9a00273\",\"index_pattern_ref_name\":\"metrics_f334e21c-1d4d-426c-953e-dbb45d99219e_0_index_pattern\",\"interval\":\"\",\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"default\",\"id\":\"65ff96dc-8f2a-4a60-92a3-ad0f249b245d\",\"label\":\"Country Name\",\"line_width\":1,\"metrics\":[{\"id\":\"e68be7b0-708a-400b-badb-0175c3224d21\",\"type\":\"count\"}],\"override_index_pattern\":0,\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"point_size\":1,\"separate_axis\":0,\"series_drop_last_bucket\":0,\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"source.geo.country_name\",\"time_range_mode\":\"entire_time_range\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"timeseries\",\"use_kibana_indexes\":true},\"title\":\"\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Drive Activity by Country Over Time [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"5abea4dd-c858-4dfd-bc80-d949ef49a10b\",\"w\":24,\"x\":24,\"y\":32},\"panelIndex\":\"5abea4dd-c858-4dfd-bc80-d949ef49a10b\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-aacc9a6c-42f7-426a-b5c2-030c3d002d6e\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"02f23398-a7dc-47f2-9e72-697f63c0020a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"aacc9a6c-42f7-426a-b5c2-030c3d002d6e\":{\"columnOrder\":[\"922c01da-1df7-46cf-8076-58bc33def986\",\"2ff3a275-f906-4af9-9c77-7581805436cd\"],\"columns\":{\"2ff3a275-f906-4af9-9c77-7581805436cd\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"922c01da-1df7-46cf-8076-58bc33def986\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Document Title\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"2ff3a275-f906-4af9-9c77-7581805436cd\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"file.name\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"02f23398-a7dc-47f2-9e72-697f63c0020a\",\"key\":\"event.action\",\"negate\":false,\"params\":{\"query\":\"upload\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.action\":\"upload\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"922c01da-1df7-46cf-8076-58bc33def986\",\"isTransposed\":false},{\"columnId\":\"2ff3a275-f906-4af9-9c77-7581805436cd\",\"isTransposed\":false}],\"layerId\":\"aacc9a6c-42f7-426a-b5c2-030c3d002d6e\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top 10 Uploads by Title [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"4bc634ec-bd01-47a4-9f99-5e43edc2de2a\",\"w\":24,\"x\":0,\"y\":47},\"panelIndex\":\"4bc634ec-bd01-47a4-9f99-5e43edc2de2a\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-065ef144-3d40-40fa-ba4a-df4b27642fff\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"065ef144-3d40-40fa-ba4a-df4b27642fff\":{\"columnOrder\":[\"df0aa4ec-73f8-40d4-93d2-135f2b22a3d8\",\"c6ba95bd-d627-412a-adc5-517d63660ad4\"],\"columns\":{\"c6ba95bd-d627-412a-adc5-517d63660ad4\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"df0aa4ec-73f8-40d4-93d2-135f2b22a3d8\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Document Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"c6ba95bd-d627-412a-adc5-517d63660ad4\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.drive.file.type\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"c6ba95bd-d627-412a-adc5-517d63660ad4\"],\"layerId\":\"065ef144-3d40-40fa-ba4a-df4b27642fff\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"df0aa4ec-73f8-40d4-93d2-135f2b22a3d8\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Drive Events by Document Type [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"2606ea99-ab2d-4a46-9528-f254bd341971\",\"w\":24,\"x\":24,\"y\":47},\"panelIndex\":\"2606ea99-ab2d-4a46-9528-f254bd341971\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-944c8671-ceff-4edc-b04e-850f6442d26a\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"9e5838ff-215b-4024-815f-970935f28fc7\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"944c8671-ceff-4edc-b04e-850f6442d26a\":{\"columnOrder\":[\"e0167364-5a48-495f-9afe-2e61df1135d6\",\"70a5231f-a46a-4ac2-8b7d-9095f2eceb05\"],\"columns\":{\"70a5231f-a46a-4ac2-8b7d-9095f2eceb05\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"e0167364-5a48-495f-9afe-2e61df1135d6\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Viewed Documents\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"70a5231f-a46a-4ac2-8b7d-9095f2eceb05\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"file.name\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"9e5838ff-215b-4024-815f-970935f28fc7\",\"key\":\"event.action\",\"negate\":false,\"params\":{\"query\":\"view\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.action\":\"view\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"e0167364-5a48-495f-9afe-2e61df1135d6\",\"isTransposed\":false},{\"columnId\":\"70a5231f-a46a-4ac2-8b7d-9095f2eceb05\",\"isTransposed\":false}],\"layerId\":\"944c8671-ceff-4edc-b04e-850f6442d26a\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top 10 Viewed Documents [Logs Google Workspace]\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":19,\"i\":\"c0550726-6ce7-4d12-a078-3903beb1b4f8\",\"w\":48,\"x\":0,\"y\":62},\"panelIndex\":\"c0550726-6ce7-4d12-a078-3903beb1b4f8\",\"panelRefName\":\"panel_c0550726-6ce7-4d12-a078-3903beb1b4f8\",\"type\":\"search\",\"version\":\"8.4.0\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":19,\"i\":\"cb11b1b1-3767-4eeb-92b3-b05d38a01d78\",\"w\":48,\"x\":0,\"y\":81},\"panelIndex\":\"cb11b1b1-3767-4eeb-92b3-b05d38a01d78\",\"panelRefName\":\"panel_cb11b1b1-3767-4eeb-92b3-b05d38a01d78\",\"type\":\"search\",\"version\":\"8.4.0\"}]","timeRestore":false,"title":"[Logs Google Workspace] Drive","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"google_workspace-f8210e80-3b28-11ed-8bdd-f5c5df6c1370","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"88d9b7a3-a631-4079-a36f-0ce9401f59d8:layer_1_source_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"13fdbdfd-2204-42e6-a0df-5ec6abd24eb2:indexpattern-datasource-layer-23370ea2-03f9-4302-8b0c-4c4ee6a81318","type":"index-pattern"},{"id":"logs-*","name":"13fdbdfd-2204-42e6-a0df-5ec6abd24eb2:b3241535-72fc-4880-8186-e0e663c80620","type":"index-pattern"},{"id":"logs-*","name":"d59d4f9e-73e8-48ab-9f31-3f36a9b49d0e:indexpattern-datasource-layer-18651fd1-ac7a-4ab0-8610-1e890b4b9846","type":"index-pattern"},{"id":"logs-*","name":"f334e21c-1d4d-426c-953e-dbb45d99219e:metrics_f334e21c-1d4d-426c-953e-dbb45d99219e_0_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"5abea4dd-c858-4dfd-bc80-d949ef49a10b:indexpattern-datasource-layer-aacc9a6c-42f7-426a-b5c2-030c3d002d6e","type":"index-pattern"},{"id":"logs-*","name":"5abea4dd-c858-4dfd-bc80-d949ef49a10b:02f23398-a7dc-47f2-9e72-697f63c0020a","type":"index-pattern"},{"id":"logs-*","name":"4bc634ec-bd01-47a4-9f99-5e43edc2de2a:indexpattern-datasource-layer-065ef144-3d40-40fa-ba4a-df4b27642fff","type":"index-pattern"},{"id":"logs-*","name":"2606ea99-ab2d-4a46-9528-f254bd341971:indexpattern-datasource-layer-944c8671-ceff-4edc-b04e-850f6442d26a","type":"index-pattern"},{"id":"logs-*","name":"2606ea99-ab2d-4a46-9528-f254bd341971:9e5838ff-215b-4024-815f-970935f28fc7","type":"index-pattern"},{"id":"google_workspace-1cac9ed0-3b2f-11ed-8bdd-f5c5df6c1370","name":"c0550726-6ce7-4d12-a078-3903beb1b4f8:panel_c0550726-6ce7-4d12-a078-3903beb1b4f8","type":"search"},{"id":"google_workspace-2c40f770-3b24-11ed-8bdd-f5c5df6c1370","name":"cb11b1b1-3767-4eeb-92b3-b05d38a01d78:panel_cb11b1b1-3767-4eeb-92b3-b05d38a01d78","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688154054424,8056],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4MDYsMV0="}
-{"attributes":{"columns":["action_id","osquery.path","agent.name"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"action_id:pack_ossec-rootkit\"},\"version\":true}"},"sort":[["@timestamp","desc"]],"title":"OSSEC Rootkits [Osquery Manager]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"osquery_manager-0fe5dc00-f49b-11e7-8647-534bb4c21040","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-osquery_manager-default","name":"tag-ref-fleet-pkg-osquery_manager-default","type":"tag"}],"sort":[1688154054424,8060],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4MDcsMV0="}
-{"attributes":{"columns":["action_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"action_id:pack_it-compliance_os_version\"},\"version\":true}"},"sort":[["@timestamp","desc"]],"title":"OS versions [Osquery Manager]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"osquery_manager-b5d6baa0-eb02-11e7-8f04-51231daa5b05","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-osquery_manager-default","name":"tag-ref-fleet-pkg-osquery_manager-default","type":"tag"}],"sort":[1688154054424,8064],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4MDgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"savedSearchRefName":"search_0","title":"OS versions [Osquery Manager]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"field\":\"host.hostname\"},\"schema\":\"metric\",\"type\":\"cardinality\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"field\":\"osquery.platform_like\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"osquery.name\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"osquery.version\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"OS versions [Osquery Manager]\",\"type\":\"pie\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"osquery_manager-1da1ed30-eb03-11e7-8f04-51231daa5b05","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"osquery_manager-b5d6baa0-eb02-11e7-8f04-51231daa5b05","name":"search_0","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-osquery_manager-default","name":"tag-ref-fleet-pkg-osquery_manager-default","type":"tag"}],"sort":[1688154054424,8068],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4MDksMV0="}
-{"attributes":{"columns":["action_id","osquery.name","osquery.status"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"action_id:pack_it-compliance_kernel_integrations\"},\"version\":true}"},"sort":[["@timestamp","desc"]],"title":"Kernel integrations [Osquery Manager]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"osquery_manager-f59e21e0-eb03-11e7-8f04-51231daa5b05","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-osquery_manager-default","name":"tag-ref-fleet-pkg-osquery_manager-default","type":"tag"}],"sort":[1688154054424,8072],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4MTAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"osquery.status\",\"negate\":false,\"params\":{\"query\":\"Live\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"Live\"},\"query\":{\"match\":{\"osquery.status\":{\"query\":\"Live\",\"type\":\"phrase\"}}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"savedSearchRefName":"search_0","title":"Number of Kernel integrations [Osquery Manager]","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Live Kernel integrations\",\"field\":\"osquery.name\"},\"schema\":\"metric\",\"type\":\"cardinality\"}],\"params\":{\"addLegend\":true,\"addTooltip\":true,\"gauge\":{\"alignment\":\"horizontal\",\"backStyle\":\"Full\",\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"extendRange\":true,\"gaugeColorMode\":\"Labels\",\"gaugeStyle\":\"Full\",\"gaugeType\":\"Arc\",\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"orientation\":\"vertical\",\"percentageMode\":false,\"scale\":{\"color\":\"#333\",\"labels\":false,\"show\":true},\"style\":{\"bgColor\":false,\"bgFill\":\"#eee\",\"bgMask\":false,\"bgWidth\":0.9,\"fontSize\":60,\"labelColor\":true,\"mask\":false,\"maskBars\":50,\"subText\":\"\",\"width\":0.9},\"type\":\"meter\"},\"isDisplayWarning\":false,\"type\":\"gauge\"},\"title\":\"Number of Kernel integrations [Osquery Manager]\",\"type\":\"gauge\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"osquery_manager-240f3630-eb05-11e7-8f04-51231daa5b05","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"osquery_manager-f59e21e0-eb03-11e7-8f04-51231daa5b05","name":"search_0","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-osquery_manager-default","name":"tag-ref-fleet-pkg-osquery_manager-default","type":"tag"}],"sort":[1688154054424,8077],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4MTEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Navigation [Osquery Manager]","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Navigation [Osquery Manager]\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":10,\"markdown\":\"[Compliance](#/dashboard/osquery_manager-69f5ae20-eb02-11e7-8f04-51231daa5b05) | [OSSEC Rootkit](#/dashboard/osquery_manager-c0a7ce90-f4aa-11e7-8647-534bb4c21040)\",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"osquery_manager-2d6e0760-f4ab-11e7-8647-534bb4c21040","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-osquery_manager-default","name":"tag-ref-fleet-pkg-osquery_manager-default","type":"tag"}],"sort":[1688154054424,8080],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4MTIsMV0="}
-{"attributes":{"columns":["osquery.name","osquery.version","osquery.revision"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"action_id:pack_it-compliance_deb_packages\"},\"version\":true}"},"sort":[["@timestamp","desc"]],"title":"DEB packages installed [Osquery Manager]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"osquery_manager-3824b080-eb02-11e7-8f04-51231daa5b05","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-osquery_manager-default","name":"tag-ref-fleet-pkg-osquery_manager-default","type":"tag"}],"sort":[1688154054424,8084],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4MTMsMV0="}
-{"attributes":{"columns":["osquery.path","osquery.type","osquery.flags"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"action_id:pack_it-compliance_mounts\"},\"version\":true}"},"sort":[["@timestamp","desc"]],"title":"Mounts [Osquery Manager]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"osquery_manager-7a9482d0-eb00-11e7-8f04-51231daa5b05","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-osquery_manager-default","name":"tag-ref-fleet-pkg-osquery_manager-default","type":"tag"}],"sort":[1688154054424,8088],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4MTQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"savedSearchRefName":"search_0","title":"Mounts by type [Osquery Manager]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"osquery.path\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":10},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"osquery.type\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Mounts by type [Osquery Manager]\",\"type\":\"pie\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"osquery_manager-a9fd8bb0-eb01-11e7-8f04-51231daa5b05","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"osquery_manager-7a9482d0-eb00-11e7-8f04-51231daa5b05","name":"search_0","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-osquery_manager-default","name":"tag-ref-fleet-pkg-osquery_manager-default","type":"tag"}],"sort":[1688154054424,8092],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4MTUsMV0="}
-{"attributes":{"description":"Dashboard for visualizing the data collected by the Osquery compliance pack.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"query\":{\"language\":\"kuery\",\"query\":\"event.module:osquery_manager\"},\"version\":true}"},"optionsJSON":"{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":16,\"i\":\"1\",\"w\":24,\"x\":24,\"y\":15},\"panelIndex\":\"1\",\"panelRefName\":\"panel_0\",\"version\":\"7.11.0-SNAPSHOT\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":15,\"i\":\"2\",\"w\":28,\"x\":20,\"y\":0},\"panelIndex\":\"2\",\"panelRefName\":\"panel_1\",\"version\":\"7.11.0-SNAPSHOT\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":16,\"i\":\"3\",\"w\":24,\"x\":0,\"y\":15},\"panelIndex\":\"3\",\"panelRefName\":\"panel_2\",\"version\":\"7.11.0-SNAPSHOT\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":11,\"i\":\"4\",\"w\":11,\"x\":0,\"y\":4},\"panelIndex\":\"4\",\"panelRefName\":\"panel_3\",\"version\":\"7.11.0-SNAPSHOT\"},{\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"},\"legendOpen\":false}},\"gridData\":{\"h\":11,\"i\":\"5\",\"w\":9,\"x\":11,\"y\":4},\"panelIndex\":\"5\",\"panelRefName\":\"panel_4\",\"version\":\"7.11.0-SNAPSHOT\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":4,\"i\":\"6\",\"w\":20,\"x\":0,\"y\":0},\"panelIndex\":\"6\",\"panelRefName\":\"panel_5\",\"version\":\"7.11.0-SNAPSHOT\"}]","timeRestore":false,"title":"[Osquery Manager] Compliance pack","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"osquery_manager-69f5ae20-eb02-11e7-8f04-51231daa5b05","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"osquery_manager-7a9482d0-eb00-11e7-8f04-51231daa5b05","name":"panel_0","type":"search"},{"id":"osquery_manager-a9fd8bb0-eb01-11e7-8f04-51231daa5b05","name":"panel_1","type":"visualization"},{"id":"osquery_manager-3824b080-eb02-11e7-8f04-51231daa5b05","name":"panel_2","type":"search"},{"id":"osquery_manager-1da1ed30-eb03-11e7-8f04-51231daa5b05","name":"panel_3","type":"visualization"},{"id":"osquery_manager-240f3630-eb05-11e7-8f04-51231daa5b05","name":"panel_4","type":"visualization"},{"id":"osquery_manager-2d6e0760-f4ab-11e7-8647-534bb4c21040","name":"panel_5","type":"visualization"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-osquery_manager-default","name":"tag-ref-fleet-pkg-osquery_manager-default","type":"tag"}],"sort":[1688154054424,8101],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4MTYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Info OSSEC rootkit [Osquery Manager]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"This dashboard shows data collected by the ossec-rootkit pack from osquery.\"},\"title\":\"Info OSSEC rootkit [Osquery Manager]\",\"type\":\"markdown\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"osquery_manager-6ec10290-f4aa-11e7-8647-534bb4c21040","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-osquery_manager-default","name":"tag-ref-fleet-pkg-osquery_manager-default","type":"tag"}],"sort":[1688154054424,8104],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4MTcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"savedSearchRefName":"search_0","title":"Number of hosts infected [Osquery Manager]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Hosts\",\"field\":\"agent.name\"},\"schema\":\"metric\",\"type\":\"cardinality\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":40,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Number of hosts infected [Osquery Manager]\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"osquery_manager-ab587180-f4a9-11e7-8647-534bb4c21040","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"osquery_manager-0fe5dc00-f49b-11e7-8647-534bb4c21040","name":"search_0","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-osquery_manager-default","name":"tag-ref-fleet-pkg-osquery_manager-default","type":"tag"}],"sort":[1688154054424,8108],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4MTgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"savedSearchRefName":"search_0","title":"Number of rootkits found [Osquery Manager]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Rootkits\",\"field\":\"action_id\"},\"schema\":\"metric\",\"type\":\"cardinality\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":40,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Number of rootkits found [Osquery Manager]\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"osquery_manager-ffdbba50-f4a9-11e7-8647-534bb4c21040","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"osquery_manager-0fe5dc00-f49b-11e7-8647-534bb4c21040","name":"search_0","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-osquery_manager-default","name":"tag-ref-fleet-pkg-osquery_manager-default","type":"tag"}],"sort":[1688154054424,8112],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4MTksMV0="}
-{"attributes":{"description":"This dashboard shows data collected by the OSSEC rootkit pack from osquery","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"query\":{\"language\":\"kuery\",\"query\":\"event.module:osquery_manager\"},\"version\":true,\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.2.0\",\"type\":\"visualization\",\"gridData\":{\"x\":7,\"y\":0,\"w\":24,\"h\":5,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"panelRefName\":\"panel_1\"},{\"version\":\"8.2.0\",\"type\":\"visualization\",\"gridData\":{\"x\":37,\"y\":0,\"w\":6,\"h\":5,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"panelRefName\":\"panel_2\"},{\"version\":\"8.2.0\",\"type\":\"visualization\",\"gridData\":{\"x\":31,\"y\":0,\"w\":6,\"h\":5,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"panelRefName\":\"panel_3\"},{\"version\":\"8.2.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":7,\"h\":5,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"8.2.0\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":5,\"w\":43,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"}]","timeRestore":false,"title":"[Osquery Manager] OSSEC rootkit pack","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"osquery_manager-c0a7ce90-f4aa-11e7-8647-534bb4c21040","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"osquery_manager-6ec10290-f4aa-11e7-8647-534bb4c21040","name":"1:panel_1","type":"visualization"},{"id":"osquery_manager-ffdbba50-f4a9-11e7-8647-534bb4c21040","name":"2:panel_2","type":"visualization"},{"id":"osquery_manager-ab587180-f4a9-11e7-8647-534bb4c21040","name":"3:panel_3","type":"visualization"},{"id":"osquery_manager-2d6e0760-f4ab-11e7-8647-534bb4c21040","name":"4:panel_4","type":"visualization"},{"id":"osquery_manager-0fe5dc00-f49b-11e7-8647-534bb4c21040","name":"5:panel_5","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-osquery_manager-default","name":"tag-ref-fleet-pkg-osquery_manager-default","type":"tag"}],"sort":[1688154054424,8120],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4MjAsMV0="}
-{"attributes":{"columns":["host.name","message","redis.slowlog.duration.us","redis.slowlog.key"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:redis.slowlog\"},\"version\":true}"},"sort":[["@timestamp","desc"]],"title":"Slow logs [Logs Redis]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"redis-0ab87b80-478e-11e7-b1f0-cb29bac6bf8b","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-redis-default","name":"tag-ref-fleet-pkg-redis-default","type":"tag"}],"sort":[1688154054424,8124],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4MjEsMV0="}
-{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{\"88495d21-6261-4c60-8de6-e9aa688b2085\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"title\":\"Keyspace\",\"fieldName\":\"redis.keyspace.id\",\"id\":\"88495d21-6261-4c60-8de6-e9aa688b2085\",\"selectedOptions\":[\"db0\",\"db1\"],\"enhancements\":{}}}}"},"description":"Redis keys metrics","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"redis.keyspace.id\",\"negate\":false,\"params\":[\"db0\",\"db1\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"redis.keyspace.id\":\"db0\"}},{\"match_phrase\":{\"redis.keyspace.id\":\"db1\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"79fa7446-f3ce-466c-a4b5-bd4fde483e5d\",\"w\":12,\"x\":0,\"y\":0},\"panelIndex\":\"79fa7446-f3ce-466c-a4b5-bd4fde483e5d\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-9d7816a6-2ec8-4b54-aecf-ae00937afd79\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"9d7816a6-2ec8-4b54-aecf-ae00937afd79\":{\"columnOrder\":[\"6b75ecc1-b2d2-4493-82db-b6d84d591a29\",\"fc3ea097-f4a0-4adf-8f5e-e511e2daa39e\",\"7489bf17-cd18-46e5-b971-4b8000b11708\"],\"columns\":{\"6b75ecc1-b2d2-4493-82db-b6d84d591a29\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Key type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"7489bf17-cd18-46e5-b971-4b8000b11708\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"redis.key.type\"},\"7489bf17-cd18-46e5-b971-4b8000b11708\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Number of keys\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"redis.key.id\"},\"fc3ea097-f4a0-4adf-8f5e-e511e2daa39e\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"includeEmptyRows\":false,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"emphasizeFitting\":false,\"fittingFunction\":\"Linear\",\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"layers\":[{\"accessors\":[\"7489bf17-cd18-46e5-b971-4b8000b11708\"],\"layerId\":\"9d7816a6-2ec8-4b54-aecf-ae00937afd79\",\"layerType\":\"data\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"6b75ecc1-b2d2-4493-82db-b6d84d591a29\",\"xAccessor\":\"fc3ea097-f4a0-4adf-8f5e-e511e2daa39e\",\"yConfig\":[{\"axisMode\":\"left\",\"forAccessor\":\"7489bf17-cd18-46e5-b971-4b8000b11708\"}]}],\"legend\":{\"isVisible\":false,\"legendSize\":\"auto\",\"position\":\"right\",\"showSingleSeries\":false},\"preferredSeriesType\":\"line\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"yTitle\":\"Number of keys\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Keys by type\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"3199303d-19cf-430f-ab40-ac73f0ec9ea2\",\"w\":36,\"x\":12,\"y\":0},\"panelIndex\":\"3199303d-19cf-430f-ab40-ac73f0ec9ea2\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-ab5b97a3-2883-46a9-8740-a9e19a13bc0d\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"dd769d1f-2e9d-43b5-b55c-07041bda88c6\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"ab5b97a3-2883-46a9-8740-a9e19a13bc0d\":{\"columnOrder\":[\"e515d55b-1227-4b78-af88-7062dd8a3195\",\"984c366d-3801-4b1d-af7c-d486ee563cf5\",\"39b25dd7-6f66-4279-a12e-23689aa73f60\"],\"columns\":{\"39b25dd7-6f66-4279-a12e-23689aa73f60\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Number of elements\",\"operationType\":\"max\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"redis.key.length\"},\"984c366d-3801-4b1d-af7c-d486ee563cf5\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":false,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"e515d55b-1227-4b78-af88-7062dd8a3195\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Keyspace\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"39b25dd7-6f66-4279-a12e-23689aa73f60\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"multi_terms\"},\"secondaryFields\":[\"redis.key.name\"],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"redis.keyspace.id\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"dd769d1f-2e9d-43b5-b55c-07041bda88c6\",\"key\":\"redis.key.type\",\"negate\":false,\"params\":{\"query\":\"list\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"redis.key.type\":\"list\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"curveType\":\"LINEAR\",\"endValue\":\"None\",\"fittingFunction\":\"Linear\",\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"layers\":[{\"accessors\":[\"39b25dd7-6f66-4279-a12e-23689aa73f60\"],\"layerId\":\"ab5b97a3-2883-46a9-8740-a9e19a13bc0d\",\"layerType\":\"data\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"e515d55b-1227-4b78-af88-7062dd8a3195\",\"xAccessor\":\"984c366d-3801-4b1d-af7c-d486ee563cf5\",\"yConfig\":[{\"axisMode\":\"left\",\"forAccessor\":\"39b25dd7-6f66-4279-a12e-23689aa73f60\"}]}],\"legend\":{\"isVisible\":true,\"legendSize\":\"large\",\"position\":\"right\",\"shouldTruncate\":true,\"showSingleSeries\":true},\"preferredSeriesType\":\"line\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\",\"yTitle\":\"Number of elements\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Lists length\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"161bf113-0b65-4f2c-ad1c-64f06c8b2344\",\"w\":24,\"x\":0,\"y\":15},\"panelIndex\":\"161bf113-0b65-4f2c-ad1c-64f06c8b2344\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-a99f131f-7844-46d3-801d-3023f3eb35d2\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"5febc991-5629-423b-adfd-8d8fafa8c72d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a99f131f-7844-46d3-801d-3023f3eb35d2\":{\"columnOrder\":[\"d754cd8e-a5c1-4776-a991-0d6f76d283a8\",\"55655d47-efcd-4fd4-8f44-aecf4a2df817\",\"8323e01e-804a-48fe-857f-520ea53f8466\"],\"columns\":{\"55655d47-efcd-4fd4-8f44-aecf4a2df817\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"includeEmptyRows\":false,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"8323e01e-804a-48fe-857f-520ea53f8466\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average key size\",\"operationType\":\"average\",\"scale\":\"ratio\",\"sourceField\":\"redis.key.length\"},\"d754cd8e-a5c1-4776-a991-0d6f76d283a8\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Keyspace\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"8323e01e-804a-48fe-857f-520ea53f8466\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"redis.keyspace.id\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"5febc991-5629-423b-adfd-8d8fafa8c72d\",\"key\":\"redis.key.type\",\"negate\":false,\"params\":{\"query\":\"string\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"redis.key.type\":\"string\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"fittingFunction\":\"Linear\",\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"layers\":[{\"accessors\":[\"8323e01e-804a-48fe-857f-520ea53f8466\"],\"layerId\":\"a99f131f-7844-46d3-801d-3023f3eb35d2\",\"layerType\":\"data\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"d754cd8e-a5c1-4776-a991-0d6f76d283a8\",\"xAccessor\":\"55655d47-efcd-4fd4-8f44-aecf4a2df817\",\"yConfig\":[{\"axisMode\":\"left\",\"forAccessor\":\"8323e01e-804a-48fe-857f-520ea53f8466\"}]}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"showSingleSeries\":true},\"preferredSeriesType\":\"line\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"yTitle\":\"Average key size\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Average size of string keys\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"375cffab-4569-45e7-8848-c4464789a543\",\"w\":24,\"x\":24,\"y\":15},\"panelIndex\":\"375cffab-4569-45e7-8848-c4464789a543\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-93604465-9546-445d-8756-e2fe12469522\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"ed708dfe-6273-4fab-a1fb-8ed22b65de53\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"93604465-9546-445d-8756-e2fe12469522\":{\"columnOrder\":[\"88176cc2-3242-443a-b717-ca7e61a68ebb\",\"abc8f7d8-aa5e-489a-b23a-3a62e53f84eb\",\"f14d54b6-0cbc-46f1-a221-135fd946367a\"],\"columns\":{\"88176cc2-3242-443a-b717-ca7e61a68ebb\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Keyspace\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"f14d54b6-0cbc-46f1-a221-135fd946367a\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"multi_terms\"},\"secondaryFields\":[\"redis.key.type\"],\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"redis.keyspace.id\"},\"abc8f7d8-aa5e-489a-b23a-3a62e53f84eb\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":false,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"f14d54b6-0cbc-46f1-a221-135fd946367a\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average TTL\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"redis.key.expire.ttl\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"ed708dfe-6273-4fab-a1fb-8ed22b65de53\",\"key\":\"redis.key.expire.ttl\",\"negate\":false,\"params\":{\"gte\":0,\"lt\":null},\"type\":\"range\"},\"query\":{\"range\":{\"redis.key.expire.ttl\":{\"gte\":0,\"lt\":null}}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"endValue\":\"None\",\"fittingFunction\":\"Linear\",\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"layers\":[{\"accessors\":[\"f14d54b6-0cbc-46f1-a221-135fd946367a\"],\"layerId\":\"93604465-9546-445d-8756-e2fe12469522\",\"layerType\":\"data\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"88176cc2-3242-443a-b717-ca7e61a68ebb\",\"xAccessor\":\"abc8f7d8-aa5e-489a-b23a-3a62e53f84eb\",\"yConfig\":[{\"axisMode\":\"left\",\"forAccessor\":\"f14d54b6-0cbc-46f1-a221-135fd946367a\"}]}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":true,\"showSingleSeries\":true},\"preferredSeriesType\":\"line\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\",\"yTitle\":\"Average TTL\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Average keys TTL\"}]","timeRestore":false,"title":"[Metrics Redis] Keys","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"redis-28969190-0511-11e9-9c60-d582a238e2c5","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"79fa7446-f3ce-466c-a4b5-bd4fde483e5d:indexpattern-datasource-layer-9d7816a6-2ec8-4b54-aecf-ae00937afd79","type":"index-pattern"},{"id":"metrics-*","name":"3199303d-19cf-430f-ab40-ac73f0ec9ea2:indexpattern-datasource-layer-ab5b97a3-2883-46a9-8740-a9e19a13bc0d","type":"index-pattern"},{"id":"metrics-*","name":"3199303d-19cf-430f-ab40-ac73f0ec9ea2:dd769d1f-2e9d-43b5-b55c-07041bda88c6","type":"index-pattern"},{"id":"metrics-*","name":"161bf113-0b65-4f2c-ad1c-64f06c8b2344:indexpattern-datasource-layer-a99f131f-7844-46d3-801d-3023f3eb35d2","type":"index-pattern"},{"id":"metrics-*","name":"161bf113-0b65-4f2c-ad1c-64f06c8b2344:5febc991-5629-423b-adfd-8d8fafa8c72d","type":"index-pattern"},{"id":"metrics-*","name":"375cffab-4569-45e7-8848-c4464789a543:indexpattern-datasource-layer-93604465-9546-445d-8756-e2fe12469522","type":"index-pattern"},{"id":"metrics-*","name":"375cffab-4569-45e7-8848-c4464789a543:ed708dfe-6273-4fab-a1fb-8ed22b65de53","type":"index-pattern"},{"id":"metrics-*","name":"controlGroup_88495d21-6261-4c60-8de6-e9aa688b2085:optionsListDataView","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-redis-default","name":"tag-ref-fleet-pkg-redis-default","type":"tag"}],"sort":[1688154054424,8136],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4MjIsMV0="}
-{"attributes":{"columns":["host.name","log.level","redis.log.role","message"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"redis.log\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"redis.log\"}}}],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"version\":true}"},"sort":[["@timestamp","desc"]],"title":"Logs [Logs Redis]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"redis-73613570-4791-11e7-be88-2ddb32f3df97","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-redis-default","name":"tag-ref-fleet-pkg-redis-default","type":"tag"}],"sort":[1688154054424,8142],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4MjMsMV0="}
-{"attributes":{"description":"Overview dashboard for the FIlebeat Redis integration","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"version\":true}"},"optionsJSON":"{\"darkTheme\":false,\"syncColors\":true}","panelsJSON":"[{\"embeddableConfig\":{\"columns\":[\"host.name\",\"log.level\",\"redis.log.role\",\"message\"],\"enhancements\":{},\"sort\":[[\"@timestamp\",\"desc\"]]},\"gridData\":{\"h\":16,\"i\":\"4\",\"w\":48,\"x\":0,\"y\":30},\"panelIndex\":\"4\",\"panelRefName\":\"panel_4\",\"type\":\"search\",\"version\":\"8.3.0\"},{\"embeddableConfig\":{\"columns\":[\"host.name\",\"message\",\"redis.slowlog.duration.us\",\"redis.slowlog.key\"],\"enhancements\":{},\"sort\":[]},\"gridData\":{\"h\":16,\"i\":\"6\",\"w\":24,\"x\":0,\"y\":0},\"panelIndex\":\"6\",\"panelRefName\":\"panel_6\",\"type\":\"search\",\"version\":\"8.3.0\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":16,\"i\":\"048af531-a2d5-4a14-b7d2-6156dce83cbc\",\"w\":24,\"x\":24,\"y\":0},\"panelIndex\":\"048af531-a2d5-4a14-b7d2-6156dce83cbc\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-c0de1034-34c9-4f6a-b525-e39bd578cd2f\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"c0de1034-34c9-4f6a-b525-e39bd578cd2f\":{\"columnOrder\":[\"0cba538d-a0cc-4d03-8dc7-9510396251ad\",\"62c9f6ca-0756-4950-9c84-4d05a6aa27a1\"],\"columns\":{\"0cba538d-a0cc-4d03-8dc7-9510396251ad\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Command\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"62c9f6ca-0756-4950-9c84-4d05a6aa27a1\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"redis.slowlog.cmd\"},\"62c9f6ca-0756-4950-9c84-4d05a6aa27a1\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Duration (microseconds)\",\"operationType\":\"max\",\"scale\":\"ratio\",\"sourceField\":\"redis.slowlog.duration.us\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:redis.slowlog\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":-45,\"yRight\":0},\"layers\":[{\"accessors\":[\"62c9f6ca-0756-4950-9c84-4d05a6aa27a1\"],\"layerId\":\"c0de1034-34c9-4f6a-b525-e39bd578cd2f\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"xAccessor\":\"0cba538d-a0cc-4d03-8dc7-9510396251ad\",\"yConfig\":[{\"axisMode\":\"left\",\"forAccessor\":\"62c9f6ca-0756-4950-9c84-4d05a6aa27a1\"}]}],\"legend\":{\"isVisible\":false,\"legendSize\":\"auto\",\"position\":\"right\",\"showSingleSeries\":false},\"preferredSeriesType\":\"bar_horizontal\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\",\"xTitle\":\"Command\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Top slowest commands [Logs Redis]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":14,\"i\":\"62b73fa0-e562-4af6-9d4e-9158eba31a8b\",\"w\":14,\"x\":0,\"y\":16},\"panelIndex\":\"62b73fa0-e562-4af6-9d4e-9158eba31a8b\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-257bce71-5aee-4178-a2be-194e662bfb13\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"257bce71-5aee-4178-a2be-194e662bfb13\":{\"columnOrder\":[\"3e287c6c-a179-407b-8190-518aeb0a5a9b\",\"a222cc47-29f7-4207-9b62-38996bcf3dba\",\"bcd9cc84-7d4e-4511-918e-4cac501f3ecc\"],\"columns\":{\"3e287c6c-a179-407b-8190-518aeb0a5a9b\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"redis.log.role: Descending\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"bcd9cc84-7d4e-4511-918e-4cac501f3ecc\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"redis.log.role\"},\"a222cc47-29f7-4207-9b62-38996bcf3dba\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Log level\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"bcd9cc84-7d4e-4511-918e-4cac501f3ecc\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"log.level\"},\"bcd9cc84-7d4e-4511-918e-4cac501f3ecc\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:redis.log\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"257bce71-5aee-4178-a2be-194e662bfb13\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"legendPosition\":\"right\",\"nestedLegend\":true,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"3e287c6c-a179-407b-8190-518aeb0a5a9b\",\"a222cc47-29f7-4207-9b62-38996bcf3dba\"],\"metrics\":[\"bcd9cc84-7d4e-4511-918e-4cac501f3ecc\"]}],\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Log levels and roles breakdown [Logs Redis]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":14,\"i\":\"5150d808-cfa0-4a30-ab6f-e9517fa2ceec\",\"w\":34,\"x\":14,\"y\":16},\"panelIndex\":\"5150d808-cfa0-4a30-ab6f-e9517fa2ceec\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-ebb70b66-e024-4a14-b179-d15c72b605bf\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"ebb70b66-e024-4a14-b179-d15c72b605bf\":{\"columnOrder\":[\"54dd66c7-519e-421a-8957-1a9cc9f80ee1\",\"af9a34cf-82d8-44e2-b7b6-41d10f0ce82c\",\"dc980987-d01e-4f82-b7c5-d87eccb0b52e\"],\"columns\":{\"54dd66c7-519e-421a-8957-1a9cc9f80ee1\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"log.level: Descending\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"dc980987-d01e-4f82-b7c5-d87eccb0b52e\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"log.level\"},\"af9a34cf-82d8-44e2-b7b6-41d10f0ce82c\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"includeEmptyRows\":false,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"dc980987-d01e-4f82-b7c5-d87eccb0b52e\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:redis.log\"},\"visualization\":{\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"layers\":[{\"accessors\":[\"dc980987-d01e-4f82-b7c5-d87eccb0b52e\"],\"layerId\":\"ebb70b66-e024-4a14-b179-d15c72b605bf\",\"layerType\":\"data\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"splitAccessor\":\"54dd66c7-519e-421a-8957-1a9cc9f80ee1\",\"xAccessor\":\"af9a34cf-82d8-44e2-b7b6-41d10f0ce82c\",\"yConfig\":[{\"axisMode\":\"left\",\"forAccessor\":\"dc980987-d01e-4f82-b7c5-d87eccb0b52e\"}]}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"showSingleSeries\":true},\"preferredSeriesType\":\"bar_stacked\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"yTitle\":\"Count\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Logs over time [Logs Redis]\"}]","timeRestore":false,"title":"[Logs Redis] Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"redis-7fea2930-478e-11e7-b1f0-cb29bac6bf8b","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"redis-73613570-4791-11e7-be88-2ddb32f3df97","name":"4:panel_4","type":"search"},{"id":"redis-0ab87b80-478e-11e7-b1f0-cb29bac6bf8b","name":"6:panel_6","type":"search"},{"id":"logs-*","name":"048af531-a2d5-4a14-b7d2-6156dce83cbc:indexpattern-datasource-layer-c0de1034-34c9-4f6a-b525-e39bd578cd2f","type":"index-pattern"},{"id":"logs-*","name":"62b73fa0-e562-4af6-9d4e-9158eba31a8b:indexpattern-datasource-layer-257bce71-5aee-4178-a2be-194e662bfb13","type":"index-pattern"},{"id":"logs-*","name":"5150d808-cfa0-4a30-ab6f-e9517fa2ceec:indexpattern-datasource-layer-ebb70b66-e024-4a14-b179-d15c72b605bf","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-redis-default","name":"tag-ref-fleet-pkg-redis-default","type":"tag"}],"sort":[1688154054424,8150],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4MjQsMV0="}
-{"attributes":{"description":"Overview of Redis server metrics","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"version\":true}"},"optionsJSON":"{\"darkTheme\":false}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":14,\"i\":\"9587ad36-13de-4de0-8586-16065d55d029\",\"w\":12,\"x\":0,\"y\":0},\"panelIndex\":\"9587ad36-13de-4de0-8586-16065d55d029\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-42f14593-5da1-4fb7-adbc-aeb5e9a4e2cc\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"42f14593-5da1-4fb7-adbc-aeb5e9a4e2cc\":{\"columnOrder\":[\"659dc838-53d8-4d49-9133-e789047508c5\"],\"columns\":{\"659dc838-53d8-4d49-9133-e789047508c5\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Connected clients\",\"operationType\":\"max\",\"scale\":\"ratio\",\"sourceField\":\"redis.info.clients.connected\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:redis.info OR data_stream.dataset:redis.key OR data_stream.dataset:redis.keyspace)\"},\"visualization\":{\"accessor\":\"659dc838-53d8-4d49-9133-e789047508c5\",\"layerId\":\"42f14593-5da1-4fb7-adbc-aeb5e9a4e2cc\",\"layerType\":\"data\",\"size\":\"xl\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Clients [Metrics Redis]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":14,\"i\":\"452a1f6f-4931-4391-88bf-dfd23334b77b\",\"w\":20,\"x\":12,\"y\":0},\"panelIndex\":\"452a1f6f-4931-4391-88bf-dfd23334b77b\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-663fc5eb-ba63-4cb6-b9af-d996c9496392\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"663fc5eb-ba63-4cb6-b9af-d996c9496392\":{\"columnOrder\":[\"48692284-5798-41a9-91f7-5f7e7f3e46de\",\"1b56a011-fc01-44df-bcff-65f5cc07f133\",\"e9f31d33-1f86-42b0-a310-a37a94682a24\"],\"columns\":{\"1b56a011-fc01-44df-bcff-65f5cc07f133\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Connected\",\"operationType\":\"max\",\"scale\":\"ratio\",\"sourceField\":\"redis.info.clients.connected\"},\"48692284-5798-41a9-91f7-5f7e7f3e46de\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"includeEmptyRows\":false,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"e9f31d33-1f86-42b0-a310-a37a94682a24\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Blocked\",\"operationType\":\"max\",\"scale\":\"ratio\",\"sourceField\":\"redis.info.clients.blocked\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:redis.info OR data_stream.dataset:redis.key OR data_stream.dataset:redis.keyspace)\"},\"visualization\":{\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"layers\":[{\"accessors\":[\"1b56a011-fc01-44df-bcff-65f5cc07f133\",\"e9f31d33-1f86-42b0-a310-a37a94682a24\"],\"layerId\":\"663fc5eb-ba63-4cb6-b9af-d996c9496392\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"48692284-5798-41a9-91f7-5f7e7f3e46de\",\"yConfig\":[{\"axisMode\":\"left\",\"forAccessor\":\"1b56a011-fc01-44df-bcff-65f5cc07f133\"},{\"axisMode\":\"left\",\"color\":\"#c15c17\",\"forAccessor\":\"e9f31d33-1f86-42b0-a310-a37a94682a24\"}]}],\"legend\":{\"isVisible\":true,\"legendSize\":\"auto\",\"position\":\"right\",\"showSingleSeries\":true},\"preferredSeriesType\":\"bar_stacked\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"yTitle\":\"Count\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Connected clients [Metrics Redis]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":14,\"i\":\"6ceb010f-3be5-402d-a4cf-42f52a01d0db\",\"w\":16,\"x\":32,\"y\":0},\"panelIndex\":\"6ceb010f-3be5-402d-a4cf-42f52a01d0db\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-4b781053-c878-4b17-9517-9dbd0482b634\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"4b781053-c878-4b17-9517-9dbd0482b634\":{\"columnOrder\":[\"405f771b-81b2-472f-8253-e40fcf217393\",\"257a3660-149f-4109-8898-e968df8443b2\",\"5e1828a5-c90f-4166-9a03-ce8c082eda11\"],\"columns\":{\"257a3660-149f-4109-8898-e968df8443b2\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"includeEmptyRows\":false,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"405f771b-81b2-472f-8253-e40fcf217393\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Keyspaces\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"5e1828a5-c90f-4166-9a03-ce8c082eda11\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"redis.keyspace.id\"},\"5e1828a5-c90f-4166-9a03-ce8c082eda11\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Number of keys\",\"operationType\":\"average\",\"scale\":\"ratio\",\"sourceField\":\"redis.keyspace.keys\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:redis.info OR data_stream.dataset:redis.key OR data_stream.dataset:redis.keyspace)\"},\"visualization\":{\"emphasizeFitting\":false,\"fittingFunction\":\"Linear\",\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"layers\":[{\"accessors\":[\"5e1828a5-c90f-4166-9a03-ce8c082eda11\"],\"layerId\":\"4b781053-c878-4b17-9517-9dbd0482b634\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"area_stacked\",\"showGridlines\":false,\"splitAccessor\":\"405f771b-81b2-472f-8253-e40fcf217393\",\"xAccessor\":\"257a3660-149f-4109-8898-e968df8443b2\",\"yConfig\":[{\"axisMode\":\"left\",\"forAccessor\":\"5e1828a5-c90f-4166-9a03-ce8c082eda11\"}]}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"showSingleSeries\":true},\"preferredSeriesType\":\"area_stacked\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"yTitle\":\"Count\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Keyspaces [Metrics Redis]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"e38aacc7-f856-4306-86d2-3746d0143d6a\",\"w\":48,\"x\":0,\"y\":14},\"panelIndex\":\"e38aacc7-f856-4306-86d2-3746d0143d6a\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-0af489b3-738e-40c0-9ae4-43dd70bf9fed\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"0af489b3-738e-40c0-9ae4-43dd70bf9fed\":{\"columnOrder\":[\"50308496-2a4e-4b1a-853a-a36dbc7d5acd\",\"105df467-ea31-40ef-aea9-aecd0242bcb5\",\"67c478fc-b5f9-44f9-8fab-20cc58659a12\",\"cb63f311-87f5-47b1-915f-ffa1e5c92582\",\"b89a8033-9e4e-43c0-b11c-233b757fe699\",\"619deadb-3098-435a-9c28-3b77f8a1ffc7\"],\"columns\":{\"105df467-ea31-40ef-aea9-aecd0242bcb5\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Uptime (s)\",\"operationType\":\"max\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"redis.info.server.uptime\"},\"50308496-2a4e-4b1a-853a-a36dbc7d5acd\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"service.address: Descending\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"105df467-ea31-40ef-aea9-aecd0242bcb5\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"service.address\"},\"619deadb-3098-435a-9c28-3b77f8a1ffc7\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"CPU used (system)\",\"operationType\":\"max\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"redis.info.cpu.used.sys\"},\"67c478fc-b5f9-44f9-8fab-20cc58659a12\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"PID\",\"operationType\":\"max\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"process.pid\"},\"b89a8033-9e4e-43c0-b11c-233b757fe699\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"CPU used (user)\",\"operationType\":\"max\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"redis.info.cpu.used.user\"},\"cb63f311-87f5-47b1-915f-ffa1e5c92582\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Memory\",\"operationType\":\"max\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"redis.info.memory.used.peak\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:redis.info OR data_stream.dataset:redis.key OR data_stream.dataset:redis.keyspace)\"},\"visualization\":{\"columns\":[{\"columnId\":\"50308496-2a4e-4b1a-853a-a36dbc7d5acd\",\"isTransposed\":false},{\"alignment\":\"left\",\"columnId\":\"105df467-ea31-40ef-aea9-aecd0242bcb5\",\"isTransposed\":false},{\"alignment\":\"left\",\"columnId\":\"67c478fc-b5f9-44f9-8fab-20cc58659a12\",\"isTransposed\":false},{\"alignment\":\"left\",\"columnId\":\"cb63f311-87f5-47b1-915f-ffa1e5c92582\",\"isTransposed\":false},{\"alignment\":\"left\",\"columnId\":\"b89a8033-9e4e-43c0-b11c-233b757fe699\",\"isTransposed\":false},{\"alignment\":\"left\",\"columnId\":\"619deadb-3098-435a-9c28-3b77f8a1ffc7\",\"isTransposed\":false}],\"layerId\":\"0af489b3-738e-40c0-9ae4-43dd70bf9fed\",\"layerType\":\"data\",\"paging\":{\"enabled\":true,\"size\":10}}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Hosts [Metrics Redis]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"e59f5a8f-6f47-471c-bf7c-96d6eab6baf3\",\"w\":16,\"x\":0,\"y\":22},\"panelIndex\":\"e59f5a8f-6f47-471c-bf7c-96d6eab6baf3\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-495b0b3d-5f1c-49b0-ac9b-788f6f4d2b06\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"495b0b3d-5f1c-49b0-ac9b-788f6f4d2b06\":{\"columnOrder\":[\"d32bf426-f3bf-43f9-a1f6-825c2ac9cd5a\",\"3996a38e-2cff-4888-b0cc-234ec8debdf8\"],\"columns\":{\"3996a38e-2cff-4888-b0cc-234ec8debdf8\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Hosts\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"service.address\"},\"d32bf426-f3bf-43f9-a1f6-825c2ac9cd5a\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Multiplexing API\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"3996a38e-2cff-4888-b0cc-234ec8debdf8\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"service.version\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:redis.info OR data_stream.dataset:redis.key OR data_stream.dataset:redis.keyspace)\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"495b0b3d-5f1c-49b0-ac9b-788f6f4d2b06\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"d32bf426-f3bf-43f9-a1f6-825c2ac9cd5a\"],\"metrics\":[\"3996a38e-2cff-4888-b0cc-234ec8debdf8\"]}],\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Server Versions [Metrics Redis]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"989efbbc-7d45-466c-8bb3-9322a6fa6a46\",\"w\":16,\"x\":16,\"y\":22},\"panelIndex\":\"989efbbc-7d45-466c-8bb3-9322a6fa6a46\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-88f523d4-adf4-423a-9a09-a6ae74f410ff\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"88f523d4-adf4-423a-9a09-a6ae74f410ff\":{\"columnOrder\":[\"a60e9838-ac8c-440d-b42f-07cc81d2694c\",\"3f54a1a9-ff71-44a3-80f5-f16d7db12c58\"],\"columns\":{\"3f54a1a9-ff71-44a3-80f5-f16d7db12c58\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Hosts\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"service.address\"},\"a60e9838-ac8c-440d-b42f-07cc81d2694c\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Server mode\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"3f54a1a9-ff71-44a3-80f5-f16d7db12c58\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"redis.info.server.mode\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:redis.info OR data_stream.dataset:redis.key OR data_stream.dataset:redis.keyspace)\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"88f523d4-adf4-423a-9a09-a6ae74f410ff\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"a60e9838-ac8c-440d-b42f-07cc81d2694c\"],\"metrics\":[\"3f54a1a9-ff71-44a3-80f5-f16d7db12c58\"]}],\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Server mode [Metrics Redis]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"eed90cad-e313-4af5-b26b-965cfc02ea24\",\"w\":16,\"x\":32,\"y\":22},\"panelIndex\":\"eed90cad-e313-4af5-b26b-965cfc02ea24\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-7dd18b64-cbba-40ed-b1e3-56aa0f27f3f3\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"7dd18b64-cbba-40ed-b1e3-56aa0f27f3f3\":{\"columnOrder\":[\"cfccf32e-014a-43c4-b8f5-7bcc29ce6e46\",\"a2c1d752-9b78-45b8-ae86-f71e48c5fee1\"],\"columns\":{\"a2c1d752-9b78-45b8-ae86-f71e48c5fee1\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Hosts\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"service.address\"},\"cfccf32e-014a-43c4-b8f5-7bcc29ce6e46\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Multiplexing API\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"a2c1d752-9b78-45b8-ae86-f71e48c5fee1\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"redis.info.server.multiplexing_api\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:redis.info OR data_stream.dataset:redis.key OR data_stream.dataset:redis.keyspace)\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"7dd18b64-cbba-40ed-b1e3-56aa0f27f3f3\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"cfccf32e-014a-43c4-b8f5-7bcc29ce6e46\"],\"metrics\":[\"a2c1d752-9b78-45b8-ae86-f71e48c5fee1\"]}],\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Multiplexing API [Metrics Redis]\"}]","timeRestore":false,"title":"[Metrics Redis] Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"redis-AV4YjZ5pux-M-tCAunxK","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"metrics-*","name":"9587ad36-13de-4de0-8586-16065d55d029:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"9587ad36-13de-4de0-8586-16065d55d029:indexpattern-datasource-layer-42f14593-5da1-4fb7-adbc-aeb5e9a4e2cc","type":"index-pattern"},{"id":"metrics-*","name":"452a1f6f-4931-4391-88bf-dfd23334b77b:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"452a1f6f-4931-4391-88bf-dfd23334b77b:indexpattern-datasource-layer-663fc5eb-ba63-4cb6-b9af-d996c9496392","type":"index-pattern"},{"id":"metrics-*","name":"6ceb010f-3be5-402d-a4cf-42f52a01d0db:indexpattern-datasource-layer-4b781053-c878-4b17-9517-9dbd0482b634","type":"index-pattern"},{"id":"metrics-*","name":"e38aacc7-f856-4306-86d2-3746d0143d6a:indexpattern-datasource-layer-0af489b3-738e-40c0-9ae4-43dd70bf9fed","type":"index-pattern"},{"id":"metrics-*","name":"e59f5a8f-6f47-471c-bf7c-96d6eab6baf3:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"e59f5a8f-6f47-471c-bf7c-96d6eab6baf3:indexpattern-datasource-layer-495b0b3d-5f1c-49b0-ac9b-788f6f4d2b06","type":"index-pattern"},{"id":"metrics-*","name":"989efbbc-7d45-466c-8bb3-9322a6fa6a46:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"989efbbc-7d45-466c-8bb3-9322a6fa6a46:indexpattern-datasource-layer-88f523d4-adf4-423a-9a09-a6ae74f410ff","type":"index-pattern"},{"id":"metrics-*","name":"eed90cad-e313-4af5-b26b-965cfc02ea24:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"eed90cad-e313-4af5-b26b-965cfc02ea24:indexpattern-datasource-layer-7dd18b64-cbba-40ed-b1e3-56aa0f27f3f3","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-redis-default","name":"tag-ref-fleet-pkg-redis-default","type":"tag"}],"sort":[1688154054424,8165],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4MjUsMV0="}
-{"attributes":{"columns":["user.name","user.domain","winlog.logon.id","event.action","winlog.logon.type","winlog.event_data.SubjectUserName"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4625\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.code\":\"4625\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"winlog.provider_name\",\"negate\":false,\"params\":{\"query\":\"Microsoft-Windows-Security-Auditing\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"winlog.provider_name\":\"Microsoft-Windows-Security-Auditing\"}}}],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"},\"version\":true}"},"sort":[["@timestamp","desc"]],"title":"User Logouts [Windows System Security]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"system-06b6b060-7a80-11ea-bc9a-0baf2ca323a3","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"system-fleet-managed-default","name":"tag-ref-system-fleet-managed-default","type":"tag"},{"id":"system-fleet-pkg-system-default","name":"tag-ref-system-fleet-pkg-system-default","type":"tag"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-system-default","name":"tag-ref-fleet-pkg-system-default","type":"tag"}],"sort":[1688154054424,8173],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4MjYsMV0="}
-{"attributes":{"columns":["user.name","user.id","group.id","system.auth.useradd.home","system.auth.useradd.shell"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"system.auth.useradd:*\"}}"},"sort":[["@timestamp","desc"]],"title":"useradd logs [Logs System]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"system-8030c1b0-fa77-11e6-ae9b-81e5311e8cab","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"system-fleet-managed-default","name":"tag-ref-system-fleet-managed-default","type":"tag"},{"id":"system-fleet-pkg-system-default","name":"tag-ref-system-fleet-pkg-system-default","type":"tag"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-system-default","name":"tag-ref-fleet-pkg-system-default","type":"tag"}],"sort":[1688154054424,8179],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4MjcsMV0="}
-{"attributes":{"columns":["group.name","group.id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"system.auth.groupadd:*\"}}"},"sort":[["@timestamp","desc"]],"title":"groupadd logs [Logs System]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"system-eb0039f0-fa7f-11e6-a1df-a78bd7504d38","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"system-fleet-managed-default","name":"tag-ref-system-fleet-managed-default","type":"tag"},{"id":"system-fleet-pkg-system-default","name":"tag-ref-system-fleet-pkg-system-default","type":"tag"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-system-default","name":"tag-ref-fleet-pkg-system-default","type":"tag"}],"sort":[1688154054424,8185],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4MjgsMV0="}
-{"attributes":{"description":"New users and groups dashboard for the System integration in Logs","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"version\":true}"},"optionsJSON":"{\"darkTheme\":false}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"7\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"[Syslog](#/dashboard/system-Logs-syslog-dashboard) | [Sudo commands](#/dashboard/system-277876d0-fa2c-11e6-bbd3-29c986c96e5a) | [SSH logins](#/dashboard/system-5517a150-f9ce-11e6-8115-a7c18106d86a) | [New users and groups](#/dashboard/system-0d3f2380-fa78-11e6-ae9b-81e5311e8cab)\"},\"title\":\"Dashboards [Logs System]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"b9f97626-14a8-42d6-8bc4-2f37b06b9e6d\",\"w\":24,\"x\":0,\"y\":4},\"panelIndex\":\"b9f97626-14a8-42d6-8bc4-2f37b06b9e6d\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Host\",\"field\":\"host.hostname\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"User\",\"field\":\"user.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"UID\",\"field\":\"user.id\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"5\",\"params\":{\"customLabel\":\"GID\",\"field\":\"group.id\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"6\",\"params\":{\"customLabel\":\"Home\",\"field\":\"system.auth.useradd.home\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"7\",\"params\":{\"customLabel\":\"Shell\",\"field\":\"system.auth.useradd.shell\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[]}},\"description\":\"\",\"params\":{\"autoFitRowToContent\":false,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"system.auth\\\"\"},\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"},\"title\":\"New users [Logs System]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"eb0fbea1-6c85-41e0-b52c-b0db0c895432\",\"w\":24,\"x\":24,\"y\":4},\"panelIndex\":\"eb0fbea1-6c85-41e0-b52c-b0db0c895432\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"scaleMetricValues\":false,\"timeRange\":{\"from\":\"now-15m\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"used_interval\":\"30s\"},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"user.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"group\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[]}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"defaultYExtents\":false,\"detailedTooltip\":true,\"grid\":{\"categoryLines\":false},\"labels\":{\"show\":false},\"legendPosition\":\"bottom\",\"legendSize\":\"auto\",\"maxLegendLines\":1,\"mode\":\"stacked\",\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"radiusRatio\":0,\"scale\":\"linear\",\"seriesParams\":[{\"circlesRadius\":1,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"stacked\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"truncateLegend\":true,\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":true,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"\"},\"type\":\"value\"}]},\"type\":\"histogram\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"New users over time [Logs System]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"2e5bb345-992a-4cf4-9b8b-8d68a6b26f3c\",\"w\":24,\"x\":0,\"y\":16},\"panelIndex\":\"2e5bb345-992a-4cf4-9b8b-8d68a6b26f3c\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"system.auth.useradd.shell\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"user.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[]}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"distinctColors\":true,\"emptySizeRatio\":0.3,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"system.auth\\\"\"},\"isDonut\":false,\"labels\":{\"last_level\":false,\"percentDecimals\":2,\"position\":\"default\",\"show\":true,\"truncate\":100,\"values\":true,\"valuesFormat\":\"percent\"},\"legendPosition\":\"right\",\"legendSize\":\"auto\",\"maxLegendLines\":1,\"nestedLegend\":false,\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"truncateLegend\":true,\"type\":\"pie\"},\"type\":\"pie\",\"uiState\":{\"vis\":{\"colors\":{\"/bin/bash\":\"#E24D42\",\"/bin/false\":\"#508642\",\"/sbin/nologin\":\"#7EB26D\"},\"legendOpen\":true}}},\"type\":\"visualization\"},\"title\":\"New users by shell [Logs System]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"26b1fdeb-77e8-4eaa-8d09-140485154c1a\",\"w\":24,\"x\":24,\"y\":16},\"panelIndex\":\"26b1fdeb-77e8-4eaa-8d09-140485154c1a\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"system.auth.useradd.home\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"user.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[]}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"distinctColors\":true,\"emptySizeRatio\":0.3,\"isDonut\":false,\"labels\":{\"last_level\":false,\"percentDecimals\":2,\"position\":\"default\",\"show\":true,\"truncate\":100,\"values\":true,\"valuesFormat\":\"percent\"},\"legendPosition\":\"right\",\"legendSize\":\"auto\",\"maxLegendLines\":1,\"nestedLegend\":false,\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"truncateLegend\":true,\"type\":\"pie\"},\"type\":\"pie\",\"uiState\":{\"vis\":{\"colors\":{\"/bin/bash\":\"#E24D42\",\"/bin/false\":\"#508642\",\"/nonexistent\":\"#629E51\",\"/sbin/nologin\":\"#7EB26D\"},\"legendOpen\":true}}},\"type\":\"visualization\"},\"title\":\"New users by home directory [Logs System]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"c6ff6af0-7172-4e98-8f0e-7b3a6c37217e\",\"w\":24,\"x\":0,\"y\":28},\"panelIndex\":\"c6ff6af0-7172-4e98-8f0e-7b3a6c37217e\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"group.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"group.id\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[]}},\"description\":\"\",\"params\":{\"autoFitRowToContent\":false,\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"},\"title\":\"New groups [Logs System]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"edc0a4ad-a2f9-4ae8-93ca-cfd7d0ed40fe\",\"w\":24,\"x\":24,\"y\":28},\"panelIndex\":\"edc0a4ad-a2f9-4ae8-93ca-cfd7d0ed40fe\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"scaleMetricValues\":false,\"timeRange\":{\"from\":\"now-15m\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"used_interval\":\"30s\"},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"group.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"group\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[]}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"defaultYExtents\":false,\"detailedTooltip\":true,\"grid\":{\"categoryLines\":false},\"labels\":{\"show\":false},\"legendPosition\":\"bottom\",\"legendSize\":\"auto\",\"maxLegendLines\":1,\"mode\":\"stacked\",\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"radiusRatio\":0,\"scale\":\"linear\",\"seriesParams\":[{\"circlesRadius\":1,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"stacked\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"truncateLegend\":true,\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":true,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"\"},\"type\":\"value\"}]},\"type\":\"histogram\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"New groups over time [Logs System]\"}]","timeRestore":false,"title":"[Logs System] New users and groups","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"system-0d3f2380-fa78-11e6-ae9b-81e5311e8cab","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"system-8030c1b0-fa77-11e6-ae9b-81e5311e8cab","name":"b9f97626-14a8-42d6-8bc4-2f37b06b9e6d:search_0","type":"search"},{"id":"system-8030c1b0-fa77-11e6-ae9b-81e5311e8cab","name":"eb0fbea1-6c85-41e0-b52c-b0db0c895432:search_0","type":"search"},{"id":"system-8030c1b0-fa77-11e6-ae9b-81e5311e8cab","name":"2e5bb345-992a-4cf4-9b8b-8d68a6b26f3c:search_0","type":"search"},{"id":"system-8030c1b0-fa77-11e6-ae9b-81e5311e8cab","name":"26b1fdeb-77e8-4eaa-8d09-140485154c1a:search_0","type":"search"},{"id":"system-eb0039f0-fa7f-11e6-a1df-a78bd7504d38","name":"c6ff6af0-7172-4e98-8f0e-7b3a6c37217e:search_0","type":"search"},{"id":"system-eb0039f0-fa7f-11e6-a1df-a78bd7504d38","name":"edc0a4ad-a2f9-4ae8-93ca-cfd7d0ed40fe:search_0","type":"search"},{"id":"system-fleet-managed-default","name":"tag-ref-system-fleet-managed-default","type":"tag"},{"id":"system-fleet-pkg-system-default","name":"tag-ref-system-fleet-pkg-system-default","type":"tag"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-system-default","name":"tag-ref-fleet-pkg-system-default","type":"tag"}],"sort":[1688154054424,8196],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4MjksMV0="}
-{"attributes":{"columns":["user.name","system.auth.sudo.user","system.auth.sudo.pwd","system.auth.sudo.command"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"system.auth.sudo:*\"}}"},"sort":[["@timestamp","desc"]],"title":"Sudo commands [Logs System]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"system-b6f321e0-fa25-11e6-bbd3-29c986c96e5a","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"system-fleet-managed-default","name":"tag-ref-system-fleet-managed-default","type":"tag"},{"id":"system-fleet-pkg-system-default","name":"tag-ref-system-fleet-pkg-system-default","type":"tag"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-system-default","name":"tag-ref-fleet-pkg-system-default","type":"tag"}],"sort":[1688154054424,8202],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4MzAsMV0="}
-{"attributes":{"description":"Sudo commands dashboard from the Logs System integration","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"version\":true}"},"optionsJSON":"{\"darkTheme\":false}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"4\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"[Syslog](#/dashboard/system-Logs-syslog-dashboard) | [Sudo commands](#/dashboard/system-277876d0-fa2c-11e6-bbd3-29c986c96e5a) | [SSH logins](#/dashboard/system-5517a150-f9ce-11e6-8115-a7c18106d86a) | [New users and groups](#/dashboard/system-0d3f2380-fa78-11e6-ae9b-81e5311e8cab)\"},\"title\":\"Dashboards [Logs System]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":16,\"i\":\"9176826e-b47b-405c-9fed-7928177e627b\",\"w\":48,\"x\":0,\"y\":4},\"panelIndex\":\"9176826e-b47b-405c-9fed-7928177e627b\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"system.auth.sudo.command\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"user.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[]}},\"description\":\"\",\"params\":{\"autoFitRowToContent\":false,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"system.auth\\\"\"},\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"},\"title\":\"Top sudo commands [Logs System]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":16,\"i\":\"f3e4b05c-4eab-4e12-98ac-5e5a7ae4fac7\",\"w\":48,\"x\":0,\"y\":20},\"panelIndex\":\"f3e4b05c-4eab-4e12-98ac-5e5a7ae4fac7\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"scaleMetricValues\":false,\"timeRange\":{\"from\":\"now-15m\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"used_interval\":\"30s\"},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"user.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"group\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[]}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"defaultYExtents\":false,\"detailedTooltip\":true,\"grid\":{\"categoryLines\":false},\"labels\":{\"show\":false},\"legendPosition\":\"right\",\"legendSize\":\"auto\",\"maxLegendLines\":1,\"mode\":\"stacked\",\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"radiusRatio\":0,\"scale\":\"linear\",\"seriesParams\":[{\"circlesRadius\":1,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"stacked\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"truncateLegend\":true,\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":true,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"\"},\"type\":\"value\"}]},\"type\":\"histogram\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Sudo commands by user [Logs System]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"fd4d0b9e-760d-4d7a-90e9-62aca0609b9e\",\"w\":48,\"x\":0,\"y\":36},\"panelIndex\":\"fd4d0b9e-760d-4d7a-90e9-62aca0609b9e\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"scaleMetricValues\":false,\"timeRange\":{\"from\":\"now-15m\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"used_interval\":\"30s\"},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"system.auth.sudo.error\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"group\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"system.auth.sudo.error:*\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"defaultYExtents\":false,\"detailedTooltip\":true,\"grid\":{\"categoryLines\":false},\"labels\":{\"show\":false},\"legendPosition\":\"right\",\"legendSize\":\"auto\",\"maxLegendLines\":1,\"mode\":\"stacked\",\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"radiusRatio\":0,\"scale\":\"linear\",\"seriesParams\":[{\"circlesRadius\":1,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"stacked\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"truncateLegend\":true,\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":true,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"\"},\"type\":\"value\"}]},\"type\":\"histogram\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Sudo errors [Logs System]\"}]","timeRestore":false,"title":"[Logs System] Sudo commands","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"system-277876d0-fa2c-11e6-bbd3-29c986c96e5a","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"system-b6f321e0-fa25-11e6-bbd3-29c986c96e5a","name":"9176826e-b47b-405c-9fed-7928177e627b:search_0","type":"search"},{"id":"system-b6f321e0-fa25-11e6-bbd3-29c986c96e5a","name":"f3e4b05c-4eab-4e12-98ac-5e5a7ae4fac7:search_0","type":"search"},{"id":"logs-*","name":"fd4d0b9e-760d-4d7a-90e9-62aca0609b9e:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"system-fleet-managed-default","name":"tag-ref-system-fleet-managed-default","type":"tag"},{"id":"system-fleet-pkg-system-default","name":"tag-ref-system-fleet-pkg-system-default","type":"tag"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-system-default","name":"tag-ref-fleet-pkg-system-default","type":"tag"}],"sort":[1688154054424,8210],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4MzEsMV0="}
-{"attributes":{"columns":["event.action","winlog.event_data.TargetUserName","user.domain","user.name","winlog.event_data.SubjectDomainName","winlog.logon.id","related.user"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4720\",\"4722\",\"4723\",\"4724\",\"4725\",\"4726\",\"4738\",\"4740\",\"4767\",\"4781\",\"4798\"],\"type\":\"phrases\",\"value\":\"4720, 4722, 4723, 4724, 4725, 4726, 4738, 4740, 4767, 4781, 4798\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4720\"}},{\"match_phrase\":{\"event.code\":\"4722\"}},{\"match_phrase\":{\"event.code\":\"4723\"}},{\"match_phrase\":{\"event.code\":\"4724\"}},{\"match_phrase\":{\"event.code\":\"4725\"}},{\"match_phrase\":{\"event.code\":\"4726\"}},{\"match_phrase\":{\"event.code\":\"4738\"}},{\"match_phrase\":{\"event.code\":\"4740\"}},{\"match_phrase\":{\"event.code\":\"4767\"}},{\"match_phrase\":{\"event.code\":\"4781\"}},{\"match_phrase\":{\"event.code\":\"4798\"}}]}}}],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"},\"version\":true}"},"sort":[["@timestamp","desc"]],"title":"User management Details - Search [Windows System Security]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"system-324686c0-fefb-11e9-8405-516218e3d268","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"system-fleet-managed-default","name":"tag-ref-system-fleet-managed-default","type":"tag"},{"id":"system-fleet-pkg-system-default","name":"tag-ref-system-fleet-pkg-system-default","type":"tag"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-system-default","name":"tag-ref-fleet-pkg-system-default","type":"tag"}],"sort":[1688154054424,8217],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4MzIsMV0="}
-{"attributes":{"columns":["system.auth.ssh.event","system.auth.ssh.method","user.name","source.ip","source.geo.country_iso_code"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:system.auth AND system.auth.ssh.event:*\"}}"},"sort":[["@timestamp","desc"]],"title":"SSH login attempts [Logs System]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"system-62439dc0-f9c9-11e6-a747-6121780e0414","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"system-fleet-managed-default","name":"tag-ref-system-fleet-managed-default","type":"tag"},{"id":"system-fleet-pkg-system-default","name":"tag-ref-system-fleet-pkg-system-default","type":"tag"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-system-default","name":"tag-ref-fleet-pkg-system-default","type":"tag"}],"sort":[1688154054424,8223],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4MzMsMV0="}
-{"attributes":{"description":"SSH dashboard for the System integration in Logs","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"version\":true}"},"optionsJSON":"{\"darkTheme\":false}","panelsJSON":"[{\"embeddableConfig\":{\"columns\":[\"system.auth.ssh.event\",\"system.auth.ssh.method\",\"user.name\",\"source.ip\",\"source.geo.country_iso_code\"],\"enhancements\":{},\"sort\":[\"@timestamp\",\"desc\"]},\"gridData\":{\"h\":12,\"i\":\"5\",\"w\":48,\"x\":0,\"y\":44},\"panelIndex\":\"5\",\"panelRefName\":\"panel_5\",\"type\":\"search\",\"version\":\"8.1.0\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"6\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"[Syslog](#/dashboard/system-Logs-syslog-dashboard) | [Sudo commands](#/dashboard/system-277876d0-fa2c-11e6-bbd3-29c986c96e5a) | [SSH logins](#/dashboard/system-5517a150-f9ce-11e6-8115-a7c18106d86a) | [New users and groups](#/dashboard/system-0d3f2380-fa78-11e6-ae9b-81e5311e8cab)\"},\"title\":\"Dashboards [Logs System]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"map\",\"gridData\":{\"h\":16,\"i\":\"9cef48b8-7995-45f6-9420-1d0b3dbbefe5\",\"w\":24,\"x\":24,\"y\":28},\"panelIndex\":\"9cef48b8-7995-45f6-9420-1d0b3dbbefe5\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"layerListJSON\":\"[{\\\"sourceDescriptor\\\":{\\\"type\\\":\\\"EMS_TMS\\\",\\\"isAutoSelect\\\":true,\\\"lightModeDefault\\\":\\\"road_map_desaturated\\\"},\\\"id\\\":\\\"985e7399-20df-464b-b6d5-880922106ffe\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":1,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"TILE\\\"},\\\"includeInFitToBounds\\\":true,\\\"type\\\":\\\"EMS_VECTOR_TILE\\\"},{\\\"alpha\\\":0.75,\\\"id\\\":\\\"05b729fa-80a9-4215-aaed-4a8d9476e87d\\\",\\\"includeInFitToBounds\\\":true,\\\"joins\\\":[],\\\"label\\\":\\\"SSH failed login attempts source locations [Logs System]\\\",\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"sourceDescriptor\\\":{\\\"applyForceRefresh\\\":true,\\\"applyGlobalQuery\\\":true,\\\"applyGlobalTime\\\":true,\\\"geoField\\\":\\\"source.geo.location\\\",\\\"id\\\":\\\"80bac1cc-d19d-415d-93ad-f776fd099f24\\\",\\\"metrics\\\":[{\\\"type\\\":\\\"count\\\"}],\\\"requestType\\\":\\\"point\\\",\\\"resolution\\\":\\\"MOST_FINE\\\",\\\"type\\\":\\\"ES_GEO_GRID\\\",\\\"indexPatternRefName\\\":\\\"layer_1_source_index_pattern\\\"},\\\"style\\\":{\\\"isTimeAware\\\":true,\\\"properties\\\":{\\\"fillColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"Yellow to Red\\\",\\\"colorCategory\\\":\\\"palette_0\\\",\\\"field\\\":{\\\"name\\\":\\\"doc_count\\\",\\\"origin\\\":\\\"source\\\"},\\\"fieldMetaOptions\\\":{\\\"isEnabled\\\":false,\\\"sigma\\\":3},\\\"type\\\":\\\"ORDINAL\\\"},\\\"type\\\":\\\"DYNAMIC\\\"},\\\"icon\\\":{\\\"options\\\":{\\\"value\\\":\\\"marker\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"iconOrientation\\\":{\\\"options\\\":{\\\"orientation\\\":0},\\\"type\\\":\\\"STATIC\\\"},\\\"iconSize\\\":{\\\"options\\\":{\\\"size\\\":6},\\\"type\\\":\\\"STATIC\\\"},\\\"labelBorderColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#FFFFFF\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"labelBorderSize\\\":{\\\"options\\\":{\\\"size\\\":\\\"SMALL\\\"}},\\\"labelColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#000000\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"labelSize\\\":{\\\"options\\\":{\\\"size\\\":14},\\\"type\\\":\\\"STATIC\\\"},\\\"labelText\\\":{\\\"options\\\":{\\\"value\\\":\\\"\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"lineColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#3d3d3d\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"lineWidth\\\":{\\\"options\\\":{\\\"size\\\":1},\\\"type\\\":\\\"STATIC\\\"},\\\"symbolizeAs\\\":{\\\"options\\\":{\\\"value\\\":\\\"circle\\\"}}},\\\"type\\\":\\\"VECTOR\\\"},\\\"type\\\":\\\"GEOJSON_VECTOR\\\",\\\"visible\\\":true}]\",\"mapStateJSON\":\"{\\\"zoom\\\":1.58,\\\"center\\\":{\\\"lon\\\":0,\\\"lat\\\":19.94277},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-15m\\\",\\\"to\\\":\\\"now\\\"},\\\"refreshConfig\\\":{\\\"isPaused\\\":true,\\\"interval\\\":0},\\\"query\\\":{\\\"language\\\":\\\"kuery\\\",\\\"query\\\":\\\"system.auth.ssh.event:Failed OR system.auth.ssh.event:Invalid\\\"},\\\"filters\\\":[],\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false,\\\"backgroundColor\\\":\\\"#ffffff\\\",\\\"disableInteractive\\\":false,\\\"disableTooltipControl\\\":false,\\\"hideToolbarOverlay\\\":false,\\\"hideLayerControl\\\":false,\\\"hideViewControl\\\":false,\\\"initialLocation\\\":\\\"LAST_SAVED_LOCATION\\\",\\\"fixedLocation\\\":{\\\"lat\\\":0,\\\"lon\\\":0,\\\"zoom\\\":2},\\\"browserLocation\\\":{\\\"zoom\\\":2},\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"showScaleControl\\\":false,\\\"showSpatialFilters\\\":true,\\\"showTimesliderToggleButton\\\":true,\\\"spatialFiltersAlpa\\\":0.3,\\\"spatialFiltersFillColor\\\":\\\"#DA8B45\\\",\\\"spatialFiltersLineColor\\\":\\\"#DA8B45\\\"}}\",\"references\":[],\"title\":\"SSH failed login attempts source locations [Logs System]\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[]}\"},\"enhancements\":{},\"hiddenLayers\":[],\"isLayerTOCOpen\":true,\"mapBuffer\":{\"maxLat\":66.51326,\"maxLon\":180,\"minLat\":-66.51326,\"minLon\":-180},\"mapCenter\":{\"lat\":19.94277,\"lon\":0,\"zoom\":1.58},\"openTOCDetails\":[],\"type\":\"map\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"ea2ece08-f34b-47e9-99af-4242fd5450d3\",\"w\":48,\"x\":0,\"y\":4},\"panelIndex\":\"ea2ece08-f34b-47e9-99af-4242fd5450d3\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"scaleMetricValues\":false,\"timeRange\":{\"from\":\"now-15m\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"used_interval\":\"30s\"},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"system.auth.ssh.event\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"group\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"defaultYExtents\":false,\"detailedTooltip\":true,\"grid\":{\"categoryLines\":false},\"labels\":{\"show\":false},\"legendPosition\":\"right\",\"legendSize\":\"auto\",\"maxLegendLines\":1,\"mode\":\"stacked\",\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"radiusRatio\":0,\"scale\":\"linear\",\"seriesParams\":[{\"circlesRadius\":1,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"stacked\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"truncateLegend\":true,\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":true,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"\"},\"type\":\"value\"}]},\"type\":\"histogram\",\"uiState\":{\"vis\":{\"colors\":{\"Accepted\":\"#3F6833\",\"Failed\":\"#F9934E\",\"Invalid\":\"#447EBC\"}}}},\"type\":\"visualization\"},\"title\":\"SSH login attempts [Logs System]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"782d75bd-ba9d-47c1-a022-073565c79953\",\"w\":48,\"x\":0,\"y\":16},\"panelIndex\":\"782d75bd-ba9d-47c1-a022-073565c79953\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"scaleMetricValues\":false,\"timeRange\":{\"from\":\"now-15m\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"used_interval\":\"30s\"},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"system.auth.ssh.method\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"group\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"system.auth.ssh.event:Accepted\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"defaultYExtents\":false,\"detailedTooltip\":true,\"grid\":{\"categoryLines\":false},\"labels\":{\"show\":false},\"legendPosition\":\"right\",\"legendSize\":\"auto\",\"maxLegendLines\":1,\"mode\":\"stacked\",\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"radiusRatio\":0,\"scale\":\"linear\",\"seriesParams\":[{\"circlesRadius\":1,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"stacked\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"truncateLegend\":true,\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":true,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"\"},\"type\":\"value\"}]},\"type\":\"histogram\",\"uiState\":{\"vis\":{\"colors\":{\"Accepted\":\"#3F6833\",\"Failed\":\"#F9934E\",\"Invalid\":\"#447EBC\",\"password\":\"#BF1B00\",\"publickey\":\"#629E51\"}}}},\"type\":\"visualization\"},\"title\":\"Successful SSH logins [Logs System]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":16,\"i\":\"305f2fa8-f09c-4018-bdbd-a4d901689514\",\"w\":24,\"x\":0,\"y\":28},\"panelIndex\":\"305f2fa8-f09c-4018-bdbd-a4d901689514\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"user.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":50},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"system.auth.ssh.event:Failed OR system.auth.ssh.event:Invalid\"}}},\"description\":\"\",\"params\":{\"maxFontSize\":72,\"minFontSize\":18,\"orientation\":\"single\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"scale\":\"linear\",\"showLabel\":true},\"type\":\"tagcloud\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"SSH users of failed login attempts [Logs System]\"}]","timeRestore":false,"title":"[Logs System] SSH login attempts","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"system-5517a150-f9ce-11e6-8115-a7c18106d86a","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"system-62439dc0-f9c9-11e6-a747-6121780e0414","name":"5:panel_5","type":"search"},{"id":"logs-*","name":"9cef48b8-7995-45f6-9420-1d0b3dbbefe5:layer_1_source_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"ea2ece08-f34b-47e9-99af-4242fd5450d3:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"782d75bd-ba9d-47c1-a022-073565c79953:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"305f2fa8-f09c-4018-bdbd-a4d901689514:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"system-fleet-managed-default","name":"tag-ref-system-fleet-managed-default","type":"tag"},{"id":"system-fleet-pkg-system-default","name":"tag-ref-system-fleet-pkg-system-default","type":"tag"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-system-default","name":"tag-ref-fleet-pkg-system-default","type":"tag"}],"sort":[1688154054424,8233],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4MzQsMV0="}
-{"attributes":{"columns":["user.name","source.domain","source.ip","winlog.logon.id","event.action"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4778\",\"4779\"],\"type\":\"phrases\",\"value\":\"4778, 4779\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4778\"}},{\"match_phrase\":{\"event.code\":\"4779\"}}]}}}],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"},\"version\":true}"},"sort":[["@timestamp","desc"]],"title":"Remote Interactive Connections and Disconnections [Windows System Security]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"system-6f4071a0-7a78-11ea-bc9a-0baf2ca323a3","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"system-fleet-managed-default","name":"tag-ref-system-fleet-managed-default","type":"tag"},{"id":"system-fleet-pkg-system-default","name":"tag-ref-system-fleet-pkg-system-default","type":"tag"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-system-default","name":"tag-ref-fleet-pkg-system-default","type":"tag"}],"sort":[1688154054424,8240],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4MzUsMV0="}
-{"attributes":{"columns":["user.name","source.domain","source.ip","winlog.logon.id","winlog.logon.type"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4624\"],\"type\":\"phrases\",\"value\":\"4624\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4624\"}}]}}}],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"},\"version\":true}"},"sort":[["@timestamp","desc"]],"title":"Logon Details [Windows System Security]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"system-7e178c80-fee1-11e9-8405-516218e3d268","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"system-fleet-managed-default","name":"tag-ref-system-fleet-managed-default","type":"tag"},{"id":"system-fleet-pkg-system-default","name":"tag-ref-system-fleet-pkg-system-default","type":"tag"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-system-default","name":"tag-ref-fleet-pkg-system-default","type":"tag"}],"sort":[1688154054424,8247],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4MzYsMV0="}
-{"attributes":{"description":"User management activity.","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"system.security\",\"windows.forwarded\",\"windows.security\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"system.security\"}},{\"match_phrase\":{\"data_stream.dataset\":\"windows.forwarded\"}},{\"match_phrase\":{\"data_stream.dataset\":\"windows.security\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"winlog.provider_name\",\"negate\":false,\"params\":{\"query\":\"Microsoft-Windows-Security-Auditing\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"winlog.provider_name\":\"Microsoft-Windows-Security-Auditing\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"useMargins\":false}","panelsJSON":"[{\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":10,\"markdown\":\"# **User Management Events**\\n\\n#### This dashboard shows information about User Management Events collected by winlogbeat\\n\",\"openLinksInNewTab\":false},\"title\":\"User  Management Events - Description [Windows System Security]\",\"type\":\"markdown\",\"uiState\":{}}},\"gridData\":{\"h\":8,\"i\":\"1\",\"w\":17,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"title\":\"\",\"type\":\"visualization\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-2d2094c7-e57e-4a12-88ad-50291d81a64b\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"ee7f0132-6cba-4ea8-80ea-50bddb3c588e\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"2d2094c7-e57e-4a12-88ad-50291d81a64b\":{\"columnOrder\":[\"bc1e93e0-12cf-4730-8736-4a2bb261ee4d\",\"7dc6af71-b4db-4262-b6a2-05d40c06c17d\",\"636e03a9-9b87-4c7a-a04b-402ad5c78483\",\"b621a299-9e1c-46fc-8876-98a3b2933237\"],\"columns\":{\"636e03a9-9b87-4c7a-a04b-402ad5c78483\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performer LogonID\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"b621a299-9e1c-46fc-8876-98a3b2933237\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.logon.id\"},\"7dc6af71-b4db-4262-b6a2-05d40c06c17d\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performed by\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":true,\"orderBy\":{\"columnId\":\"b621a299-9e1c-46fc-8876-98a3b2933237\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.SubjectUserName\"},\"b621a299-9e1c-46fc-8876-98a3b2933237\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"bc1e93e0-12cf-4730-8736-4a2bb261ee4d\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Created User\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"b621a299-9e1c-46fc-8876-98a3b2933237\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":100},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.TargetUserName\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"ee7f0132-6cba-4ea8-80ea-50bddb3c588e\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4720\"},\"type\":\"phrase\",\"value\":\"4720\"},\"query\":{\"match\":{\"event.code\":{\"query\":\"4720\",\"type\":\"phrase\"}}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"alignment\":\"left\",\"columnId\":\"b621a299-9e1c-46fc-8876-98a3b2933237\"},{\"alignment\":\"left\",\"columnId\":\"bc1e93e0-12cf-4730-8736-4a2bb261ee4d\"},{\"alignment\":\"left\",\"columnId\":\"7dc6af71-b4db-4262-b6a2-05d40c06c17d\"},{\"alignment\":\"left\",\"columnId\":\"636e03a9-9b87-4c7a-a04b-402ad5c78483\"}],\"headerRowHeight\":\"single\",\"layerId\":\"2d2094c7-e57e-4a12-88ad-50291d81a64b\",\"layerType\":\"data\",\"paging\":{\"enabled\":true,\"size\":10},\"rowHeight\":\"single\"}},\"title\":\"Users Created - Table [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":16,\"i\":\"3\",\"w\":9,\"x\":0,\"y\":56},\"panelIndex\":\"3\",\"title\":\"Users Created - Table [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-95473519-9e23-4ab1-acb8-3212f69ea3b5\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"f8e3cf39-b76f-4658-af4f-c9c915ba6ba6\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"95473519-9e23-4ab1-acb8-3212f69ea3b5\":{\"columnOrder\":[\"2e2024e2-e599-4fb0-a7ab-1a24dd30b919\",\"f6598c5a-cb6f-4bbf-9534-525c3573fa75\",\"7b527c70-07d2-46ec-816d-775b472c2af9\",\"900f2a97-5fda-45dd-826e-3b992e50cec7\"],\"columns\":{\"2e2024e2-e599-4fb0-a7ab-1a24dd30b919\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Enabled User\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"900f2a97-5fda-45dd-826e-3b992e50cec7\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":100},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.TargetUserName\"},\"7b527c70-07d2-46ec-816d-775b472c2af9\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performer LogonId\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"900f2a97-5fda-45dd-826e-3b992e50cec7\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.logon.id\"},\"900f2a97-5fda-45dd-826e-3b992e50cec7\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"f6598c5a-cb6f-4bbf-9534-525c3573fa75\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performed by\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":true,\"orderBy\":{\"columnId\":\"900f2a97-5fda-45dd-826e-3b992e50cec7\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.SubjectUserName\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"f8e3cf39-b76f-4658-af4f-c9c915ba6ba6\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4722\"},\"type\":\"phrase\",\"value\":\"4722\"},\"query\":{\"match\":{\"event.code\":{\"query\":\"4722\",\"type\":\"phrase\"}}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security \"},\"visualization\":{\"columns\":[{\"alignment\":\"left\",\"columnId\":\"900f2a97-5fda-45dd-826e-3b992e50cec7\"},{\"alignment\":\"left\",\"columnId\":\"2e2024e2-e599-4fb0-a7ab-1a24dd30b919\"},{\"alignment\":\"left\",\"columnId\":\"f6598c5a-cb6f-4bbf-9534-525c3573fa75\"},{\"alignment\":\"left\",\"columnId\":\"7b527c70-07d2-46ec-816d-775b472c2af9\"}],\"headerRowHeight\":\"single\",\"layerId\":\"95473519-9e23-4ab1-acb8-3212f69ea3b5\",\"layerType\":\"data\",\"paging\":{\"enabled\":true,\"size\":10},\"rowHeight\":\"single\"}},\"title\":\"Users Enabled - Table [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":16,\"i\":\"5\",\"w\":9,\"x\":9,\"y\":56},\"panelIndex\":\"5\",\"title\":\"Users Enabled - Table [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-dc37e882-6f66-420e-a41d-17176340e1fc\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"87383246-3af7-4da7-bf25-da8b92485bf4\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"dc37e882-6f66-420e-a41d-17176340e1fc\":{\"columnOrder\":[\"0ead95a2-6c9c-49f4-bff5-4f376b8754f8\",\"c5b66e5a-f608-46d0-91e1-e8740430d275\",\"02bbb586-1441-43d5-8cc1-777ff1e18b41\",\"36336253-a60b-4de5-ba0a-366d7867ef1d\"],\"columns\":{\"02bbb586-1441-43d5-8cc1-777ff1e18b41\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performer LogonId\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"36336253-a60b-4de5-ba0a-366d7867ef1d\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.logon.id\"},\"0ead95a2-6c9c-49f4-bff5-4f376b8754f8\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Disabled User\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"36336253-a60b-4de5-ba0a-366d7867ef1d\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":100},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.TargetUserName\"},\"36336253-a60b-4de5-ba0a-366d7867ef1d\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"c5b66e5a-f608-46d0-91e1-e8740430d275\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performed by\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":true,\"orderBy\":{\"columnId\":\"36336253-a60b-4de5-ba0a-366d7867ef1d\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.SubjectUserName\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"87383246-3af7-4da7-bf25-da8b92485bf4\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4725\"},\"type\":\"phrase\",\"value\":\"4725\"},\"query\":{\"match\":{\"event.code\":{\"query\":\"4725\",\"type\":\"phrase\"}}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"alignment\":\"left\",\"columnId\":\"36336253-a60b-4de5-ba0a-366d7867ef1d\"},{\"alignment\":\"left\",\"columnId\":\"0ead95a2-6c9c-49f4-bff5-4f376b8754f8\"},{\"alignment\":\"left\",\"columnId\":\"c5b66e5a-f608-46d0-91e1-e8740430d275\"},{\"alignment\":\"left\",\"columnId\":\"02bbb586-1441-43d5-8cc1-777ff1e18b41\"}],\"headerRowHeight\":\"single\",\"layerId\":\"dc37e882-6f66-420e-a41d-17176340e1fc\",\"layerType\":\"data\",\"paging\":{\"enabled\":true,\"size\":10},\"rowHeight\":\"single\"}},\"title\":\"Users Disabled - Table [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":16,\"i\":\"6\",\"w\":9,\"x\":0,\"y\":79},\"panelIndex\":\"6\",\"title\":\"Users Disabled - Table [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-5ef7cf84-7e34-4c90-afe6-2a3bc54f9e62\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"2974422c-1f81-4077-9f55-a01a8b045f56\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"5ef7cf84-7e34-4c90-afe6-2a3bc54f9e62\":{\"columnOrder\":[\"881c3fbc-6d02-4e9b-a683-dcfaa9148d25\",\"2dfe6335-d29c-478f-986b-eb228db115ea\",\"f9fb320f-2485-437e-9c05-3a0f4ecf7d83\",\"7fe58e26-2c9d-4c54-ad14-a7b8ef9e4b8a\"],\"columns\":{\"2dfe6335-d29c-478f-986b-eb228db115ea\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performed by\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":true,\"orderBy\":{\"columnId\":\"7fe58e26-2c9d-4c54-ad14-a7b8ef9e4b8a\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.SubjectUserName\"},\"7fe58e26-2c9d-4c54-ad14-a7b8ef9e4b8a\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"881c3fbc-6d02-4e9b-a683-dcfaa9148d25\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Deleted User\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"7fe58e26-2c9d-4c54-ad14-a7b8ef9e4b8a\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":100},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.TargetUserName\"},\"f9fb320f-2485-437e-9c05-3a0f4ecf7d83\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performed LogonId\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"7fe58e26-2c9d-4c54-ad14-a7b8ef9e4b8a\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.logon.id\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"2974422c-1f81-4077-9f55-a01a8b045f56\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4726\"},\"type\":\"phrase\",\"value\":\"4726\"},\"query\":{\"match\":{\"event.code\":{\"query\":\"4726\",\"type\":\"phrase\"}}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"alignment\":\"left\",\"columnId\":\"7fe58e26-2c9d-4c54-ad14-a7b8ef9e4b8a\"},{\"alignment\":\"left\",\"columnId\":\"881c3fbc-6d02-4e9b-a683-dcfaa9148d25\"},{\"alignment\":\"left\",\"columnId\":\"2dfe6335-d29c-478f-986b-eb228db115ea\"},{\"alignment\":\"left\",\"columnId\":\"f9fb320f-2485-437e-9c05-3a0f4ecf7d83\"}],\"headerRowHeight\":\"single\",\"layerId\":\"5ef7cf84-7e34-4c90-afe6-2a3bc54f9e62\",\"layerType\":\"data\",\"paging\":{\"enabled\":true,\"size\":10},\"rowHeight\":\"single\"}},\"title\":\"Users Deleted - Table [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":16,\"i\":\"7\",\"w\":9,\"x\":18,\"y\":56},\"panelIndex\":\"7\",\"title\":\"Users Deleted - Table [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-f8300e3b-29eb-46f6-a509-9bd4b4b2f8ec\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"8726b1f3-6de9-4d3f-8ac6-c47b378bdcb2\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"f8300e3b-29eb-46f6-a509-9bd4b4b2f8ec\":{\"columnOrder\":[\"f37acc2c-0fae-4670-a434-0c939124f9d3\",\"16cddd4c-69d4-479a-9f57-81916e475839\",\"fdfaf51d-5ab4-4259-bed8-3453117d62d2\",\"c5a8f9ae-5f3a-446e-bfa8-9ed3a003e806\"],\"columns\":{\"16cddd4c-69d4-479a-9f57-81916e475839\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performed by\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":true,\"orderBy\":{\"columnId\":\"c5a8f9ae-5f3a-446e-bfa8-9ed3a003e806\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.SubjectUserName\"},\"c5a8f9ae-5f3a-446e-bfa8-9ed3a003e806\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"f37acc2c-0fae-4670-a434-0c939124f9d3\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Password Change to\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"c5a8f9ae-5f3a-446e-bfa8-9ed3a003e806\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":100},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.TargetUserName\"},\"fdfaf51d-5ab4-4259-bed8-3453117d62d2\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performer LogonId\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"c5a8f9ae-5f3a-446e-bfa8-9ed3a003e806\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.logon.id\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"8726b1f3-6de9-4d3f-8ac6-c47b378bdcb2\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4723\",\"4724\"],\"type\":\"phrases\",\"value\":\"4723, 4724\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4723\"}},{\"match_phrase\":{\"event.code\":\"4724\"}}]}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"alignment\":\"left\",\"columnId\":\"c5a8f9ae-5f3a-446e-bfa8-9ed3a003e806\"},{\"alignment\":\"left\",\"columnId\":\"f37acc2c-0fae-4670-a434-0c939124f9d3\"},{\"alignment\":\"left\",\"columnId\":\"16cddd4c-69d4-479a-9f57-81916e475839\"},{\"alignment\":\"left\",\"columnId\":\"fdfaf51d-5ab4-4259-bed8-3453117d62d2\"}],\"headerRowHeight\":\"single\",\"layerId\":\"f8300e3b-29eb-46f6-a509-9bd4b4b2f8ec\",\"layerType\":\"data\",\"paging\":{\"enabled\":true,\"size\":10},\"rowHeight\":\"single\"}},\"title\":\"Users Password Changes - Table [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":16,\"i\":\"9\",\"w\":9,\"x\":18,\"y\":79},\"panelIndex\":\"9\",\"title\":\"Users Password Changes - Table [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-8ee3da48-29cf-4b5a-b9be-ede6e7f10f54\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"6d7d0e01-edd7-4907-a80b-65abcdd357ca\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"8ee3da48-29cf-4b5a-b9be-ede6e7f10f54\":{\"columnOrder\":[\"26403b58-b2fb-4a4a-b3dc-8f139025201f\",\"ee0bc81c-2c6e-4b5a-852f-9fe72e955c8e\",\"66edd873-c5e9-4ef2-86d2-eccb01b242fe\",\"1a82fe58-0eee-4ebc-844d-8e2360ec9564\"],\"columns\":{\"1a82fe58-0eee-4ebc-844d-8e2360ec9564\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"26403b58-b2fb-4a4a-b3dc-8f139025201f\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Unlocked User\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"1a82fe58-0eee-4ebc-844d-8e2360ec9564\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":100},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.TargetUserName\"},\"66edd873-c5e9-4ef2-86d2-eccb01b242fe\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performer Logonid\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"1a82fe58-0eee-4ebc-844d-8e2360ec9564\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.logon.id\"},\"ee0bc81c-2c6e-4b5a-852f-9fe72e955c8e\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performed by\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":true,\"orderBy\":{\"columnId\":\"1a82fe58-0eee-4ebc-844d-8e2360ec9564\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.SubjectUserName\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"6d7d0e01-edd7-4907-a80b-65abcdd357ca\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4767\"},\"type\":\"phrase\",\"value\":\"4767\"},\"query\":{\"match\":{\"event.code\":{\"query\":\"4767\",\"type\":\"phrase\"}}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"alignment\":\"left\",\"columnId\":\"1a82fe58-0eee-4ebc-844d-8e2360ec9564\"},{\"alignment\":\"left\",\"columnId\":\"26403b58-b2fb-4a4a-b3dc-8f139025201f\"},{\"alignment\":\"left\",\"columnId\":\"ee0bc81c-2c6e-4b5a-852f-9fe72e955c8e\"},{\"alignment\":\"left\",\"columnId\":\"66edd873-c5e9-4ef2-86d2-eccb01b242fe\"}],\"headerRowHeight\":\"single\",\"layerId\":\"8ee3da48-29cf-4b5a-b9be-ede6e7f10f54\",\"layerType\":\"data\",\"paging\":{\"enabled\":true,\"size\":10},\"rowHeight\":\"single\"}},\"title\":\"Unlocked Users - Table [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":16,\"i\":\"15\",\"w\":9,\"x\":9,\"y\":79},\"panelIndex\":\"15\",\"title\":\"Unlocked Users - Table [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-5ffb434e-0578-45fe-bbc8-01893ae2f867\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"d72b2685-a2ee-4c6d-bf7f-70cdfad9817e\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"5ffb434e-0578-45fe-bbc8-01893ae2f867\":{\"columnOrder\":[\"b940e43a-bfed-494b-aae4-9740335da997\",\"0ba64458-1a5b-4ecb-a4b6-254ea4b1549d\",\"0b36b00a-d3af-48ae-a9d8-3099d1de0808\",\"084148b6-cc9b-4a3c-9609-d4c109703dab\"],\"columns\":{\"084148b6-cc9b-4a3c-9609-d4c109703dab\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"0b36b00a-d3af-48ae-a9d8-3099d1de0808\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performer LogonId\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"084148b6-cc9b-4a3c-9609-d4c109703dab\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.logon.id\"},\"0ba64458-1a5b-4ecb-a4b6-254ea4b1549d\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performed by\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":true,\"orderBy\":{\"columnId\":\"084148b6-cc9b-4a3c-9609-d4c109703dab\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.SubjectUserName\"},\"b940e43a-bfed-494b-aae4-9740335da997\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Changed  User\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"084148b6-cc9b-4a3c-9609-d4c109703dab\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":100},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.TargetUserName\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"d72b2685-a2ee-4c6d-bf7f-70cdfad9817e\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4738\"},\"type\":\"phrase\",\"value\":\"4738\"},\"query\":{\"match\":{\"event.code\":{\"query\":\"4738\",\"type\":\"phrase\"}}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"alignment\":\"left\",\"columnId\":\"084148b6-cc9b-4a3c-9609-d4c109703dab\"},{\"alignment\":\"left\",\"columnId\":\"b940e43a-bfed-494b-aae4-9740335da997\"},{\"alignment\":\"left\",\"columnId\":\"0ba64458-1a5b-4ecb-a4b6-254ea4b1549d\"},{\"alignment\":\"left\",\"columnId\":\"0b36b00a-d3af-48ae-a9d8-3099d1de0808\"}],\"headerRowHeight\":\"single\",\"layerId\":\"5ffb434e-0578-45fe-bbc8-01893ae2f867\",\"layerType\":\"data\",\"paging\":{\"enabled\":true,\"size\":10},\"rowHeight\":\"single\"}},\"title\":\"Users Changes  Table [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":16,\"i\":\"16\",\"w\":9,\"x\":18,\"y\":102},\"panelIndex\":\"16\",\"title\":\"Users Changes  Table [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-7868e85e-6ff2-4087-8bd9-7d22da031e24\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"84460bff-f94b-4d8b-a166-5ab188df891c\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"7868e85e-6ff2-4087-8bd9-7d22da031e24\":{\"columnOrder\":[\"f86a3e5c-b673-412a-8120-5c018f5d9d53\",\"5a4bcb3b-926f-4881-8390-ce37adfbe392\",\"a5cf5fe1-7ab1-4be7-83d3-0639e59f6594\",\"c2fd7b5a-2f4c-4d52-93af-1c56873b255b\"],\"columns\":{\"5a4bcb3b-926f-4881-8390-ce37adfbe392\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performed by\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":true,\"orderBy\":{\"columnId\":\"c2fd7b5a-2f4c-4d52-93af-1c56873b255b\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.SubjectUserName\"},\"a5cf5fe1-7ab1-4be7-83d3-0639e59f6594\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performer LogonId\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"c2fd7b5a-2f4c-4d52-93af-1c56873b255b\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.logon.id\"},\"c2fd7b5a-2f4c-4d52-93af-1c56873b255b\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"f86a3e5c-b673-412a-8120-5c018f5d9d53\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Locked  User\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"c2fd7b5a-2f4c-4d52-93af-1c56873b255b\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":100},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.TargetUserName\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"84460bff-f94b-4d8b-a166-5ab188df891c\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4740\"},\"type\":\"phrase\",\"value\":\"4740\"},\"query\":{\"match\":{\"event.code\":{\"query\":\"4740\",\"type\":\"phrase\"}}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"alignment\":\"left\",\"columnId\":\"c2fd7b5a-2f4c-4d52-93af-1c56873b255b\"},{\"alignment\":\"left\",\"columnId\":\"f86a3e5c-b673-412a-8120-5c018f5d9d53\"},{\"alignment\":\"left\",\"columnId\":\"5a4bcb3b-926f-4881-8390-ce37adfbe392\"},{\"alignment\":\"left\",\"columnId\":\"a5cf5fe1-7ab1-4be7-83d3-0639e59f6594\"}],\"headerRowHeight\":\"single\",\"layerId\":\"7868e85e-6ff2-4087-8bd9-7d22da031e24\",\"layerType\":\"data\",\"paging\":{\"enabled\":true,\"size\":10},\"rowHeight\":\"single\"}},\"title\":\"Users Locked Out - Table [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":16,\"i\":\"20\",\"w\":9,\"x\":0,\"y\":102},\"panelIndex\":\"20\",\"title\":\"Users Locked Out - Table [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":46,\"i\":\"22\",\"w\":21,\"x\":27,\"y\":72},\"panelIndex\":\"22\",\"panelRefName\":\"panel_22\",\"type\":\"search\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":19,\"i\":\"23\",\"w\":48,\"x\":0,\"y\":118},\"panelIndex\":\"23\",\"panelRefName\":\"panel_23\",\"type\":\"search\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-c613d393-dc99-42e4-a4f0-afb124b56634\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"642679d4-cdd9-44fe-9723-862f94ee2256\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"c613d393-dc99-42e4-a4f0-afb124b56634\":{\"columnOrder\":[\"1d812881-c1ba-4b91-825c-8dc3d2fe9ad2\",\"b6315fb5-2e5c-42f1-bfe6-92404796792e\",\"82c2bda9-7f77-4546-a167-2c008532e954\",\"0485c61c-fd61-463a-9b15-bacb6243a85a\"],\"columns\":{\"0485c61c-fd61-463a-9b15-bacb6243a85a\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"1d812881-c1ba-4b91-825c-8dc3d2fe9ad2\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Old User Name\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0485c61c-fd61-463a-9b15-bacb6243a85a\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":100},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.OldTargetUserName\"},\"82c2bda9-7f77-4546-a167-2c008532e954\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performer LogonId\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0485c61c-fd61-463a-9b15-bacb6243a85a\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.logon.id\"},\"b6315fb5-2e5c-42f1-bfe6-92404796792e\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performed by\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":true,\"orderBy\":{\"columnId\":\"0485c61c-fd61-463a-9b15-bacb6243a85a\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.SubjectUserName\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"642679d4-cdd9-44fe-9723-862f94ee2256\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4781\"},\"type\":\"phrase\",\"value\":\"4781\"},\"query\":{\"match\":{\"event.code\":{\"query\":\"4781\",\"type\":\"phrase\"}}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"alignment\":\"left\",\"columnId\":\"0485c61c-fd61-463a-9b15-bacb6243a85a\"},{\"alignment\":\"left\",\"columnId\":\"1d812881-c1ba-4b91-825c-8dc3d2fe9ad2\"},{\"alignment\":\"left\",\"columnId\":\"b6315fb5-2e5c-42f1-bfe6-92404796792e\"},{\"alignment\":\"left\",\"columnId\":\"82c2bda9-7f77-4546-a167-2c008532e954\"}],\"headerRowHeight\":\"single\",\"layerId\":\"c613d393-dc99-42e4-a4f0-afb124b56634\",\"layerType\":\"data\",\"paging\":{\"enabled\":true,\"size\":10},\"rowHeight\":\"single\"}},\"title\":\"Users Renamed - Table [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":16,\"i\":\"33\",\"w\":9,\"x\":9,\"y\":102},\"panelIndex\":\"33\",\"title\":\"Users Renamed - Table [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"[Windows Overview](#/dashboard/system-Windows-Dashboard) | [User Logon Information](#/dashboard/system-bae11b00-9bfc-11ea-87e4-49f31ec44891) |  [Logon Failed and Account Lockout](#/dashboard/system-d401ef40-a7d5-11e9-a422-d144027429da) | **User Management Events** | [Group Management Events](#/dashboard/system-bb858830-f412-11e9-8405-516218e3d268)\",\"openLinksInNewTab\":false},\"title\":\"Dashboard links  [Windows System Security]\",\"type\":\"markdown\",\"uiState\":{}}},\"gridData\":{\"h\":8,\"i\":\"cf0adfac-7cf2-479d-8ddb-1edeee62d37c\",\"w\":31,\"x\":17,\"y\":0},\"panelIndex\":\"cf0adfac-7cf2-479d-8ddb-1edeee62d37c\",\"title\":\"\",\"type\":\"visualization\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-5cfa8804-5c32-451e-a9ef-ab4f2f5ea013\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"1cdd7bfd-1207-485b-9fbc-a80cafd98b00\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"5cfa8804-5c32-451e-a9ef-ab4f2f5ea013\":{\"columnOrder\":[\"ee354f1a-af8f-47d5-9e55-7500ff35589a\",\"e66adfc6-a434-4665-93ad-34ccded647c7\"],\"columns\":{\"e66adfc6-a434-4665-93ad-34ccded647c7\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"ee354f1a-af8f-47d5-9e55-7500ff35589a\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"event.action: Descending\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e66adfc6-a434-4665-93ad-34ccded647c7\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":15},\"scale\":\"ordinal\",\"sourceField\":\"event.action\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"1cdd7bfd-1207-485b-9fbc-a80cafd98b00\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4720\",\"4722\",\"4723\",\"4724\",\"4725\",\"4726\",\"4738\",\"4740\",\"4767\",\"4781\",\"4798\"],\"type\":\"phrases\",\"value\":\"4720, 4722, 4723, 4724, 4725, 4726, 4738, 4740, 4767, 4781, 4798\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4720\"}},{\"match_phrase\":{\"event.code\":\"4722\"}},{\"match_phrase\":{\"event.code\":\"4723\"}},{\"match_phrase\":{\"event.code\":\"4724\"}},{\"match_phrase\":{\"event.code\":\"4725\"}},{\"match_phrase\":{\"event.code\":\"4726\"}},{\"match_phrase\":{\"event.code\":\"4738\"}},{\"match_phrase\":{\"event.code\":\"4740\"}},{\"match_phrase\":{\"event.code\":\"4767\"}},{\"match_phrase\":{\"event.code\":\"4781\"}},{\"match_phrase\":{\"event.code\":\"4798\"}}]}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"hide\",\"emptySizeRatio\":0.3,\"layerId\":\"5cfa8804-5c32-451e-a9ef-ab4f2f5ea013\",\"layerType\":\"data\",\"legendDisplay\":\"hide\",\"legendMaxLines\":1,\"legendPosition\":\"right\",\"legendSize\":\"auto\",\"metrics\":[\"e66adfc6-a434-4665-93ad-34ccded647c7\"],\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"percentDecimals\":2,\"primaryGroups\":[\"ee354f1a-af8f-47d5-9e55-7500ff35589a\"],\"secondaryGroups\":[],\"showValuesInLegend\":true,\"truncateLegend\":true}],\"shape\":\"pie\"}},\"title\":\"User Management Actions [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":16,\"i\":\"a2871661-98a8-489b-b615-e66ebe3b971a\",\"w\":17,\"x\":0,\"y\":8},\"panelIndex\":\"a2871661-98a8-489b-b615-e66ebe3b971a\",\"title\":\"User Management Actions [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-49665402-a64a-44e2-b251-976e50a5c030\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"7e29a9cf-64d5-426d-b6aa-8808264a7496\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"49665402-a64a-44e2-b251-976e50a5c030\":{\"columnOrder\":[\"03dfb72e-e140-48d0-8b6b-0dd7253a1f61\",\"fb36a279-27ac-4814-ae98-a5864704ff3a\",\"050b0eae-08cf-44a4-be0e-fd22d216cdff\"],\"columns\":{\"03dfb72e-e140-48d0-8b6b-0dd7253a1f61\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"event.action\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"050b0eae-08cf-44a4-be0e-fd22d216cdff\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":25},\"scale\":\"ordinal\",\"sourceField\":\"event.action\"},\"050b0eae-08cf-44a4-be0e-fd22d216cdff\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"fb36a279-27ac-4814-ae98-a5864704ff3a\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"event.code\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"050b0eae-08cf-44a4-be0e-fd22d216cdff\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"event.code\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"7e29a9cf-64d5-426d-b6aa-8808264a7496\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4720\",\"4722\",\"4723\",\"4724\",\"4725\",\"4726\",\"4738\",\"4740\",\"4767\",\"4781\",\"4798\"],\"type\":\"phrases\",\"value\":\"4720, 4722, 4723, 4724, 4725, 4726, 4738, 4740, 4767, 4781, 4798\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4720\"}},{\"match_phrase\":{\"event.code\":\"4722\"}},{\"match_phrase\":{\"event.code\":\"4723\"}},{\"match_phrase\":{\"event.code\":\"4724\"}},{\"match_phrase\":{\"event.code\":\"4725\"}},{\"match_phrase\":{\"event.code\":\"4726\"}},{\"match_phrase\":{\"event.code\":\"4738\"}},{\"match_phrase\":{\"event.code\":\"4740\"}},{\"match_phrase\":{\"event.code\":\"4767\"}},{\"match_phrase\":{\"event.code\":\"4781\"}},{\"match_phrase\":{\"event.code\":\"4798\"}}]}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"},\"visualization\":{\"columns\":[{\"alignment\":\"left\",\"columnId\":\"050b0eae-08cf-44a4-be0e-fd22d216cdff\"},{\"alignment\":\"left\",\"columnId\":\"03dfb72e-e140-48d0-8b6b-0dd7253a1f61\"},{\"alignment\":\"left\",\"columnId\":\"fb36a279-27ac-4814-ae98-a5864704ff3a\"}],\"headerRowHeight\":\"single\",\"layerId\":\"49665402-a64a-44e2-b251-976e50a5c030\",\"layerType\":\"data\",\"paging\":{\"enabled\":true,\"size\":10},\"rowHeight\":\"single\"}},\"title\":\"User Event Actions - Table [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":16,\"i\":\"dd3e12e6-0d3c-448e-b0c4-91f7dc8742b6\",\"w\":13,\"x\":17,\"y\":8},\"panelIndex\":\"dd3e12e6-0d3c-448e-b0c4-91f7dc8742b6\",\"title\":\"User Event Actions - Table [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-e1805dcb-7ae9-4b50-b201-34f1337a8c57\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"e1805dcb-7ae9-4b50-b201-34f1337a8c57\":{\"columnOrder\":[\"d5bb0346-b16f-44ab-b12a-78b0e2c2758d\",\"8571440b-0b36-4565-9f37-e06df2d69b01\"],\"columns\":{\"8571440b-0b36-4565-9f37-e06df2d69b01\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"d5bb0346-b16f-44ab-b12a-78b0e2c2758d\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Target Users\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"8571440b-0b36-4565-9f37-e06df2d69b01\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.TargetUserName\"}},\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"8571440b-0b36-4565-9f37-e06df2d69b01\"],\"layerId\":\"e1805dcb-7ae9-4b50-b201-34f1337a8c57\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"xAccessor\":\"d5bb0346-b16f-44ab-b12a-78b0e2c2758d\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_horizontal\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":16,\"i\":\"44697eb7-bb8e-4994-9e1b-95599f1b994a\",\"w\":18,\"x\":30,\"y\":8},\"panelIndex\":\"44697eb7-bb8e-4994-9e1b-95599f1b994a\",\"title\":\"Target Users [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-81502bd7-7787-49aa-a890-24912feb1796\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"2434c52c-2206-4a9f-9d0c-c4d6ec7b7854\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"81502bd7-7787-49aa-a890-24912feb1796\":{\"columnOrder\":[\"15718d57-7630-4e2e-95c2-e54ed6194206\",\"bcc8b6f9-e162-4212-a450-0767191d1022\",\"cbf854c1-cf1f-42b9-a300-45c58996aadb\"],\"columns\":{\"15718d57-7630-4e2e-95c2-e54ed6194206\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Target User\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"cbf854c1-cf1f-42b9-a300-45c58996aadb\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":20},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.TargetUserName\"},\"bcc8b6f9-e162-4212-a450-0767191d1022\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"event.action: Descending\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"cbf854c1-cf1f-42b9-a300-45c58996aadb\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"event.action\"},\"cbf854c1-cf1f-42b9-a300-45c58996aadb\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"2434c52c-2206-4a9f-9d0c-c4d6ec7b7854\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4720\",\"4722\",\"4723\",\"4724\",\"4725\",\"4726\",\"4738\",\"4740\",\"4767\",\"4781\",\"4798\"],\"type\":\"phrases\",\"value\":\"4720, 4722, 4723, 4724, 4725, 4726, 4738, 4740, 4767, 4781, 4798\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4720\"}},{\"match_phrase\":{\"event.code\":\"4722\"}},{\"match_phrase\":{\"event.code\":\"4723\"}},{\"match_phrase\":{\"event.code\":\"4724\"}},{\"match_phrase\":{\"event.code\":\"4725\"}},{\"match_phrase\":{\"event.code\":\"4726\"}},{\"match_phrase\":{\"event.code\":\"4738\"}},{\"match_phrase\":{\"event.code\":\"4740\"}},{\"match_phrase\":{\"event.code\":\"4767\"}},{\"match_phrase\":{\"event.code\":\"4781\"}},{\"match_phrase\":{\"event.code\":\"4798\"}}]}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"},\"visualization\":{\"gridConfig\":{\"isCellLabelVisible\":true,\"isXAxisLabelVisible\":true,\"isXAxisTitleVisible\":true,\"isYAxisLabelVisible\":true,\"isYAxisTitleVisible\":true,\"type\":\"heatmap_grid\"},\"layerId\":\"81502bd7-7787-49aa-a890-24912feb1796\",\"layerType\":\"data\",\"legend\":{\"position\":\"right\",\"type\":\"heatmap_legend\"},\"palette\":{\"accessor\":\"cbf854c1-cf1f-42b9-a300-45c58996aadb\",\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#F7FBFF\",\"stop\":0},{\"color\":\"#C3DBEE\",\"stop\":25},{\"color\":\"#6DAED5\",\"stop\":50},{\"color\":\"#2271B3\",\"stop\":75}],\"continuity\":\"none\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":100,\"rangeMin\":0,\"rangeType\":\"percent\",\"reverse\":false,\"stops\":[{\"color\":\"#F7FBFF\",\"stop\":25},{\"color\":\"#C3DBEE\",\"stop\":50},{\"color\":\"#6DAED5\",\"stop\":75},{\"color\":\"#2271B3\",\"stop\":100}]},\"type\":\"palette\"},\"shape\":\"heatmap\",\"valueAccessor\":\"cbf854c1-cf1f-42b9-a300-45c58996aadb\",\"xAccessor\":\"15718d57-7630-4e2e-95c2-e54ed6194206\",\"yAccessor\":\"bcc8b6f9-e162-4212-a450-0767191d1022\"}},\"title\":\"User Management Events - Affected Users vs Actions - Heatmap [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsHeatmap\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":25,\"i\":\"29f54335-78db-4c49-a3e0-a641fd0099f6\",\"w\":48,\"x\":0,\"y\":24},\"panelIndex\":\"29f54335-78db-4c49-a3e0-a641fd0099f6\",\"title\":\"User Management Events - Affected Users vs Actions - Heatmap [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[],\"state\":{\"adHocDataViews\":{\"tsvb_ad_hoc_logs-*/@timestamp\":{\"allowNoIndex\":false,\"fieldAttrs\":{},\"fieldFormats\":{},\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"logs-*\",\"runtimeFieldMap\":{},\"sourceFilters\":[],\"timeFieldName\":\"@timestamp\",\"title\":\"logs-*\"}},\"datasourceStates\":{\"formBased\":{\"layers\":{\"d62110e5-9d90-412a-833a-3bb5da7f6693\":{\"columnOrder\":[\"f6c30a0d-83b4-4139-a669-5041c87cc19a\"],\"columns\":{\"f6c30a0d-83b4-4139-a669-5041c87cc19a\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"event.code: \\\"4720\\\"\"},\"isBucketed\":false,\"label\":\"Users Created\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[{\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"indexpattern-datasource-layer-d62110e5-9d90-412a-833a-3bb5da7f6693\",\"type\":\"index-pattern\"}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"f6c30a0d-83b4-4139-a669-5041c87cc19a\",\"colorMode\":\"Background\",\"layerId\":\"d62110e5-9d90-412a-833a-3bb5da7f6693\",\"layerType\":\"data\",\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#D0D0D0\",\"stop\":null},{\"color\":\"#cc5642\",\"stop\":0}],\"continuity\":\"all\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":null,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#D0D0D0\",\"stop\":0},{\"color\":\"#cc5642\",\"stop\":1}]},\"type\":\"palette\"}}},\"title\":\"TSVB visualization\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":7,\"i\":\"a6f12dd2-11fb-4039-8a8c-56b742a96e30\",\"w\":9,\"x\":0,\"y\":49},\"panelIndex\":\"a6f12dd2-11fb-4039-8a8c-56b742a96e30\",\"title\":\"\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[],\"state\":{\"adHocDataViews\":{\"tsvb_ad_hoc_logs-*/@timestamp\":{\"allowNoIndex\":false,\"fieldAttrs\":{},\"fieldFormats\":{},\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"logs-*\",\"runtimeFieldMap\":{},\"sourceFilters\":[],\"timeFieldName\":\"@timestamp\",\"title\":\"logs-*\"}},\"datasourceStates\":{\"formBased\":{\"layers\":{\"d62110e5-9d90-412a-833a-3bb5da7f6693\":{\"columnOrder\":[\"f6c30a0d-83b4-4139-a669-5041c87cc19a\"],\"columns\":{\"f6c30a0d-83b4-4139-a669-5041c87cc19a\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"event.code: \\\"4722\\\"\"},\"isBucketed\":false,\"label\":\"Users Enabled\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[{\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"indexpattern-datasource-layer-d62110e5-9d90-412a-833a-3bb5da7f6693\",\"type\":\"index-pattern\"}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"f6c30a0d-83b4-4139-a669-5041c87cc19a\",\"colorMode\":\"Background\",\"layerId\":\"d62110e5-9d90-412a-833a-3bb5da7f6693\",\"layerType\":\"data\",\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#D0D0D0\",\"stop\":null},{\"color\":\"#cc5642\",\"stop\":1}],\"continuity\":\"all\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":null,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#D0D0D0\",\"stop\":1},{\"color\":\"#cc5642\",\"stop\":2}]},\"type\":\"palette\"}}},\"title\":\"TSVB visualization\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":7,\"i\":\"39724444-251e-480d-b5f2-642362f8929e\",\"w\":9,\"x\":9,\"y\":49},\"panelIndex\":\"39724444-251e-480d-b5f2-642362f8929e\",\"title\":\"\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[],\"state\":{\"adHocDataViews\":{\"tsvb_ad_hoc_logs-*/@timestamp\":{\"allowNoIndex\":false,\"fieldAttrs\":{},\"fieldFormats\":{},\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"logs-*\",\"runtimeFieldMap\":{},\"sourceFilters\":[],\"timeFieldName\":\"@timestamp\",\"title\":\"logs-*\"}},\"datasourceStates\":{\"formBased\":{\"layers\":{\"53b82494-6fb7-47b6-8d8d-dd3fcb3b89ed\":{\"columnOrder\":[\"b54a4942-5808-4c83-b3ea-50406c4199ef\"],\"columns\":{\"b54a4942-5808-4c83-b3ea-50406c4199ef\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"event.code: \\\"4726\\\"\"},\"isBucketed\":false,\"label\":\"Users Deleted\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[{\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"indexpattern-datasource-layer-53b82494-6fb7-47b6-8d8d-dd3fcb3b89ed\",\"type\":\"index-pattern\"}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"b54a4942-5808-4c83-b3ea-50406c4199ef\",\"colorMode\":\"Background\",\"layerId\":\"53b82494-6fb7-47b6-8d8d-dd3fcb3b89ed\",\"layerType\":\"data\",\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#D0D0D0\",\"stop\":null},{\"color\":\"#DA8B45\",\"stop\":1}],\"continuity\":\"all\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":null,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#D0D0D0\",\"stop\":1},{\"color\":\"#DA8B45\",\"stop\":2}]},\"type\":\"palette\"}}},\"title\":\"TSVB visualization\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":7,\"i\":\"9fdcbd20-59e6-4fd2-bc0a-72b0daaee79e\",\"w\":9,\"x\":18,\"y\":49},\"panelIndex\":\"9fdcbd20-59e6-4fd2-bc0a-72b0daaee79e\",\"title\":\"\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-f948c2c2-e83b-4f32-aaab-acb740cf74e3\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"9863d407-89f7-419e-ac97-2dd548e76e0b\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"f948c2c2-e83b-4f32-aaab-acb740cf74e3\":{\"columnOrder\":[\"11ccc892-90c4-4cfa-9c5e-821d584dabcc\",\"d8077715-92a4-46cb-8baa-471f429e0fd4\",\"2915bf68-6254-470e-b565-bf1597c1d345\"],\"columns\":{\"11ccc892-90c4-4cfa-9c5e-821d584dabcc\":{\"customLabel\":true,\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":false,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"2915bf68-6254-470e-b565-bf1597c1d345\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"d8077715-92a4-46cb-8baa-471f429e0fd4\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"event.action: Descending\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"2915bf68-6254-470e-b565-bf1597c1d345\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":15},\"scale\":\"ordinal\",\"sourceField\":\"event.action\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"9863d407-89f7-419e-ac97-2dd548e76e0b\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4720\",\"4722\",\"4723\",\"4724\",\"4725\",\"4726\",\"4738\",\"4740\",\"4767\",\"4781\",\"4798\"],\"type\":\"phrases\",\"value\":\"4720, 4722, 4723, 4724, 4725, 4726, 4738, 4740, 4767, 4781, 4798\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4720\"}},{\"match_phrase\":{\"event.code\":\"4722\"}},{\"match_phrase\":{\"event.code\":\"4723\"}},{\"match_phrase\":{\"event.code\":\"4724\"}},{\"match_phrase\":{\"event.code\":\"4725\"}},{\"match_phrase\":{\"event.code\":\"4726\"}},{\"match_phrase\":{\"event.code\":\"4738\"}},{\"match_phrase\":{\"event.code\":\"4740\"}},{\"match_phrase\":{\"event.code\":\"4767\"}},{\"match_phrase\":{\"event.code\":\"4781\"}},{\"match_phrase\":{\"event.code\":\"4798\"}}]}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"curveType\":\"LINEAR\",\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":-90},\"layers\":[{\"accessors\":[\"2915bf68-6254-470e-b565-bf1597c1d345\"],\"isHistogram\":true,\"layerId\":\"f948c2c2-e83b-4f32-aaab-acb740cf74e3\",\"layerType\":\"data\",\"seriesType\":\"bar_stacked\",\"simpleView\":false,\"splitAccessor\":\"d8077715-92a4-46cb-8baa-471f429e0fd4\",\"xAccessor\":\"11ccc892-90c4-4cfa-9c5e-821d584dabcc\",\"xScaleType\":\"time\",\"yConfig\":[{\"axisMode\":\"left\",\"forAccessor\":\"2915bf68-6254-470e-b565-bf1597c1d345\"}]}],\"legend\":{\"isVisible\":true,\"legendSize\":\"auto\",\"maxLines\":1,\"position\":\"right\",\"shouldTruncate\":true,\"showSingleSeries\":true},\"preferredSeriesType\":\"bar_stacked\",\"showCurrentTimeMarker\":false,\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"valuesInLegend\":false,\"yLeftExtent\":{\"enforce\":true,\"mode\":\"full\"},\"yLeftScale\":\"linear\",\"yRightScale\":\"linear\",\"yTitle\":\"Count\"}},\"title\":\"Event Distribution in time [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":23,\"i\":\"1ec8b993-9ac1-4c7f-b7f7-5136f2e310aa\",\"w\":21,\"x\":27,\"y\":49},\"panelIndex\":\"1ec8b993-9ac1-4c7f-b7f7-5136f2e310aa\",\"title\":\"Event Distribution in time [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[],\"state\":{\"adHocDataViews\":{\"tsvb_ad_hoc_logs-*/@timestamp\":{\"allowNoIndex\":false,\"fieldAttrs\":{},\"fieldFormats\":{},\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"logs-*\",\"runtimeFieldMap\":{},\"sourceFilters\":[],\"timeFieldName\":\"@timestamp\",\"title\":\"logs-*\"}},\"datasourceStates\":{\"formBased\":{\"layers\":{\"4a1f13e9-c9c4-44b2-b9dc-ce205372ca10\":{\"columnOrder\":[\"64cc5931-61bd-44b8-b16c-5054d276ae0e\"],\"columns\":{\"64cc5931-61bd-44b8-b16c-5054d276ae0e\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"((data_stream.dataset:windows.security OR data_stream.dataset:system.security) AND event.code: \\\"4725\\\")\"},\"isBucketed\":false,\"label\":\"Users Disabled\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[{\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"indexpattern-datasource-layer-4a1f13e9-c9c4-44b2-b9dc-ce205372ca10\",\"type\":\"index-pattern\"}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"64cc5931-61bd-44b8-b16c-5054d276ae0e\",\"colorMode\":\"Background\",\"layerId\":\"4a1f13e9-c9c4-44b2-b9dc-ce205372ca10\",\"layerType\":\"data\",\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#D0D0D0\",\"stop\":null},{\"color\":\"#209280\",\"stop\":1}],\"continuity\":\"all\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":null,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#D0D0D0\",\"stop\":1},{\"color\":\"#209280\",\"stop\":2}]},\"type\":\"palette\"}}},\"title\":\"TSVB visualization\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":7,\"i\":\"bd1b0e6a-ed99-423d-8a51-29456ec74e0e\",\"w\":9,\"x\":0,\"y\":72},\"panelIndex\":\"bd1b0e6a-ed99-423d-8a51-29456ec74e0e\",\"title\":\"\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[],\"state\":{\"adHocDataViews\":{\"tsvb_ad_hoc_logs-*/@timestamp\":{\"allowNoIndex\":false,\"fieldAttrs\":{},\"fieldFormats\":{},\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"logs-*\",\"runtimeFieldMap\":{},\"sourceFilters\":[],\"timeFieldName\":\"@timestamp\",\"title\":\"logs-*\"}},\"datasourceStates\":{\"formBased\":{\"layers\":{\"f0a07f86-9bd8-4a78-a711-4a9e7addd049\":{\"columnOrder\":[\"f98f0911-786f-45d8-a808-8c2f20f07313\"],\"columns\":{\"f98f0911-786f-45d8-a808-8c2f20f07313\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"event.code: \\\"4767\\\"\"},\"isBucketed\":false,\"label\":\"Users Unlocks\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[{\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"indexpattern-datasource-layer-f0a07f86-9bd8-4a78-a711-4a9e7addd049\",\"type\":\"index-pattern\"}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"f98f0911-786f-45d8-a808-8c2f20f07313\",\"colorMode\":\"Background\",\"layerId\":\"f0a07f86-9bd8-4a78-a711-4a9e7addd049\",\"layerType\":\"data\",\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#D0D0D0\",\"stop\":null},{\"color\":\"#209280\",\"stop\":1}],\"continuity\":\"all\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":null,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#D0D0D0\",\"stop\":1},{\"color\":\"#209280\",\"stop\":2}]},\"type\":\"palette\"}}},\"title\":\"TSVB visualization\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":7,\"i\":\"16030d60-0638-4c98-8bc5-0d8c4bf43a0c\",\"w\":9,\"x\":9,\"y\":72},\"panelIndex\":\"16030d60-0638-4c98-8bc5-0d8c4bf43a0c\",\"title\":\"\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[],\"state\":{\"adHocDataViews\":{\"tsvb_ad_hoc_logs-*/@timestamp\":{\"allowNoIndex\":false,\"fieldAttrs\":{},\"fieldFormats\":{},\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"logs-*\",\"runtimeFieldMap\":{},\"sourceFilters\":[],\"timeFieldName\":\"@timestamp\",\"title\":\"logs-*\"}},\"datasourceStates\":{\"formBased\":{\"layers\":{\"71d71f2b-1120-4e6e-b3cf-c5dc99a1860f\":{\"columnOrder\":[\"101426f1-a447-42fb-8a21-203065dd42c5\"],\"columns\":{\"101426f1-a447-42fb-8a21-203065dd42c5\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"event.code: \\\"4723\\\"  OR event.code: \\\"4724\\\"\"},\"isBucketed\":false,\"label\":\"Password Changes/Reset\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[{\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"indexpattern-datasource-layer-71d71f2b-1120-4e6e-b3cf-c5dc99a1860f\",\"type\":\"index-pattern\"}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"101426f1-a447-42fb-8a21-203065dd42c5\",\"colorMode\":\"Background\",\"layerId\":\"71d71f2b-1120-4e6e-b3cf-c5dc99a1860f\",\"layerType\":\"data\",\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#D0D0D0\",\"stop\":null},{\"color\":\"#d6bf57\",\"stop\":1}],\"continuity\":\"all\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":null,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#D0D0D0\",\"stop\":1},{\"color\":\"#d6bf57\",\"stop\":2}]},\"type\":\"palette\"}}},\"title\":\"TSVB visualization\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":7,\"i\":\"9c593d0d-c730-4277-ae74-ac3134055800\",\"w\":9,\"x\":18,\"y\":72},\"panelIndex\":\"9c593d0d-c730-4277-ae74-ac3134055800\",\"title\":\"\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[],\"state\":{\"adHocDataViews\":{\"tsvb_ad_hoc_logs-*/@timestamp\":{\"allowNoIndex\":false,\"fieldAttrs\":{},\"fieldFormats\":{},\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"logs-*\",\"runtimeFieldMap\":{},\"sourceFilters\":[],\"timeFieldName\":\"@timestamp\",\"title\":\"logs-*\"}},\"datasourceStates\":{\"formBased\":{\"layers\":{\"afbadb03-16b7-407f-af63-f2e4a851e785\":{\"columnOrder\":[\"1094c3d6-772d-435d-b002-698f1320d162\"],\"columns\":{\"1094c3d6-772d-435d-b002-698f1320d162\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"((data_stream.dataset:windows.security OR data_stream.dataset:system.security) AND event.code: \\\"4740\\\")\"},\"isBucketed\":false,\"label\":\"Users Locked Out\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[{\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"indexpattern-datasource-layer-afbadb03-16b7-407f-af63-f2e4a851e785\",\"type\":\"index-pattern\"}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"1094c3d6-772d-435d-b002-698f1320d162\",\"colorMode\":\"Background\",\"layerId\":\"afbadb03-16b7-407f-af63-f2e4a851e785\",\"layerType\":\"data\",\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#D0D0D0\",\"stop\":null},{\"color\":\"#808080\",\"stop\":0}],\"continuity\":\"all\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":null,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#D0D0D0\",\"stop\":0},{\"color\":\"#808080\",\"stop\":1}]},\"type\":\"palette\"}}},\"title\":\"TSVB visualization\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":7,\"i\":\"0f1cf1e8-0798-464b-b18a-0dd1ae19d36f\",\"w\":9,\"x\":0,\"y\":95},\"panelIndex\":\"0f1cf1e8-0798-464b-b18a-0dd1ae19d36f\",\"title\":\"\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[],\"state\":{\"adHocDataViews\":{\"tsvb_ad_hoc_logs-*/@timestamp\":{\"allowNoIndex\":false,\"fieldAttrs\":{},\"fieldFormats\":{},\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"logs-*\",\"runtimeFieldMap\":{},\"sourceFilters\":[],\"timeFieldName\":\"@timestamp\",\"title\":\"logs-*\"}},\"datasourceStates\":{\"formBased\":{\"layers\":{\"92862cde-d2fe-4d8a-87ba-d2e86f3751c7\":{\"columnOrder\":[\"2a0b322c-fbee-472a-aea7-86cc0bb9a3e6\"],\"columns\":{\"2a0b322c-fbee-472a-aea7-86cc0bb9a3e6\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"event.code: \\\"4781\\\"\"},\"isBucketed\":false,\"label\":\"Users Renamed\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[{\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"indexpattern-datasource-layer-92862cde-d2fe-4d8a-87ba-d2e86f3751c7\",\"type\":\"index-pattern\"}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"2a0b322c-fbee-472a-aea7-86cc0bb9a3e6\",\"colorMode\":\"Background\",\"layerId\":\"92862cde-d2fe-4d8a-87ba-d2e86f3751c7\",\"layerType\":\"data\",\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#D0D0D0\",\"stop\":null},{\"color\":\"#808080\",\"stop\":1}],\"continuity\":\"all\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":null,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#D0D0D0\",\"stop\":1},{\"color\":\"#808080\",\"stop\":2}]},\"type\":\"palette\"}}},\"title\":\"TSVB visualization\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":7,\"i\":\"ca7947ea-7c33-4ef7-acfb-51df31226ea0\",\"w\":9,\"x\":9,\"y\":95},\"panelIndex\":\"ca7947ea-7c33-4ef7-acfb-51df31226ea0\",\"title\":\"\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[],\"state\":{\"adHocDataViews\":{\"tsvb_ad_hoc_logs-*/@timestamp\":{\"allowNoIndex\":false,\"fieldAttrs\":{},\"fieldFormats\":{},\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"logs-*\",\"runtimeFieldMap\":{},\"sourceFilters\":[],\"timeFieldName\":\"@timestamp\",\"title\":\"logs-*\"}},\"datasourceStates\":{\"formBased\":{\"layers\":{\"f3ab0f05-2e4c-4794-a430-81d0f4f2585c\":{\"columnOrder\":[\"2c0aee5b-6685-49c3-8a07-4b4858303bdf\"],\"columns\":{\"2c0aee5b-6685-49c3-8a07-4b4858303bdf\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"event.code: \\\"4738\\\"\"},\"isBucketed\":false,\"label\":\"Users Changes\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[{\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"indexpattern-datasource-layer-f3ab0f05-2e4c-4794-a430-81d0f4f2585c\",\"type\":\"index-pattern\"}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"2c0aee5b-6685-49c3-8a07-4b4858303bdf\",\"colorMode\":\"Background\",\"layerId\":\"f3ab0f05-2e4c-4794-a430-81d0f4f2585c\",\"layerType\":\"data\",\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#D0D0D0\",\"stop\":null},{\"color\":\"#d6bf57\",\"stop\":1}],\"continuity\":\"all\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":null,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#D0D0D0\",\"stop\":1},{\"color\":\"#d6bf57\",\"stop\":2}]},\"type\":\"palette\"}}},\"title\":\"TSVB visualization\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":7,\"i\":\"38e91c86-1d3e-4342-b8cc-e95031dbf1b7\",\"w\":9,\"x\":18,\"y\":95},\"panelIndex\":\"38e91c86-1d3e-4342-b8cc-e95031dbf1b7\",\"title\":\"\",\"type\":\"lens\",\"version\":\"8.7.0\"}]","timeRestore":false,"title":"[System Windows Security] User Management Events","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"system-71f720f0-ff18-11e9-8405-516218e3d268","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"logs-*","name":"3:indexpattern-datasource-layer-2d2094c7-e57e-4a12-88ad-50291d81a64b","type":"index-pattern"},{"id":"logs-*","name":"3:ee7f0132-6cba-4ea8-80ea-50bddb3c588e","type":"index-pattern"},{"id":"logs-*","name":"5:indexpattern-datasource-layer-95473519-9e23-4ab1-acb8-3212f69ea3b5","type":"index-pattern"},{"id":"logs-*","name":"5:f8e3cf39-b76f-4658-af4f-c9c915ba6ba6","type":"index-pattern"},{"id":"logs-*","name":"6:indexpattern-datasource-layer-dc37e882-6f66-420e-a41d-17176340e1fc","type":"index-pattern"},{"id":"logs-*","name":"6:87383246-3af7-4da7-bf25-da8b92485bf4","type":"index-pattern"},{"id":"logs-*","name":"7:indexpattern-datasource-layer-5ef7cf84-7e34-4c90-afe6-2a3bc54f9e62","type":"index-pattern"},{"id":"logs-*","name":"7:2974422c-1f81-4077-9f55-a01a8b045f56","type":"index-pattern"},{"id":"logs-*","name":"9:indexpattern-datasource-layer-f8300e3b-29eb-46f6-a509-9bd4b4b2f8ec","type":"index-pattern"},{"id":"logs-*","name":"9:8726b1f3-6de9-4d3f-8ac6-c47b378bdcb2","type":"index-pattern"},{"id":"logs-*","name":"15:indexpattern-datasource-layer-8ee3da48-29cf-4b5a-b9be-ede6e7f10f54","type":"index-pattern"},{"id":"logs-*","name":"15:6d7d0e01-edd7-4907-a80b-65abcdd357ca","type":"index-pattern"},{"id":"logs-*","name":"16:indexpattern-datasource-layer-5ffb434e-0578-45fe-bbc8-01893ae2f867","type":"index-pattern"},{"id":"logs-*","name":"16:d72b2685-a2ee-4c6d-bf7f-70cdfad9817e","type":"index-pattern"},{"id":"logs-*","name":"20:indexpattern-datasource-layer-7868e85e-6ff2-4087-8bd9-7d22da031e24","type":"index-pattern"},{"id":"logs-*","name":"20:84460bff-f94b-4d8b-a166-5ab188df891c","type":"index-pattern"},{"id":"system-7e178c80-fee1-11e9-8405-516218e3d268","name":"22:panel_22","type":"search"},{"id":"system-324686c0-fefb-11e9-8405-516218e3d268","name":"23:panel_23","type":"search"},{"id":"logs-*","name":"33:indexpattern-datasource-layer-c613d393-dc99-42e4-a4f0-afb124b56634","type":"index-pattern"},{"id":"logs-*","name":"33:642679d4-cdd9-44fe-9723-862f94ee2256","type":"index-pattern"},{"id":"logs-*","name":"a2871661-98a8-489b-b615-e66ebe3b971a:indexpattern-datasource-layer-5cfa8804-5c32-451e-a9ef-ab4f2f5ea013","type":"index-pattern"},{"id":"logs-*","name":"a2871661-98a8-489b-b615-e66ebe3b971a:1cdd7bfd-1207-485b-9fbc-a80cafd98b00","type":"index-pattern"},{"id":"logs-*","name":"dd3e12e6-0d3c-448e-b0c4-91f7dc8742b6:indexpattern-datasource-layer-49665402-a64a-44e2-b251-976e50a5c030","type":"index-pattern"},{"id":"logs-*","name":"dd3e12e6-0d3c-448e-b0c4-91f7dc8742b6:7e29a9cf-64d5-426d-b6aa-8808264a7496","type":"index-pattern"},{"id":"logs-*","name":"44697eb7-bb8e-4994-9e1b-95599f1b994a:indexpattern-datasource-layer-e1805dcb-7ae9-4b50-b201-34f1337a8c57","type":"index-pattern"},{"id":"logs-*","name":"29f54335-78db-4c49-a3e0-a641fd0099f6:indexpattern-datasource-layer-81502bd7-7787-49aa-a890-24912feb1796","type":"index-pattern"},{"id":"logs-*","name":"29f54335-78db-4c49-a3e0-a641fd0099f6:2434c52c-2206-4a9f-9d0c-c4d6ec7b7854","type":"index-pattern"},{"id":"logs-*","name":"1ec8b993-9ac1-4c7f-b7f7-5136f2e310aa:indexpattern-datasource-layer-f948c2c2-e83b-4f32-aaab-acb740cf74e3","type":"index-pattern"},{"id":"logs-*","name":"1ec8b993-9ac1-4c7f-b7f7-5136f2e310aa:9863d407-89f7-419e-ac97-2dd548e76e0b","type":"index-pattern"},{"id":"system-fleet-managed-default","name":"tag-ref-system-fleet-managed-default","type":"tag"},{"id":"system-fleet-pkg-system-default","name":"tag-ref-system-fleet-pkg-system-default","type":"tag"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-system-default","name":"tag-ref-fleet-pkg-system-default","type":"tag"}],"sort":[1688154054424,8283],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4MzcsMV0="}
-{"attributes":{"columns":["event.action","user.name","related.user","user.domain","source.domain","source.ip","winlog.event_data.SubjectUserName"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4625\",\"4740\"],\"type\":\"phrases\",\"value\":\"4625, 4740\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4625\"}},{\"match_phrase\":{\"event.code\":\"4740\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"winlog.provider_name\",\"negate\":false,\"params\":{\"query\":\"Microsoft-Windows-Security-Auditing\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"winlog.provider_name\":\"Microsoft-Windows-Security-Auditing\"}}}],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"},\"version\":true}"},"sort":[["@timestamp","desc"]],"title":"3. Login Failed Details","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"system-757510b0-a87f-11e9-a422-d144027429da","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"system-fleet-managed-default","name":"tag-ref-system-fleet-managed-default","type":"tag"},{"id":"system-fleet-pkg-system-default","name":"tag-ref-system-fleet-pkg-system-default","type":"tag"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-system-default","name":"tag-ref-fleet-pkg-system-default","type":"tag"}],"sort":[1688154054424,8291],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4MzgsMV0="}
-{"attributes":{"description":"Overview of host metrics","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"version\":true}"},"optionsJSON":"{\"darkTheme\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"fcb53f5b-0e6b-41c8-ae1c-e2aafdeaff5a\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"fcb53f5b-0e6b-41c8-ae1c-e2aafdeaff5a\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"## Host overview\\n\\nTo select another host, either go back to [System Overview](#/dashboard/system-Metrics-system-overview) or select a host from the dropdown at the top below the search bar\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"System Navigation [Metrics System]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"6fd34c50-53a3-4919-b7c5-aba460f0fe6d\",\"w\":12,\"x\":36,\"y\":5},\"panelIndex\":\"6fd34c50-53a3-4919-b7c5-aba460f0fe6d\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.network\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.network\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"0e346760-1b92-11e7-bec4-a5e9ec5cab8b\"}],\"drop_last_bucket\":1,\"filter\":{\"language\":\"lucene\",\"query\":\"-system.network.name:l*\"},\"hide_last_value_indicator\":true,\"id\":\"0c761590-1b92-11e7-bec4-a5e9ec5cab8b\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"0c761591-1b92-11e7-bec4-a5e9ec5cab8b\",\"label\":\"Outbound Traffic\",\"line_width\":1,\"metrics\":[{\"field\":\"system.network.out.bytes\",\"id\":\"0c761592-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"max\"},{\"field\":\"0c761592-1b92-11e7-bec4-a5e9ec5cab8b\",\"id\":\"1d659060-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"derivative\",\"unit\":\"1s\"},{\"field\":\"1d659060-1b92-11e7-bec4-a5e9ec5cab8b\",\"id\":\"f2074f70-1b92-11e7-a416-41f5ccdba2e6\",\"type\":\"positive_only\",\"unit\":\"\"},{\"function\":\"sum\",\"id\":\"a1737470-2c55-11e7-a0ad-277ce466684d\",\"type\":\"series_agg\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"system.network.name\",\"time_range_mode\":\"entire_time_range\",\"value_template\":\"{{value}}/s\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"37f70440-1b92-11e7-bec4-a5e9ec5cab8b\",\"label\":\"Total Transferred\",\"line_width\":1,\"metrics\":[{\"field\":\"system.network.out.bytes\",\"id\":\"37f72b50-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"max\"},{\"field\":\"37f72b50-1b92-11e7-bec4-a5e9ec5cab8b\",\"id\":\"37f72b51-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"derivative\",\"unit\":\"\"},{\"field\":\"37f72b51-1b92-11e7-bec4-a5e9ec5cab8b\",\"id\":\"f9da2dd0-1b92-11e7-a416-41f5ccdba2e6\",\"type\":\"positive_only\",\"unit\":\"\"},{\"field\":\"f9da2dd0-1b92-11e7-a416-41f5ccdba2e6\",\"function\":\"overall_sum\",\"id\":\"3e63c2f0-1b92-11e7-bec4-a5e9ec5cab8b\",\"sigma\":\"\",\"type\":\"series_agg\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"system.network.name\",\"time_range_mode\":\"entire_time_range\",\"value_template\":\"{{value}}\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"last_value\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"metric\",\"use_kibana_indexes\":false},\"title\":\"\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Outbound Traffic [Metrics System]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"d0a6fc45-278c-427e-a440-eec3ec3ce367\",\"w\":12,\"x\":0,\"y\":5},\"panelIndex\":\"d0a6fc45-278c-427e-a440-eec3ec3ce367\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.cpu\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.cpu\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"system.cpu\\\"\"},\"gauge_color_rules\":[{\"gauge\":\"rgba(32,146,128,1)\",\"id\":\"4ef2c3b0-1b91-11e7-bec4-a5e9ec5cab8b\",\"operator\":\"gte\",\"value\":0},{\"gauge\":\"rgba(214,191,87,1)\",\"id\":\"e6561ae0-1b91-11e7-bec4-a5e9ec5cab8b\",\"operator\":\"gte\",\"value\":0.7},{\"gauge\":\"rgba(204,86,66,1)\",\"id\":\"ec655040-1b91-11e7-bec4-a5e9ec5cab8b\",\"operator\":\"gte\",\"value\":0.85},{\"gauge\":\"rgba(32,146,128,1)\",\"id\":\"860f8db7-6191-4519-8d2a-c51f2a95c2bc\",\"operator\":\"empty\",\"value\":null}],\"gauge_inner_width\":10,\"gauge_max\":\"1\",\"gauge_style\":\"half\",\"gauge_width\":10,\"hide_last_value_indicator\":true,\"id\":\"4c9e2550-1b91-11e7-bec4-a5e9ec5cab8b\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"percent\",\"id\":\"4c9e2551-1b91-11e7-bec4-a5e9ec5cab8b\",\"label\":\"CPU Usage\",\"line_width\":1,\"metrics\":[{\"field\":\"system.cpu.total.norm.pct\",\"id\":\"4c9e2552-1b91-11e7-bec4-a5e9ec5cab8b\",\"type\":\"avg\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"time_range_mode\":\"entire_time_range\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"last_value\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"gauge\",\"use_kibana_indexes\":false},\"title\":\"\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"CPU Usage Gauge [Metrics System]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"e50a72f5-160a-4694-8f44-2e6da666b90b\",\"w\":12,\"x\":12,\"y\":5},\"panelIndex\":\"e50a72f5-160a-4694-8f44-2e6da666b90b\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.memory\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.memory\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"system.memory\\\"\"},\"gauge_color_rules\":[{\"gauge\":\"rgba(32,146,128,1)\",\"id\":\"a0d522e0-1b91-11e7-bec4-a5e9ec5cab8b\",\"operator\":\"gte\",\"value\":0},{\"gauge\":\"rgba(214,191,87,1)\",\"id\":\"b45ad8f0-1b91-11e7-bec4-a5e9ec5cab8b\",\"operator\":\"gte\",\"value\":0.7},{\"gauge\":\"rgba(204,86,66,1)\",\"id\":\"c06e9550-1b91-11e7-bec4-a5e9ec5cab8b\",\"operator\":\"gte\",\"value\":0.85},{\"gauge\":\"rgba(32,146,128,1)\",\"id\":\"4bbf6453-9bd4-4ab7-aa12-5a7ed6306651\",\"operator\":\"empty\",\"value\":null}],\"gauge_inner_width\":10,\"gauge_max\":\"1\",\"gauge_style\":\"half\",\"gauge_width\":10,\"hide_last_value_indicator\":true,\"id\":\"9f51b730-1b91-11e7-bec4-a5e9ec5cab8b\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"percent\",\"id\":\"9f51b731-1b91-11e7-bec4-a5e9ec5cab8b\",\"label\":\"Memory Usage\",\"line_width\":1,\"metrics\":[{\"field\":\"system.memory.actual.used.pct\",\"id\":\"9f51b732-1b91-11e7-bec4-a5e9ec5cab8b\",\"type\":\"avg\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"time_range_mode\":\"entire_time_range\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"last_value\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"gauge\",\"use_kibana_indexes\":false},\"title\":\"\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Memory Usage Gauge [Metrics System]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"baca3f6a-498a-4752-8882-1d8906d06405\",\"w\":12,\"x\":24,\"y\":5},\"panelIndex\":\"baca3f6a-498a-4752-8882-1d8906d06405\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.load\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.load\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"feefabd0-1b90-11e7-bec4-a5e9ec5cab8b\"}],\"drop_last_bucket\":1,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"gauge_color_rules\":[{\"id\":\"ffd94880-1b90-11e7-bec4-a5e9ec5cab8b\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"hide_last_value_indicator\":true,\"id\":\"fdcc6180-1b90-11e7-bec4-a5e9ec5cab8b\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(32,146,128,1)\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"fdcc6181-1b90-11e7-bec4-a5e9ec5cab8b\",\"label\":\"5m Load\",\"line_width\":1,\"metrics\":[{\"field\":\"system.load.5\",\"id\":\"fdcc6182-1b90-11e7-bec4-a5e9ec5cab8b\",\"type\":\"avg\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"time_range_mode\":\"entire_time_range\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"last_value\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"gauge\",\"use_kibana_indexes\":false},\"title\":\"\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Load Gauge [Metrics System]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"02993ece-9e84-4957-9780-a89d1cfef103\",\"w\":12,\"x\":36,\"y\":14},\"panelIndex\":\"02993ece-9e84-4957-9780-a89d1cfef103\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.network\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.network\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"0e346760-1b92-11e7-bec4-a5e9ec5cab8b\"}],\"drop_last_bucket\":1,\"filter\":{\"language\":\"lucene\",\"query\":\"-system.network.name:l*\"},\"hide_last_value_indicator\":true,\"id\":\"0c761590-1b92-11e7-bec4-a5e9ec5cab8b\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"0c761591-1b92-11e7-bec4-a5e9ec5cab8b\",\"label\":\"Inbound Traffic\",\"line_width\":1,\"metrics\":[{\"field\":\"system.network.in.bytes\",\"id\":\"0c761592-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"max\"},{\"field\":\"0c761592-1b92-11e7-bec4-a5e9ec5cab8b\",\"id\":\"1d659060-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"derivative\",\"unit\":\"1s\"},{\"field\":\"1d659060-1b92-11e7-bec4-a5e9ec5cab8b\",\"id\":\"f2074f70-1b92-11e7-a416-41f5ccdba2e6\",\"type\":\"positive_only\",\"unit\":\"\"},{\"function\":\"sum\",\"id\":\"c40e18f0-2c55-11e7-a0ad-277ce466684d\",\"type\":\"series_agg\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"system.network.name\",\"time_range_mode\":\"entire_time_range\",\"value_template\":\"{{value}}/s\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"37f70440-1b92-11e7-bec4-a5e9ec5cab8b\",\"label\":\"Total Transferred\",\"line_width\":1,\"metrics\":[{\"field\":\"system.network.in.bytes\",\"id\":\"37f72b50-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"max\"},{\"field\":\"37f72b50-1b92-11e7-bec4-a5e9ec5cab8b\",\"id\":\"37f72b51-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"derivative\",\"unit\":\"\"},{\"field\":\"37f72b51-1b92-11e7-bec4-a5e9ec5cab8b\",\"id\":\"f9da2dd0-1b92-11e7-a416-41f5ccdba2e6\",\"type\":\"positive_only\",\"unit\":\"\"},{\"field\":\"f9da2dd0-1b92-11e7-a416-41f5ccdba2e6\",\"function\":\"overall_sum\",\"id\":\"3e63c2f0-1b92-11e7-bec4-a5e9ec5cab8b\",\"sigma\":\"\",\"type\":\"series_agg\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"system.network.name\",\"time_range_mode\":\"entire_time_range\",\"value_template\":\"{{value}}\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"last_value\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"metric\",\"use_kibana_indexes\":false},\"title\":\"\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Inbound Traffic [Metrics System]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"17f54fe4-ae84-4319-97fd-069225d0a8fb\",\"w\":12,\"x\":0,\"y\":14},\"panelIndex\":\"17f54fe4-ae84-4319-97fd-069225d0a8fb\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-9f6d8570-52c1-4af2-a105-b9993b2e8b5c\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"04b54a98-baa0-43a7-aaa8-ace6b600ff4b\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"9f6d8570-52c1-4af2-a105-b9993b2e8b5c\":{\"columnOrder\":[\"314b8c49-2a3b-464b-bc85-ab7e098fd510\",\"314b8c49-2a3b-464b-bc85-ab7e098fd510X0\"],\"columns\":{\"314b8c49-2a3b-464b-bc85-ab7e098fd510\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Processes\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(process.pid)\",\"isFormulaBroken\":false},\"references\":[\"314b8c49-2a3b-464b-bc85-ab7e098fd510X0\"],\"scale\":\"ratio\"},\"314b8c49-2a3b-464b-bc85-ab7e098fd510X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Processes\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"process.pid\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"04b54a98-baa0-43a7-aaa8-ace6b600ff4b\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.process\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.process\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"314b8c49-2a3b-464b-bc85-ab7e098fd510\",\"layerId\":\"9f6d8570-52c1-4af2-a105-b9993b2e8b5c\",\"layerType\":\"data\",\"size\":\"xl\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"79d36896-445a-4904-ad18-e0234fd9ca3f\",\"w\":12,\"x\":12,\"y\":14},\"panelIndex\":\"79d36896-445a-4904-ad18-e0234fd9ca3f\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.memory\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.memory\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"6f7618b0-4d5c-11e7-aa29-87a97a796de6\"}],\"drop_last_bucket\":1,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"system.memory\\\"\"},\"hide_last_value_indicator\":true,\"id\":\"6bc65720-4d5c-11e7-aa29-87a97a796de6\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"6bc65721-4d5c-11e7-aa29-87a97a796de6\",\"label\":\"Memory usage\",\"line_width\":1,\"metrics\":[{\"field\":\"system.memory.actual.used.bytes\",\"id\":\"6bc65722-4d5c-11e7-aa29-87a97a796de6\",\"type\":\"avg\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"time_range_mode\":\"entire_time_range\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"b8fe6820-4d5c-11e7-aa29-87a97a796de6\",\"label\":\"Total Memory\",\"line_width\":1,\"metrics\":[{\"field\":\"system.memory.total\",\"id\":\"b8fe6821-4d5c-11e7-aa29-87a97a796de6\",\"type\":\"avg\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"time_range_mode\":\"entire_time_range\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"last_value\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"metric\",\"use_kibana_indexes\":false},\"title\":\"\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Memory usage vs total [Metrics System]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"81d645ce-9d97-499f-9117-b3e662caee53\",\"w\":12,\"x\":24,\"y\":14},\"panelIndex\":\"81d645ce-9d97-499f-9117-b3e662caee53\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.fsstat\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.fsstat\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"system.fsstat\\\"\"},\"gauge_color_rules\":[{\"gauge\":\"rgba(32,146,128,1)\",\"id\":\"51921d10-4d1d-11e7-b5f2-2b7c1895bf32\",\"operator\":\"gte\",\"value\":0},{\"gauge\":\"rgba(214,191,87,1)\",\"id\":\"f26de750-4d54-11e7-b5f2-2b7c1895bf32\",\"operator\":\"gte\",\"value\":0.7},{\"gauge\":\"rgba(204,86,66,1)\",\"id\":\"fa31d190-4d54-11e7-b5f2-2b7c1895bf32\",\"operator\":\"gte\",\"value\":0.85},{\"gauge\":\"rgba(32,146,128,1)\",\"id\":\"79158349-1f03-4701-8ecc-c882c2b13ff3\",\"operator\":\"empty\",\"value\":null}],\"gauge_inner_width\":10,\"gauge_max\":\"1\",\"gauge_style\":\"half\",\"gauge_width\":10,\"hide_last_value_indicator\":true,\"id\":\"4e4dc780-4d1d-11e7-b5f2-2b7c1895bf32\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"percent\",\"id\":\"4e4dee90-4d1d-11e7-b5f2-2b7c1895bf32\",\"label\":\"Disk used\",\"line_width\":1,\"metrics\":[{\"agg_with\":\"avg\",\"field\":\"system.fsstat.total_size.used\",\"id\":\"4e4dee91-4d1d-11e7-b5f2-2b7c1895bf32\",\"order\":\"desc\",\"order_by\":\"@timestamp\",\"size\":1,\"type\":\"top_hit\"},{\"agg_with\":\"avg\",\"field\":\"system.fsstat.total_size.total\",\"id\":\"57c96ee0-4d54-11e7-b5f2-2b7c1895bf32\",\"order\":\"desc\",\"order_by\":\"@timestamp\",\"size\":1,\"type\":\"top_hit\"},{\"id\":\"6304cca0-4d54-11e7-b5f2-2b7c1895bf32\",\"script\":\"params.used/params.total \",\"type\":\"math\",\"variables\":[{\"field\":\"4e4dee91-4d1d-11e7-b5f2-2b7c1895bf32\",\"id\":\"6da10430-4d54-11e7-b5f2-2b7c1895bf32\",\"name\":\"used\"},{\"field\":\"57c96ee0-4d54-11e7-b5f2-2b7c1895bf32\",\"id\":\"73b8c510-4d54-11e7-b5f2-2b7c1895bf32\",\"name\":\"total\"}]}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"time_range_mode\":\"entire_time_range\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"last_value\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"gauge\",\"use_kibana_indexes\":false},\"title\":\"\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Disk Used [Metrics System]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":3,\"i\":\"958f18a3-3163-4d3b-a9ba-b917c5528f79\",\"w\":48,\"x\":0,\"y\":22},\"panelIndex\":\"958f18a3-3163-4d3b-a9ba-b917c5528f79\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"### CPU\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"b479c652-8d38-47ed-8599-be33592ebffe\",\"w\":11,\"x\":0,\"y\":25},\"panelIndex\":\"b479c652-8d38-47ed-8599-be33592ebffe\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-7e73c5a0-687d-49a1-9431-d445b9698b64\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"4a1e24c8-23cf-41d6-805c-b73aac7e9531\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"7e73c5a0-687d-49a1-9431-d445b9698b64\":{\"columnOrder\":[\"f4b209b5-853c-44ef-9bb2-abbbaa5612ef\",\"c9120817-6c14-43d9-9cc7-14aa03a27634\",\"09875540-a6e2-4509-a801-eca27e129cf5\"],\"columns\":{\"09875540-a6e2-4509-a801-eca27e129cf5\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Last value\",\"operationType\":\"last_value\",\"params\":{\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":2}},\"showArrayValues\":true,\"sortField\":\"@timestamp\"},\"scale\":\"ratio\",\"sourceField\":\"process.cpu.pct\"},\"c9120817-6c14-43d9-9cc7-14aa03a27634\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average\",\"operationType\":\"average\",\"params\":{\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":2}}},\"scale\":\"ratio\",\"sourceField\":\"process.cpu.pct\"},\"f4b209b5-853c-44ef-9bb2-abbbaa5612ef\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Process\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"c9120817-6c14-43d9-9cc7-14aa03a27634\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":20},\"scale\":\"ordinal\",\"sourceField\":\"process.name\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"4a1e24c8-23cf-41d6-805c-b73aac7e9531\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.process\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.process\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"process.cpu.pct: *\"},\"visualization\":{\"columns\":[{\"columnId\":\"f4b209b5-853c-44ef-9bb2-abbbaa5612ef\"},{\"colorMode\":\"cell\",\"columnId\":\"c9120817-6c14-43d9-9cc7-14aa03a27634\",\"palette\":{\"name\":\"positive\",\"params\":{\"continuity\":\"above\",\"name\":\"positive\",\"rangeMax\":null,\"rangeMin\":0,\"reverse\":false,\"stops\":[{\"color\":\"#d6e9e4\",\"stop\":0},{\"color\":\"#aed3ca\",\"stop\":20},{\"color\":\"#85bdb1\",\"stop\":40},{\"color\":\"#5aa898\",\"stop\":60},{\"color\":\"#209280\",\"stop\":80}]},\"type\":\"palette\"},\"width\":88},{\"colorMode\":\"cell\",\"columnId\":\"09875540-a6e2-4509-a801-eca27e129cf5\",\"isTransposed\":false,\"palette\":{\"name\":\"positive\",\"params\":{\"stops\":[{\"color\":\"#d6e9e4\",\"stop\":20},{\"color\":\"#aed3ca\",\"stop\":40},{\"color\":\"#85bdb1\",\"stop\":60},{\"color\":\"#5aa898\",\"stop\":80},{\"color\":\"#209280\",\"stop\":100}]},\"type\":\"palette\"},\"width\":102.5}],\"layerId\":\"7e73c5a0-687d-49a1-9431-d445b9698b64\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Top Processes by CPU Usage\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"43ee6ea2-797b-4ef6-83da-c81b9594f694\",\"w\":19,\"x\":11,\"y\":25},\"panelIndex\":\"43ee6ea2-797b-4ef6-83da-c81b9594f694\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-8da587a6-a617-4bd4-9ae5-dffb9c6343f8\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"497fbd26-58ef-4073-ac3f-024ba1789d9a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"8da587a6-a617-4bd4-9ae5-dffb9c6343f8\":{\"columnOrder\":[\"75bae7c5-d933-4999-ab28-05ccff25a382\",\"5572d1db-8760-4518-aaeb-33e6843a17c6\",\"f0a4086c-3976-47bb-b67a-2f73c8ed1f03\",\"ca53d73b-1fbb-4864-8c6a-c71cc6e64aba\",\"11e92f7e-a84a-4ce7-a97a-a31729fa5835\",\"0eb945ae-3601-40ce-8951-3aeed0555712\",\"b17f720c-5d06-4ba6-8390-8ffbd8b3d4bd\",\"5572d1db-8760-4518-aaeb-33e6843a17c6X0\",\"f0a4086c-3976-47bb-b67a-2f73c8ed1f03X0\",\"ca53d73b-1fbb-4864-8c6a-c71cc6e64abaX0\",\"11e92f7e-a84a-4ce7-a97a-a31729fa5835X0\",\"0eb945ae-3601-40ce-8951-3aeed0555712X0\",\"b17f720c-5d06-4ba6-8390-8ffbd8b3d4bdX0\"],\"columns\":{\"0eb945ae-3601-40ce-8951-3aeed0555712\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"softirq\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":2}},\"formula\":\"average(system.cpu.softirq.norm.pct)\",\"isFormulaBroken\":false},\"references\":[\"0eb945ae-3601-40ce-8951-3aeed0555712X0\"],\"scale\":\"ratio\"},\"0eb945ae-3601-40ce-8951-3aeed0555712X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of softirq\",\"operationType\":\"average\",\"scale\":\"ratio\",\"sourceField\":\"system.cpu.softirq.norm.pct\"},\"11e92f7e-a84a-4ce7-a97a-a31729fa5835\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"irq\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":2}},\"formula\":\"average(system.cpu.irq.norm.pct)\",\"isFormulaBroken\":false},\"references\":[\"11e92f7e-a84a-4ce7-a97a-a31729fa5835X0\"],\"scale\":\"ratio\"},\"11e92f7e-a84a-4ce7-a97a-a31729fa5835X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of irq\",\"operationType\":\"average\",\"scale\":\"ratio\",\"sourceField\":\"system.cpu.irq.norm.pct\"},\"5572d1db-8760-4518-aaeb-33e6843a17c6\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"user\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":2}},\"formula\":\"average(system.cpu.user.norm.pct)\",\"isFormulaBroken\":false},\"references\":[\"5572d1db-8760-4518-aaeb-33e6843a17c6X0\"],\"scale\":\"ratio\"},\"5572d1db-8760-4518-aaeb-33e6843a17c6X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of user\",\"operationType\":\"average\",\"scale\":\"ratio\",\"sourceField\":\"system.cpu.user.norm.pct\"},\"75bae7c5-d933-4999-ab28-05ccff25a382\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"b17f720c-5d06-4ba6-8390-8ffbd8b3d4bd\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"iowait\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":2}},\"formula\":\"average(system.cpu.iowait.norm.pct)\",\"isFormulaBroken\":false},\"references\":[\"b17f720c-5d06-4ba6-8390-8ffbd8b3d4bdX0\"],\"scale\":\"ratio\"},\"b17f720c-5d06-4ba6-8390-8ffbd8b3d4bdX0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of iowait\",\"operationType\":\"average\",\"scale\":\"ratio\",\"sourceField\":\"system.cpu.iowait.norm.pct\"},\"ca53d73b-1fbb-4864-8c6a-c71cc6e64aba\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"nice\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":2}},\"formula\":\"average(system.cpu.nice.norm.pct)\",\"isFormulaBroken\":false},\"references\":[\"ca53d73b-1fbb-4864-8c6a-c71cc6e64abaX0\"],\"scale\":\"ratio\"},\"ca53d73b-1fbb-4864-8c6a-c71cc6e64abaX0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of nice\",\"operationType\":\"average\",\"scale\":\"ratio\",\"sourceField\":\"system.cpu.nice.norm.pct\"},\"f0a4086c-3976-47bb-b67a-2f73c8ed1f03\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"system\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":2}},\"formula\":\"average(system.cpu.system.norm.pct)\",\"isFormulaBroken\":false},\"references\":[\"f0a4086c-3976-47bb-b67a-2f73c8ed1f03X0\"],\"scale\":\"ratio\"},\"f0a4086c-3976-47bb-b67a-2f73c8ed1f03X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of system\",\"operationType\":\"average\",\"scale\":\"ratio\",\"sourceField\":\"system.cpu.system.norm.pct\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"497fbd26-58ef-4073-ac3f-024ba1789d9a\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.cpu\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.cpu\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"hideEndzones\":true,\"layers\":[{\"accessors\":[\"5572d1db-8760-4518-aaeb-33e6843a17c6\",\"f0a4086c-3976-47bb-b67a-2f73c8ed1f03\",\"ca53d73b-1fbb-4864-8c6a-c71cc6e64aba\",\"11e92f7e-a84a-4ce7-a97a-a31729fa5835\",\"0eb945ae-3601-40ce-8951-3aeed0555712\",\"b17f720c-5d06-4ba6-8390-8ffbd8b3d4bd\"],\"layerId\":\"8da587a6-a617-4bd4-9ae5-dffb9c6343f8\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"75bae7c5-d933-4999-ab28-05ccff25a382\"}],\"legend\":{\"isVisible\":true,\"legendSize\":\"auto\",\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"},\"title\":\"CPU Usage\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"dcf35812-283d-4cc7-b7bb-76419f5231fc\",\"w\":18,\"x\":30,\"y\":25},\"panelIndex\":\"dcf35812-283d-4cc7-b7bb-76419f5231fc\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-60c0e8b2-20ab-4451-87a6-5a7d2241ccb0\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"d251cb14-5566-4617-b12d-9d587f9c11a8\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"60c0e8b2-20ab-4451-87a6-5a7d2241ccb0\":{\"columnOrder\":[\"ddc223d8-7456-4545-957d-3cad10a34329\",\"c4d344af-62bd-4678-baf6-542cc91acb73\",\"9935f59e-9e3b-4ae1-b2c7-1c303403def8\",\"da273a36-6477-4984-a0e9-e71cf17c561c\",\"c4d344af-62bd-4678-baf6-542cc91acb73X0\",\"9935f59e-9e3b-4ae1-b2c7-1c303403def8X0\",\"da273a36-6477-4984-a0e9-e71cf17c561cX0\"],\"columns\":{\"9935f59e-9e3b-4ae1-b2c7-1c303403def8\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"5m\",\"operationType\":\"formula\",\"params\":{\"formula\":\"average(system.load.5)\",\"isFormulaBroken\":false},\"references\":[\"9935f59e-9e3b-4ae1-b2c7-1c303403def8X0\"],\"scale\":\"ratio\"},\"9935f59e-9e3b-4ae1-b2c7-1c303403def8X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of 5m\",\"operationType\":\"average\",\"scale\":\"ratio\",\"sourceField\":\"system.load.5\"},\"c4d344af-62bd-4678-baf6-542cc91acb73\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"1m\",\"operationType\":\"formula\",\"params\":{\"formula\":\"average(system.load.1)\",\"isFormulaBroken\":false},\"references\":[\"c4d344af-62bd-4678-baf6-542cc91acb73X0\"],\"scale\":\"ratio\"},\"c4d344af-62bd-4678-baf6-542cc91acb73X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of 1m\",\"operationType\":\"average\",\"scale\":\"ratio\",\"sourceField\":\"system.load.1\"},\"da273a36-6477-4984-a0e9-e71cf17c561c\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"15m\",\"operationType\":\"formula\",\"params\":{\"formula\":\"average(system.load.15)\",\"isFormulaBroken\":false},\"references\":[\"da273a36-6477-4984-a0e9-e71cf17c561cX0\"],\"scale\":\"ratio\"},\"da273a36-6477-4984-a0e9-e71cf17c561cX0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of 15m\",\"operationType\":\"average\",\"scale\":\"ratio\",\"sourceField\":\"system.load.15\"},\"ddc223d8-7456-4545-957d-3cad10a34329\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"d251cb14-5566-4617-b12d-9d587f9c11a8\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.load\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.load\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"c4d344af-62bd-4678-baf6-542cc91acb73\",\"9935f59e-9e3b-4ae1-b2c7-1c303403def8\",\"da273a36-6477-4984-a0e9-e71cf17c561c\"],\"layerId\":\"60c0e8b2-20ab-4451-87a6-5a7d2241ccb0\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"xAccessor\":\"ddc223d8-7456-4545-957d-3cad10a34329\",\"yConfig\":[{\"color\":\"#209280\",\"forAccessor\":\"c4d344af-62bd-4678-baf6-542cc91acb73\"},{\"color\":\"#77b6a8\",\"forAccessor\":\"9935f59e-9e3b-4ae1-b2c7-1c303403def8\"},{\"color\":\"#bbdad3\",\"forAccessor\":\"da273a36-6477-4984-a0e9-e71cf17c561c\"}]}],\"legend\":{\"isVisible\":true,\"legendSize\":\"auto\",\"position\":\"right\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"},\"title\":\"System load\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":3,\"i\":\"0aa7a83d-82f4-46d2-9e9e-10f2e63c7575\",\"w\":48,\"x\":0,\"y\":40},\"panelIndex\":\"0aa7a83d-82f4-46d2-9e9e-10f2e63c7575\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"### Memory\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":12,\"i\":\"5be13ea6-48db-4fc3-8213-20e4736be04e\",\"w\":11,\"x\":0,\"y\":43},\"panelIndex\":\"5be13ea6-48db-4fc3-8213-20e4736be04e\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-7e73c5a0-687d-49a1-9431-d445b9698b64\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"45f7e45b-a19f-471f-9437-d2cdb13e836d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"7e73c5a0-687d-49a1-9431-d445b9698b64\":{\"columnOrder\":[\"f4b209b5-853c-44ef-9bb2-abbbaa5612ef\",\"c9120817-6c14-43d9-9cc7-14aa03a27634\",\"1e8576bb-67d1-458a-973f-144560cc3cfd\"],\"columns\":{\"1e8576bb-67d1-458a-973f-144560cc3cfd\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Last value\",\"operationType\":\"last_value\",\"params\":{\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":2}},\"showArrayValues\":true,\"sortField\":\"@timestamp\"},\"scale\":\"ratio\",\"sourceField\":\"system.process.memory.rss.pct\"},\"c9120817-6c14-43d9-9cc7-14aa03a27634\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average\",\"operationType\":\"average\",\"params\":{\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":2}}},\"scale\":\"ratio\",\"sourceField\":\"system.process.memory.rss.pct\"},\"f4b209b5-853c-44ef-9bb2-abbbaa5612ef\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Process\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"c9120817-6c14-43d9-9cc7-14aa03a27634\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"process.name\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"45f7e45b-a19f-471f-9437-d2cdb13e836d\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.process\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.process\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"system.process.memory.rss.pct: *\"},\"visualization\":{\"columns\":[{\"columnId\":\"f4b209b5-853c-44ef-9bb2-abbbaa5612ef\"},{\"colorMode\":\"cell\",\"columnId\":\"c9120817-6c14-43d9-9cc7-14aa03a27634\",\"palette\":{\"name\":\"positive\",\"params\":{\"stops\":[{\"color\":\"#d6e9e4\",\"stop\":20},{\"color\":\"#aed3ca\",\"stop\":40},{\"color\":\"#85bdb1\",\"stop\":60},{\"color\":\"#5aa898\",\"stop\":80},{\"color\":\"#209280\",\"stop\":100}]},\"type\":\"palette\"},\"width\":85},{\"colorMode\":\"cell\",\"columnId\":\"1e8576bb-67d1-458a-973f-144560cc3cfd\",\"isTransposed\":false,\"palette\":{\"name\":\"positive\",\"params\":{\"stops\":[{\"color\":\"#d6e9e4\",\"stop\":20},{\"color\":\"#aed3ca\",\"stop\":40},{\"color\":\"#85bdb1\",\"stop\":60},{\"color\":\"#5aa898\",\"stop\":80},{\"color\":\"#209280\",\"stop\":100}]},\"type\":\"palette\"},\"width\":97.5}],\"layerId\":\"7e73c5a0-687d-49a1-9431-d445b9698b64\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Top Processes by Memory Usage\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":12,\"i\":\"7138d681-0dc7-4055-a4c5-8395db1aa1e8\",\"w\":30,\"x\":11,\"y\":43},\"panelIndex\":\"7138d681-0dc7-4055-a4c5-8395db1aa1e8\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-b517c683-82f8-48e6-bfce-ee0568c45958\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"2044f8ca-61ce-4e33-8768-0c31694a5c76\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b517c683-82f8-48e6-bfce-ee0568c45958\":{\"columnOrder\":[\"37a9160d-30f4-4aee-80b0-4fba3b047938\",\"ac2bf785-8ec5-4d8c-b83d-7aaeac97c8f1\",\"807db5e3-119b-46e9-8361-b97d04e78d09\",\"807db5e3-119b-46e9-8361-b97d04e78d09X0\",\"807db5e3-119b-46e9-8361-b97d04e78d09X1\",\"807db5e3-119b-46e9-8361-b97d04e78d09X2\",\"6731f7a3-a13c-40ad-9552-74b2789297df\",\"6731f7a3-a13c-40ad-9552-74b2789297dfX0\"],\"columns\":{\"37a9160d-30f4-4aee-80b0-4fba3b047938\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"6731f7a3-a13c-40ad-9552-74b2789297df\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Free\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}},\"formula\":\"average(system.memory.free)\",\"isFormulaBroken\":false},\"references\":[\"6731f7a3-a13c-40ad-9552-74b2789297dfX0\"],\"scale\":\"ratio\"},\"6731f7a3-a13c-40ad-9552-74b2789297dfX0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Free\",\"operationType\":\"average\",\"scale\":\"ratio\",\"sourceField\":\"system.memory.free\"},\"807db5e3-119b-46e9-8361-b97d04e78d09\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Cache\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}},\"formula\":\"average(system.memory.used.bytes) - average(system.memory.actual.used.bytes)\",\"isFormulaBroken\":false},\"references\":[\"807db5e3-119b-46e9-8361-b97d04e78d09X2\"],\"scale\":\"ratio\"},\"807db5e3-119b-46e9-8361-b97d04e78d09X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Cache\",\"operationType\":\"average\",\"scale\":\"ratio\",\"sourceField\":\"system.memory.used.bytes\"},\"807db5e3-119b-46e9-8361-b97d04e78d09X1\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Cache\",\"operationType\":\"average\",\"scale\":\"ratio\",\"sourceField\":\"system.memory.actual.used.bytes\"},\"807db5e3-119b-46e9-8361-b97d04e78d09X2\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Cache\",\"operationType\":\"math\",\"params\":{\"tinymathAst\":{\"args\":[\"807db5e3-119b-46e9-8361-b97d04e78d09X0\",\"807db5e3-119b-46e9-8361-b97d04e78d09X1\"],\"location\":{\"max\":76,\"min\":0},\"name\":\"subtract\",\"text\":\"average(system.memory.used.bytes) - average(system.memory.actual.used.bytes)\",\"type\":\"function\"}},\"references\":[\"807db5e3-119b-46e9-8361-b97d04e78d09X0\",\"807db5e3-119b-46e9-8361-b97d04e78d09X1\"],\"scale\":\"ratio\"},\"ac2bf785-8ec5-4d8c-b83d-7aaeac97c8f1\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Used\",\"operationType\":\"average\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}},\"scale\":\"ratio\",\"sourceField\":\"system.memory.actual.used.bytes\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"2044f8ca-61ce-4e33-8768-0c31694a5c76\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.memory\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.memory\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"hideEndzones\":true,\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"ac2bf785-8ec5-4d8c-b83d-7aaeac97c8f1\",\"807db5e3-119b-46e9-8361-b97d04e78d09\",\"6731f7a3-a13c-40ad-9552-74b2789297df\"],\"layerId\":\"b517c683-82f8-48e6-bfce-ee0568c45958\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"area_stacked\",\"showGridlines\":false,\"xAccessor\":\"37a9160d-30f4-4aee-80b0-4fba3b047938\"}],\"legend\":{\"isVisible\":true,\"legendSize\":\"auto\",\"position\":\"right\"},\"preferredSeriesType\":\"area_stacked\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Memory usage\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"c2428ef6-13fa-4254-9ab0-6be1c80a82d4\",\"w\":7,\"x\":41,\"y\":43},\"panelIndex\":\"c2428ef6-13fa-4254-9ab0-6be1c80a82d4\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.memory\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.memory\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"system.memory\\\"\"},\"gauge_color_rules\":[{\"gauge\":\"rgba(32,146,128,1)\",\"id\":\"d17c1e90-4d59-11e7-aee5-fdc812cc3bec\",\"operator\":\"gte\",\"value\":0},{\"gauge\":\"rgba(214,191,87,1)\",\"id\":\"fc1d3490-4d59-11e7-aee5-fdc812cc3bec\",\"operator\":\"gte\",\"value\":0.7},{\"gauge\":\"rgba(204,86,66,1)\",\"id\":\"0e204240-4d5a-11e7-aee5-fdc812cc3bec\",\"operator\":\"gte\",\"value\":0.85},{\"gauge\":\"rgba(32,146,128,1)\",\"id\":\"466e9835-712f-469c-8f00-edda88559776\",\"operator\":\"empty\",\"value\":null}],\"gauge_inner_width\":10,\"gauge_max\":\"\",\"gauge_style\":\"half\",\"gauge_width\":10,\"hide_last_value_indicator\":true,\"id\":\"cee2fd20-4d59-11e7-aee5-fdc812cc3bec\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"percent\",\"id\":\"cee2fd21-4d59-11e7-aee5-fdc812cc3bec\",\"label\":\"Swap usage\",\"line_width\":1,\"metrics\":[{\"field\":\"system.memory.swap.used.pct\",\"id\":\"cee2fd22-4d59-11e7-aee5-fdc812cc3bec\",\"type\":\"avg\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"time_range_mode\":\"entire_time_range\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"gauge\",\"use_kibana_indexes\":false},\"title\":\"\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Swap usage [Metrics System]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":3,\"i\":\"a41333eb-ba79-4557-9819-820de64abdf6\",\"w\":48,\"x\":0,\"y\":55},\"panelIndex\":\"a41333eb-ba79-4557-9819-820de64abdf6\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"### Disk\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":10,\"i\":\"40c809d8-2728-4ead-a85a-02ac2c3c346e\",\"w\":11,\"x\":0,\"y\":58},\"panelIndex\":\"40c809d8-2728-4ead-a85a-02ac2c3c346e\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-7e73c5a0-687d-49a1-9431-d445b9698b64\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"4319b26f-d004-4331-bda3-3d2771c47381\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"7e73c5a0-687d-49a1-9431-d445b9698b64\":{\"columnOrder\":[\"f4b209b5-853c-44ef-9bb2-abbbaa5612ef\",\"c9120817-6c14-43d9-9cc7-14aa03a27634\",\"a7e79c34-8ff8-4705-ae1b-5122ca2d2863\"],\"columns\":{\"a7e79c34-8ff8-4705-ae1b-5122ca2d2863\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Last value\",\"operationType\":\"last_value\",\"params\":{\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":2}},\"showArrayValues\":true,\"sortField\":\"@timestamp\"},\"scale\":\"ratio\",\"sourceField\":\"system.filesystem.used.pct\"},\"c9120817-6c14-43d9-9cc7-14aa03a27634\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average\",\"operationType\":\"average\",\"params\":{\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":2}}},\"scale\":\"ratio\",\"sourceField\":\"system.filesystem.used.pct\"},\"f4b209b5-853c-44ef-9bb2-abbbaa5612ef\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Mountpoint\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"c9120817-6c14-43d9-9cc7-14aa03a27634\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"system.filesystem.mount_point\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"4319b26f-d004-4331-bda3-3d2771c47381\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.filesystem\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.filesystem\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"system.filesystem.used.pct: *\"},\"visualization\":{\"columns\":[{\"columnId\":\"f4b209b5-853c-44ef-9bb2-abbbaa5612ef\"},{\"colorMode\":\"cell\",\"columnId\":\"c9120817-6c14-43d9-9cc7-14aa03a27634\",\"palette\":{\"name\":\"positive\",\"params\":{\"stops\":[{\"color\":\"#d6e9e4\",\"stop\":20},{\"color\":\"#aed3ca\",\"stop\":40},{\"color\":\"#85bdb1\",\"stop\":60},{\"color\":\"#5aa898\",\"stop\":80},{\"color\":\"#209280\",\"stop\":100}]},\"type\":\"palette\"},\"width\":88},{\"colorMode\":\"cell\",\"columnId\":\"a7e79c34-8ff8-4705-ae1b-5122ca2d2863\",\"isTransposed\":false,\"palette\":{\"name\":\"positive\",\"params\":{\"stops\":[{\"color\":\"#d6e9e4\",\"stop\":20},{\"color\":\"#aed3ca\",\"stop\":40},{\"color\":\"#85bdb1\",\"stop\":60},{\"color\":\"#5aa898\",\"stop\":80},{\"color\":\"#209280\",\"stop\":100}]},\"type\":\"palette\"},\"width\":101}],\"layerId\":\"7e73c5a0-687d-49a1-9431-d445b9698b64\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Top mountpoints by disk usage\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"4e2ec836-0e0c-4125-9a0b-be26183c524f\",\"w\":30,\"x\":11,\"y\":58},\"panelIndex\":\"4e2ec836-0e0c-4125-9a0b-be26183c524f\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.diskio\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.diskio\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"system.diskio\\\"\"},\"id\":\"d3c67db0-1b1a-11e7-b09e-037021c4f8df\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(84,179,153,1)\",\"fill\":\"00.5\",\"formatter\":\"bytes\",\"id\":\"d3c67db1-1b1a-11e7-b09e-037021c4f8df\",\"label\":\"reads\",\"line_width\":1,\"metrics\":[{\"field\":\"system.diskio.read.bytes\",\"id\":\"d3c67db2-1b1a-11e7-b09e-037021c4f8df\",\"type\":\"max\"},{\"field\":\"d3c67db2-1b1a-11e7-b09e-037021c4f8df\",\"id\":\"f55b9910-1b1a-11e7-b09e-037021c4f8df\",\"type\":\"derivative\",\"unit\":\"1s\"},{\"field\":\"f55b9910-1b1a-11e7-b09e-037021c4f8df\",\"id\":\"dcbbb100-1b93-11e7-8ada-3df93aab833e\",\"type\":\"positive_only\",\"unit\":\"\"}],\"palette\":{\"name\":\"positive\",\"type\":\"palette\"},\"point_size\":\"0\",\"seperate_axis\":0,\"split_color_mode\":null,\"split_mode\":\"everything\",\"stacked\":\"none\",\"time_range_mode\":\"entire_time_range\",\"value_template\":\"{{value}}/s\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(96,146,192,1)\",\"fill\":\"00.5\",\"formatter\":\"bytes\",\"id\":\"144124d0-1b1b-11e7-b09e-037021c4f8df\",\"label\":\"writes\",\"line_width\":1,\"metrics\":[{\"field\":\"system.diskio.write.bytes\",\"id\":\"144124d1-1b1b-11e7-b09e-037021c4f8df\",\"type\":\"max\"},{\"field\":\"144124d1-1b1b-11e7-b09e-037021c4f8df\",\"id\":\"144124d2-1b1b-11e7-b09e-037021c4f8df\",\"type\":\"derivative\",\"unit\":\"1s\"},{\"id\":\"144124d4-1b1b-11e7-b09e-037021c4f8df\",\"script\":\"params.rate > 0 ? params.rate * -1 : 0\",\"type\":\"calculation\",\"variables\":[{\"field\":\"144124d2-1b1b-11e7-b09e-037021c4f8df\",\"id\":\"144124d3-1b1b-11e7-b09e-037021c4f8df\",\"name\":\"rate\"}]}],\"palette\":{\"name\":\"temperature\",\"type\":\"palette\"},\"point_size\":\"0\",\"seperate_axis\":0,\"split_color_mode\":null,\"split_mode\":\"everything\",\"stacked\":\"none\",\"time_range_mode\":\"entire_time_range\",\"value_template\":\"{{value}}/s\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Disk IO\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"fbbc5c65-b8a4-4604-b5bd-072c3c99e4c3\",\"w\":7,\"x\":41,\"y\":58},\"panelIndex\":\"fbbc5c65-b8a4-4604-b5bd-072c3c99e4c3\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.fsstat\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.fsstat\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"system.fsstat\\\"\"},\"gauge_color_rules\":[{\"gauge\":\"rgba(32,146,128,1)\",\"id\":\"51921d10-4d1d-11e7-b5f2-2b7c1895bf32\",\"operator\":\"gte\",\"value\":0},{\"gauge\":\"rgba(214,191,87,1)\",\"id\":\"f26de750-4d54-11e7-b5f2-2b7c1895bf32\",\"operator\":\"gte\",\"value\":0.7},{\"gauge\":\"rgba(204,86,66,1)\",\"id\":\"fa31d190-4d54-11e7-b5f2-2b7c1895bf32\",\"operator\":\"gte\",\"value\":0.85},{\"gauge\":\"rgba(32,146,128,1)\",\"id\":\"79158349-1f03-4701-8ecc-c882c2b13ff3\",\"operator\":\"empty\",\"value\":null}],\"gauge_inner_width\":10,\"gauge_max\":\"1\",\"gauge_style\":\"half\",\"gauge_width\":10,\"hide_last_value_indicator\":true,\"id\":\"4e4dc780-4d1d-11e7-b5f2-2b7c1895bf32\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"percent\",\"id\":\"4e4dee90-4d1d-11e7-b5f2-2b7c1895bf32\",\"label\":\"Disk used\",\"line_width\":1,\"metrics\":[{\"agg_with\":\"avg\",\"field\":\"system.fsstat.total_size.used\",\"id\":\"4e4dee91-4d1d-11e7-b5f2-2b7c1895bf32\",\"order\":\"desc\",\"order_by\":\"@timestamp\",\"size\":1,\"type\":\"top_hit\"},{\"agg_with\":\"avg\",\"field\":\"system.fsstat.total_size.total\",\"id\":\"57c96ee0-4d54-11e7-b5f2-2b7c1895bf32\",\"order\":\"desc\",\"order_by\":\"@timestamp\",\"size\":1,\"type\":\"top_hit\"},{\"id\":\"6304cca0-4d54-11e7-b5f2-2b7c1895bf32\",\"script\":\"params.used/params.total \",\"type\":\"math\",\"variables\":[{\"field\":\"4e4dee91-4d1d-11e7-b5f2-2b7c1895bf32\",\"id\":\"6da10430-4d54-11e7-b5f2-2b7c1895bf32\",\"name\":\"used\"},{\"field\":\"57c96ee0-4d54-11e7-b5f2-2b7c1895bf32\",\"id\":\"73b8c510-4d54-11e7-b5f2-2b7c1895bf32\",\"name\":\"total\"}]}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"time_range_mode\":\"entire_time_range\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"gauge\",\"use_kibana_indexes\":false},\"title\":\"\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Disk Used [Metrics System] (copy)\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":3,\"i\":\"4340cff4-224d-43c0-8e98-8257782236f3\",\"w\":48,\"x\":0,\"y\":68},\"panelIndex\":\"4340cff4-224d-43c0-8e98-8257782236f3\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"### Network\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"00a52be5-9be0-452a-974f-15c2eb08e5a5\",\"w\":6,\"x\":0,\"y\":71},\"panelIndex\":\"00a52be5-9be0-452a-974f-15c2eb08e5a5\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.network\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.network\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"0e346760-1b92-11e7-bec4-a5e9ec5cab8b\"}],\"drop_last_bucket\":1,\"filter\":{\"language\":\"lucene\",\"query\":\"-system.network.name:l*\"},\"hide_last_value_indicator\":true,\"id\":\"0c761590-1b92-11e7-bec4-a5e9ec5cab8b\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"0c761591-1b92-11e7-bec4-a5e9ec5cab8b\",\"label\":\"Inbound Traffic\",\"line_width\":1,\"metrics\":[{\"field\":\"system.network.in.bytes\",\"id\":\"0c761592-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"max\"},{\"field\":\"0c761592-1b92-11e7-bec4-a5e9ec5cab8b\",\"id\":\"1d659060-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"derivative\",\"unit\":\"1s\"},{\"field\":\"1d659060-1b92-11e7-bec4-a5e9ec5cab8b\",\"id\":\"f2074f70-1b92-11e7-a416-41f5ccdba2e6\",\"type\":\"positive_only\",\"unit\":\"\"},{\"function\":\"sum\",\"id\":\"c40e18f0-2c55-11e7-a0ad-277ce466684d\",\"type\":\"series_agg\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"system.network.name\",\"value_template\":\"{{value}}/s\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"37f70440-1b92-11e7-bec4-a5e9ec5cab8b\",\"label\":\"Total Transferred\",\"line_width\":1,\"metrics\":[{\"field\":\"system.network.in.bytes\",\"id\":\"37f72b50-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"max\"},{\"field\":\"37f72b50-1b92-11e7-bec4-a5e9ec5cab8b\",\"id\":\"37f72b51-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"derivative\",\"unit\":\"\"},{\"field\":\"37f72b51-1b92-11e7-bec4-a5e9ec5cab8b\",\"id\":\"f9da2dd0-1b92-11e7-a416-41f5ccdba2e6\",\"type\":\"positive_only\",\"unit\":\"\"},{\"field\":\"f9da2dd0-1b92-11e7-a416-41f5ccdba2e6\",\"function\":\"overall_sum\",\"id\":\"3e63c2f0-1b92-11e7-bec4-a5e9ec5cab8b\",\"sigma\":\"\",\"type\":\"series_agg\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"system.network.name\",\"value_template\":\"{{value}}\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"metric\",\"use_kibana_indexes\":false},\"title\":\"\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Inbound Traffic [Metrics System] (copy)\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"8fd9ee13-c94c-44c6-9871-da172760e777\",\"w\":6,\"x\":6,\"y\":71},\"panelIndex\":\"8fd9ee13-c94c-44c6-9871-da172760e777\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.network\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.network\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"6ba9b1f0-4d5d-11e7-aa29-87a97a796de6\"}],\"drop_last_bucket\":1,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"system.network\\\"\"},\"hide_last_value_indicator\":true,\"id\":\"6984af10-4d5d-11e7-aa29-87a97a796de6\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"6984af11-4d5d-11e7-aa29-87a97a796de6\",\"label\":\"In Packetloss\",\"line_width\":1,\"metrics\":[{\"field\":\"system.network.in.dropped\",\"id\":\"6984af12-4d5d-11e7-aa29-87a97a796de6\",\"type\":\"max\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"time_range_mode\":\"entire_time_range\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"metric\",\"use_kibana_indexes\":false},\"title\":\"\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Packetloss [Metrics System]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"40931ebc-38d8-4032-949d-246c8b381743\",\"w\":6,\"x\":12,\"y\":71},\"panelIndex\":\"40931ebc-38d8-4032-949d-246c8b381743\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.network\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.network\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"0e346760-1b92-11e7-bec4-a5e9ec5cab8b\"}],\"drop_last_bucket\":1,\"filter\":{\"language\":\"lucene\",\"query\":\"-system.network.name:l*\"},\"hide_last_value_indicator\":true,\"id\":\"0c761590-1b92-11e7-bec4-a5e9ec5cab8b\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"0c761591-1b92-11e7-bec4-a5e9ec5cab8b\",\"label\":\"Outbound Traffic\",\"line_width\":1,\"metrics\":[{\"field\":\"system.network.out.bytes\",\"id\":\"0c761592-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"max\"},{\"field\":\"0c761592-1b92-11e7-bec4-a5e9ec5cab8b\",\"id\":\"1d659060-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"derivative\",\"unit\":\"1s\"},{\"field\":\"1d659060-1b92-11e7-bec4-a5e9ec5cab8b\",\"id\":\"f2074f70-1b92-11e7-a416-41f5ccdba2e6\",\"type\":\"positive_only\",\"unit\":\"\"},{\"function\":\"sum\",\"id\":\"a1737470-2c55-11e7-a0ad-277ce466684d\",\"type\":\"series_agg\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"system.network.name\",\"value_template\":\"{{value}}/s\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"37f70440-1b92-11e7-bec4-a5e9ec5cab8b\",\"label\":\"Total Transferred\",\"line_width\":1,\"metrics\":[{\"field\":\"system.network.out.bytes\",\"id\":\"37f72b50-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"max\"},{\"field\":\"37f72b50-1b92-11e7-bec4-a5e9ec5cab8b\",\"id\":\"37f72b51-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"derivative\",\"unit\":\"\"},{\"field\":\"37f72b51-1b92-11e7-bec4-a5e9ec5cab8b\",\"id\":\"f9da2dd0-1b92-11e7-a416-41f5ccdba2e6\",\"type\":\"positive_only\",\"unit\":\"\"},{\"field\":\"f9da2dd0-1b92-11e7-a416-41f5ccdba2e6\",\"function\":\"overall_sum\",\"id\":\"3e63c2f0-1b92-11e7-bec4-a5e9ec5cab8b\",\"sigma\":\"\",\"type\":\"series_agg\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"system.network.name\",\"value_template\":\"{{value}}\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"metric\",\"use_kibana_indexes\":false},\"title\":\"\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Outbound Traffic [Metrics System] (copy)\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"42625329-6a7b-496e-89e3-2459675bf904\",\"w\":6,\"x\":18,\"y\":71},\"panelIndex\":\"42625329-6a7b-496e-89e3-2459675bf904\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.network\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.network\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"6ba9b1f0-4d5d-11e7-aa29-87a97a796de6\"}],\"drop_last_bucket\":1,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"system.network\\\"\"},\"hide_last_value_indicator\":true,\"id\":\"6984af10-4d5d-11e7-aa29-87a97a796de6\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"ac2e6b30-4d5d-11e7-aa29-87a97a796de6\",\"label\":\"Out Packetloss\",\"line_width\":1,\"metrics\":[{\"field\":\"system.network.out.dropped\",\"id\":\"ac2e6b31-4d5d-11e7-aa29-87a97a796de6\",\"type\":\"max\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"time_range_mode\":\"entire_time_range\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"metric\",\"use_kibana_indexes\":false},\"title\":\"\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Packetloss [Metrics System] (copy)\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"83789cc1-735e-426f-af14-7feceeb1e3ec\",\"w\":24,\"x\":24,\"y\":71},\"panelIndex\":\"83789cc1-735e-426f-af14-7feceeb1e3ec\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"filter\":{\"language\":\"lucene\",\"query\":\"-system.network.name:l*\"},\"id\":\"da1046f0-faa0-11e6-86b1-cd7735ff7e23\",\"index_pattern\":\"*\",\"interval\":\"auto\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(111,220,190,1)\",\"fill\":\"0.5\",\"formatter\":\"0.[00]a\",\"id\":\"da1046f1-faa0-11e6-86b1-cd7735ff7e23\",\"label\":\"Inbound\",\"line_width\":\"01\",\"metrics\":[{\"field\":\"system.network.in.packets\",\"id\":\"da1046f2-faa0-11e6-86b1-cd7735ff7e23\",\"type\":\"max\"},{\"field\":\"da1046f2-faa0-11e6-86b1-cd7735ff7e23\",\"id\":\"f41f9280-faa0-11e6-86b1-cd7735ff7e23\",\"type\":\"derivative\",\"unit\":\"1s\"},{\"field\":\"f41f9280-faa0-11e6-86b1-cd7735ff7e23\",\"id\":\"c0da3d80-1b93-11e7-8ada-3df93aab833e\",\"type\":\"positive_only\",\"unit\":\"\"},{\"function\":\"sum\",\"id\":\"ecaad010-2c2c-11e7-be71-3162da85303f\",\"type\":\"series_agg\"}],\"palette\":{\"name\":\"positive\",\"type\":\"palette\"},\"point_size\":\"0\",\"seperate_axis\":0,\"split_color_mode\":null,\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"system.network.name\",\"time_range_mode\":\"entire_time_range\",\"value_template\":\"{{value}}/s\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(96,146,192,1)\",\"fill\":\"00.5\",\"formatter\":\"0.[00]a\",\"id\":\"fbbd5720-faa0-11e6-86b1-cd7735ff7e23\",\"label\":\"Outbound\",\"line_width\":\"01\",\"metrics\":[{\"field\":\"system.network.out.packets\",\"id\":\"fbbd7e30-faa0-11e6-86b1-cd7735ff7e23\",\"type\":\"max\"},{\"field\":\"fbbd7e30-faa0-11e6-86b1-cd7735ff7e23\",\"id\":\"fbbd7e31-faa0-11e6-86b1-cd7735ff7e23\",\"type\":\"derivative\",\"unit\":\"1s\"},{\"id\":\"17e597a0-faa1-11e6-86b1-cd7735ff7e23\",\"script\":\"params.rate != null && params.rate > 0 ? params.rate * -1 : null\",\"type\":\"calculation\",\"variables\":[{\"field\":\"fbbd7e31-faa0-11e6-86b1-cd7735ff7e23\",\"id\":\"1940bad0-faa1-11e6-86b1-cd7735ff7e23\",\"name\":\"rate\"}]},{\"function\":\"sum\",\"id\":\"fe5fbdc0-2c2c-11e7-be71-3162da85303f\",\"type\":\"series_agg\"}],\"palette\":{\"name\":\"complimentary\",\"type\":\"palette\"},\"point_size\":\"0\",\"seperate_axis\":0,\"split_color_mode\":null,\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"system.network.name\",\"time_range_mode\":\"entire_time_range\",\"value_template\":\"{{value}}/s\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Network Traffic (Packets)\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":14,\"i\":\"5eae5b45-6bce-4bbd-9db2-275b45d7d329\",\"w\":24,\"x\":0,\"y\":79},\"panelIndex\":\"5eae5b45-6bce-4bbd-9db2-275b45d7d329\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-a9aa67d3-6d5c-40f9-a45d-69410b2a90bb\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"0edd5ba7-5679-4903-8b1a-9b52a84763e4\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a9aa67d3-6d5c-40f9-a45d-69410b2a90bb\":{\"columnOrder\":[\"69b78cd3-0694-49cd-92cd-23c27f675523\",\"bdb2f885-054b-490d-91b8-2685ce22a5f5\",\"30b47015-4e96-48da-997b-9e9d41984945\"],\"columns\":{\"30b47015-4e96-48da-997b-9e9d41984945\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Outgoing Traffic\",\"operationType\":\"max\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}},\"scale\":\"ratio\",\"sourceField\":\"system.network.out.bytes\"},\"69b78cd3-0694-49cd-92cd-23c27f675523\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Interface\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"bdb2f885-054b-490d-91b8-2685ce22a5f5\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"system.network.name\"},\"bdb2f885-054b-490d-91b8-2685ce22a5f5\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Incoming Traffic\",\"operationType\":\"max\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}},\"scale\":\"ratio\",\"sourceField\":\"system.network.in.bytes\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"0edd5ba7-5679-4903-8b1a-9b52a84763e4\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.network\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.network\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"69b78cd3-0694-49cd-92cd-23c27f675523\",\"isTransposed\":false},{\"colorMode\":\"cell\",\"columnId\":\"bdb2f885-054b-490d-91b8-2685ce22a5f5\",\"isTransposed\":false,\"palette\":{\"name\":\"positive\",\"params\":{\"stops\":[{\"color\":\"#d6e9e4\",\"stop\":20},{\"color\":\"#aed3ca\",\"stop\":40},{\"color\":\"#85bdb1\",\"stop\":60},{\"color\":\"#5aa898\",\"stop\":80},{\"color\":\"#209280\",\"stop\":100}]},\"type\":\"palette\"},\"width\":139},{\"colorMode\":\"cell\",\"columnId\":\"30b47015-4e96-48da-997b-9e9d41984945\",\"isTransposed\":false,\"palette\":{\"name\":\"positive\",\"params\":{\"stops\":[{\"color\":\"#d6e9e4\",\"stop\":20},{\"color\":\"#aed3ca\",\"stop\":40},{\"color\":\"#85bdb1\",\"stop\":60},{\"color\":\"#5aa898\",\"stop\":80},{\"color\":\"#209280\",\"stop\":100}]},\"type\":\"palette\"},\"width\":143.5}],\"layerId\":\"a9aa67d3-6d5c-40f9-a45d-69410b2a90bb\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"701fed8c-da9b-41aa-adab-09f793c3c84f\",\"w\":24,\"x\":24,\"y\":82},\"panelIndex\":\"701fed8c-da9b-41aa-adab-09f793c3c84f\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"filter\":{\"language\":\"lucene\",\"query\":\"-system.network.name:l*\"},\"id\":\"da1046f0-faa0-11e6-86b1-cd7735ff7e23\",\"index_pattern\":\"*\",\"interval\":\"auto\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(84,179,153,1)\",\"fill\":\"00.5\",\"formatter\":\"bytes\",\"id\":\"da1046f1-faa0-11e6-86b1-cd7735ff7e23\",\"label\":\"Inbound \",\"line_width\":\"01\",\"metrics\":[{\"field\":\"system.network.in.bytes\",\"id\":\"da1046f2-faa0-11e6-86b1-cd7735ff7e23\",\"type\":\"max\"},{\"field\":\"da1046f2-faa0-11e6-86b1-cd7735ff7e23\",\"id\":\"f41f9280-faa0-11e6-86b1-cd7735ff7e23\",\"type\":\"derivative\",\"unit\":\"1s\"},{\"field\":\"f41f9280-faa0-11e6-86b1-cd7735ff7e23\",\"id\":\"a87398e0-1b93-11e7-8ada-3df93aab833e\",\"type\":\"positive_only\",\"unit\":\"\"},{\"function\":\"sum\",\"id\":\"2d533df0-2c2d-11e7-be71-3162da85303f\",\"type\":\"series_agg\"}],\"palette\":{\"name\":\"positive\",\"type\":\"palette\"},\"point_size\":\"0\",\"seperate_axis\":0,\"split_color_mode\":null,\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"system.network.name\",\"time_range_mode\":\"entire_time_range\",\"value_template\":\"{{value}}/s\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(96,146,192,1)\",\"fill\":\"00.5\",\"formatter\":\"bytes\",\"id\":\"fbbd5720-faa0-11e6-86b1-cd7735ff7e23\",\"label\":\"Outbound \",\"line_width\":\"01\",\"metrics\":[{\"field\":\"system.network.out.bytes\",\"id\":\"fbbd7e30-faa0-11e6-86b1-cd7735ff7e23\",\"type\":\"max\"},{\"field\":\"fbbd7e30-faa0-11e6-86b1-cd7735ff7e23\",\"id\":\"fbbd7e31-faa0-11e6-86b1-cd7735ff7e23\",\"type\":\"derivative\",\"unit\":\"1s\"},{\"id\":\"17e597a0-faa1-11e6-86b1-cd7735ff7e23\",\"script\":\"params.rate != null && params.rate > 0 ? params.rate * -1 : null\",\"type\":\"calculation\",\"variables\":[{\"field\":\"fbbd7e31-faa0-11e6-86b1-cd7735ff7e23\",\"id\":\"1940bad0-faa1-11e6-86b1-cd7735ff7e23\",\"name\":\"rate\"}]},{\"function\":\"sum\",\"id\":\"533da9b0-2c2d-11e7-be71-3162da85303f\",\"type\":\"series_agg\"}],\"palette\":{\"name\":\"complimentary\",\"type\":\"palette\"},\"point_size\":\"0\",\"seperate_axis\":0,\"split_color_mode\":null,\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"system.network.name\",\"time_range_mode\":\"entire_time_range\",\"value_template\":\"{{value}}/s\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Network Traffic (Bytes)\"}]","timeRestore":false,"title":"[Metrics System] Host overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"system-79ffd6e0-faa0-11e6-947f-177f697178b8","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"metrics-*","name":"6fd34c50-53a3-4919-b7c5-aba460f0fe6d:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"d0a6fc45-278c-427e-a440-eec3ec3ce367:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"e50a72f5-160a-4694-8f44-2e6da666b90b:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"baca3f6a-498a-4752-8882-1d8906d06405:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"02993ece-9e84-4957-9780-a89d1cfef103:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"17f54fe4-ae84-4319-97fd-069225d0a8fb:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"17f54fe4-ae84-4319-97fd-069225d0a8fb:indexpattern-datasource-layer-9f6d8570-52c1-4af2-a105-b9993b2e8b5c","type":"index-pattern"},{"id":"metrics-*","name":"17f54fe4-ae84-4319-97fd-069225d0a8fb:04b54a98-baa0-43a7-aaa8-ace6b600ff4b","type":"index-pattern"},{"id":"metrics-*","name":"79d36896-445a-4904-ad18-e0234fd9ca3f:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"81d645ce-9d97-499f-9117-b3e662caee53:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"b479c652-8d38-47ed-8599-be33592ebffe:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"b479c652-8d38-47ed-8599-be33592ebffe:indexpattern-datasource-layer-7e73c5a0-687d-49a1-9431-d445b9698b64","type":"index-pattern"},{"id":"metrics-*","name":"b479c652-8d38-47ed-8599-be33592ebffe:4a1e24c8-23cf-41d6-805c-b73aac7e9531","type":"index-pattern"},{"id":"metrics-*","name":"43ee6ea2-797b-4ef6-83da-c81b9594f694:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"43ee6ea2-797b-4ef6-83da-c81b9594f694:indexpattern-datasource-layer-8da587a6-a617-4bd4-9ae5-dffb9c6343f8","type":"index-pattern"},{"id":"metrics-*","name":"43ee6ea2-797b-4ef6-83da-c81b9594f694:497fbd26-58ef-4073-ac3f-024ba1789d9a","type":"index-pattern"},{"id":"metrics-*","name":"dcf35812-283d-4cc7-b7bb-76419f5231fc:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"dcf35812-283d-4cc7-b7bb-76419f5231fc:indexpattern-datasource-layer-60c0e8b2-20ab-4451-87a6-5a7d2241ccb0","type":"index-pattern"},{"id":"metrics-*","name":"dcf35812-283d-4cc7-b7bb-76419f5231fc:d251cb14-5566-4617-b12d-9d587f9c11a8","type":"index-pattern"},{"id":"metrics-*","name":"5be13ea6-48db-4fc3-8213-20e4736be04e:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"5be13ea6-48db-4fc3-8213-20e4736be04e:indexpattern-datasource-layer-7e73c5a0-687d-49a1-9431-d445b9698b64","type":"index-pattern"},{"id":"metrics-*","name":"5be13ea6-48db-4fc3-8213-20e4736be04e:45f7e45b-a19f-471f-9437-d2cdb13e836d","type":"index-pattern"},{"id":"metrics-*","name":"7138d681-0dc7-4055-a4c5-8395db1aa1e8:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"7138d681-0dc7-4055-a4c5-8395db1aa1e8:indexpattern-datasource-layer-b517c683-82f8-48e6-bfce-ee0568c45958","type":"index-pattern"},{"id":"metrics-*","name":"7138d681-0dc7-4055-a4c5-8395db1aa1e8:2044f8ca-61ce-4e33-8768-0c31694a5c76","type":"index-pattern"},{"id":"metrics-*","name":"c2428ef6-13fa-4254-9ab0-6be1c80a82d4:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"40c809d8-2728-4ead-a85a-02ac2c3c346e:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"40c809d8-2728-4ead-a85a-02ac2c3c346e:indexpattern-datasource-layer-7e73c5a0-687d-49a1-9431-d445b9698b64","type":"index-pattern"},{"id":"metrics-*","name":"40c809d8-2728-4ead-a85a-02ac2c3c346e:4319b26f-d004-4331-bda3-3d2771c47381","type":"index-pattern"},{"id":"metrics-*","name":"4e2ec836-0e0c-4125-9a0b-be26183c524f:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"fbbc5c65-b8a4-4604-b5bd-072c3c99e4c3:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"00a52be5-9be0-452a-974f-15c2eb08e5a5:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"8fd9ee13-c94c-44c6-9871-da172760e777:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"40931ebc-38d8-4032-949d-246c8b381743:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"42625329-6a7b-496e-89e3-2459675bf904:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"5eae5b45-6bce-4bbd-9db2-275b45d7d329:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"5eae5b45-6bce-4bbd-9db2-275b45d7d329:indexpattern-datasource-layer-a9aa67d3-6d5c-40f9-a45d-69410b2a90bb","type":"index-pattern"},{"id":"metrics-*","name":"5eae5b45-6bce-4bbd-9db2-275b45d7d329:0edd5ba7-5679-4903-8b1a-9b52a84763e4","type":"index-pattern"},{"id":"system-fleet-managed-default","name":"tag-ref-system-fleet-managed-default","type":"tag"},{"id":"system-fleet-pkg-system-default","name":"tag-ref-system-fleet-pkg-system-default","type":"tag"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-system-default","name":"tag-ref-fleet-pkg-system-default","type":"tag"}],"sort":[1688154054424,8334],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4MzksMV0="}
-{"attributes":{"columns":["event.action","group.name","group.domain","user.name","user.domain","host.name"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4731\",\"4732\",\"4733\",\"4734\",\"4735\",\"4737\",\"4764\",\"4727\",\"4728\",\"4729\",\"4730\",\"4754\",\"4755\",\"4756\",\"4757\",\"4758\",\"4799\",\"4749\",\"4750\",\"4751\",\"4752\",\"4753\",\"4759\",\"4760\",\"4761\",\"4762\",\"4763\",\"4744\",\"4745\",\"4746\",\"4748\"],\"type\":\"phrases\",\"value\":\"4731, 4732, 4733, 4734, 4735, 4737, 4764, 4727, 4728, 4729, 4730, 4754, 4755, 4756, 4757, 4758, 4799, 4749, 4750, 4751, 4752, 4753, 4759, 4760, 4761, 4762, 4763, 4744, 4745, 4746, 4748\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4731\"}},{\"match_phrase\":{\"event.code\":\"4732\"}},{\"match_phrase\":{\"event.code\":\"4733\"}},{\"match_phrase\":{\"event.code\":\"4734\"}},{\"match_phrase\":{\"event.code\":\"4735\"}},{\"match_phrase\":{\"event.code\":\"4737\"}},{\"match_phrase\":{\"event.code\":\"4764\"}},{\"match_phrase\":{\"event.code\":\"4727\"}},{\"match_phrase\":{\"event.code\":\"4728\"}},{\"match_phrase\":{\"event.code\":\"4729\"}},{\"match_phrase\":{\"event.code\":\"4730\"}},{\"match_phrase\":{\"event.code\":\"4754\"}},{\"match_phrase\":{\"event.code\":\"4755\"}},{\"match_phrase\":{\"event.code\":\"4756\"}},{\"match_phrase\":{\"event.code\":\"4757\"}},{\"match_phrase\":{\"event.code\":\"4758\"}},{\"match_phrase\":{\"event.code\":\"4799\"}},{\"match_phrase\":{\"event.code\":\"4749\"}},{\"match_phrase\":{\"event.code\":\"4750\"}},{\"match_phrase\":{\"event.code\":\"4751\"}},{\"match_phrase\":{\"event.code\":\"4752\"}},{\"match_phrase\":{\"event.code\":\"4753\"}},{\"match_phrase\":{\"event.code\":\"4759\"}},{\"match_phrase\":{\"event.code\":\"4760\"}},{\"match_phrase\":{\"event.code\":\"4761\"}},{\"match_phrase\":{\"event.code\":\"4762\"}},{\"match_phrase\":{\"event.code\":\"4763\"}},{\"match_phrase\":{\"event.code\":\"4744\"}},{\"match_phrase\":{\"event.code\":\"4745\"}},{\"match_phrase\":{\"event.code\":\"4746\"}},{\"match_phrase\":{\"event.code\":\"4748\"}}]}}}],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"},\"version\":true}"},"sort":[["@timestamp","desc"]],"title":"Group Management Details - Search View [Windows System Security]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"system-9066d5b0-fef2-11e9-8405-516218e3d268","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"system-fleet-managed-default","name":"tag-ref-system-fleet-managed-default","type":"tag"},{"id":"system-fleet-pkg-system-default","name":"tag-ref-system-fleet-pkg-system-default","type":"tag"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-system-default","name":"tag-ref-fleet-pkg-system-default","type":"tag"}],"sort":[1688154054424,8341],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4NDAsMV0="}
-{"attributes":{"columns":["host.hostname","process.name","message"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlight\":{\"fields\":{\"*\":{}},\"fragment_size\":2147483647,\"post_tags\":[\"@/kibana-highlighted-field@\"],\"pre_tags\":[\"@kibana-highlighted-field@\"],\"require_field_match\":false},\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:system.syslog\"}}"},"sort":[["@timestamp","desc"]],"title":"Syslog logs [Logs System]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"system-Syslog-system-logs","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"system-fleet-managed-default","name":"tag-ref-system-fleet-managed-default","type":"tag"},{"id":"system-fleet-pkg-system-default","name":"tag-ref-system-fleet-pkg-system-default","type":"tag"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-system-default","name":"tag-ref-fleet-pkg-system-default","type":"tag"}],"sort":[1688154054424,8347],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4NDEsMV0="}
-{"attributes":{"description":"Syslog dashboard from the Logs System integration","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"version\":true}"},"optionsJSON":"{\"darkTheme\":false}","panelsJSON":"[{\"embeddableConfig\":{\"columns\":[\"host.hostname\",\"process.name\",\"message\"],\"enhancements\":{},\"sort\":[\"@timestamp\",\"desc\"]},\"gridData\":{\"h\":28,\"i\":\"3\",\"w\":48,\"x\":0,\"y\":20},\"panelIndex\":\"3\",\"panelRefName\":\"panel_3\",\"type\":\"search\",\"version\":\"8.1.0\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"4\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"[Syslog](#/dashboard/system-Logs-syslog-dashboard) | [Sudo commands](#/dashboard/system-277876d0-fa2c-11e6-bbd3-29c986c96e5a) | [SSH logins](#/dashboard/system-5517a150-f9ce-11e6-8115-a7c18106d86a) | [New users and groups](#/dashboard/system-0d3f2380-fa78-11e6-ae9b-81e5311e8cab)\"},\"title\":\"Dashboards [Logs System]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":16,\"i\":\"1c0a80d4-cd4d-488a-a06d-e9b816e733a8\",\"w\":32,\"x\":0,\"y\":4},\"panelIndex\":\"1c0a80d4-cd4d-488a-a06d-e9b816e733a8\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"scaleMetricValues\":false,\"timeRange\":{\"from\":\"now-15m\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"used_interval\":\"30s\"},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"host.hostname\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"group\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[]}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"defaultYExtents\":false,\"detailedTooltip\":true,\"grid\":{\"categoryLines\":false},\"labels\":{\"show\":false},\"legendPosition\":\"right\",\"legendSize\":\"auto\",\"maxLegendLines\":1,\"mode\":\"stacked\",\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"radiusRatio\":0,\"scale\":\"linear\",\"seriesParams\":[{\"circlesRadius\":1,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"stacked\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"shareYAxis\":true,\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"truncateLegend\":true,\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":true,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"\"},\"type\":\"value\"}],\"yAxis\":{}},\"type\":\"histogram\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Syslog events by hostname [Logs System]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":16,\"i\":\"30ce1a8d-6460-45b6-be1a-841db5ca7c8b\",\"w\":16,\"x\":32,\"y\":4},\"panelIndex\":\"30ce1a8d-6460-45b6-be1a-841db5ca7c8b\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"host.hostname\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"process.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[]}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"distinctColors\":true,\"emptySizeRatio\":0.3,\"isDonut\":true,\"labels\":{\"last_level\":false,\"percentDecimals\":2,\"position\":\"default\",\"show\":true,\"truncate\":100,\"values\":true,\"valuesFormat\":\"percent\"},\"legendPosition\":\"bottom\",\"legendSize\":\"auto\",\"maxLegendLines\":1,\"nestedLegend\":false,\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"shareYAxis\":true,\"truncateLegend\":true,\"type\":\"pie\"},\"type\":\"pie\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Syslog hostnames and processes [Logs System]\"}]","timeRestore":false,"title":"[Logs System] Syslog dashboard","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"system-Logs-syslog-dashboard","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"system-Syslog-system-logs","name":"3:panel_3","type":"search"},{"id":"system-Syslog-system-logs","name":"1c0a80d4-cd4d-488a-a06d-e9b816e733a8:search_0","type":"search"},{"id":"system-Syslog-system-logs","name":"30ce1a8d-6460-45b6-be1a-841db5ca7c8b:search_0","type":"search"},{"id":"system-fleet-managed-default","name":"tag-ref-system-fleet-managed-default","type":"tag"},{"id":"system-fleet-pkg-system-default","name":"tag-ref-system-fleet-pkg-system-default","type":"tag"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-system-default","name":"tag-ref-fleet-pkg-system-default","type":"tag"}],"sort":[1688154054424,8355],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4NDIsMV0="}
-{"attributes":{"description":"Overview of system metrics","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"version\":true}"},"optionsJSON":"{\"darkTheme\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":6,\"i\":\"471f7546-e704-4a38-a041-d8b11869d7cc\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"471f7546-e704-4a38-a041-d8b11869d7cc\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"# System overview\\n\\nTo view host details, select a host from the list below by clicking the respective label.\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"System Navigation [Metrics System]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":13,\"i\":\"aa7fddcf-8146-4d85-b3d7-d37a99a5ff32\",\"w\":9,\"x\":0,\"y\":6},\"panelIndex\":\"aa7fddcf-8146-4d85-b3d7-d37a99a5ff32\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.memory\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.memory\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"gauge_color_rules\":[{\"gauge\":\"rgba(32,146,128,1)\",\"id\":\"a0d522e0-1b91-11e7-bec4-a5e9ec5cab8b\",\"operator\":\"gte\",\"value\":0},{\"gauge\":\"rgba(214,191,87,1)\",\"id\":\"b45ad8f0-1b91-11e7-bec4-a5e9ec5cab8b\",\"operator\":\"gte\",\"value\":0.7},{\"gauge\":\"rgba(204,86,66,1)\",\"id\":\"c06e9550-1b91-11e7-bec4-a5e9ec5cab8b\",\"operator\":\"gte\",\"value\":0.85},{\"gauge\":\"rgba(32,146,128,1)\",\"id\":\"4bbf6453-9bd4-4ab7-aa12-5a7ed6306651\",\"operator\":\"empty\",\"value\":null}],\"gauge_inner_width\":10,\"gauge_max\":\"1\",\"gauge_style\":\"half\",\"gauge_width\":10,\"hide_last_value_indicator\":true,\"id\":\"9f51b730-1b91-11e7-bec4-a5e9ec5cab8b\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(84,179,153,1)\",\"fill\":0.5,\"formatter\":\"percent\",\"id\":\"9f51b731-1b91-11e7-bec4-a5e9ec5cab8b\",\"label\":\"Memory Usage\",\"line_width\":1,\"metrics\":[{\"field\":\"system.memory.actual.used.pct\",\"id\":\"9f51b732-1b91-11e7-bec4-a5e9ec5cab8b\",\"type\":\"avg\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"time_range_mode\":\"entire_time_range\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"last_value\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"gauge\",\"use_kibana_indexes\":false},\"title\":\"\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":13,\"i\":\"9fc7a050-de1b-495b-8ca7-2a852ed5a28c\",\"w\":9,\"x\":9,\"y\":6},\"panelIndex\":\"9fc7a050-de1b-495b-8ca7-2a852ed5a28c\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.cpu\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.cpu\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"gauge_color_rules\":[{\"gauge\":\"rgba(32,146,128,1)\",\"id\":\"4ef2c3b0-1b91-11e7-bec4-a5e9ec5cab8b\",\"operator\":\"gte\",\"value\":0},{\"gauge\":\"rgba(214,191,87,1)\",\"id\":\"e6561ae0-1b91-11e7-bec4-a5e9ec5cab8b\",\"operator\":\"gte\",\"value\":0.7},{\"gauge\":\"rgba(204,86,66,1)\",\"id\":\"ec655040-1b91-11e7-bec4-a5e9ec5cab8b\",\"operator\":\"gte\",\"value\":0.85},{\"gauge\":\"rgba(32,146,128,1)\",\"id\":\"860f8db7-6191-4519-8d2a-c51f2a95c2bc\",\"operator\":\"empty\",\"value\":null}],\"gauge_inner_width\":10,\"gauge_max\":\"1\",\"gauge_style\":\"half\",\"gauge_width\":10,\"hide_last_value_indicator\":true,\"id\":\"4c9e2550-1b91-11e7-bec4-a5e9ec5cab8b\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"percent\",\"id\":\"4c9e2551-1b91-11e7-bec4-a5e9ec5cab8b\",\"label\":\"CPU Usage\",\"line_width\":1,\"metrics\":[{\"field\":\"system.cpu.total.norm.pct\",\"id\":\"4c9e2552-1b91-11e7-bec4-a5e9ec5cab8b\",\"type\":\"avg\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"time_range_mode\":\"entire_time_range\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"last_value\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"gauge\",\"use_kibana_indexes\":false},\"title\":\"\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":13,\"i\":\"d85621b3-cf7e-4019-83ae-3a1e06d9933f\",\"w\":30,\"x\":18,\"y\":6},\"panelIndex\":\"d85621b3-cf7e-4019-83ae-3a1e06d9933f\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.cpu\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.cpu\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"bar_color_rules\":[{\"bar_color\":\"rgba(32,146,128,1)\",\"id\":\"6131bb70-2938-11ed-a1c4-3f04ff5e1036\",\"operator\":\"gte\",\"value\":0},{\"bar_color\":\"rgba(214,191,87,1)\",\"id\":\"b048c5a0-2938-11ed-a1c4-3f04ff5e1036\",\"operator\":\"gte\",\"value\":0.7},{\"bar_color\":\"rgba(204,86,66,1)\",\"id\":\"b84aa340-2938-11ed-a1c4-3f04ff5e1036\",\"operator\":\"gte\",\"value\":0.85},{\"bar_color\":\"rgba(32,146,128,1)\",\"id\":\"c0f1c190-2938-11ed-a1c4-3f04ff5e1036\",\"operator\":\"empty\",\"value\":null}],\"drilldown_url\":\"../app/kibana#/dashboard/system-79ffd6e0-faa0-11e6-947f-177f697178b8?_a=(query:(language:kuery,query:'host.name:\\\"{{key}}\\\"'))\",\"drop_last_bucket\":1,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"id\":\"f85dd7f0-6f50-4ca3-b431-a8332b12f516\",\"index_pattern_ref_name\":\"metrics_d85621b3-cf7e-4019-83ae-3a1e06d9933f_0_index_pattern\",\"interval\":\"\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"percent\",\"id\":\"0fa4599f-6d53-4f7e-a508-b10debeae3a7\",\"line_width\":1,\"metrics\":[{\"field\":\"system.cpu.user.norm.pct\",\"id\":\"20916733-fe1d-4854-8f60-7da167023e8a\",\"type\":\"avg\"}],\"override_index_pattern\":0,\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"point_size\":1,\"separate_axis\":0,\"series_drop_last_bucket\":0,\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"host.name\",\"terms_order_by\":\"20916733-fe1d-4854-8f60-7da167023e8a\",\"time_range_mode\":\"entire_time_range\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"last_value\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"top_n\",\"use_kibana_indexes\":true},\"title\":\"\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Top Hosts by CPU\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":12,\"i\":\"f95d2a8f-0ec2-4252-b3e8-8771b9165241\",\"w\":9,\"x\":0,\"y\":19},\"panelIndex\":\"f95d2a8f-0ec2-4252-b3e8-8771b9165241\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-6a26e3ad-990f-42a2-82fd-f147b1ede3b0\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"6a26e3ad-990f-42a2-82fd-f147b1ede3b0\":{\"columnOrder\":[\"6702f512-7df6-4b95-892c-200bafa8bd0e\",\"6702f512-7df6-4b95-892c-200bafa8bd0eX0\"],\"columns\":{\"6702f512-7df6-4b95-892c-200bafa8bd0e\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Hosts\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(host.name)\",\"isFormulaBroken\":false},\"references\":[\"6702f512-7df6-4b95-892c-200bafa8bd0eX0\"],\"scale\":\"ratio\"},\"6702f512-7df6-4b95-892c-200bafa8bd0eX0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Hosts\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"6702f512-7df6-4b95-892c-200bafa8bd0e\",\"layerId\":\"6a26e3ad-990f-42a2-82fd-f147b1ede3b0\",\"layerType\":\"data\",\"size\":\"xl\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"4a59a56e-e5fd-4ff3-b2f0-8a1c07be572b\",\"w\":9,\"x\":9,\"y\":19},\"panelIndex\":\"4a59a56e-e5fd-4ff3-b2f0-8a1c07be572b\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.fsstat\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.fsstat\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"gauge_color_rules\":[{\"gauge\":\"rgba(32,146,128,1)\",\"id\":\"51921d10-4d1d-11e7-b5f2-2b7c1895bf32\",\"operator\":\"gte\",\"value\":0},{\"gauge\":\"rgba(214,191,87,1)\",\"id\":\"f26de750-4d54-11e7-b5f2-2b7c1895bf32\",\"operator\":\"gte\",\"value\":0.7},{\"gauge\":\"rgba(204,86,66,1)\",\"id\":\"fa31d190-4d54-11e7-b5f2-2b7c1895bf32\",\"operator\":\"gte\",\"value\":0.85},{\"gauge\":\"rgba(32,146,128,1)\",\"id\":\"79158349-1f03-4701-8ecc-c882c2b13ff3\",\"operator\":\"empty\",\"value\":null}],\"gauge_inner_width\":10,\"gauge_max\":\"1\",\"gauge_style\":\"half\",\"gauge_width\":10,\"hide_last_value_indicator\":true,\"id\":\"4e4dc780-4d1d-11e7-b5f2-2b7c1895bf32\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"percent\",\"id\":\"4e4dee90-4d1d-11e7-b5f2-2b7c1895bf32\",\"label\":\"Disk usage\",\"line_width\":1,\"metrics\":[{\"agg_with\":\"avg\",\"field\":\"system.fsstat.total_size.used\",\"id\":\"4e4dee91-4d1d-11e7-b5f2-2b7c1895bf32\",\"order\":\"desc\",\"order_by\":\"@timestamp\",\"size\":1,\"type\":\"top_hit\"},{\"agg_with\":\"avg\",\"field\":\"system.fsstat.total_size.total\",\"id\":\"57c96ee0-4d54-11e7-b5f2-2b7c1895bf32\",\"order\":\"desc\",\"order_by\":\"@timestamp\",\"size\":1,\"type\":\"top_hit\"},{\"id\":\"6304cca0-4d54-11e7-b5f2-2b7c1895bf32\",\"script\":\"params.used/params.total \",\"type\":\"math\",\"variables\":[{\"field\":\"4e4dee91-4d1d-11e7-b5f2-2b7c1895bf32\",\"id\":\"6da10430-4d54-11e7-b5f2-2b7c1895bf32\",\"name\":\"used\"},{\"field\":\"57c96ee0-4d54-11e7-b5f2-2b7c1895bf32\",\"id\":\"73b8c510-4d54-11e7-b5f2-2b7c1895bf32\",\"name\":\"total\"}]}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"time_range_mode\":\"entire_time_range\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"last_value\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"gauge\",\"use_kibana_indexes\":false},\"title\":\"\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"72f0915f-db77-4d67-b92b-ed8cdd97e1aa\",\"w\":30,\"x\":18,\"y\":19},\"panelIndex\":\"72f0915f-db77-4d67-b92b-ed8cdd97e1aa\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.memory\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.memory\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"bar_color_rules\":[{\"bar_color\":\"rgba(32,146,128,1)\",\"id\":\"6131bb70-2938-11ed-a1c4-3f04ff5e1036\",\"operator\":\"gte\",\"value\":0},{\"bar_color\":\"rgba(214,191,87,1)\",\"id\":\"b048c5a0-2938-11ed-a1c4-3f04ff5e1036\",\"operator\":\"gte\",\"value\":0.7},{\"bar_color\":\"rgba(204,86,66,1)\",\"id\":\"b84aa340-2938-11ed-a1c4-3f04ff5e1036\",\"operator\":\"gte\",\"value\":0.85},{\"bar_color\":\"rgba(32,146,128,1)\",\"id\":\"c0f1c190-2938-11ed-a1c4-3f04ff5e1036\",\"operator\":\"empty\",\"value\":null}],\"drilldown_url\":\"../app/kibana#/dashboard/system-79ffd6e0-faa0-11e6-947f-177f697178b8?_a=(query:(language:kuery,query:'host.name:\\\"{{key}}\\\"'))\",\"drop_last_bucket\":1,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"id\":\"f85dd7f0-6f50-4ca3-b431-a8332b12f516\",\"index_pattern_ref_name\":\"metrics_72f0915f-db77-4d67-b92b-ed8cdd97e1aa_0_index_pattern\",\"interval\":\"\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"percent\",\"id\":\"0fa4599f-6d53-4f7e-a508-b10debeae3a7\",\"line_width\":1,\"metrics\":[{\"field\":\"system.memory.actual.used.pct\",\"id\":\"20916733-fe1d-4854-8f60-7da167023e8a\",\"type\":\"avg\"}],\"override_index_pattern\":0,\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"point_size\":1,\"separate_axis\":0,\"series_drop_last_bucket\":0,\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"host.name\",\"terms_order_by\":\"20916733-fe1d-4854-8f60-7da167023e8a\",\"time_range_mode\":\"entire_time_range\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"last_value\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"top_n\",\"use_kibana_indexes\":true},\"title\":\"\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Top Hosts by Memory\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"e6f8fdab-5f7e-42b1-9093-36c017e0d26d\",\"w\":48,\"x\":0,\"y\":31},\"panelIndex\":\"e6f8fdab-5f7e-42b1-9093-36c017e0d26d\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-13084d12-8f45-4ff7-84ff-1aa82f6e91d4\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"6a4289ad-9ff1-40c9-aeff-f102d2251bba\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"13084d12-8f45-4ff7-84ff-1aa82f6e91d4\":{\"columnOrder\":[\"3a15aec4-8bda-4361-8807-6f4cf5d2246b\",\"9f4265d2-4b84-419e-a1b6-58cfcb6f6ffc\",\"ac7e5bcf-a361-44c9-ba8c-12eb2d7974bb\"],\"columns\":{\"3a15aec4-8bda-4361-8807-6f4cf5d2246b\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Hosts\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"ac7e5bcf-a361-44c9-ba8c-12eb2d7974bb\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":20},\"scale\":\"ordinal\",\"sourceField\":\"host.name\"},\"9f4265d2-4b84-419e-a1b6-58cfcb6f6ffc\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"ac7e5bcf-a361-44c9-ba8c-12eb2d7974bb\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"CPU Usage\",\"operationType\":\"average\",\"params\":{\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":0}}},\"scale\":\"ratio\",\"sourceField\":\"system.cpu.user.norm.pct\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"6a4289ad-9ff1-40c9-aeff-f102d2251bba\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.cpu\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.cpu\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"gridConfig\":{\"isCellLabelVisible\":false,\"isXAxisLabelVisible\":true,\"isXAxisTitleVisible\":false,\"isYAxisLabelVisible\":true,\"isYAxisTitleVisible\":false,\"type\":\"heatmap_grid\"},\"layerId\":\"13084d12-8f45-4ff7-84ff-1aa82f6e91d4\",\"layerType\":\"data\",\"legend\":{\"isVisible\":true,\"legendSize\":\"auto\",\"position\":\"right\",\"type\":\"heatmap_legend\"},\"palette\":{\"accessor\":\"ac7e5bcf-a361-44c9-ba8c-12eb2d7974bb\",\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#d9dada\",\"stop\":0},{\"color\":\"#d6bf57\",\"stop\":0.7},{\"color\":\"#cc5642\",\"stop\":0.85}],\"continuity\":\"above\",\"name\":\"custom\",\"rangeMax\":null,\"rangeMin\":0,\"rangeType\":\"number\",\"reverse\":false,\"steps\":5,\"stops\":[{\"color\":\"#d9dada\",\"stop\":0.7},{\"color\":\"#d6bf57\",\"stop\":0.85},{\"color\":\"#cc5642\",\"stop\":1.85}]},\"type\":\"palette\"},\"shape\":\"heatmap\",\"valueAccessor\":\"ac7e5bcf-a361-44c9-ba8c-12eb2d7974bb\",\"xAccessor\":\"9f4265d2-4b84-419e-a1b6-58cfcb6f6ffc\",\"yAccessor\":\"3a15aec4-8bda-4361-8807-6f4cf5d2246b\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsHeatmap\"},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"action\":{\"config\":{\"useCurrentDateRange\":true,\"useCurrentFilters\":true},\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"Host Overview\"},\"eventId\":\"19bf22c3-97f5-4a71-8752-74cd3d5ec6f9\",\"triggers\":[\"FILTER_TRIGGER\"]}]}},\"type\":\"lens\"},\"title\":\"Top Hosts by CPU Usage over time\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":16,\"i\":\"e6f6cabf-ecec-482f-b7b5-634e323e9a15\",\"w\":48,\"x\":0,\"y\":46},\"panelIndex\":\"e6f6cabf-ecec-482f-b7b5-634e323e9a15\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-13084d12-8f45-4ff7-84ff-1aa82f6e91d4\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"33b2f4d6-9337-4d77-a45b-8debb9604323\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"13084d12-8f45-4ff7-84ff-1aa82f6e91d4\":{\"columnOrder\":[\"3a15aec4-8bda-4361-8807-6f4cf5d2246b\",\"9f4265d2-4b84-419e-a1b6-58cfcb6f6ffc\",\"ac7e5bcf-a361-44c9-ba8c-12eb2d7974bb\",\"ac7e5bcf-a361-44c9-ba8c-12eb2d7974bbX0\"],\"columns\":{\"3a15aec4-8bda-4361-8807-6f4cf5d2246b\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Hosts\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"fallback\":true,\"type\":\"alphabetical\"},\"orderDirection\":\"asc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":20},\"scale\":\"ordinal\",\"sourceField\":\"host.name\"},\"9f4265d2-4b84-419e-a1b6-58cfcb6f6ffc\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"ac7e5bcf-a361-44c9-ba8c-12eb2d7974bb\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Memory Usage\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":0}},\"formula\":\"average(system.memory.actual.used.pct)\",\"isFormulaBroken\":false},\"references\":[\"ac7e5bcf-a361-44c9-ba8c-12eb2d7974bbX0\"],\"scale\":\"ratio\"},\"ac7e5bcf-a361-44c9-ba8c-12eb2d7974bbX0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Memory Usage\",\"operationType\":\"average\",\"scale\":\"ratio\",\"sourceField\":\"system.memory.actual.used.pct\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"33b2f4d6-9337-4d77-a45b-8debb9604323\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.memory\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.memory\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"gridConfig\":{\"isCellLabelVisible\":false,\"isXAxisLabelVisible\":true,\"isXAxisTitleVisible\":false,\"isYAxisLabelVisible\":true,\"isYAxisTitleVisible\":false,\"type\":\"heatmap_grid\"},\"layerId\":\"13084d12-8f45-4ff7-84ff-1aa82f6e91d4\",\"layerType\":\"data\",\"legend\":{\"isVisible\":true,\"legendSize\":\"auto\",\"position\":\"right\",\"type\":\"heatmap_legend\"},\"palette\":{\"accessor\":\"ac7e5bcf-a361-44c9-ba8c-12eb2d7974bb\",\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#d9dada\",\"stop\":0},{\"color\":\"#d6bf57\",\"stop\":0.7},{\"color\":\"#cc5642\",\"stop\":0.85}],\"continuity\":\"above\",\"name\":\"custom\",\"rangeMax\":null,\"rangeMin\":0,\"rangeType\":\"number\",\"reverse\":false,\"steps\":5,\"stops\":[{\"color\":\"#d9dada\",\"stop\":0.7},{\"color\":\"#d6bf57\",\"stop\":0.85},{\"color\":\"#cc5642\",\"stop\":1.85}]},\"type\":\"palette\"},\"shape\":\"heatmap\",\"valueAccessor\":\"ac7e5bcf-a361-44c9-ba8c-12eb2d7974bb\",\"xAccessor\":\"9f4265d2-4b84-419e-a1b6-58cfcb6f6ffc\",\"yAccessor\":\"3a15aec4-8bda-4361-8807-6f4cf5d2246b\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsHeatmap\"},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"action\":{\"config\":{\"useCurrentDateRange\":true,\"useCurrentFilters\":true},\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"Host Overview\"},\"eventId\":\"cb4db4a1-91ee-41e3-9f16-4b373cb189ad\",\"triggers\":[\"FILTER_TRIGGER\"]}]}},\"type\":\"lens\"},\"title\":\"Top Hosts by Memory Usage over time\"}]","timeRestore":false,"title":"[Metrics System] Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"system-Metrics-system-overview","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"metrics-*","name":"aa7fddcf-8146-4d85-b3d7-d37a99a5ff32:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"9fc7a050-de1b-495b-8ca7-2a852ed5a28c:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"d85621b3-cf7e-4019-83ae-3a1e06d9933f:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"d85621b3-cf7e-4019-83ae-3a1e06d9933f:metrics_d85621b3-cf7e-4019-83ae-3a1e06d9933f_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"f95d2a8f-0ec2-4252-b3e8-8771b9165241:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"f95d2a8f-0ec2-4252-b3e8-8771b9165241:indexpattern-datasource-layer-6a26e3ad-990f-42a2-82fd-f147b1ede3b0","type":"index-pattern"},{"id":"metrics-*","name":"4a59a56e-e5fd-4ff3-b2f0-8a1c07be572b:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"72f0915f-db77-4d67-b92b-ed8cdd97e1aa:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"72f0915f-db77-4d67-b92b-ed8cdd97e1aa:metrics_72f0915f-db77-4d67-b92b-ed8cdd97e1aa_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"e6f8fdab-5f7e-42b1-9093-36c017e0d26d:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"e6f8fdab-5f7e-42b1-9093-36c017e0d26d:indexpattern-datasource-layer-13084d12-8f45-4ff7-84ff-1aa82f6e91d4","type":"index-pattern"},{"id":"metrics-*","name":"e6f8fdab-5f7e-42b1-9093-36c017e0d26d:6a4289ad-9ff1-40c9-aeff-f102d2251bba","type":"index-pattern"},{"id":"system-79ffd6e0-faa0-11e6-947f-177f697178b8","name":"e6f8fdab-5f7e-42b1-9093-36c017e0d26d:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:19bf22c3-97f5-4a71-8752-74cd3d5ec6f9:dashboardId","type":"dashboard"},{"id":"metrics-*","name":"e6f6cabf-ecec-482f-b7b5-634e323e9a15:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"e6f6cabf-ecec-482f-b7b5-634e323e9a15:indexpattern-datasource-layer-13084d12-8f45-4ff7-84ff-1aa82f6e91d4","type":"index-pattern"},{"id":"metrics-*","name":"e6f6cabf-ecec-482f-b7b5-634e323e9a15:33b2f4d6-9337-4d77-a45b-8debb9604323","type":"index-pattern"},{"id":"system-79ffd6e0-faa0-11e6-947f-177f697178b8","name":"e6f6cabf-ecec-482f-b7b5-634e323e9a15:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:cb4db4a1-91ee-41e3-9f16-4b373cb189ad:dashboardId","type":"dashboard"},{"id":"system-fleet-managed-default","name":"tag-ref-system-fleet-managed-default","type":"tag"},{"id":"system-fleet-pkg-system-default","name":"tag-ref-system-fleet-pkg-system-default","type":"tag"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-system-default","name":"tag-ref-fleet-pkg-system-default","type":"tag"}],"sort":[1688154054424,8377],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4NDMsMV0="}
-{"attributes":{"description":"Overview of all Windows Event Logs.","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"system.application\",\"system.security\",\"system.system\",\"windows.application\",\"windows.forwarded\",\"windows.powershell\",\"windows.powershell_operational\",\"windows.security\",\"windows.sysmon_operational\",\"windows.system\",\"winlog.winlog\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"system.application\"}},{\"match_phrase\":{\"data_stream.dataset\":\"system.security\"}},{\"match_phrase\":{\"data_stream.dataset\":\"system.system\"}},{\"match_phrase\":{\"data_stream.dataset\":\"windows.application\"}},{\"match_phrase\":{\"data_stream.dataset\":\"windows.forwarded\"}},{\"match_phrase\":{\"data_stream.dataset\":\"windows.powershell\"}},{\"match_phrase\":{\"data_stream.dataset\":\"windows.powershell_operational\"}},{\"match_phrase\":{\"data_stream.dataset\":\"windows.security\"}},{\"match_phrase\":{\"data_stream.dataset\":\"windows.sysmon_operational\"}},{\"match_phrase\":{\"data_stream.dataset\":\"windows.system\"}},{\"match_phrase\":{\"data_stream.dataset\":\"winlog.winlog\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":10,\"markdown\":\"## **Windows Overview**\",\"openLinksInNewTab\":false},\"title\":\"User Logon Dashboard [Windows System Security]\",\"type\":\"markdown\",\"uiState\":{}}},\"gridData\":{\"h\":5,\"i\":\"a631db29-cb48-4bfb-b9c9-77ea2baff486\",\"w\":12,\"x\":0,\"y\":0},\"panelIndex\":\"a631db29-cb48-4bfb-b9c9-77ea2baff486\",\"title\":\"\",\"type\":\"visualization\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b8e30995-8308-4085-bebc-b744255d4471\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"b8e30995-8308-4085-bebc-b744255d4471\":{\"columnOrder\":[\"b76296f1-254e-44be-885c-dab598a5769a\"],\"columns\":{\"b76296f1-254e-44be-885c-dab598a5769a\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"b76296f1-254e-44be-885c-dab598a5769a\",\"layerId\":\"b8e30995-8308-4085-bebc-b744255d4471\",\"layerType\":\"data\"}},\"title\":\"Number of Events [Windows Overview]\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":20,\"i\":\"f1073adc-88c7-4213-947d-72d05705e81a\",\"w\":12,\"x\":0,\"y\":5},\"panelIndex\":\"f1073adc-88c7-4213-947d-72d05705e81a\",\"title\":\"Number of Events [Windows Overview]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"**Windows Overview** | [User Logon Information](#/dashboard/system-bae11b00-9bfc-11ea-87e4-49f31ec44891) |  [Logon Failed and Account Lockout](#/dashboard/system-d401ef40-a7d5-11e9-a422-d144027429da) | [User Management Events](#/dashboard/system-71f720f0-ff18-11e9-8405-516218e3d268) | [Group Management Events](#/dashboard/system-bb858830-f412-11e9-8405-516218e3d268)\",\"openLinksInNewTab\":false},\"title\":\"Dashboard links  [Windows System Security]\",\"type\":\"markdown\",\"uiState\":{}}},\"gridData\":{\"h\":5,\"i\":\"dadfa90b-35df-4cdb-8b7f-80b75ef8cb9b\",\"w\":36,\"x\":12,\"y\":0},\"panelIndex\":\"dadfa90b-35df-4cdb-8b7f-80b75ef8cb9b\",\"title\":\"\",\"type\":\"visualization\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-5e87aee1-99b0-42aa-8b38-30ad57feda11\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"5e87aee1-99b0-42aa-8b38-30ad57feda11\":{\"columnOrder\":[\"c3110bfa-477d-4c3d-9483-a63044c42900\",\"b3737588-4175-4ab0-b9da-23267d72fe70\",\"b1b1cc91-e400-414c-90b7-912cd62a404a\"],\"columns\":{\"b1b1cc91-e400-414c-90b7-912cd62a404a\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"b3737588-4175-4ab0-b9da-23267d72fe70\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Channel\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"b1b1cc91-e400-414c-90b7-912cd62a404a\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":6},\"scale\":\"ordinal\",\"sourceField\":\"winlog.channel\"},\"c3110bfa-477d-4c3d-9483-a63044c42900\":{\"customLabel\":true,\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":false,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"curveType\":\"LINEAR\",\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":-90},\"layers\":[{\"accessors\":[\"b1b1cc91-e400-414c-90b7-912cd62a404a\"],\"isHistogram\":true,\"layerId\":\"5e87aee1-99b0-42aa-8b38-30ad57feda11\",\"layerType\":\"data\",\"seriesType\":\"bar_stacked\",\"simpleView\":false,\"splitAccessor\":\"b3737588-4175-4ab0-b9da-23267d72fe70\",\"xAccessor\":\"c3110bfa-477d-4c3d-9483-a63044c42900\",\"xScaleType\":\"time\",\"yConfig\":[{\"axisMode\":\"left\",\"forAccessor\":\"b1b1cc91-e400-414c-90b7-912cd62a404a\"}]}],\"legend\":{\"isVisible\":true,\"legendSize\":\"auto\",\"maxLines\":1,\"position\":\"right\",\"shouldTruncate\":true,\"showSingleSeries\":true},\"preferredSeriesType\":\"bar_stacked\",\"showCurrentTimeMarker\":false,\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"valuesInLegend\":false,\"yLeftExtent\":{\"enforce\":true,\"mode\":\"full\"},\"yLeftScale\":\"linear\",\"yRightScale\":\"linear\",\"yTitle\":\"Count\"}},\"title\":\"Number of Events Over Time By Channel [Windows Overview]\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":20,\"i\":\"57c36a54-2c5c-4ca5-ae9a-b2a9b71423cc\",\"w\":36,\"x\":12,\"y\":5},\"panelIndex\":\"57c36a54-2c5c-4ca5-ae9a-b2a9b71423cc\",\"title\":\"Number of Events Over Time By Channel [Windows Overview]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-f91444b8-f989-4d50-9791-659f63b410a6\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"f91444b8-f989-4d50-9791-659f63b410a6\":{\"columnOrder\":[\"d79151d8-0464-460f-985d-7710afd65951\",\"f823b376-2c3e-4893-befa-3d99b5e4b54d\"],\"columns\":{\"d79151d8-0464-460f-985d-7710afd65951\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"winlog.provider_name: Descending\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"f823b376-2c3e-4893-befa-3d99b5e4b54d\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":7},\"scale\":\"ordinal\",\"sourceField\":\"winlog.provider_name\"},\"f823b376-2c3e-4893-befa-3d99b5e4b54d\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"hide\",\"emptySizeRatio\":0.3,\"layerId\":\"f91444b8-f989-4d50-9791-659f63b410a6\",\"layerType\":\"data\",\"legendDisplay\":\"hide\",\"legendMaxLines\":1,\"legendPosition\":\"right\",\"legendSize\":\"auto\",\"metrics\":[\"f823b376-2c3e-4893-befa-3d99b5e4b54d\"],\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"percentDecimals\":2,\"primaryGroups\":[\"d79151d8-0464-460f-985d-7710afd65951\"],\"secondaryGroups\":[],\"showValuesInLegend\":true,\"truncateLegend\":true}],\"shape\":\"pie\"}},\"title\":\"Sources (Provider Names) [Windows Overview]\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{}},\"gridData\":{\"h\":20,\"i\":\"49364a81-aad0-4123-9b41-e29cc0d20211\",\"w\":16,\"x\":0,\"y\":25},\"panelIndex\":\"49364a81-aad0-4123-9b41-e29cc0d20211\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-92b81c04-c009-42b2-a123-cbb40bacb21b\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"92b81c04-c009-42b2-a123-cbb40bacb21b\":{\"columnOrder\":[\"59206405-b932-4821-894f-0e7df0c64c49\",\"72e6c0f0-dd8b-4557-a0a1-282c3a527bff\"],\"columns\":{\"59206405-b932-4821-894f-0e7df0c64c49\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Event IDs\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"72e6c0f0-dd8b-4557-a0a1-282c3a527bff\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_id\"},\"72e6c0f0-dd8b-4557-a0a1-282c3a527bff\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"alignment\":\"left\",\"columnId\":\"72e6c0f0-dd8b-4557-a0a1-282c3a527bff\"},{\"alignment\":\"left\",\"columnId\":\"59206405-b932-4821-894f-0e7df0c64c49\"}],\"headerRowHeight\":\"single\",\"layerId\":\"92b81c04-c009-42b2-a123-cbb40bacb21b\",\"layerType\":\"data\",\"paging\":{\"enabled\":true,\"size\":10},\"rowHeight\":\"single\"}},\"title\":\"Top Event IDs [Windows Overview]\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{}},\"gridData\":{\"h\":20,\"i\":\"24dc70bf-961d-43d5-bbaf-b596523308d8\",\"w\":16,\"x\":16,\"y\":25},\"panelIndex\":\"24dc70bf-961d-43d5-bbaf-b596523308d8\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-948e4465-d614-4c5c-845c-e2cc11f14b14\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"948e4465-d614-4c5c-845c-e2cc11f14b14\":{\"columnOrder\":[\"a86889ec-ce6a-4b72-90f2-73cdcdf5af59\",\"3c6aceef-e72a-484a-a9b4-c9ccabad0da8\"],\"columns\":{\"3c6aceef-e72a-484a-a9b4-c9ccabad0da8\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"a86889ec-ce6a-4b72-90f2-73cdcdf5af59\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Log Levels\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"3c6aceef-e72a-484a-a9b4-c9ccabad0da8\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"log.level\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"alignment\":\"left\",\"columnId\":\"3c6aceef-e72a-484a-a9b4-c9ccabad0da8\"},{\"alignment\":\"left\",\"columnId\":\"a86889ec-ce6a-4b72-90f2-73cdcdf5af59\"}],\"headerRowHeight\":\"single\",\"layerId\":\"948e4465-d614-4c5c-845c-e2cc11f14b14\",\"layerType\":\"data\",\"paging\":{\"enabled\":true,\"size\":10},\"rowHeight\":\"single\"}},\"title\":\"Event Levels [Windows Overview]\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{}},\"gridData\":{\"h\":20,\"i\":\"8f939618-5923-43d4-9b23-57f7d21b4908\",\"w\":16,\"x\":32,\"y\":25},\"panelIndex\":\"8f939618-5923-43d4-9b23-57f7d21b4908\",\"type\":\"lens\",\"version\":\"8.7.0\"}]","timeRestore":false,"title":"[System] Windows Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"system-Windows-Dashboard","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"f1073adc-88c7-4213-947d-72d05705e81a:indexpattern-datasource-layer-b8e30995-8308-4085-bebc-b744255d4471","type":"index-pattern"},{"id":"logs-*","name":"57c36a54-2c5c-4ca5-ae9a-b2a9b71423cc:indexpattern-datasource-layer-5e87aee1-99b0-42aa-8b38-30ad57feda11","type":"index-pattern"},{"id":"logs-*","name":"49364a81-aad0-4123-9b41-e29cc0d20211:indexpattern-datasource-layer-f91444b8-f989-4d50-9791-659f63b410a6","type":"index-pattern"},{"id":"logs-*","name":"24dc70bf-961d-43d5-bbaf-b596523308d8:indexpattern-datasource-layer-92b81c04-c009-42b2-a123-cbb40bacb21b","type":"index-pattern"},{"id":"logs-*","name":"8f939618-5923-43d4-9b23-57f7d21b4908:indexpattern-datasource-layer-948e4465-d614-4c5c-845c-e2cc11f14b14","type":"index-pattern"},{"id":"system-fleet-managed-default","name":"tag-ref-system-fleet-managed-default","type":"tag"},{"id":"system-fleet-pkg-system-default","name":"tag-ref-system-fleet-pkg-system-default","type":"tag"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-system-default","name":"tag-ref-fleet-pkg-system-default","type":"tag"}],"sort":[1688154054424,8388],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4NDQsMV0="}
-{"attributes":{"columns":["user.name","winlog.logon.type","source.domain","source.ip","winlog.logon.id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4624\"},\"type\":\"phrase\"},\"query\":{\"match\":{\"event.code\":{\"query\":\"4624\",\"type\":\"phrase\"}}}}],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"},\"version\":true}"},"sort":[["@timestamp","desc"]],"title":"User Logons [Windows System Security]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"system-ce71c9a0-a25e-11e9-a422-d144027429da","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"system-fleet-managed-default","name":"tag-ref-system-fleet-managed-default","type":"tag"},{"id":"system-fleet-pkg-system-default","name":"tag-ref-system-fleet-pkg-system-default","type":"tag"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-system-default","name":"tag-ref-fleet-pkg-system-default","type":"tag"}],"sort":[1688154054424,8395],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4NDUsMV0="}
-{"attributes":{"description":"User logon activity dashboard.","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"system.security\",\"windows.forwarded\",\"windows.security\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"system.security\"}},{\"match_phrase\":{\"data_stream.dataset\":\"windows.forwarded\"}},{\"match_phrase\":{\"data_stream.dataset\":\"windows.security\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"winlog.provider_name\",\"negate\":false,\"params\":{\"query\":\"Microsoft-Windows-Security-Auditing\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"winlog.provider_name\":\"Microsoft-Windows-Security-Auditing\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"useMargins\":false}","panelsJSON":"[{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-0eeae7e3-4be6-439a-8d11-e248d89729c7\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"6c0aae98-74e3-48f0-bfe4-01114857e9ea\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"0eeae7e3-4be6-439a-8d11-e248d89729c7\":{\"columnOrder\":[\"6c20c34d-d053-4d81-9dc7-015ef4065cc8\",\"011f8ab2-fbac-408d-b01a-100820072975\",\"865f73fe-058f-468a-b4dc-e67be53b290b\",\"bcb7b474-2877-4665-a58e-58279b2a85a0\",\"a2383fe5-f58b-45bd-bc84-7750f113121e\"],\"columns\":{\"011f8ab2-fbac-408d-b01a-100820072975\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"user.name\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"a2383fe5-f58b-45bd-bc84-7750f113121e\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"user.name\"},\"6c20c34d-d053-4d81-9dc7-015ef4065cc8\":{\"customLabel\":true,\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"Date\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":false,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"865f73fe-058f-468a-b4dc-e67be53b290b\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":true,\"label\":\"# Thread\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"a2383fe5-f58b-45bd-bc84-7750f113121e\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.process.thread.id\"},\"a2383fe5-f58b-45bd-bc84-7750f113121e\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"bcb7b474-2877-4665-a58e-58279b2a85a0\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"LogonID\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"a2383fe5-f58b-45bd-bc84-7750f113121e\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.logon.id\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"6c0aae98-74e3-48f0-bfe4-01114857e9ea\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4672\"],\"type\":\"phrases\",\"value\":\"4672\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4672\"}}]}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"alignment\":\"left\",\"columnId\":\"a2383fe5-f58b-45bd-bc84-7750f113121e\"},{\"alignment\":\"left\",\"columnId\":\"6c20c34d-d053-4d81-9dc7-015ef4065cc8\"},{\"alignment\":\"left\",\"columnId\":\"011f8ab2-fbac-408d-b01a-100820072975\"},{\"alignment\":\"left\",\"columnId\":\"865f73fe-058f-468a-b4dc-e67be53b290b\"},{\"alignment\":\"left\",\"columnId\":\"bcb7b474-2877-4665-a58e-58279b2a85a0\"}],\"headerRowHeight\":\"single\",\"layerId\":\"0eeae7e3-4be6-439a-8d11-e248d89729c7\",\"layerType\":\"data\",\"paging\":{\"enabled\":true,\"size\":10},\"rowHeight\":\"single\"}},\"title\":\"Logged on Administrators [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{}},\"gridData\":{\"h\":28,\"i\":\"1\",\"w\":18,\"x\":0,\"y\":34},\"panelIndex\":\"1\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-7a52b543-0c01-4543-9ed6-a89dfbdd8b87\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"c92cd2bc-c3a2-40cf-8932-aa33cee31978\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"7a52b543-0c01-4543-9ed6-a89dfbdd8b87\":{\"columnOrder\":[\"c1fa9bb2-329d-452b-9aea-8019bbedf069\",\"6d33622e-b154-4aee-91af-31f692da9922\"],\"columns\":{\"6d33622e-b154-4aee-91af-31f692da9922\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique count of winlog.logon.id\",\"operationType\":\"unique_count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"winlog.logon.id\"},\"c1fa9bb2-329d-452b-9aea-8019bbedf069\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"user.name: Descending\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"6d33622e-b154-4aee-91af-31f692da9922\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"user.name\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"c92cd2bc-c3a2-40cf-8932-aa33cee31978\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4672\"},\"type\":\"phrase\"},\"query\":{\"match\":{\"event.code\":{\"query\":\"4672\",\"type\":\"phrase\"}}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"hide\",\"emptySizeRatio\":0.3,\"layerId\":\"7a52b543-0c01-4543-9ed6-a89dfbdd8b87\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"legendMaxLines\":1,\"legendPosition\":\"bottom\",\"legendSize\":\"auto\",\"metrics\":[\"6d33622e-b154-4aee-91af-31f692da9922\"],\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"percentDecimals\":2,\"primaryGroups\":[\"c1fa9bb2-329d-452b-9aea-8019bbedf069\"],\"secondaryGroups\":[],\"showValuesInLegend\":true,\"truncateLegend\":true}],\"shape\":\"pie\"}},\"title\":\"Administrator Users [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":18,\"i\":\"3\",\"w\":18,\"x\":0,\"y\":16},\"panelIndex\":\"3\",\"title\":\"Administrator Users [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":10,\"markdown\":\"## **Logon Information Dashboard**\",\"openLinksInNewTab\":false},\"title\":\"User Logon Dashboard [Windows System Security]\",\"type\":\"markdown\",\"uiState\":{}}},\"gridData\":{\"h\":6,\"i\":\"4\",\"w\":12,\"x\":0,\"y\":0},\"panelIndex\":\"4\",\"title\":\"\",\"type\":\"visualization\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":46,\"i\":\"10\",\"w\":23,\"x\":0,\"y\":62},\"panelIndex\":\"10\",\"panelRefName\":\"panel_10\",\"title\":\"Logon Details\",\"type\":\"search\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"[Windows Overview](#/dashboard/system-Windows-Dashboard) | **User Logon Information** | [Logon Failed and Account Lockout](#/dashboard/system-d401ef40-a7d5-11e9-a422-d144027429da) | [User Management Events](#/dashboard/system-71f720f0-ff18-11e9-8405-516218e3d268) | [Group Management Events](#/dashboard/system-bb858830-f412-11e9-8405-516218e3d268)\",\"openLinksInNewTab\":false},\"title\":\"Dashboard links  [Windows System Security]\",\"type\":\"markdown\",\"uiState\":{}}},\"gridData\":{\"h\":6,\"i\":\"34fc9633-8a7c-444d-8d19-06095b55fb43\",\"w\":36,\"x\":12,\"y\":0},\"panelIndex\":\"34fc9633-8a7c-444d-8d19-06095b55fb43\",\"title\":\"\",\"type\":\"visualization\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[],\"state\":{\"adHocDataViews\":{\"tsvb_ad_hoc_logs-*/@timestamp\":{\"allowNoIndex\":false,\"fieldAttrs\":{},\"fieldFormats\":{},\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"logs-*\",\"runtimeFieldMap\":{},\"sourceFilters\":[],\"timeFieldName\":\"@timestamp\",\"title\":\"logs-*\"}},\"datasourceStates\":{\"formBased\":{\"layers\":{\"3dfd861c-68d7-44e0-9755-de21ecd15ba1\":{\"columnOrder\":[\"a278011b-444a-4e01-af26-6395f2f54bf1\"],\"columns\":{\"a278011b-444a-4e01-af26-6395f2f54bf1\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"((data_stream.dataset:windows.security OR data_stream.dataset:system.security) AND event.code: \\\"4672\\\")\"},\"isBucketed\":false,\"label\":\"Administrator Logons\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[{\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"indexpattern-datasource-layer-3dfd861c-68d7-44e0-9755-de21ecd15ba1\",\"type\":\"index-pattern\"}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"a278011b-444a-4e01-af26-6395f2f54bf1\",\"layerId\":\"3dfd861c-68d7-44e0-9755-de21ecd15ba1\",\"layerType\":\"data\"}},\"title\":\"TSVB visualization\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":10,\"i\":\"f2925b5d-a820-428f-83dc-a547186bcbe6\",\"w\":9,\"x\":0,\"y\":6},\"panelIndex\":\"f2925b5d-a820-428f-83dc-a547186bcbe6\",\"title\":\"\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[],\"state\":{\"adHocDataViews\":{\"tsvb_ad_hoc_logs-*/@timestamp\":{\"allowNoIndex\":false,\"fieldAttrs\":{},\"fieldFormats\":{},\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"logs-*\",\"runtimeFieldMap\":{},\"sourceFilters\":[],\"timeFieldName\":\"@timestamp\",\"title\":\"logs-*\"}},\"datasourceStates\":{\"formBased\":{\"layers\":{\"83d20141-1b90-44a1-ac90-a024a460e2f7\":{\"columnOrder\":[\"f6e7fa4a-d41d-41e3-b8cb-112a3d34d3be\"],\"columns\":{\"f6e7fa4a-d41d-41e3-b8cb-112a3d34d3be\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"((data_stream.dataset:windows.security OR data_stream.dataset:system.security) AND event.code: \\\"4624\\\")\"},\"isBucketed\":false,\"label\":\"Logons \",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[{\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"indexpattern-datasource-layer-83d20141-1b90-44a1-ac90-a024a460e2f7\",\"type\":\"index-pattern\"}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"f6e7fa4a-d41d-41e3-b8cb-112a3d34d3be\",\"layerId\":\"83d20141-1b90-44a1-ac90-a024a460e2f7\",\"layerType\":\"data\"}},\"title\":\"TSVB visualization\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":10,\"i\":\"b6b45344-9881-4adf-ae69-4b892d976e63\",\"w\":9,\"x\":9,\"y\":6},\"panelIndex\":\"b6b45344-9881-4adf-ae69-4b892d976e63\",\"title\":\"\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[],\"state\":{\"adHocDataViews\":{\"tsvb_ad_hoc_logs-*/@timestamp\":{\"allowNoIndex\":false,\"fieldAttrs\":{},\"fieldFormats\":{},\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"logs-*\",\"runtimeFieldMap\":{},\"sourceFilters\":[],\"timeFieldName\":\"@timestamp\",\"title\":\"logs-*\"}},\"datasourceStates\":{\"formBased\":{\"layers\":{\"e6fef655-e731-4662-95d5-1d528e81aa31\":{\"columnOrder\":[\"d2c3177a-a480-4200-9cd1-e40f87f81192\",\"23784821-7b5a-4a62-ba6f-000d1600ac1f\",\"c496f94a-303f-4786-a5cf-16ffbda12881\"],\"columns\":{\"23784821-7b5a-4a62-ba6f-000d1600ac1f\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Filters\",\"operationType\":\"filters\",\"params\":{\"filters\":[{\"input\":{\"language\":\"kuery\",\"query\":\"event.code: \\\"4672\\\"\"},\"label\":\"Admin logons\"},{\"input\":{\"language\":\"kuery\",\"query\":\"event.code: \\\"4624\\\"\"},\"label\":\"Logon Events\"}]},\"scale\":\"ordinal\"},\"c496f94a-303f-4786-a5cf-16ffbda12881\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"d2c3177a-a480-4200-9cd1-e40f87f81192\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":true,\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[{\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"indexpattern-datasource-layer-e6fef655-e731-4662-95d5-1d528e81aa31\",\"type\":\"index-pattern\"}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fillOpacity\":0.5,\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"c496f94a-303f-4786-a5cf-16ffbda12881\"],\"layerId\":\"e6fef655-e731-4662-95d5-1d528e81aa31\",\"layerType\":\"data\",\"seriesType\":\"line\",\"splitAccessor\":\"23784821-7b5a-4a62-ba6f-000d1600ac1f\",\"xAccessor\":\"d2c3177a-a480-4200-9cd1-e40f87f81192\",\"yConfig\":[{\"axisMode\":\"left\",\"color\":\"#68BC00\",\"forAccessor\":\"c496f94a-303f-4786-a5cf-16ffbda12881\"}]}],\"legend\":{\"isVisible\":true,\"maxLines\":1,\"position\":\"right\",\"shouldTruncate\":true,\"showSingleSeries\":true},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yLeftScale\":\"linear\",\"yRightExtent\":{\"mode\":\"full\"},\"yRightScale\":\"linear\"}},\"title\":\"Logon Events Timeline\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":13,\"i\":\"e6bde0c0-6365-4c2a-b6d1-232e936d592e\",\"w\":30,\"x\":18,\"y\":6},\"panelIndex\":\"e6bde0c0-6365-4c2a-b6d1-232e936d592e\",\"title\":\"Logon Events Timeline\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-674fcc58-08d6-4ab5-b6cb-671d86391a1f\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"0b35b218-725a-492d-8a26-fc07ece4cefa\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"674fcc58-08d6-4ab5-b6cb-671d86391a1f\":{\"columnOrder\":[\"d3920133-e719-4f21-96b0-de104644c62d\",\"c5eeb90d-c93c-45c6-a105-cd6dd7de45c9\"],\"columns\":{\"c5eeb90d-c93c-45c6-a105-cd6dd7de45c9\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique count of winlog.logon.id\",\"operationType\":\"unique_count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"winlog.logon.id\"},\"d3920133-e719-4f21-96b0-de104644c62d\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"winlog.logon.type: Descending\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"c5eeb90d-c93c-45c6-a105-cd6dd7de45c9\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":20},\"scale\":\"ordinal\",\"sourceField\":\"winlog.logon.type\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"0b35b218-725a-492d-8a26-fc07ece4cefa\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4624\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.code\":\"4624\"}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"hide\",\"emptySizeRatio\":0.3,\"layerId\":\"674fcc58-08d6-4ab5-b6cb-671d86391a1f\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"legendMaxLines\":1,\"legendPosition\":\"right\",\"legendSize\":\"auto\",\"metrics\":[\"c5eeb90d-c93c-45c6-a105-cd6dd7de45c9\"],\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"percentDecimals\":2,\"primaryGroups\":[\"d3920133-e719-4f21-96b0-de104644c62d\"],\"secondaryGroups\":[],\"showValuesInLegend\":true,\"truncateLegend\":true}],\"shape\":\"pie\"}},\"title\":\"Logon Types  [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":15,\"i\":\"cf50b48e-453c-46fb-ad35-7ccfb7b03de0\",\"w\":15,\"x\":18,\"y\":19},\"panelIndex\":\"cf50b48e-453c-46fb-ad35-7ccfb7b03de0\",\"title\":\"Logon Types  [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-00652829-18f8-4bed-9423-c1b08879fa96\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"b48f02eb-a573-4758-a23f-ab02a2379751\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"00652829-18f8-4bed-9423-c1b08879fa96\":{\"columnOrder\":[\"028821e7-2e7e-4604-ac9d-25e9d90bbb0d\",\"0d65d110-92d0-42b0-a150-f5d7c154122c\"],\"columns\":{\"028821e7-2e7e-4604-ac9d-25e9d90bbb0d\":{\"customLabel\":true,\"dataType\":\"ip\",\"isBucketed\":true,\"label\":\"Logon Source IP\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0d65d110-92d0-42b0-a150-f5d7c154122c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"source.ip\"},\"0d65d110-92d0-42b0-a150-f5d7c154122c\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"field\":\"data_stream.dataset\",\"index\":\"b48f02eb-a573-4758-a23f-ab02a2379751\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"windows.security\",\"system.security\"],\"type\":\"phrases\",\"value\":[\"windows.security\",\"system.security\"]},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"windows.security\"}},{\"match_phrase\":{\"data_stream.dataset\":\"system.security\"}}]}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"0d65d110-92d0-42b0-a150-f5d7c154122c\"],\"layerId\":\"00652829-18f8-4bed-9423-c1b08879fa96\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"xAccessor\":\"028821e7-2e7e-4604-ac9d-25e9d90bbb0d\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_horizontal\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":15,\"i\":\"2ccb4f49-c9ee-48a0-b602-f86fa0e21504\",\"w\":15,\"x\":33,\"y\":19},\"panelIndex\":\"2ccb4f49-c9ee-48a0-b602-f86fa0e21504\",\"title\":\"Logon Sources [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":28,\"i\":\"454bb008-9720-455e-8ab9-b2f47d25aa4f\",\"w\":18,\"x\":18,\"y\":34},\"panelIndex\":\"454bb008-9720-455e-8ab9-b2f47d25aa4f\",\"panelRefName\":\"panel_454bb008-9720-455e-8ab9-b2f47d25aa4f\",\"title\":\"RDP Reconnections and Desconnections\",\"type\":\"search\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-4a1aa374-6802-4ad3-aaa8-5178d0944859\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"d5b55106-1b94-4e5d-af4a-30edbe70102e\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"4a1aa374-6802-4ad3-aaa8-5178d0944859\":{\"columnOrder\":[\"8bb80378-dfd5-4dbc-bc6c-6a311530b1f0\",\"71ed13d3-5581-4cb5-a9fd-c2137e961d1e\",\"c46bc820-0dbe-4560-8250-1c4c414bbfc0\",\"8602e508-3dc5-4e7e-a87e-8fd9ddf7b1d9\",\"c8f202eb-e9fe-469f-8a65-72c55a8755f9\"],\"columns\":{\"71ed13d3-5581-4cb5-a9fd-c2137e961d1e\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"subjectUserName\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"c8f202eb-e9fe-469f-8a65-72c55a8755f9\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.SubjectUserName\"},\"8602e508-3dc5-4e7e-a87e-8fd9ddf7b1d9\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"LogonID\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"c8f202eb-e9fe-469f-8a65-72c55a8755f9\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.logon.id\"},\"8bb80378-dfd5-4dbc-bc6c-6a311530b1f0\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"user.name\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"c8f202eb-e9fe-469f-8a65-72c55a8755f9\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":200},\"scale\":\"ordinal\",\"sourceField\":\"user.name\"},\"c46bc820-0dbe-4560-8250-1c4c414bbfc0\":{\"customLabel\":true,\"dataType\":\"ip\",\"isBucketed\":true,\"label\":\"source.ip\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"c8f202eb-e9fe-469f-8a65-72c55a8755f9\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"source.ip\"},\"c8f202eb-e9fe-469f-8a65-72c55a8755f9\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"d5b55106-1b94-4e5d-af4a-30edbe70102e\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4648\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.code\":\"4648\"}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"alignment\":\"left\",\"columnId\":\"c8f202eb-e9fe-469f-8a65-72c55a8755f9\"},{\"alignment\":\"left\",\"columnId\":\"8bb80378-dfd5-4dbc-bc6c-6a311530b1f0\"},{\"alignment\":\"left\",\"columnId\":\"71ed13d3-5581-4cb5-a9fd-c2137e961d1e\"},{\"alignment\":\"left\",\"columnId\":\"c46bc820-0dbe-4560-8250-1c4c414bbfc0\"},{\"alignment\":\"left\",\"columnId\":\"8602e508-3dc5-4e7e-a87e-8fd9ddf7b1d9\"}],\"headerRowHeight\":\"single\",\"layerId\":\"4a1aa374-6802-4ad3-aaa8-5178d0944859\",\"layerType\":\"data\",\"paging\":{\"enabled\":true,\"size\":10},\"rowHeight\":\"single\"}},\"title\":\"Logon with Explicit Credentials [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":28,\"i\":\"29a0e70a-ab23-4d48-8d4e-9a39c5af47ad\",\"w\":12,\"x\":36,\"y\":34},\"panelIndex\":\"29a0e70a-ab23-4d48-8d4e-9a39c5af47ad\",\"title\":\"Logon with Explicit Credentials [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":46,\"i\":\"28115147-8399-4fcd-95ce-ed0a4f4239e3\",\"w\":25,\"x\":23,\"y\":62},\"panelIndex\":\"28115147-8399-4fcd-95ce-ed0a4f4239e3\",\"panelRefName\":\"panel_28115147-8399-4fcd-95ce-ed0a4f4239e3\",\"title\":\"Logout Details\",\"type\":\"search\",\"version\":\"8.7.0\"}]","timeRestore":false,"title":"[System Windows Security] User Logons","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"system-bae11b00-9bfc-11ea-87e4-49f31ec44891","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"logs-*","name":"1:indexpattern-datasource-layer-0eeae7e3-4be6-439a-8d11-e248d89729c7","type":"index-pattern"},{"id":"logs-*","name":"1:6c0aae98-74e3-48f0-bfe4-01114857e9ea","type":"index-pattern"},{"id":"logs-*","name":"3:indexpattern-datasource-layer-7a52b543-0c01-4543-9ed6-a89dfbdd8b87","type":"index-pattern"},{"id":"logs-*","name":"3:c92cd2bc-c3a2-40cf-8932-aa33cee31978","type":"index-pattern"},{"id":"system-ce71c9a0-a25e-11e9-a422-d144027429da","name":"10:panel_10","type":"search"},{"id":"logs-*","name":"cf50b48e-453c-46fb-ad35-7ccfb7b03de0:indexpattern-datasource-layer-674fcc58-08d6-4ab5-b6cb-671d86391a1f","type":"index-pattern"},{"id":"logs-*","name":"cf50b48e-453c-46fb-ad35-7ccfb7b03de0:0b35b218-725a-492d-8a26-fc07ece4cefa","type":"index-pattern"},{"id":"logs-*","name":"2ccb4f49-c9ee-48a0-b602-f86fa0e21504:indexpattern-datasource-layer-00652829-18f8-4bed-9423-c1b08879fa96","type":"index-pattern"},{"id":"logs-*","name":"2ccb4f49-c9ee-48a0-b602-f86fa0e21504:b48f02eb-a573-4758-a23f-ab02a2379751","type":"index-pattern"},{"id":"system-6f4071a0-7a78-11ea-bc9a-0baf2ca323a3","name":"454bb008-9720-455e-8ab9-b2f47d25aa4f:panel_454bb008-9720-455e-8ab9-b2f47d25aa4f","type":"search"},{"id":"logs-*","name":"29a0e70a-ab23-4d48-8d4e-9a39c5af47ad:indexpattern-datasource-layer-4a1aa374-6802-4ad3-aaa8-5178d0944859","type":"index-pattern"},{"id":"logs-*","name":"29a0e70a-ab23-4d48-8d4e-9a39c5af47ad:d5b55106-1b94-4e5d-af4a-30edbe70102e","type":"index-pattern"},{"id":"system-06b6b060-7a80-11ea-bc9a-0baf2ca323a3","name":"28115147-8399-4fcd-95ce-ed0a4f4239e3:panel_28115147-8399-4fcd-95ce-ed0a4f4239e3","type":"search"},{"id":"system-fleet-managed-default","name":"tag-ref-system-fleet-managed-default","type":"tag"},{"id":"system-fleet-pkg-system-default","name":"tag-ref-system-fleet-pkg-system-default","type":"tag"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-system-default","name":"tag-ref-fleet-pkg-system-default","type":"tag"}],"sort":[1688154054424,8415],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4NDYsMV0="}
-{"attributes":{"description":"Group management activity.","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"system.security\",\"windows.forwarded\",\"windows.security\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"system.security\"}},{\"match_phrase\":{\"data_stream.dataset\":\"windows.forwarded\"}},{\"match_phrase\":{\"data_stream.dataset\":\"windows.security\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"winlog.provider_name\",\"negate\":false,\"params\":{\"query\":\"Microsoft-Windows-Security-Auditing\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"winlog.provider_name\":\"Microsoft-Windows-Security-Auditing\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"useMargins\":false}","panelsJSON":"[{\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":10,\"markdown\":\"# **Group Management Events**\\n\\n#### This dashboard shows information about Group Management Events collected by the Elastic Agent Windows integrations (System, Windows, Custom Windows Event Logs).\\n\",\"openLinksInNewTab\":false},\"title\":\"Group Management Events - Description [Windows System Security]\",\"type\":\"markdown\",\"uiState\":{}}},\"gridData\":{\"h\":7,\"i\":\"22\",\"w\":16,\"x\":0,\"y\":0},\"panelIndex\":\"22\",\"title\":\"\",\"type\":\"visualization\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-bd7f857d-8824-4cfa-b6a9-85f4efdc2623\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"a19c4278-5416-4446-99a1-0c0b841ad56b\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"bd7f857d-8824-4cfa-b6a9-85f4efdc2623\":{\"columnOrder\":[\"7f1d902e-af5f-4b65-a519-9ef6003f7e44\",\"941899f1-1b0a-4ca2-9fd4-ec751ecd6ca3\",\"6aa544a5-ecf4-4401-989d-bf738652c121\",\"2d5bc858-8374-44e4-a40f-0182d750e7c9\",\"7c3baf0b-0f49-4022-b50a-c7d4f6280003\"],\"columns\":{\"2d5bc858-8374-44e4-a40f-0182d750e7c9\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performer LogonID\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"7c3baf0b-0f49-4022-b50a-c7d4f6280003\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.logon.id\"},\"6aa544a5-ecf4-4401-989d-bf738652c121\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performed by\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"7c3baf0b-0f49-4022-b50a-c7d4f6280003\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.SubjectUserName\"},\"7c3baf0b-0f49-4022-b50a-c7d4f6280003\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"7f1d902e-af5f-4b65-a519-9ef6003f7e44\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Group\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"7c3baf0b-0f49-4022-b50a-c7d4f6280003\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":20},\"scale\":\"ordinal\",\"sourceField\":\"group.name\"},\"941899f1-1b0a-4ca2-9fd4-ec751ecd6ca3\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Domain\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"7c3baf0b-0f49-4022-b50a-c7d4f6280003\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"group.domain\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"a19c4278-5416-4446-99a1-0c0b841ad56b\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4731\",\"4727\",\"4754\",\"4744\",\"4759\",\"4779\",\"4790\",\"4783\"],\"type\":\"phrases\",\"value\":\"4731, 4727, 4754, 4744, 4759, 4779, 4790, 4783\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4731\"}},{\"match_phrase\":{\"event.code\":\"4727\"}},{\"match_phrase\":{\"event.code\":\"4754\"}},{\"match_phrase\":{\"event.code\":\"4744\"}},{\"match_phrase\":{\"event.code\":\"4759\"}},{\"match_phrase\":{\"event.code\":\"4779\"}},{\"match_phrase\":{\"event.code\":\"4790\"}},{\"match_phrase\":{\"event.code\":\"4783\"}}]}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"alignment\":\"left\",\"columnId\":\"7c3baf0b-0f49-4022-b50a-c7d4f6280003\"},{\"alignment\":\"left\",\"columnId\":\"7f1d902e-af5f-4b65-a519-9ef6003f7e44\"},{\"alignment\":\"left\",\"columnId\":\"941899f1-1b0a-4ca2-9fd4-ec751ecd6ca3\"},{\"alignment\":\"left\",\"columnId\":\"6aa544a5-ecf4-4401-989d-bf738652c121\"},{\"alignment\":\"left\",\"columnId\":\"2d5bc858-8374-44e4-a40f-0182d750e7c9\"}],\"headerRowHeight\":\"single\",\"layerId\":\"bd7f857d-8824-4cfa-b6a9-85f4efdc2623\",\"layerType\":\"data\",\"paging\":{\"enabled\":true,\"size\":5},\"rowHeight\":\"single\"}},\"title\":\"Groups Created - Table [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":13,\"i\":\"36\",\"w\":9,\"x\":0,\"y\":55},\"panelIndex\":\"36\",\"title\":\"Groups Created - Table [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b600888f-707d-4333-b65c-64ccd1512086\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"c1e670c6-0a4d-4954-82f9-51dc32e07139\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"b600888f-707d-4333-b65c-64ccd1512086\":{\"columnOrder\":[\"c56afdf2-4288-4388-804c-a8d44425a564\",\"bb1a6287-e2d3-4136-9e1c-773f5b041afb\",\"054a5d8e-b121-4790-bd89-f497705b33e4\",\"8e115107-32e4-4af6-b61c-2f8d5442286d\",\"0ae4bc48-8f3e-4bbb-8a14-a47cfa5983f7\"],\"columns\":{\"054a5d8e-b121-4790-bd89-f497705b33e4\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performed by\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0ae4bc48-8f3e-4bbb-8a14-a47cfa5983f7\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.SubjectUserName\"},\"0ae4bc48-8f3e-4bbb-8a14-a47cfa5983f7\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"8e115107-32e4-4af6-b61c-2f8d5442286d\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performer LogonID\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0ae4bc48-8f3e-4bbb-8a14-a47cfa5983f7\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.logon.id\"},\"bb1a6287-e2d3-4136-9e1c-773f5b041afb\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Domain\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0ae4bc48-8f3e-4bbb-8a14-a47cfa5983f7\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"group.domain\"},\"c56afdf2-4288-4388-804c-a8d44425a564\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Group\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0ae4bc48-8f3e-4bbb-8a14-a47cfa5983f7\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":20},\"scale\":\"ordinal\",\"sourceField\":\"group.name\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"c1e670c6-0a4d-4954-82f9-51dc32e07139\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4735\",\"4737\",\"4755\",\"4750\",\"4760\",\"4745\",\"4791\",\"4784\",\"4764\"],\"type\":\"phrases\",\"value\":\"4735, 4737, 4755, 4750, 4760, 4745, 4791, 4784, 4764\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4735\"}},{\"match_phrase\":{\"event.code\":\"4737\"}},{\"match_phrase\":{\"event.code\":\"4755\"}},{\"match_phrase\":{\"event.code\":\"4750\"}},{\"match_phrase\":{\"event.code\":\"4760\"}},{\"match_phrase\":{\"event.code\":\"4745\"}},{\"match_phrase\":{\"event.code\":\"4791\"}},{\"match_phrase\":{\"event.code\":\"4784\"}},{\"match_phrase\":{\"event.code\":\"4764\"}}]}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"alignment\":\"left\",\"columnId\":\"0ae4bc48-8f3e-4bbb-8a14-a47cfa5983f7\"},{\"alignment\":\"left\",\"columnId\":\"c56afdf2-4288-4388-804c-a8d44425a564\"},{\"alignment\":\"left\",\"columnId\":\"bb1a6287-e2d3-4136-9e1c-773f5b041afb\"},{\"alignment\":\"left\",\"columnId\":\"054a5d8e-b121-4790-bd89-f497705b33e4\"},{\"alignment\":\"left\",\"columnId\":\"8e115107-32e4-4af6-b61c-2f8d5442286d\"}],\"headerRowHeight\":\"single\",\"layerId\":\"b600888f-707d-4333-b65c-64ccd1512086\",\"layerType\":\"data\",\"paging\":{\"enabled\":true,\"size\":5},\"rowHeight\":\"single\"}},\"title\":\"Group Changes - Table [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":13,\"i\":\"37\",\"w\":9,\"x\":9,\"y\":55},\"panelIndex\":\"37\",\"title\":\"Group Changes - Table [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-4f4fa0d5-5ea9-45ba-9214-d1fe2310876f\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"3d460e27-249d-4c99-831f-193ccd17f8f4\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"4f4fa0d5-5ea9-45ba-9214-d1fe2310876f\":{\"columnOrder\":[\"f91ab9f5-c2a5-4590-875c-fabf6d047e37\",\"1afb18ce-62b9-4585-9dea-0e4310a67c50\",\"6d13ad70-08bd-44d9-963f-1f8872cc7d79\",\"29662a4b-5326-4531-8996-2b95afb69ed3\",\"9b24429a-7651-4972-aed9-83971847531b\"],\"columns\":{\"1afb18ce-62b9-4585-9dea-0e4310a67c50\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Domain\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"9b24429a-7651-4972-aed9-83971847531b\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"group.domain\"},\"29662a4b-5326-4531-8996-2b95afb69ed3\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performer LogonID\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"9b24429a-7651-4972-aed9-83971847531b\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.logon.id\"},\"6d13ad70-08bd-44d9-963f-1f8872cc7d79\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performed by\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"9b24429a-7651-4972-aed9-83971847531b\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.SubjectUserName\"},\"9b24429a-7651-4972-aed9-83971847531b\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"f91ab9f5-c2a5-4590-875c-fabf6d047e37\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Group\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"9b24429a-7651-4972-aed9-83971847531b\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":20},\"scale\":\"ordinal\",\"sourceField\":\"group.name\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"3d460e27-249d-4c99-831f-193ccd17f8f4\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4734\",\"4730\",\"4758\",\"4748\",\"4763\",\"4753\",\"4792\",\"4789\"],\"type\":\"phrases\",\"value\":\"4734, 4730, 4758, 4748, 4763, 4753, 4792, 4789\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4734\"}},{\"match_phrase\":{\"event.code\":\"4730\"}},{\"match_phrase\":{\"event.code\":\"4758\"}},{\"match_phrase\":{\"event.code\":\"4748\"}},{\"match_phrase\":{\"event.code\":\"4763\"}},{\"match_phrase\":{\"event.code\":\"4753\"}},{\"match_phrase\":{\"event.code\":\"4792\"}},{\"match_phrase\":{\"event.code\":\"4789\"}}]}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"alignment\":\"left\",\"columnId\":\"9b24429a-7651-4972-aed9-83971847531b\"},{\"alignment\":\"left\",\"columnId\":\"f91ab9f5-c2a5-4590-875c-fabf6d047e37\"},{\"alignment\":\"left\",\"columnId\":\"1afb18ce-62b9-4585-9dea-0e4310a67c50\"},{\"alignment\":\"left\",\"columnId\":\"6d13ad70-08bd-44d9-963f-1f8872cc7d79\"},{\"alignment\":\"left\",\"columnId\":\"29662a4b-5326-4531-8996-2b95afb69ed3\"}],\"headerRowHeight\":\"single\",\"layerId\":\"4f4fa0d5-5ea9-45ba-9214-d1fe2310876f\",\"layerType\":\"data\",\"paging\":{\"enabled\":true,\"size\":5},\"rowHeight\":\"single\"}},\"title\":\"Groups Deleted - Table [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":13,\"i\":\"38\",\"w\":9,\"x\":18,\"y\":55},\"panelIndex\":\"38\",\"title\":\"Groups Deleted - Table [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-ec211cdc-aeae-4682-9cc8-deec18aee3d1\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"dcdfe597-2586-47d7-a08a-d204f5caebbb\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"ec211cdc-aeae-4682-9cc8-deec18aee3d1\":{\"columnOrder\":[\"2cef85a9-ce4b-4803-a11a-fb8d474d54b5\",\"a9cfc671-e843-46b8-a08b-173da51037a9\",\"e42f2fdf-510a-4da6-9839-a5678ca093e4\",\"4938a319-1510-4931-8d5f-fd64137d7bda\",\"305d7edd-b815-4333-b542-dd82ceee2ea7\",\"f6418ff7-7f4c-4b47-ada1-effc9abc019e\"],\"columns\":{\"2cef85a9-ce4b-4803-a11a-fb8d474d54b5\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"User\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"f6418ff7-7f4c-4b47-ada1-effc9abc019e\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.MemberName\"},\"305d7edd-b815-4333-b542-dd82ceee2ea7\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performed by Logon ID\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"f6418ff7-7f4c-4b47-ada1-effc9abc019e\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.logon.id\"},\"4938a319-1510-4931-8d5f-fd64137d7bda\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performed by\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"f6418ff7-7f4c-4b47-ada1-effc9abc019e\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"user.name\"},\"a9cfc671-e843-46b8-a08b-173da51037a9\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Group\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"f6418ff7-7f4c-4b47-ada1-effc9abc019e\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"group.name\"},\"e42f2fdf-510a-4da6-9839-a5678ca093e4\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Domain\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"f6418ff7-7f4c-4b47-ada1-effc9abc019e\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"group.domain\"},\"f6418ff7-7f4c-4b47-ada1-effc9abc019e\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"dcdfe597-2586-47d7-a08a-d204f5caebbb\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4732\",\"4728\",\"4756\",\"4751\",\"4761\",\"4746\",\"4785\",\"4787\"],\"type\":\"phrases\",\"value\":\"4732, 4728, 4756, 4751, 4761, 4746, 4785, 4787\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4732\"}},{\"match_phrase\":{\"event.code\":\"4728\"}},{\"match_phrase\":{\"event.code\":\"4756\"}},{\"match_phrase\":{\"event.code\":\"4751\"}},{\"match_phrase\":{\"event.code\":\"4761\"}},{\"match_phrase\":{\"event.code\":\"4746\"}},{\"match_phrase\":{\"event.code\":\"4785\"}},{\"match_phrase\":{\"event.code\":\"4787\"}}]}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"alignment\":\"left\",\"columnId\":\"f6418ff7-7f4c-4b47-ada1-effc9abc019e\"},{\"alignment\":\"left\",\"columnId\":\"2cef85a9-ce4b-4803-a11a-fb8d474d54b5\"},{\"alignment\":\"left\",\"columnId\":\"a9cfc671-e843-46b8-a08b-173da51037a9\"},{\"alignment\":\"left\",\"columnId\":\"e42f2fdf-510a-4da6-9839-a5678ca093e4\"},{\"alignment\":\"left\",\"columnId\":\"4938a319-1510-4931-8d5f-fd64137d7bda\"},{\"alignment\":\"left\",\"columnId\":\"305d7edd-b815-4333-b542-dd82ceee2ea7\"}],\"headerRowHeight\":\"single\",\"layerId\":\"ec211cdc-aeae-4682-9cc8-deec18aee3d1\",\"layerType\":\"data\",\"paging\":{\"enabled\":true,\"size\":5},\"rowHeight\":\"single\"}},\"title\":\"Users Added - Table [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":14,\"i\":\"39\",\"w\":16,\"x\":0,\"y\":75},\"panelIndex\":\"39\",\"title\":\"Users Added - Table [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-ac94b4e8-791d-42c3-923b-d871496199d8\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"ba9b962b-bc66-4c05-89c7-bbcfea69b19d\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"ac94b4e8-791d-42c3-923b-d871496199d8\":{\"columnOrder\":[\"5567fdee-554a-47ce-857f-67d88d8d0525\",\"0bbbe141-f2c1-4d1c-8c97-cdccce1645c4\",\"742898ba-a8f4-4374-8f8e-89e8c8e1d895\",\"48ce407b-3a27-45b2-81a2-c2a7777d5b6b\",\"916dfdf0-0aac-4720-ae54-fae544299b7d\",\"8270757b-487a-4232-a473-2392e043ece1\"],\"columns\":{\"0bbbe141-f2c1-4d1c-8c97-cdccce1645c4\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Group\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"8270757b-487a-4232-a473-2392e043ece1\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"group.name\"},\"48ce407b-3a27-45b2-81a2-c2a7777d5b6b\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performed by\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"8270757b-487a-4232-a473-2392e043ece1\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.SubjectUserName\"},\"5567fdee-554a-47ce-857f-67d88d8d0525\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"User\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"8270757b-487a-4232-a473-2392e043ece1\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.MemberName\"},\"742898ba-a8f4-4374-8f8e-89e8c8e1d895\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Domain\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"8270757b-487a-4232-a473-2392e043ece1\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"group.domain\"},\"8270757b-487a-4232-a473-2392e043ece1\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"916dfdf0-0aac-4720-ae54-fae544299b7d\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performed by Logon ID\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"8270757b-487a-4232-a473-2392e043ece1\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.logon.id\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"ba9b962b-bc66-4c05-89c7-bbcfea69b19d\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4733\",\"4729\",\"4757\",\"4786\",\"4788\",\"4752\",\"4762\",\"4747\"],\"type\":\"phrases\",\"value\":\"4733, 4729, 4757, 4786, 4788, 4752, 4762, 4747\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4733\"}},{\"match_phrase\":{\"event.code\":\"4729\"}},{\"match_phrase\":{\"event.code\":\"4757\"}},{\"match_phrase\":{\"event.code\":\"4786\"}},{\"match_phrase\":{\"event.code\":\"4788\"}},{\"match_phrase\":{\"event.code\":\"4752\"}},{\"match_phrase\":{\"event.code\":\"4762\"}},{\"match_phrase\":{\"event.code\":\"4747\"}}]}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"alignment\":\"left\",\"columnId\":\"8270757b-487a-4232-a473-2392e043ece1\"},{\"alignment\":\"left\",\"columnId\":\"5567fdee-554a-47ce-857f-67d88d8d0525\"},{\"alignment\":\"left\",\"columnId\":\"0bbbe141-f2c1-4d1c-8c97-cdccce1645c4\"},{\"alignment\":\"left\",\"columnId\":\"742898ba-a8f4-4374-8f8e-89e8c8e1d895\"},{\"alignment\":\"left\",\"columnId\":\"48ce407b-3a27-45b2-81a2-c2a7777d5b6b\"},{\"alignment\":\"left\",\"columnId\":\"916dfdf0-0aac-4720-ae54-fae544299b7d\"}],\"headerRowHeight\":\"single\",\"layerId\":\"ac94b4e8-791d-42c3-923b-d871496199d8\",\"layerType\":\"data\",\"paging\":{\"enabled\":true,\"size\":5},\"rowHeight\":\"single\"}},\"title\":\"Users Removed from Group - Table [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":14,\"i\":\"40\",\"w\":17,\"x\":16,\"y\":75},\"panelIndex\":\"40\",\"title\":\"Users Removed from Group - Table [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-1b283aa0-01f0-4d69-9338-1d312aa7409a\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"5fd25934-f4ed-4561-8e83-22d8642198fe\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"1b283aa0-01f0-4d69-9338-1d312aa7409a\":{\"columnOrder\":[\"bf39160d-a5ee-43ec-8231-c228b273d0db\",\"281b8735-ca43-45ad-b6db-bd7bcfc36ba3\",\"aeac3302-fabf-4396-973b-e3129d83f10b\",\"7e13870d-43ba-4c46-a8d2-fafd4d61636e\",\"32cabe3d-6f07-4dcd-9f86-29a535239e11\"],\"columns\":{\"281b8735-ca43-45ad-b6db-bd7bcfc36ba3\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Domain\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"32cabe3d-6f07-4dcd-9f86-29a535239e11\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"group.domain\"},\"32cabe3d-6f07-4dcd-9f86-29a535239e11\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"7e13870d-43ba-4c46-a8d2-fafd4d61636e\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Creator LogonID\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"32cabe3d-6f07-4dcd-9f86-29a535239e11\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.logon.id\"},\"aeac3302-fabf-4396-973b-e3129d83f10b\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Creator\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"32cabe3d-6f07-4dcd-9f86-29a535239e11\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.SubjectUserName\"},\"bf39160d-a5ee-43ec-8231-c228b273d0db\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Group\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"32cabe3d-6f07-4dcd-9f86-29a535239e11\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":20},\"scale\":\"ordinal\",\"sourceField\":\"group.name\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"5fd25934-f4ed-4561-8e83-22d8642198fe\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4799\"],\"type\":\"phrases\",\"value\":\"4799\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4799\"}}]}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"alignment\":\"left\",\"columnId\":\"32cabe3d-6f07-4dcd-9f86-29a535239e11\"},{\"alignment\":\"left\",\"columnId\":\"bf39160d-a5ee-43ec-8231-c228b273d0db\"},{\"alignment\":\"left\",\"columnId\":\"281b8735-ca43-45ad-b6db-bd7bcfc36ba3\"},{\"alignment\":\"left\",\"columnId\":\"aeac3302-fabf-4396-973b-e3129d83f10b\"},{\"alignment\":\"left\",\"columnId\":\"7e13870d-43ba-4c46-a8d2-fafd4d61636e\"}],\"headerRowHeight\":\"single\",\"layerId\":\"1b283aa0-01f0-4d69-9338-1d312aa7409a\",\"layerType\":\"data\",\"paging\":{\"enabled\":true,\"size\":5},\"rowHeight\":\"single\"}},\"title\":\"Group Enumeration - Table [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":14,\"i\":\"42\",\"w\":15,\"x\":33,\"y\":75},\"panelIndex\":\"42\",\"title\":\"Group Enumeration - Table [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":20,\"i\":\"43\",\"w\":21,\"x\":27,\"y\":48},\"panelIndex\":\"43\",\"panelRefName\":\"panel_43\",\"title\":\"Logon Details  [Windows System Security]\",\"type\":\"search\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":22,\"i\":\"45\",\"w\":48,\"x\":0,\"y\":89},\"panelIndex\":\"45\",\"panelRefName\":\"panel_45\",\"title\":\"Group Management Operations Details [Windows System Security]\",\"type\":\"search\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"[Windows Overview](#/dashboard/system-Windows-Dashboard) | [User Logon Information](#/dashboard/system-bae11b00-9bfc-11ea-87e4-49f31ec44891) | [Logon Failed and Account Lockout](#/dashboard/system-d401ef40-a7d5-11e9-a422-d144027429da) | [User Management Events](#/dashboard/system-71f720f0-ff18-11e9-8405-516218e3d268) | **Group Management Events**\",\"openLinksInNewTab\":false},\"title\":\"Dashboard links  [Windows System Security]\",\"type\":\"markdown\",\"uiState\":{}}},\"gridData\":{\"h\":7,\"i\":\"663e0493-2070-407b-9d00-079915cce7e7\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"663e0493-2070-407b-9d00-079915cce7e7\",\"title\":\"\",\"type\":\"visualization\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-d498ce52-e422-4548-869e-12b54ca2a5de\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"042819ba-9576-492a-9bad-c3febb27fd0d\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"d498ce52-e422-4548-869e-12b54ca2a5de\":{\"columnOrder\":[\"f2f50bd0-9beb-4ed3-a1d1-39970db0d880\",\"a30cd9e9-b0dc-4aa8-871c-57b0e2bce3f5\"],\"columns\":{\"a30cd9e9-b0dc-4aa8-871c-57b0e2bce3f5\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"f2f50bd0-9beb-4ed3-a1d1-39970db0d880\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"event.action: Descending\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"a30cd9e9-b0dc-4aa8-871c-57b0e2bce3f5\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"event.action\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"042819ba-9576-492a-9bad-c3febb27fd0d\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4731\",\"4732\",\"4733\",\"4734\",\"4735\",\"4737\",\"4764\",\"4727\",\"4728\",\"4729\",\"4730\",\"4754\",\"4755\",\"4756\",\"4757\",\"4758\",\"4799\",\"4749\",\"4750\",\"4751\",\"4752\",\"4753\",\"4759\",\"4760\",\"4761\",\"4762\",\"4763\",\"4744\",\"4745\",\"4746\",\"4748\"],\"type\":\"phrases\",\"value\":\"4731, 4732, 4733, 4734, 4735, 4737, 4764, 4727, 4728, 4729, 4730, 4754, 4755, 4756, 4757, 4758, 4799, 4749, 4750, 4751, 4752, 4753, 4759, 4760, 4761, 4762, 4763, 4744, 4745, 4746, 4748\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4731\"}},{\"match_phrase\":{\"event.code\":\"4732\"}},{\"match_phrase\":{\"event.code\":\"4733\"}},{\"match_phrase\":{\"event.code\":\"4734\"}},{\"match_phrase\":{\"event.code\":\"4735\"}},{\"match_phrase\":{\"event.code\":\"4737\"}},{\"match_phrase\":{\"event.code\":\"4764\"}},{\"match_phrase\":{\"event.code\":\"4727\"}},{\"match_phrase\":{\"event.code\":\"4728\"}},{\"match_phrase\":{\"event.code\":\"4729\"}},{\"match_phrase\":{\"event.code\":\"4730\"}},{\"match_phrase\":{\"event.code\":\"4754\"}},{\"match_phrase\":{\"event.code\":\"4755\"}},{\"match_phrase\":{\"event.code\":\"4756\"}},{\"match_phrase\":{\"event.code\":\"4757\"}},{\"match_phrase\":{\"event.code\":\"4758\"}},{\"match_phrase\":{\"event.code\":\"4799\"}},{\"match_phrase\":{\"event.code\":\"4749\"}},{\"match_phrase\":{\"event.code\":\"4750\"}},{\"match_phrase\":{\"event.code\":\"4751\"}},{\"match_phrase\":{\"event.code\":\"4752\"}},{\"match_phrase\":{\"event.code\":\"4753\"}},{\"match_phrase\":{\"event.code\":\"4759\"}},{\"match_phrase\":{\"event.code\":\"4760\"}},{\"match_phrase\":{\"event.code\":\"4761\"}},{\"match_phrase\":{\"event.code\":\"4762\"}},{\"match_phrase\":{\"event.code\":\"4763\"}},{\"match_phrase\":{\"event.code\":\"4744\"}},{\"match_phrase\":{\"event.code\":\"4745\"}},{\"match_phrase\":{\"event.code\":\"4746\"}},{\"match_phrase\":{\"event.code\":\"4748\"}}]}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"hide\",\"emptySizeRatio\":0.3,\"layerId\":\"d498ce52-e422-4548-869e-12b54ca2a5de\",\"layerType\":\"data\",\"legendDisplay\":\"hide\",\"legendMaxLines\":1,\"legendPosition\":\"right\",\"legendSize\":\"auto\",\"metrics\":[\"a30cd9e9-b0dc-4aa8-871c-57b0e2bce3f5\"],\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"percentDecimals\":2,\"primaryGroups\":[\"f2f50bd0-9beb-4ed3-a1d1-39970db0d880\"],\"secondaryGroups\":[],\"showValuesInLegend\":true,\"truncateLegend\":true}],\"shape\":\"pie\"}},\"title\":\"Group Management Events - Event Actions [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":20,\"i\":\"3f7e277d-09d1-4a79-bc17-bc5da5a7e290\",\"w\":20,\"x\":0,\"y\":7},\"panelIndex\":\"3f7e277d-09d1-4a79-bc17-bc5da5a7e290\",\"title\":\"Group Management Events - Event Actions [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b1157a10-8ee7-4ce0-8fa3-3088007e12a6\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"25cdfdc0-53d7-4cf7-b982-a59694f34875\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"b1157a10-8ee7-4ce0-8fa3-3088007e12a6\":{\"columnOrder\":[\"db99025d-1f2b-4d05-8d3d-ad15bbcf252d\",\"9caf1c5b-9f00-47e7-b27e-a2b631145b7f\",\"a5c04a37-1867-4051-8eb5-848d6499a8eb\"],\"columns\":{\"9caf1c5b-9f00-47e7-b27e-a2b631145b7f\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"event.code\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"a5c04a37-1867-4051-8eb5-848d6499a8eb\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"event.code\"},\"a5c04a37-1867-4051-8eb5-848d6499a8eb\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"db99025d-1f2b-4d05-8d3d-ad15bbcf252d\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"event.action\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"a5c04a37-1867-4051-8eb5-848d6499a8eb\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":50},\"scale\":\"ordinal\",\"sourceField\":\"event.action\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"25cdfdc0-53d7-4cf7-b982-a59694f34875\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4731\",\"4732\",\"4733\",\"4734\",\"4735\",\"4737\",\"4764\",\"4727\",\"4728\",\"4729\",\"4730\",\"4754\",\"4755\",\"4756\",\"4757\",\"4758\",\"4799\",\"4749\",\"4750\",\"4751\",\"4752\",\"4753\",\"4759\",\"4760\",\"4761\",\"4762\",\"4763\",\"4744\",\"4745\",\"4746\",\"4748\"],\"type\":\"phrases\",\"value\":\"4731, 4732, 4733, 4734, 4735, 4737, 4764, 4727, 4728, 4729, 4730, 4754, 4755, 4756, 4757, 4758, 4799, 4749, 4750, 4751, 4752, 4753, 4759, 4760, 4761, 4762, 4763, 4744, 4745, 4746, 4748\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4731\"}},{\"match_phrase\":{\"event.code\":\"4732\"}},{\"match_phrase\":{\"event.code\":\"4733\"}},{\"match_phrase\":{\"event.code\":\"4734\"}},{\"match_phrase\":{\"event.code\":\"4735\"}},{\"match_phrase\":{\"event.code\":\"4737\"}},{\"match_phrase\":{\"event.code\":\"4764\"}},{\"match_phrase\":{\"event.code\":\"4727\"}},{\"match_phrase\":{\"event.code\":\"4728\"}},{\"match_phrase\":{\"event.code\":\"4729\"}},{\"match_phrase\":{\"event.code\":\"4730\"}},{\"match_phrase\":{\"event.code\":\"4754\"}},{\"match_phrase\":{\"event.code\":\"4755\"}},{\"match_phrase\":{\"event.code\":\"4756\"}},{\"match_phrase\":{\"event.code\":\"4757\"}},{\"match_phrase\":{\"event.code\":\"4758\"}},{\"match_phrase\":{\"event.code\":\"4799\"}},{\"match_phrase\":{\"event.code\":\"4749\"}},{\"match_phrase\":{\"event.code\":\"4750\"}},{\"match_phrase\":{\"event.code\":\"4751\"}},{\"match_phrase\":{\"event.code\":\"4752\"}},{\"match_phrase\":{\"event.code\":\"4753\"}},{\"match_phrase\":{\"event.code\":\"4759\"}},{\"match_phrase\":{\"event.code\":\"4760\"}},{\"match_phrase\":{\"event.code\":\"4761\"}},{\"match_phrase\":{\"event.code\":\"4762\"}},{\"match_phrase\":{\"event.code\":\"4763\"}},{\"match_phrase\":{\"event.code\":\"4744\"}},{\"match_phrase\":{\"event.code\":\"4745\"}},{\"match_phrase\":{\"event.code\":\"4746\"}},{\"match_phrase\":{\"event.code\":\"4748\"}}]}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"},\"visualization\":{\"columns\":[{\"alignment\":\"left\",\"columnId\":\"a5c04a37-1867-4051-8eb5-848d6499a8eb\"},{\"alignment\":\"left\",\"columnId\":\"db99025d-1f2b-4d05-8d3d-ad15bbcf252d\"},{\"alignment\":\"left\",\"columnId\":\"9caf1c5b-9f00-47e7-b27e-a2b631145b7f\"}],\"headerRowHeight\":\"single\",\"layerId\":\"b1157a10-8ee7-4ce0-8fa3-3088007e12a6\",\"layerType\":\"data\",\"paging\":{\"enabled\":true,\"size\":10},\"rowHeight\":\"single\"}},\"title\":\"Group Management Events - Event Actions - Table [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":20,\"i\":\"74edddd5-2dc5-41b8-b4f2-bf9c95218f1b\",\"w\":12,\"x\":20,\"y\":7},\"panelIndex\":\"74edddd5-2dc5-41b8-b4f2-bf9c95218f1b\",\"title\":\"Group Management Events - Event Actions - Table [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-066e9369-184c-4225-b244-7e8d029e52c1\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"066e9369-184c-4225-b244-7e8d029e52c1\":{\"columnOrder\":[\"08302e5a-7a5e-4352-9ff3-2ce5b44cbed8\",\"603e57fe-6201-45e9-940c-860540f0c65d\"],\"columns\":{\"08302e5a-7a5e-4352-9ff3-2ce5b44cbed8\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Target Groups\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"603e57fe-6201-45e9-940c-860540f0c65d\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"group.name\"},\"603e57fe-6201-45e9-940c-860540f0c65d\":{\"customLabel\":false,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"603e57fe-6201-45e9-940c-860540f0c65d\"],\"layerId\":\"066e9369-184c-4225-b244-7e8d029e52c1\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"xAccessor\":\"08302e5a-7a5e-4352-9ff3-2ce5b44cbed8\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_horizontal\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":20,\"i\":\"3016efc8-187d-4630-892d-af2160a584d7\",\"w\":16,\"x\":32,\"y\":7},\"panelIndex\":\"3016efc8-187d-4630-892d-af2160a584d7\",\"title\":\"Group Management Events - Target Groups  [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-d80f3769-ceeb-46ac-888d-8177bbbfa43c\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"5e7b0749-4021-4e07-a255-71965ec7f574\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"d80f3769-ceeb-46ac-888d-8177bbbfa43c\":{\"columnOrder\":[\"be908dc7-f6ac-4c18-aa16-9f95629da6f4\",\"24b9ffd8-1bb0-4c0b-a1d4-f2f8ef4083c0\",\"3189a302-09f6-44a0-9a0a-049c578c4b18\"],\"columns\":{\"24b9ffd8-1bb0-4c0b-a1d4-f2f8ef4083c0\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Actions\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"3189a302-09f6-44a0-9a0a-049c578c4b18\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"event.action\"},\"3189a302-09f6-44a0-9a0a-049c578c4b18\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"be908dc7-f6ac-4c18-aa16-9f95629da6f4\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Target Groups\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"3189a302-09f6-44a0-9a0a-049c578c4b18\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":20},\"scale\":\"ordinal\",\"sourceField\":\"group.name\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"5e7b0749-4021-4e07-a255-71965ec7f574\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4731\",\"4732\",\"4733\",\"4734\",\"4735\",\"4737\",\"4764\",\"4727\",\"4728\",\"4729\",\"4730\",\"4754\",\"4755\",\"4756\",\"4757\",\"4758\",\"4799\",\"4749\",\"4750\",\"4751\",\"4752\",\"4753\",\"4759\",\"4760\",\"4761\",\"4762\",\"4763\",\"4744\",\"4745\",\"4746\",\"4748\"],\"type\":\"phrases\",\"value\":\"4731, 4732, 4733, 4734, 4735, 4737, 4764, 4727, 4728, 4729, 4730, 4754, 4755, 4756, 4757, 4758, 4799, 4749, 4750, 4751, 4752, 4753, 4759, 4760, 4761, 4762, 4763, 4744, 4745, 4746, 4748\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4731\"}},{\"match_phrase\":{\"event.code\":\"4732\"}},{\"match_phrase\":{\"event.code\":\"4733\"}},{\"match_phrase\":{\"event.code\":\"4734\"}},{\"match_phrase\":{\"event.code\":\"4735\"}},{\"match_phrase\":{\"event.code\":\"4737\"}},{\"match_phrase\":{\"event.code\":\"4764\"}},{\"match_phrase\":{\"event.code\":\"4727\"}},{\"match_phrase\":{\"event.code\":\"4728\"}},{\"match_phrase\":{\"event.code\":\"4729\"}},{\"match_phrase\":{\"event.code\":\"4730\"}},{\"match_phrase\":{\"event.code\":\"4754\"}},{\"match_phrase\":{\"event.code\":\"4755\"}},{\"match_phrase\":{\"event.code\":\"4756\"}},{\"match_phrase\":{\"event.code\":\"4757\"}},{\"match_phrase\":{\"event.code\":\"4758\"}},{\"match_phrase\":{\"event.code\":\"4799\"}},{\"match_phrase\":{\"event.code\":\"4749\"}},{\"match_phrase\":{\"event.code\":\"4750\"}},{\"match_phrase\":{\"event.code\":\"4751\"}},{\"match_phrase\":{\"event.code\":\"4752\"}},{\"match_phrase\":{\"event.code\":\"4753\"}},{\"match_phrase\":{\"event.code\":\"4759\"}},{\"match_phrase\":{\"event.code\":\"4760\"}},{\"match_phrase\":{\"event.code\":\"4761\"}},{\"match_phrase\":{\"event.code\":\"4762\"}},{\"match_phrase\":{\"event.code\":\"4763\"}},{\"match_phrase\":{\"event.code\":\"4744\"}},{\"match_phrase\":{\"event.code\":\"4745\"}},{\"match_phrase\":{\"event.code\":\"4746\"}},{\"match_phrase\":{\"event.code\":\"4748\"}}]}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"},\"visualization\":{\"gridConfig\":{\"isCellLabelVisible\":true,\"isXAxisLabelVisible\":true,\"isXAxisTitleVisible\":true,\"isYAxisLabelVisible\":true,\"isYAxisTitleVisible\":true,\"type\":\"heatmap_grid\"},\"layerId\":\"d80f3769-ceeb-46ac-888d-8177bbbfa43c\",\"layerType\":\"data\",\"legend\":{\"position\":\"right\",\"type\":\"heatmap_legend\"},\"palette\":{\"accessor\":\"3189a302-09f6-44a0-9a0a-049c578c4b18\",\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#F7FBFF\",\"stop\":0},{\"color\":\"#C3DBEE\",\"stop\":25},{\"color\":\"#6DAED5\",\"stop\":50},{\"color\":\"#2271B3\",\"stop\":75}],\"continuity\":\"none\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":100,\"rangeMin\":0,\"rangeType\":\"percent\",\"reverse\":false,\"stops\":[{\"color\":\"#F7FBFF\",\"stop\":25},{\"color\":\"#C3DBEE\",\"stop\":50},{\"color\":\"#6DAED5\",\"stop\":75},{\"color\":\"#2271B3\",\"stop\":100}]},\"type\":\"palette\"},\"shape\":\"heatmap\",\"valueAccessor\":\"3189a302-09f6-44a0-9a0a-049c578c4b18\",\"xAccessor\":\"be908dc7-f6ac-4c18-aa16-9f95629da6f4\",\"yAccessor\":\"24b9ffd8-1bb0-4c0b-a1d4-f2f8ef4083c0\"}},\"title\":\"Group Management Events - Groups vs Actions - Heatmap [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsHeatmap\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":21,\"i\":\"33cef054-615a-49cb-bb2e-eb55fab96ae5\",\"w\":27,\"x\":0,\"y\":27},\"panelIndex\":\"33cef054-615a-49cb-bb2e-eb55fab96ae5\",\"title\":\"Group Management Events - Groups vs Actions - Heatmap [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-f3ae7a76-3702-4e40-aa81-849598fa2b3c\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"b7ec06e9-b2f3-4ec6-813b-e8cc45150c28\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"f3ae7a76-3702-4e40-aa81-849598fa2b3c\":{\"columnOrder\":[\"04168b99-2dd3-40c8-b444-bc949803664e\",\"f7b7059a-8e4d-4538-b28f-35d597944976\",\"27e21c84-c884-4a36-8e48-88d42cdc286d\"],\"columns\":{\"04168b99-2dd3-40c8-b444-bc949803664e\":{\"customLabel\":true,\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":false,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"27e21c84-c884-4a36-8e48-88d42cdc286d\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"f7b7059a-8e4d-4538-b28f-35d597944976\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"event.action: Descending\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"27e21c84-c884-4a36-8e48-88d42cdc286d\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":25},\"scale\":\"ordinal\",\"sourceField\":\"event.action\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"b7ec06e9-b2f3-4ec6-813b-e8cc45150c28\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4731\",\"4732\",\"4733\",\"4734\",\"4735\",\"4737\",\"4764\",\"4727\",\"4728\",\"4729\",\"4730\",\"4754\",\"4755\",\"4756\",\"4757\",\"4758\",\"4799\",\"4749\",\"4750\",\"4751\",\"4752\",\"4753\",\"4759\",\"4760\",\"4761\",\"4762\",\"4763\",\"4744\",\"4745\",\"4746\",\"4748\"],\"type\":\"phrases\",\"value\":\"4731, 4732, 4733, 4734, 4735, 4737, 4764, 4727, 4728, 4729, 4730, 4754, 4755, 4756, 4757, 4758, 4799, 4749, 4750, 4751, 4752, 4753, 4759, 4760, 4761, 4762, 4763, 4744, 4745, 4746, 4748\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4731\"}},{\"match_phrase\":{\"event.code\":\"4732\"}},{\"match_phrase\":{\"event.code\":\"4733\"}},{\"match_phrase\":{\"event.code\":\"4734\"}},{\"match_phrase\":{\"event.code\":\"4735\"}},{\"match_phrase\":{\"event.code\":\"4737\"}},{\"match_phrase\":{\"event.code\":\"4764\"}},{\"match_phrase\":{\"event.code\":\"4727\"}},{\"match_phrase\":{\"event.code\":\"4728\"}},{\"match_phrase\":{\"event.code\":\"4729\"}},{\"match_phrase\":{\"event.code\":\"4730\"}},{\"match_phrase\":{\"event.code\":\"4754\"}},{\"match_phrase\":{\"event.code\":\"4755\"}},{\"match_phrase\":{\"event.code\":\"4756\"}},{\"match_phrase\":{\"event.code\":\"4757\"}},{\"match_phrase\":{\"event.code\":\"4758\"}},{\"match_phrase\":{\"event.code\":\"4799\"}},{\"match_phrase\":{\"event.code\":\"4749\"}},{\"match_phrase\":{\"event.code\":\"4750\"}},{\"match_phrase\":{\"event.code\":\"4751\"}},{\"match_phrase\":{\"event.code\":\"4752\"}},{\"match_phrase\":{\"event.code\":\"4753\"}},{\"match_phrase\":{\"event.code\":\"4759\"}},{\"match_phrase\":{\"event.code\":\"4760\"}},{\"match_phrase\":{\"event.code\":\"4761\"}},{\"match_phrase\":{\"event.code\":\"4762\"}},{\"match_phrase\":{\"event.code\":\"4763\"}},{\"match_phrase\":{\"event.code\":\"4744\"}},{\"match_phrase\":{\"event.code\":\"4745\"}},{\"match_phrase\":{\"event.code\":\"4746\"}},{\"match_phrase\":{\"event.code\":\"4748\"}}]}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"curveType\":\"LINEAR\",\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":false},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":-90},\"layers\":[{\"accessors\":[\"27e21c84-c884-4a36-8e48-88d42cdc286d\"],\"isHistogram\":true,\"layerId\":\"f3ae7a76-3702-4e40-aa81-849598fa2b3c\",\"layerType\":\"data\",\"seriesType\":\"bar_stacked\",\"simpleView\":false,\"splitAccessor\":\"f7b7059a-8e4d-4538-b28f-35d597944976\",\"xAccessor\":\"04168b99-2dd3-40c8-b444-bc949803664e\",\"xScaleType\":\"time\",\"yConfig\":[{\"axisMode\":\"left\",\"forAccessor\":\"27e21c84-c884-4a36-8e48-88d42cdc286d\"}]}],\"legend\":{\"isVisible\":true,\"legendSize\":\"auto\",\"maxLines\":1,\"position\":\"right\",\"shouldTruncate\":true,\"showSingleSeries\":true},\"preferredSeriesType\":\"bar_stacked\",\"showCurrentTimeMarker\":false,\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"valuesInLegend\":false,\"yLeftExtent\":{\"enforce\":true,\"mode\":\"full\"},\"yLeftScale\":\"linear\",\"yRightScale\":\"linear\",\"yTitle\":\"Count\"}},\"title\":\"Group Management Action Distribution over Time [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":21,\"i\":\"e0d495aa-f897-403f-815b-6116fae330b7\",\"w\":21,\"x\":27,\"y\":27},\"panelIndex\":\"e0d495aa-f897-403f-815b-6116fae330b7\",\"title\":\"Group Management Action Distribution over Time [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[],\"state\":{\"adHocDataViews\":{\"tsvb_ad_hoc_logs-*/@timestamp\":{\"allowNoIndex\":false,\"fieldAttrs\":{},\"fieldFormats\":{},\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"logs-*\",\"runtimeFieldMap\":{},\"sourceFilters\":[],\"timeFieldName\":\"@timestamp\",\"title\":\"logs-*\"}},\"datasourceStates\":{\"formBased\":{\"layers\":{\"acb39e04-812e-47cc-b982-fabce6e6ec94\":{\"columnOrder\":[\"628ee1fd-9f6f-4c72-b373-49fccf7806ba\"],\"columns\":{\"628ee1fd-9f6f-4c72-b373-49fccf7806ba\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"event.code:4731 OR event.code:4727 OR event.code:\\\"4754\\\" OR event.code:\\\"4749\\\" OR event.code:\\\"4759\\\"  OR event.code:\\\"4744\\\"  OR event.code:\\\"4783\\\"  OR event.code:\\\"4790\\\"\"},\"isBucketed\":false,\"label\":\"Groups Created\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[{\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"indexpattern-datasource-layer-acb39e04-812e-47cc-b982-fabce6e6ec94\",\"type\":\"index-pattern\"}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"628ee1fd-9f6f-4c72-b373-49fccf7806ba\",\"colorMode\":\"Background\",\"layerId\":\"acb39e04-812e-47cc-b982-fabce6e6ec94\",\"layerType\":\"data\",\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#D0D0D0\",\"stop\":null},{\"color\":\"#cc5642\",\"stop\":1}],\"continuity\":\"all\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":null,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#D0D0D0\",\"stop\":1},{\"color\":\"#cc5642\",\"stop\":2}]},\"type\":\"palette\"}}},\"title\":\"TSVB visualization\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":7,\"i\":\"e861343c-a5c9-4a8f-aacf-175a2d697587\",\"w\":9,\"x\":0,\"y\":48},\"panelIndex\":\"e861343c-a5c9-4a8f-aacf-175a2d697587\",\"title\":\"\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[],\"state\":{\"adHocDataViews\":{\"tsvb_ad_hoc_logs-*/@timestamp\":{\"allowNoIndex\":false,\"fieldAttrs\":{},\"fieldFormats\":{},\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"logs-*\",\"runtimeFieldMap\":{},\"sourceFilters\":[],\"timeFieldName\":\"@timestamp\",\"title\":\"logs-*\"}},\"datasourceStates\":{\"formBased\":{\"layers\":{\"87aea4f8-5513-4348-b6e3-3f15ef52448f\":{\"columnOrder\":[\"442cce25-7692-4749-9adb-c342d5fcdecd\"],\"columns\":{\"442cce25-7692-4749-9adb-c342d5fcdecd\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"event.code:4735 OR event.code:4737 OR event.code:\\\"4755\\\" OR event.code:\\\"4764\\\"  OR event.code:\\\"4750\\\" OR event.code:\\\"4760\\\" OR event.code:\\\"4745\\\" OR event.code:\\\"4784\\\" OR event.code:\\\"4791\\\"\"},\"isBucketed\":false,\"label\":\"Groups Changed\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[{\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"indexpattern-datasource-layer-87aea4f8-5513-4348-b6e3-3f15ef52448f\",\"type\":\"index-pattern\"}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"442cce25-7692-4749-9adb-c342d5fcdecd\",\"colorMode\":\"Background\",\"layerId\":\"87aea4f8-5513-4348-b6e3-3f15ef52448f\",\"layerType\":\"data\",\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#D0D0D0\",\"stop\":null},{\"color\":\"#d6bf57\",\"stop\":1}],\"continuity\":\"all\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":null,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#D0D0D0\",\"stop\":1},{\"color\":\"#d6bf57\",\"stop\":104}]},\"type\":\"palette\"}}},\"title\":\"TSVB visualization\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":7,\"i\":\"36142fad-01b3-43eb-a7c5-1b71fa6aa3bc\",\"w\":9,\"x\":9,\"y\":48},\"panelIndex\":\"36142fad-01b3-43eb-a7c5-1b71fa6aa3bc\",\"title\":\"\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[],\"state\":{\"adHocDataViews\":{\"tsvb_ad_hoc_logs-*/@timestamp\":{\"allowNoIndex\":false,\"fieldAttrs\":{},\"fieldFormats\":{},\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"logs-*\",\"runtimeFieldMap\":{},\"sourceFilters\":[],\"timeFieldName\":\"@timestamp\",\"title\":\"logs-*\"}},\"datasourceStates\":{\"formBased\":{\"layers\":{\"52b8f6c3-23ba-42d7-94b3-b28380016e21\":{\"columnOrder\":[\"e9922ed6-8940-4348-975a-39c8a936a46c\"],\"columns\":{\"e9922ed6-8940-4348-975a-39c8a936a46c\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"event.code:4734 OR event.code:4730 OR event.code:4758 OR event.code:4753  OR event.code:4763  OR event.code:4748  OR event.code:4789  OR event.code:4792\"},\"isBucketed\":false,\"label\":\"Groups Deleted\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[{\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"indexpattern-datasource-layer-52b8f6c3-23ba-42d7-94b3-b28380016e21\",\"type\":\"index-pattern\"}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"e9922ed6-8940-4348-975a-39c8a936a46c\",\"colorMode\":\"Background\",\"layerId\":\"52b8f6c3-23ba-42d7-94b3-b28380016e21\",\"layerType\":\"data\",\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#D0D0D0\",\"stop\":null},{\"color\":\"#DA8B45\",\"stop\":1}],\"continuity\":\"all\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":null,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#D0D0D0\",\"stop\":1},{\"color\":\"#DA8B45\",\"stop\":2}]},\"type\":\"palette\"}}},\"title\":\"TSVB visualization\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":7,\"i\":\"b03662fb-926d-49e0-b543-18ae6f526395\",\"w\":9,\"x\":18,\"y\":48},\"panelIndex\":\"b03662fb-926d-49e0-b543-18ae6f526395\",\"title\":\"\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[],\"state\":{\"adHocDataViews\":{\"tsvb_ad_hoc_logs-*/@timestamp\":{\"allowNoIndex\":false,\"fieldAttrs\":{},\"fieldFormats\":{},\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"logs-*\",\"runtimeFieldMap\":{},\"sourceFilters\":[],\"timeFieldName\":\"@timestamp\",\"title\":\"logs-*\"}},\"datasourceStates\":{\"formBased\":{\"layers\":{\"914f2ede-b9f6-4cb5-8b54-f4bcd6be6466\":{\"columnOrder\":[\"f8c7d2ef-cd6e-4aa7-a912-7bebc89579f4\"],\"columns\":{\"f8c7d2ef-cd6e-4aa7-a912-7bebc89579f4\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"event.code:4731 OR event.code:4727 OR event.code:\\\"4754\\\" OR event.code:\\\"4749\\\" OR event.code:\\\"4759\\\"  OR event.code:\\\"4744\\\"  OR event.code:\\\"4783\\\"  OR event.code:\\\"4790\\\"\"},\"isBucketed\":false,\"label\":\"Users Added to Group\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[{\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"indexpattern-datasource-layer-914f2ede-b9f6-4cb5-8b54-f4bcd6be6466\",\"type\":\"index-pattern\"}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"f8c7d2ef-cd6e-4aa7-a912-7bebc89579f4\",\"colorMode\":\"Background\",\"layerId\":\"914f2ede-b9f6-4cb5-8b54-f4bcd6be6466\",\"layerType\":\"data\",\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#D0D0D0\",\"stop\":null},{\"color\":\"#AA6556\",\"stop\":0}],\"continuity\":\"all\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":null,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#D0D0D0\",\"stop\":0},{\"color\":\"#AA6556\",\"stop\":1}]},\"type\":\"palette\"}}},\"title\":\"TSVB visualization\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":7,\"i\":\"744ba653-cbed-4af4-8114-ebe20b7ce075\",\"w\":16,\"x\":0,\"y\":68},\"panelIndex\":\"744ba653-cbed-4af4-8114-ebe20b7ce075\",\"title\":\"\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[],\"state\":{\"adHocDataViews\":{\"tsvb_ad_hoc_logs-*/@timestamp\":{\"allowNoIndex\":false,\"fieldAttrs\":{},\"fieldFormats\":{},\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"logs-*\",\"runtimeFieldMap\":{},\"sourceFilters\":[],\"timeFieldName\":\"@timestamp\",\"title\":\"logs-*\"}},\"datasourceStates\":{\"formBased\":{\"layers\":{\"b646c7ff-6c54-479c-af9a-882661bac81d\":{\"columnOrder\":[\"2ecb3e68-af02-4281-9a6d-f4ca2a460626\"],\"columns\":{\"2ecb3e68-af02-4281-9a6d-f4ca2a460626\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"event.code:4733 OR  event.code:4729 OR event.code:4788 OR event.code:4786 OR event.code:4752 OR event.code:4762 OR event.code:4747\"},\"isBucketed\":false,\"label\":\"Users Removed from Group\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[{\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"indexpattern-datasource-layer-b646c7ff-6c54-479c-af9a-882661bac81d\",\"type\":\"index-pattern\"}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"2ecb3e68-af02-4281-9a6d-f4ca2a460626\",\"colorMode\":\"Background\",\"layerId\":\"b646c7ff-6c54-479c-af9a-882661bac81d\",\"layerType\":\"data\",\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#D0D0D0\",\"stop\":null},{\"color\":\"#DA8B45\",\"stop\":1}],\"continuity\":\"all\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":null,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#D0D0D0\",\"stop\":1},{\"color\":\"#DA8B45\",\"stop\":2}]},\"type\":\"palette\"}}},\"title\":\"TSVB visualization\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":7,\"i\":\"81b505b6-9694-40ed-8800-dfc5f41af3c8\",\"w\":17,\"x\":16,\"y\":68},\"panelIndex\":\"81b505b6-9694-40ed-8800-dfc5f41af3c8\",\"title\":\"\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[],\"state\":{\"adHocDataViews\":{\"tsvb_ad_hoc_logs-*/@timestamp\":{\"allowNoIndex\":false,\"fieldAttrs\":{},\"fieldFormats\":{},\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"logs-*\",\"runtimeFieldMap\":{},\"sourceFilters\":[],\"timeFieldName\":\"@timestamp\",\"title\":\"logs-*\"}},\"datasourceStates\":{\"formBased\":{\"layers\":{\"92834d49-5d90-4296-a0e8-331ac3426c63\":{\"columnOrder\":[\"e4ff5d2c-bdd4-4c47-ada1-129834297614\"],\"columns\":{\"e4ff5d2c-bdd4-4c47-ada1-129834297614\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"event.code:4799\"},\"isBucketed\":false,\"label\":\"Group Membership Enumeration\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[{\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"indexpattern-datasource-layer-92834d49-5d90-4296-a0e8-331ac3426c63\",\"type\":\"index-pattern\"}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"e4ff5d2c-bdd4-4c47-ada1-129834297614\",\"colorMode\":\"Background\",\"layerId\":\"92834d49-5d90-4296-a0e8-331ac3426c63\",\"layerType\":\"data\",\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#D0D0D0\",\"stop\":null},{\"color\":\"#808080\",\"stop\":1}],\"continuity\":\"all\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":null,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#D0D0D0\",\"stop\":1},{\"color\":\"#808080\",\"stop\":71658}]},\"type\":\"palette\"}}},\"title\":\"TSVB visualization\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":7,\"i\":\"2c3d475b-54d9-472a-b97a-03a37d7c944b\",\"w\":15,\"x\":33,\"y\":68},\"panelIndex\":\"2c3d475b-54d9-472a-b97a-03a37d7c944b\",\"title\":\"\",\"type\":\"lens\",\"version\":\"8.7.0\"}]","timeRestore":false,"title":"[System Windows Security] Group Management Events","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"system-bb858830-f412-11e9-8405-516218e3d268","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"logs-*","name":"36:indexpattern-datasource-layer-bd7f857d-8824-4cfa-b6a9-85f4efdc2623","type":"index-pattern"},{"id":"logs-*","name":"36:a19c4278-5416-4446-99a1-0c0b841ad56b","type":"index-pattern"},{"id":"logs-*","name":"37:indexpattern-datasource-layer-b600888f-707d-4333-b65c-64ccd1512086","type":"index-pattern"},{"id":"logs-*","name":"37:c1e670c6-0a4d-4954-82f9-51dc32e07139","type":"index-pattern"},{"id":"logs-*","name":"38:indexpattern-datasource-layer-4f4fa0d5-5ea9-45ba-9214-d1fe2310876f","type":"index-pattern"},{"id":"logs-*","name":"38:3d460e27-249d-4c99-831f-193ccd17f8f4","type":"index-pattern"},{"id":"logs-*","name":"39:indexpattern-datasource-layer-ec211cdc-aeae-4682-9cc8-deec18aee3d1","type":"index-pattern"},{"id":"logs-*","name":"39:dcdfe597-2586-47d7-a08a-d204f5caebbb","type":"index-pattern"},{"id":"logs-*","name":"40:indexpattern-datasource-layer-ac94b4e8-791d-42c3-923b-d871496199d8","type":"index-pattern"},{"id":"logs-*","name":"40:ba9b962b-bc66-4c05-89c7-bbcfea69b19d","type":"index-pattern"},{"id":"logs-*","name":"42:indexpattern-datasource-layer-1b283aa0-01f0-4d69-9338-1d312aa7409a","type":"index-pattern"},{"id":"logs-*","name":"42:5fd25934-f4ed-4561-8e83-22d8642198fe","type":"index-pattern"},{"id":"system-7e178c80-fee1-11e9-8405-516218e3d268","name":"43:panel_43","type":"search"},{"id":"system-9066d5b0-fef2-11e9-8405-516218e3d268","name":"45:panel_45","type":"search"},{"id":"logs-*","name":"3f7e277d-09d1-4a79-bc17-bc5da5a7e290:indexpattern-datasource-layer-d498ce52-e422-4548-869e-12b54ca2a5de","type":"index-pattern"},{"id":"logs-*","name":"3f7e277d-09d1-4a79-bc17-bc5da5a7e290:042819ba-9576-492a-9bad-c3febb27fd0d","type":"index-pattern"},{"id":"logs-*","name":"74edddd5-2dc5-41b8-b4f2-bf9c95218f1b:indexpattern-datasource-layer-b1157a10-8ee7-4ce0-8fa3-3088007e12a6","type":"index-pattern"},{"id":"logs-*","name":"74edddd5-2dc5-41b8-b4f2-bf9c95218f1b:25cdfdc0-53d7-4cf7-b982-a59694f34875","type":"index-pattern"},{"id":"logs-*","name":"3016efc8-187d-4630-892d-af2160a584d7:indexpattern-datasource-layer-066e9369-184c-4225-b244-7e8d029e52c1","type":"index-pattern"},{"id":"logs-*","name":"33cef054-615a-49cb-bb2e-eb55fab96ae5:indexpattern-datasource-layer-d80f3769-ceeb-46ac-888d-8177bbbfa43c","type":"index-pattern"},{"id":"logs-*","name":"33cef054-615a-49cb-bb2e-eb55fab96ae5:5e7b0749-4021-4e07-a255-71965ec7f574","type":"index-pattern"},{"id":"logs-*","name":"e0d495aa-f897-403f-815b-6116fae330b7:indexpattern-datasource-layer-f3ae7a76-3702-4e40-aa81-849598fa2b3c","type":"index-pattern"},{"id":"logs-*","name":"e0d495aa-f897-403f-815b-6116fae330b7:b7ec06e9-b2f3-4ec6-813b-e8cc45150c28","type":"index-pattern"},{"id":"system-fleet-managed-default","name":"tag-ref-system-fleet-managed-default","type":"tag"},{"id":"system-fleet-pkg-system-default","name":"tag-ref-system-fleet-pkg-system-default","type":"tag"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-system-default","name":"tag-ref-fleet-pkg-system-default","type":"tag"}],"sort":[1688154054424,8445],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4NDcsMV0="}
-{"attributes":{"description":"Failed and blocked accounts.","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"system.security\",\"windows.forwarded\",\"windows.security\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"system.security\"}},{\"match_phrase\":{\"data_stream.dataset\":\"windows.forwarded\"}},{\"match_phrase\":{\"data_stream.dataset\":\"windows.security\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"winlog.provider_name\",\"negate\":false,\"params\":{\"query\":\"Microsoft-Windows-Security-Auditing\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"winlog.provider_name\":\"Microsoft-Windows-Security-Auditing\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"useMargins\":false}","panelsJSON":"[{\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":10,\"markdown\":\"### **Failed Logons and Account Lockouts**\",\"openLinksInNewTab\":false},\"title\":\"Failed Logon and Account Lockout [Windows System Security]\",\"type\":\"markdown\",\"uiState\":{}}},\"gridData\":{\"h\":7,\"i\":\"1\",\"w\":14,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"title\":\"\",\"type\":\"visualization\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-51928276-cada-4ce4-8054-672e298c095f\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"c5560265-9668-4020-acf5-2f125a50e192\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"51928276-cada-4ce4-8054-672e298c095f\":{\"columnOrder\":[\"07d2d99e-f8e9-4d2c-9361-637a3e327459\",\"1e7f30e1-cab2-4099-a7c1-6debb680be54\"],\"columns\":{\"07d2d99e-f8e9-4d2c-9361-637a3e327459\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Filters\",\"operationType\":\"filters\",\"params\":{\"filters\":[{\"input\":{\"language\":\"lucene\",\"query\":\"event.code: 4624\"},\"label\":\"Successful Logon\"},{\"input\":{\"language\":\"lucene\",\"query\":\"event.code: 4625\"},\"label\":\"Failed Logons\"}]},\"scale\":\"ordinal\"},\"1e7f30e1-cab2-4099-a7c1-6debb680be54\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"c5560265-9668-4020-acf5-2f125a50e192\",\"key\":\"winlog.provider_name\",\"negate\":false,\"params\":{\"query\":\"Microsoft-Windows-Security-Auditing\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"winlog.provider_name\":\"Microsoft-Windows-Security-Auditing\"}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"hide\",\"emptySizeRatio\":0.3,\"layerId\":\"51928276-cada-4ce4-8054-672e298c095f\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"legendMaxLines\":1,\"legendPosition\":\"bottom\",\"legendSize\":\"auto\",\"metrics\":[\"1e7f30e1-cab2-4099-a7c1-6debb680be54\"],\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"percentDecimals\":2,\"primaryGroups\":[\"07d2d99e-f8e9-4d2c-9361-637a3e327459\"],\"secondaryGroups\":[],\"showValuesInLegend\":true,\"truncateLegend\":true}],\"shape\":\"pie\"}},\"title\":\"Logon Successful vs Failed [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":18,\"i\":\"2\",\"w\":12,\"x\":0,\"y\":7},\"panelIndex\":\"2\",\"title\":\"Logon Successful vs Failed [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"winlog.event_data.TargetUserName\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":20},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4740\"},\"type\":\"phrase\"},\"query\":{\"match\":{\"event.code\":{\"query\":\"4740\",\"type\":\"phrase\"}}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security \"}}},\"description\":\"\",\"params\":{\"bucket\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\",\"parsedUrl\":{\"basePath\":\"/s/siem\",\"origin\":\"https://192.168.1.72:5601\",\"pathname\":\"/s/siem/app/kibana\"}}},\"type\":\"vis_dimension\"},\"maxFontSize\":53,\"metric\":{\"accessor\":1,\"format\":{\"id\":\"string\",\"params\":{}},\"type\":\"vis_dimension\"},\"minFontSize\":18,\"orientation\":\"single\",\"scale\":\"linear\",\"showLabel\":false},\"title\":\"Blocked Accounts Tag [Windows System Security]\",\"type\":\"tagcloud\",\"uiState\":{}}},\"gridData\":{\"h\":21,\"i\":\"3\",\"w\":12,\"x\":12,\"y\":35},\"panelIndex\":\"3\",\"title\":\"Blocked Acoounts\",\"type\":\"visualization\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-892d74e5-47d2-4c42-80d9-4bc979530ef2\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"14b89fc0-8a6c-47a7-b5e3-516699233c61\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"892d74e5-47d2-4c42-80d9-4bc979530ef2\":{\"columnOrder\":[\"8b1cbfde-e270-446d-a789-2a1d26f4480a\",\"37216882-b7d2-4179-af7f-9bd64d35e0bd\",\"50c2ab55-2ea4-4bd9-a7fd-3037baaea103\"],\"columns\":{\"37216882-b7d2-4179-af7f-9bd64d35e0bd\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Filters\",\"operationType\":\"filters\",\"params\":{\"filters\":[{\"input\":{\"language\":\"lucene\",\"query\":\"event.code: 4624\"},\"label\":\"Logon Successful\"},{\"input\":{\"language\":\"lucene\",\"query\":\"event.code: 4625\"},\"label\":\"Logon Failed\"}]},\"scale\":\"ordinal\"},\"50c2ab55-2ea4-4bd9-a7fd-3037baaea103\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"8b1cbfde-e270-446d-a789-2a1d26f4480a\":{\"customLabel\":true,\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":false,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"14b89fc0-8a6c-47a7-b5e3-516699233c61\",\"key\":\"winlog.provider_name\",\"negate\":false,\"params\":{\"query\":\"Microsoft-Windows-Security-Auditing\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"winlog.provider_name\":\"Microsoft-Windows-Security-Auditing\"}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"curveType\":\"LINEAR\",\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":-90},\"layers\":[{\"accessors\":[\"50c2ab55-2ea4-4bd9-a7fd-3037baaea103\"],\"isHistogram\":true,\"layerId\":\"892d74e5-47d2-4c42-80d9-4bc979530ef2\",\"layerType\":\"data\",\"seriesType\":\"bar_stacked\",\"simpleView\":false,\"splitAccessor\":\"37216882-b7d2-4179-af7f-9bd64d35e0bd\",\"xAccessor\":\"8b1cbfde-e270-446d-a789-2a1d26f4480a\",\"xScaleType\":\"time\",\"yConfig\":[{\"axisMode\":\"left\",\"forAccessor\":\"50c2ab55-2ea4-4bd9-a7fd-3037baaea103\"}]}],\"legend\":{\"isVisible\":true,\"legendSize\":\"auto\",\"maxLines\":1,\"position\":\"bottom\",\"shouldTruncate\":true,\"showSingleSeries\":true},\"preferredSeriesType\":\"bar_stacked\",\"showCurrentTimeMarker\":false,\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"valuesInLegend\":false,\"yLeftExtent\":{\"enforce\":true,\"mode\":\"full\"},\"yLeftScale\":\"linear\",\"yRightScale\":\"linear\",\"yTitle\":\"Count\"}},\"title\":\"Logon Successful - Logon Failed Timeline [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":18,\"i\":\"4\",\"w\":23,\"x\":12,\"y\":7},\"panelIndex\":\"4\",\"title\":\"Logon Successful - Logon Failed Timeline [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"user.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4625\",\"4771\"],\"type\":\"phrases\",\"value\":\"4625, 4771\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4625\"}},{\"match_phrase\":{\"event.code\":\"4771\"}}]}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"bucket\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\",\"parsedUrl\":{\"basePath\":\"/s/siem\",\"origin\":\"https://192.168.1.72:5601\",\"pathname\":\"/s/siem/app/kibana\"}}},\"type\":\"vis_dimension\"},\"maxFontSize\":37,\"metric\":{\"accessor\":1,\"format\":{\"id\":\"string\",\"params\":{}},\"type\":\"vis_dimension\"},\"minFontSize\":15,\"orientation\":\"single\",\"scale\":\"linear\",\"showLabel\":false},\"title\":\"Logon Failed Acconts [Windows System Security]\",\"type\":\"tagcloud\",\"uiState\":{}}},\"gridData\":{\"h\":21,\"i\":\"5\",\"w\":12,\"x\":0,\"y\":35},\"panelIndex\":\"5\",\"type\":\"visualization\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-0ca1181c-9c17-4b68-9da9-e90032ba66a0\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"4a5e2651-5d45-4b6b-a761-c8cb22fb8a70\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"662ad73f-d904-4d2c-86b0-d677879a602c\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"0ca1181c-9c17-4b68-9da9-e90032ba66a0\":{\"columnOrder\":[\"891a49e8-cd86-401a-8901-911327320374\",\"176619c3-a6a7-4793-b36f-2e24a88de891\",\"ccbc2e70-16e1-45e0-841e-1b9349badf37\"],\"columns\":{\"176619c3-a6a7-4793-b36f-2e24a88de891\":{\"customLabel\":true,\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":true,\"includeEmptyRows\":true,\"interval\":\"h\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"891a49e8-cd86-401a-8901-911327320374\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"user.name: Descending\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"ccbc2e70-16e1-45e0-841e-1b9349badf37\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":15},\"scale\":\"ordinal\",\"sourceField\":\"user.name\"},\"ccbc2e70-16e1-45e0-841e-1b9349badf37\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"4a5e2651-5d45-4b6b-a761-c8cb22fb8a70\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4625\"],\"type\":\"phrases\",\"value\":\"4625\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4625\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"662ad73f-d904-4d2c-86b0-d677879a602c\",\"key\":\"winlog.provider_name\",\"negate\":false,\"params\":{\"query\":\"Microsoft-Windows-Security-Auditing\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"winlog.provider_name\":\"Microsoft-Windows-Security-Auditing\"}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"gridConfig\":{\"isCellLabelVisible\":true,\"isXAxisLabelVisible\":true,\"isXAxisTitleVisible\":true,\"isYAxisLabelVisible\":true,\"isYAxisTitleVisible\":true,\"type\":\"heatmap_grid\"},\"layerId\":\"0ca1181c-9c17-4b68-9da9-e90032ba66a0\",\"layerType\":\"data\",\"legend\":{\"isVisible\":false,\"position\":\"bottom\",\"type\":\"heatmap_legend\"},\"palette\":{\"accessor\":\"ccbc2e70-16e1-45e0-841e-1b9349badf37\",\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#FFFFCC\",\"stop\":0},{\"color\":\"#FEE187\",\"stop\":20},{\"color\":\"#FEAB4C\",\"stop\":40},{\"color\":\"#F95C2E\",\"stop\":60},{\"color\":\"#D31020\",\"stop\":80}],\"continuity\":\"none\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":100,\"rangeMin\":0,\"rangeType\":\"percent\",\"reverse\":false,\"stops\":[{\"color\":\"#FFFFCC\",\"stop\":20},{\"color\":\"#FEE187\",\"stop\":40},{\"color\":\"#FEAB4C\",\"stop\":60},{\"color\":\"#F95C2E\",\"stop\":80},{\"color\":\"#D31020\",\"stop\":100}]},\"type\":\"palette\"},\"shape\":\"heatmap\",\"valueAccessor\":\"ccbc2e70-16e1-45e0-841e-1b9349badf37\",\"xAccessor\":\"891a49e8-cd86-401a-8901-911327320374\",\"yAccessor\":\"176619c3-a6a7-4793-b36f-2e24a88de891\"}},\"title\":\"Failed Logon HeatMap [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsHeatmap\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":30,\"i\":\"6\",\"w\":48,\"x\":0,\"y\":56},\"panelIndex\":\"6\",\"title\":\"Failed Logon HeatMap [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":20,\"i\":\"8\",\"w\":48,\"x\":0,\"y\":86},\"panelIndex\":\"8\",\"panelRefName\":\"panel_8\",\"title\":\"Logon Failed and Account Lockouts\",\"type\":\"search\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b205119a-3d44-424a-b471-3adc7b233437\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"d0cc9cbc-3f24-4f1d-a33f-d6161d3e1323\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"d16c0ea3-8535-405e-a080-314609ff2eb9\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"b205119a-3d44-424a-b471-3adc7b233437\":{\"columnOrder\":[\"6c00efd4-5d72-4cb3-bd7f-805f413d6368\",\"5a76cdff-8d92-4431-967b-ead53ef7c47e\",\"6035bb34-7f8b-43b6-9a35-a286b0e42b68\",\"c6126afa-c771-4709-a1e8-ce1598a07d96\",\"b95d6baa-4b3d-4f61-ae4f-8981aed9a448\",\"d0645d98-f6dd-4f10-811e-7fef21a41c3e\",\"f0f3ac3f-402d-41e8-87b4-e3416b3b4e31\",\"6034755d-4e5f-46e8-8700-7397eca1b2c7\"],\"columns\":{\"5a76cdff-8d92-4431-967b-ead53ef7c47e\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"user.name\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"6034755d-4e5f-46e8-8700-7397eca1b2c7\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":1000},\"scale\":\"ordinal\",\"sourceField\":\"user.name\"},\"6034755d-4e5f-46e8-8700-7397eca1b2c7\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"6035bb34-7f8b-43b6-9a35-a286b0e42b68\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"source workstation\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"6034755d-4e5f-46e8-8700-7397eca1b2c7\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"source.domain\"},\"6c00efd4-5d72-4cb3-bd7f-805f413d6368\":{\"customLabel\":true,\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"Time Bucket\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":false,\"interval\":\"h\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"b95d6baa-4b3d-4f61-ae4f-8981aed9a448\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"event.action\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"6034755d-4e5f-46e8-8700-7397eca1b2c7\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"event.action\"},\"c6126afa-c771-4709-a1e8-ce1598a07d96\":{\"customLabel\":true,\"dataType\":\"ip\",\"isBucketed\":true,\"label\":\"source.ip\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"6034755d-4e5f-46e8-8700-7397eca1b2c7\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"source.ip\"},\"d0645d98-f6dd-4f10-811e-7fef21a41c3e\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"winlog.logon.type\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"6034755d-4e5f-46e8-8700-7397eca1b2c7\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.logon.type\"},\"f0f3ac3f-402d-41e8-87b4-e3416b3b4e31\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"winlog.event_data.SubjectUserName\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"6034755d-4e5f-46e8-8700-7397eca1b2c7\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.SubjectUserName\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"d0cc9cbc-3f24-4f1d-a33f-d6161d3e1323\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4625\"},\"type\":\"phrase\"},\"query\":{\"match\":{\"event.code\":{\"query\":\"4625\",\"type\":\"phrase\"}}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"d16c0ea3-8535-405e-a080-314609ff2eb9\",\"key\":\"winlog.provider_name\",\"negate\":false,\"params\":{\"query\":\"Microsoft-Windows-Security-Auditing\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"winlog.provider_name\":\"Microsoft-Windows-Security-Auditing\"}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"alignment\":\"left\",\"columnId\":\"6034755d-4e5f-46e8-8700-7397eca1b2c7\"},{\"alignment\":\"left\",\"columnId\":\"6c00efd4-5d72-4cb3-bd7f-805f413d6368\"},{\"alignment\":\"left\",\"columnId\":\"5a76cdff-8d92-4431-967b-ead53ef7c47e\"},{\"alignment\":\"left\",\"columnId\":\"6035bb34-7f8b-43b6-9a35-a286b0e42b68\"},{\"alignment\":\"left\",\"columnId\":\"c6126afa-c771-4709-a1e8-ce1598a07d96\"},{\"alignment\":\"left\",\"columnId\":\"b95d6baa-4b3d-4f61-ae4f-8981aed9a448\"},{\"alignment\":\"left\",\"columnId\":\"d0645d98-f6dd-4f10-811e-7fef21a41c3e\"},{\"alignment\":\"left\",\"columnId\":\"f0f3ac3f-402d-41e8-87b4-e3416b3b4e31\"}],\"headerRowHeight\":\"single\",\"layerId\":\"b205119a-3d44-424a-b471-3adc7b233437\",\"layerType\":\"data\",\"paging\":{\"enabled\":true,\"size\":15},\"rowHeight\":\"single\"}},\"title\":\"Logon Failed Table [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":31,\"i\":\"11\",\"w\":24,\"x\":24,\"y\":25},\"panelIndex\":\"11\",\"title\":\"Logon Failed Table [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"[Windows Overview](#/dashboard/system-Windows-Dashboard) | [User Logon Information](#/dashboard/system-bae11b00-9bfc-11ea-87e4-49f31ec44891) | **Logon Failed and Account Lockout** | [User Management Events](#/dashboard/system-71f720f0-ff18-11e9-8405-516218e3d268) | [Group Management Events](#/dashboard/system-bb858830-f412-11e9-8405-516218e3d268)\",\"openLinksInNewTab\":false},\"title\":\"Dashboard links  [Windows System Security]\",\"type\":\"markdown\",\"uiState\":{}}},\"gridData\":{\"h\":7,\"i\":\"628de26f-7b7b-457c-b811-e06161e4e7b4\",\"w\":34,\"x\":14,\"y\":0},\"panelIndex\":\"628de26f-7b7b-457c-b811-e06161e4e7b4\",\"title\":\"\",\"type\":\"visualization\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-2f8af088-1452-476f-9b74-7854a8e9d8a3\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"d192bb2b-0add-406e-8fa5-d749aa93cd68\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"9ba1595f-e9a3-4987-9eb0-21d2714752ef\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"2f8af088-1452-476f-9b74-7854a8e9d8a3\":{\"columnOrder\":[\"70837b96-3c24-4578-9988-3e91c976bf09\",\"b2c05801-5cfa-40a5-9988-1aa4056ba903\"],\"columns\":{\"70837b96-3c24-4578-9988-3e91c976bf09\":{\"customLabel\":true,\"dataType\":\"ip\",\"isBucketed\":true,\"label\":\"Logon Source IP\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"b2c05801-5cfa-40a5-9988-1aa4056ba903\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"source.ip\"},\"b2c05801-5cfa-40a5-9988-1aa4056ba903\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"field\":\"event.code\",\"index\":\"d192bb2b-0add-406e-8fa5-d749aa93cd68\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4625\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.code\":\"4625\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"field\":\"winlog.provider_name\",\"index\":\"9ba1595f-e9a3-4987-9eb0-21d2714752ef\",\"key\":\"winlog.provider_name\",\"negate\":false,\"params\":{\"query\":\"Microsoft-Windows-Security-Auditing\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"winlog.provider_name\":\"Microsoft-Windows-Security-Auditing\"}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"b2c05801-5cfa-40a5-9988-1aa4056ba903\"],\"layerId\":\"2f8af088-1452-476f-9b74-7854a8e9d8a3\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"xAccessor\":\"70837b96-3c24-4578-9988-3e91c976bf09\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_horizontal\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":18,\"i\":\"13f5fdc0-b503-4e37-a39e-a2365be6356d\",\"w\":13,\"x\":35,\"y\":7},\"panelIndex\":\"13f5fdc0-b503-4e37-a39e-a2365be6356d\",\"title\":\"Logon Failed Source IPs\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[],\"state\":{\"adHocDataViews\":{\"tsvb_ad_hoc_logs-*/@timestamp\":{\"allowNoIndex\":false,\"fieldAttrs\":{},\"fieldFormats\":{},\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"logs-*\",\"runtimeFieldMap\":{},\"sourceFilters\":[],\"timeFieldName\":\"@timestamp\",\"title\":\"logs-*\"}},\"datasourceStates\":{\"formBased\":{\"layers\":{\"f29083db-60ee-4050-a6fd-3c8ec6f2b86c\":{\"columnOrder\":[\"e4afb6fa-36ce-46cc-bea2-175b29605d8a\"],\"columns\":{\"e4afb6fa-36ce-46cc-bea2-175b29605d8a\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"((data_stream.dataset:windows.security OR data_stream.dataset:system.security) AND event.code: \\\"4625\\\")\"},\"isBucketed\":false,\"label\":\"Failed Logon\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[{\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"indexpattern-datasource-layer-f29083db-60ee-4050-a6fd-3c8ec6f2b86c\",\"type\":\"index-pattern\"}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"e4afb6fa-36ce-46cc-bea2-175b29605d8a\",\"layerId\":\"f29083db-60ee-4050-a6fd-3c8ec6f2b86c\",\"layerType\":\"data\"}},\"title\":\"TSVB visualization\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":10,\"i\":\"af0b27cf-3a49-4180-bd15-a399f7b349b3\",\"w\":12,\"x\":0,\"y\":25},\"panelIndex\":\"af0b27cf-3a49-4180-bd15-a399f7b349b3\",\"title\":\"\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[],\"state\":{\"adHocDataViews\":{\"tsvb_ad_hoc_logs-*/@timestamp\":{\"allowNoIndex\":false,\"fieldAttrs\":{},\"fieldFormats\":{},\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"logs-*\",\"runtimeFieldMap\":{},\"sourceFilters\":[],\"timeFieldName\":\"@timestamp\",\"title\":\"logs-*\"}},\"datasourceStates\":{\"formBased\":{\"layers\":{\"7b50ca11-6492-47c9-bb57-5d2e88f51719\":{\"columnOrder\":[\"46e6f211-0dc7-4f4f-963d-033c09854126\"],\"columns\":{\"46e6f211-0dc7-4f4f-963d-033c09854126\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"event.code: \\\"4740\\\"\"},\"isBucketed\":false,\"label\":\"Blocked Accounts\",\"operationType\":\"unique_count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"user.name\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[{\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"indexpattern-datasource-layer-7b50ca11-6492-47c9-bb57-5d2e88f51719\",\"type\":\"index-pattern\"}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"46e6f211-0dc7-4f4f-963d-033c09854126\",\"layerId\":\"7b50ca11-6492-47c9-bb57-5d2e88f51719\",\"layerType\":\"data\"}},\"title\":\"TSVB visualization\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":10,\"i\":\"d69a5e0c-274d-4515-8f31-737b9ecbddba\",\"w\":12,\"x\":12,\"y\":25},\"panelIndex\":\"d69a5e0c-274d-4515-8f31-737b9ecbddba\",\"title\":\"\",\"type\":\"lens\",\"version\":\"8.7.0\"}]","timeRestore":false,"title":"[System Windows Security] Failed and Blocked Accounts","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"system-d401ef40-a7d5-11e9-a422-d144027429da","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"logs-*","name":"2:indexpattern-datasource-layer-51928276-cada-4ce4-8054-672e298c095f","type":"index-pattern"},{"id":"logs-*","name":"2:c5560265-9668-4020-acf5-2f125a50e192","type":"index-pattern"},{"id":"logs-*","name":"3:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"3:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"4:indexpattern-datasource-layer-892d74e5-47d2-4c42-80d9-4bc979530ef2","type":"index-pattern"},{"id":"logs-*","name":"4:14b89fc0-8a6c-47a7-b5e3-516699233c61","type":"index-pattern"},{"id":"logs-*","name":"5:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"5:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"6:indexpattern-datasource-layer-0ca1181c-9c17-4b68-9da9-e90032ba66a0","type":"index-pattern"},{"id":"logs-*","name":"6:4a5e2651-5d45-4b6b-a761-c8cb22fb8a70","type":"index-pattern"},{"id":"logs-*","name":"6:662ad73f-d904-4d2c-86b0-d677879a602c","type":"index-pattern"},{"id":"system-757510b0-a87f-11e9-a422-d144027429da","name":"8:panel_8","type":"search"},{"id":"logs-*","name":"11:indexpattern-datasource-layer-b205119a-3d44-424a-b471-3adc7b233437","type":"index-pattern"},{"id":"logs-*","name":"11:d0cc9cbc-3f24-4f1d-a33f-d6161d3e1323","type":"index-pattern"},{"id":"logs-*","name":"11:d16c0ea3-8535-405e-a080-314609ff2eb9","type":"index-pattern"},{"id":"logs-*","name":"13f5fdc0-b503-4e37-a39e-a2365be6356d:indexpattern-datasource-layer-2f8af088-1452-476f-9b74-7854a8e9d8a3","type":"index-pattern"},{"id":"logs-*","name":"13f5fdc0-b503-4e37-a39e-a2365be6356d:d192bb2b-0add-406e-8fa5-d749aa93cd68","type":"index-pattern"},{"id":"logs-*","name":"13f5fdc0-b503-4e37-a39e-a2365be6356d:9ba1595f-e9a3-4987-9eb0-21d2714752ef","type":"index-pattern"},{"id":"system-fleet-managed-default","name":"tag-ref-system-fleet-managed-default","type":"tag"},{"id":"system-fleet-pkg-system-default","name":"tag-ref-system-fleet-pkg-system-default","type":"tag"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-system-default","name":"tag-ref-fleet-pkg-system-default","type":"tag"}],"sort":[1688154054424,8470],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4NDgsMV0="}
-{"attributes":{"columns":["event.code","powershell.engine.version","powershell.runspace_id","process.args","powershell.command.invocation_details","powershell.file.script_block_text"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:windows.powershell OR data_stream.dataset:windows.powershell_operational)\"},\"version\":true}"},"sort":[["@timestamp","desc"]],"title":"Details [Windows powershell]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"windows-11a61760-9f27-11ea-bef1-95118e62a7c1","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-windows-default","name":"tag-ref-fleet-pkg-windows-default","type":"tag"}],"sort":[1688154054424,8474],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4NDksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:windows.powershell OR data_stream.dataset:windows.powershell_operational)\"}}"},"title":"Engine versions [Windows powershell]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Engine version\",\"field\":\"powershell.engine.version\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"addTooltip\":true,\"dimensions\":{\"metric\":{\"accessor\":0,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"label\":\"Count\",\"params\":{}}},\"isDonut\":false,\"labels\":{\"last_level\":false,\"show\":false,\"truncate\":100,\"values\":false},\"legendPosition\":\"right\",\"type\":\"pie\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Engine versions [Windows powershell]\",\"type\":\"pie\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"windows-1eeaaf70-9f23-11ea-bef1-95118e62a7c1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-windows-default","name":"tag-ref-fleet-pkg-windows-default","type":"tag"}],"sort":[1688154054424,8478],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4NTAsMV0="}
-{"attributes":{"columns":["host.name","windows.service.display_name","windows.service.state","windows.service.start_type","windows.service.uptime.ms","windows.service.pid","windows.service.exit_code"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"prefix\\\":{\\\"data_stream.dataset\\\":\\\"windows.\\\"}}\"},\"query\":{\"prefix\":{\"data_stream.dataset\":\"windows.\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"metricset.name\",\"negate\":false,\"params\":{\"query\":\"service\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"service\"},\"query\":{\"match\":{\"metricset.name\":{\"query\":\"service\",\"type\":\"phrase\"}}}}],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"version\":true}"},"sort":[["@timestamp","desc"]],"title":"Services [Metrics Windows]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"windows-b6b7ccc0-c98d-11e7-9835-2f31fe08873b","migrationVersion":{"search":"8.0.0"},"references":[{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-windows-default","name":"tag-ref-fleet-pkg-windows-default","type":"tag"}],"sort":[1688154054424,8484],"type":"search","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4NTEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"savedSearchRefName":"search_0","title":"Hosts [Metrics Windows]","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Total Services\",\"field\":\"windows.service.id\"},\"schema\":\"metric\",\"type\":\"cardinality\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Host\",\"field\":\"host.name\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"}],\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"title\":\"Hosts [Metrics Windows]\",\"type\":\"table\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"windows-23a5fff0-c98e-11e7-9835-2f31fe08873b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"windows-b6b7ccc0-c98d-11e7-9835-2f31fe08873b","name":"search_0","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-windows-default","name":"tag-ref-fleet-pkg-windows-default","type":"tag"}],"sort":[1688154054424,8488],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4NTIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:windows.powershell OR data_stream.dataset.windows.powershell_operational)\"}}"},"title":"Unique engine versions [Windows powershell]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Unique versions\",\"field\":\"powershell.engine.version\"},\"schema\":\"metric\",\"type\":\"cardinality\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}},\"type\":\"vis_dimension\"}]},\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000,\"type\":\"range\"}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":32,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Unique engine versions [Windows powershell]\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"windows-2dbabdf0-9f29-11ea-bef1-95118e62a7c1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-windows-default","name":"tag-ref-fleet-pkg-windows-default","type":"tag"}],"sort":[1688154054424,8492],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4NTMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"savedSearchRefName":"search_0","title":"Unique Services [Metrics Windows]","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Services\",\"field\":\"windows.service.id\"},\"schema\":\"metric\",\"type\":\"cardinality\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"gauge\":{\"autoExtend\":false,\"backStyle\":\"Full\",\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"gaugeColorMode\":\"None\",\"gaugeStyle\":\"Full\",\"gaugeType\":\"Metric\",\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":false},\"orientation\":\"vertical\",\"percentageMode\":false,\"scale\":{\"color\":\"#333\",\"labels\":false,\"show\":false,\"width\":2},\"style\":{\"bgColor\":false,\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"type\":\"simple\",\"useRange\":false,\"verticalSplit\":false},\"type\":\"gauge\"},\"title\":\"Unique Services [Metrics Windows]\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"windows-35f5ad60-c996-11e7-9835-2f31fe08873b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"windows-b6b7ccc0-c98d-11e7-9835-2f31fe08873b","name":"search_0","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-windows-default","name":"tag-ref-fleet-pkg-windows-default","type":"tag"}],"sort":[1688154054424,8496],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4NTQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:windows.powershell OR data_stream.dataset.windows.powershell_operational)\"}}"},"title":"Users [Windows powershell]","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"User\",\"field\":\"user.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Host count\",\"field\":\"host.name\"},\"schema\":\"metric\",\"type\":\"cardinality\"}],\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\",\"parsedUrl\":{\"basePath\":\"\",\"origin\":\"http://192.168.1.48:5601\",\"pathname\":\"/app/kibana\"}}},\"label\":\"User\",\"params\":{}}],\"metrics\":[{\"accessor\":1,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"label\":\"Count\",\"params\":{}},{\"accessor\":2,\"aggType\":\"cardinality\",\"format\":{\"id\":\"number\"},\"label\":\"Unique count of host.name\",\"params\":{}}]},\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"title\":\"Users [Windows powershell]\",\"type\":\"table\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"windows-3e55daa0-9e8e-11ea-af6f-cfdb1ee1d6c8","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-windows-default","name":"tag-ref-fleet-pkg-windows-default","type":"tag"}],"sort":[1688154054424,8500],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4NTUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:windows.powershell OR data_stream.dataset.windows.powershell_operational)\"}}"},"title":"Total engine started [Windows powershell]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"filters\":[{\"input\":{\"language\":\"kuery\",\"query\":\"event.code: 400\"},\"label\":\"\"}]},\"schema\":\"group\",\"type\":\"filters\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"dimensions\":{\"bucket\":{\"accessor\":0,\"format\":{\"id\":\"string\",\"params\":{}},\"type\":\"vis_dimension\"},\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{}},\"type\":\"vis_dimension\"}]},\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000,\"type\":\"range\"}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":32,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Total engine started [Windows powershell]\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"windows-52543ef0-9e95-11ea-af6f-cfdb1ee1d6c8","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-windows-default","name":"tag-ref-fleet-pkg-windows-default","type":"tag"}],"sort":[1688154054424,8504],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4NTYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:windows.powershell OR data_stream.dataset.windows.powershell_operational)\"}}"},"title":"Top active hosts [Windows powershell]","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"host.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10},\"schema\":\"bucket\",\"type\":\"terms\"}],\"params\":{\"dimensions\":{\"buckets\":[],\"metrics\":[{\"accessor\":0,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"label\":\"Count\",\"params\":{}}]},\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"title\":\"Top active hosts [Windows powershell]\",\"type\":\"table\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"windows-70751050-9f33-11ea-bef1-95118e62a7c1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-windows-default","name":"tag-ref-fleet-pkg-windows-default","type":"tag"}],"sort":[1688154054424,8508],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4NTcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:windows.powershell OR data_stream.dataset:windows.powershell_operational)\"}}"},"title":"Total remote commands [Windows powershell]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"filters\":[{\"input\":{\"language\":\"kuery\",\"query\":\"process.title:\\\"ServerRemoteHost\\\" \"},\"label\":\"Remote commands\"}]},\"schema\":\"group\",\"type\":\"filters\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"dimensions\":{\"bucket\":{\"accessor\":0,\"format\":{\"id\":\"string\",\"params\":{}},\"type\":\"vis_dimension\"},\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{}},\"type\":\"vis_dimension\"}]},\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000,\"type\":\"range\"}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":32,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Total remote commands [Windows powershell]\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"windows-78874900-9f30-11ea-bef1-95118e62a7c1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-windows-default","name":"tag-ref-fleet-pkg-windows-default","type":"tag"}],"sort":[1688154054424,8512],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4NTgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:windows.powershell OR data_stream.dataset:windows.powershell_operational)\"}}"},"title":"Engine and Command started[Windows powershell]","uiStateJSON":"{\"vis\":{\"colors\":{\"*\":\"#EAB839\",\"Engine stopped\":\"#BF1B00\"}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"scaleMetricValues\":false,\"timeRange\":{\"from\":\"now-1d\",\"to\":\"now\"},\"useNormalizedEsInterval\":true},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"filters\":[{\"input\":{\"language\":\"kuery\",\"query\":\"event.code: \\\"400\\\" \"},\"label\":\"Engine started\"},{\"input\":{\"language\":\"kuery\",\"query\":\"event.code: \\\"4105\\\"  \"},\"label\":\"Command started\"}]},\"schema\":\"group\",\"type\":\"filters\"}],\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"dimensions\":{\"series\":[{\"accessor\":1,\"aggType\":\"filters\",\"format\":{},\"label\":\"filters\",\"params\":{}}],\"x\":{\"accessor\":0,\"aggType\":\"date_histogram\",\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm\"}},\"label\":\"@timestamp per 30 minutes\",\"params\":{\"bounds\":{\"max\":\"2020-05-26T09:14:29.996Z\",\"min\":\"2020-05-25T09:14:29.996Z\"},\"date\":true,\"format\":\"HH:mm\",\"interval\":\"PT30M\",\"intervalESUnit\":\"m\",\"intervalESValue\":30}},\"y\":[{\"accessor\":2,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"label\":\"Count\",\"params\":{}}]},\"grid\":{\"categoryLines\":false},\"labels\":{},\"legendPosition\":\"right\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\",\"circlesRadius\":1}],\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":true,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"defaultYExtents\":false,\"mode\":\"normal\",\"setYExtents\":false,\"type\":\"log\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"linear\",\"legendSize\":\"auto\"},\"title\":\"Engine and Command started[Windows powershell]\",\"type\":\"line\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"windows-7adbce50-9e96-11ea-af6f-cfdb1ee1d6c8","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-windows-default","name":"tag-ref-fleet-pkg-windows-default","type":"tag"}],"sort":[1688154054424,8516],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4NTksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:windows.powershell OR data_stream.dataset:windows.powershell_operational)\"}}"},"title":"Total commands [Windows powershell]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"filters\":[{\"input\":{\"language\":\"kuery\",\"query\":\"powershell.command.name: * \"},\"label\":\"Commands\"}]},\"schema\":\"group\",\"type\":\"filters\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"dimensions\":{\"bucket\":{\"accessor\":0,\"format\":{\"id\":\"string\",\"params\":{}},\"type\":\"vis_dimension\"},\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{}},\"type\":\"vis_dimension\"}]},\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000,\"type\":\"range\"}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":32,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Total commands [Windows powershell]\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"windows-7f3e7710-9e94-11ea-af6f-cfdb1ee1d6c8","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-windows-default","name":"tag-ref-fleet-pkg-windows-default","type":"tag"}],"sort":[1688154054424,8520],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4NjAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"savedSearchRefName":"search_0","title":"Startup States [Metrics Windows]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Service Count\",\"field\":\"windows.service.id\"},\"schema\":\"metric\",\"type\":\"cardinality\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Startup Type\",\"field\":\"windows.service.start_type\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"State\",\"field\":\"windows.service.state\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Startup States [Metrics Windows]\",\"type\":\"pie\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"windows-830c45f0-c991-11e7-9835-2f31fe08873b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"windows-b6b7ccc0-c98d-11e7-9835-2f31fe08873b","name":"search_0","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-windows-default","name":"tag-ref-fleet-pkg-windows-default","type":"tag"}],"sort":[1688154054424,8524],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4NjEsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:windows.powershell OR data_stream.dataset:windows.powershell_operational)\"}}"},"title":"Unique hosts [Windows powershell]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Unique hosts\",\"field\":\"host.name\"},\"schema\":\"metric\",\"type\":\"cardinality\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}},\"type\":\"vis_dimension\"}]},\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000,\"type\":\"range\"}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":32,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Unique hosts [Windows powershell]\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"windows-92a2a6b0-9f29-11ea-bef1-95118e62a7c1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-windows-default","name":"tag-ref-fleet-pkg-windows-default","type":"tag"}],"sort":[1688154054424,8528],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4NjIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:windows.powershell OR data_stream.dataset:windows.powershell_operational)\"}}"},"title":"Connected users [Windows powershell]","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"User\",\"field\":\"powershell.connected_user.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"4\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Host count\",\"field\":\"host.name\"},\"schema\":\"metric\",\"type\":\"cardinality\"}],\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\",\"parsedUrl\":{\"basePath\":\"\",\"origin\":\"http://192.168.1.48:5601\",\"pathname\":\"/app/kibana\"}}},\"label\":\"User\",\"params\":{}}],\"metrics\":[{\"accessor\":1,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"label\":\"Count\",\"params\":{}},{\"accessor\":2,\"aggType\":\"cardinality\",\"format\":{\"id\":\"number\"},\"label\":\"Unique count of host.name\",\"params\":{}}]},\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"title\":\"Connected users [Windows powershell]\",\"type\":\"table\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"windows-9ec52c30-9e91-11ea-af6f-cfdb1ee1d6c8","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-windows-default","name":"tag-ref-fleet-pkg-windows-default","type":"tag"}],"sort":[1688154054424,8532],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4NjMsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"powershell.command.invocation_details.type\",\"negate\":false,\"params\":{\"query\":\"CommandInvocation\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"powershell.command.invocation_details.type\":\"CommandInvocation\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:windows.powershell OR data_stream.dataset:windows.powershell_operational)\"}}"},"title":"Top Invoked Commands [Windows powershell]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"powershell.command.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"addTooltip\":true,\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\",\"parsedUrl\":{\"basePath\":\"\",\"origin\":\"http://192.168.1.48:5601\",\"pathname\":\"/app/kibana\"}}},\"label\":\"powershell.command.invocation_details.related_command: Descending\",\"params\":{}}],\"metric\":{\"accessor\":1,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"label\":\"Count\",\"params\":{}}},\"isDonut\":false,\"labels\":{\"last_level\":false,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Top Invoked Commands [Windows powershell]\",\"type\":\"pie\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"windows-b0c5d570-9e7c-11ea-af6f-cfdb1ee1d6c8","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-windows-default","name":"tag-ref-fleet-pkg-windows-default","type":"tag"}],"sort":[1688154054424,8537],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4NjQsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:windows.powershell OR data_stream.dataset:windows.powershell_operational)\"}}"},"title":"Started providers [Windows powershell]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"powershell.provider.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"addTooltip\":true,\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\",\"parsedUrl\":{\"basePath\":\"\",\"origin\":\"http://192.168.1.48:5601\",\"pathname\":\"/app/kibana\"}}},\"label\":\"powershell.provider.name: Descending\",\"params\":{}}],\"metric\":{\"accessor\":1,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"label\":\"Count\",\"params\":{}}},\"isDonut\":false,\"labels\":{\"last_level\":false,\"show\":false,\"truncate\":100,\"values\":false},\"legendPosition\":\"right\",\"type\":\"pie\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Started providers [Windows powershell]\",\"type\":\"pie\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"windows-c0945210-9e8b-11ea-af6f-cfdb1ee1d6c8","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-windows-default","name":"tag-ref-fleet-pkg-windows-default","type":"tag"}],"sort":[1688154054424,8541],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4NjUsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"exists\":{\"field\":\"windows.service.exit_code\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"windows.service.exit_code\",\"negate\":false,\"type\":\"exists\",\"value\":\"exists\"}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"windows.service.exit_code\",\"negate\":true,\"params\":{\"query\":\"0\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"0\"},\"query\":{\"match\":{\"windows.service.exit_code\":{\"query\":\"0\",\"type\":\"phrase\"}}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\",\"key\":\"windows.service.exit_code\",\"negate\":true,\"params\":{\"query\":\"ERROR_SERVICE_NEVER_STARTED\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"ERROR_SERVICE_NEVER_STARTED\"},\"query\":{\"match\":{\"windows.service.exit_code\":{\"query\":\"ERROR_SERVICE_NEVER_STARTED\",\"type\":\"phrase\"}}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"savedSearchRefName":"search_0","title":"Non-zero Service Exit Codes [Metrics Windows]","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Non-zero Exit Codes\",\"field\":\"windows.service.id\"},\"schema\":\"metric\",\"type\":\"cardinality\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"gauge\":{\"autoExtend\":false,\"backStyle\":\"Full\",\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"gaugeColorMode\":\"None\",\"gaugeStyle\":\"Full\",\"gaugeType\":\"Metric\",\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":false},\"orientation\":\"vertical\",\"percentageMode\":false,\"scale\":{\"color\":\"#333\",\"labels\":false,\"show\":false,\"width\":2},\"style\":{\"bgColor\":false,\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"type\":\"simple\",\"useRange\":false,\"verticalSplit\":false},\"type\":\"gauge\"},\"title\":\"Non-zero Service Exit Codes [Metrics Windows]\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"windows-c36b2ba0-ca29-11e7-9835-2f31fe08873b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"windows-b6b7ccc0-c98d-11e7-9835-2f31fe08873b","name":"search_0","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-windows-default","name":"tag-ref-fleet-pkg-windows-default","type":"tag"}],"sort":[1688154054424,8548],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4NjYsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:windows.powershell OR data_stream.dataset:windows.powershell_operational)\"}}"},"title":"Unique users [Windows powershell]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Unique users\",\"field\":\"related.user\"},\"schema\":\"metric\",\"type\":\"cardinality\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}},\"type\":\"vis_dimension\"}]},\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000,\"type\":\"range\"}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":32,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Unique users [Windows powershell]\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"windows-e64ff750-9f28-11ea-bef1-95118e62a7c1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-windows-default","name":"tag-ref-fleet-pkg-windows-default","type":"tag"}],"sort":[1688154054424,8552],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4NjcsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:windows.powershell OR data_stream.dataset:windows.powershell_operational)\"}}"},"title":"Engine versions ran by host [Windows powershell]","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Host\",\"field\":\"host.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"3\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Version count\",\"field\":\"powershell.engine.version\"},\"schema\":\"metric\",\"type\":\"cardinality\"}],\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\",\"parsedUrl\":{\"basePath\":\"\",\"origin\":\"http://192.168.1.48:5601\",\"pathname\":\"/app/kibana\"}}},\"label\":\"Host\",\"params\":{}}],\"metrics\":[{\"accessor\":1,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"label\":\"Count\",\"params\":{}},{\"accessor\":2,\"aggType\":\"cardinality\",\"format\":{\"id\":\"number\"},\"label\":\"Version count\",\"params\":{}}]},\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"title\":\"Engine versions ran by host [Windows powershell]\",\"type\":\"table\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"windows-e20b3940-9e9a-11ea-af6f-cfdb1ee1d6c8","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-windows-default","name":"tag-ref-fleet-pkg-windows-default","type":"tag"}],"sort":[1688154054424,8556],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4NjgsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:windows.powershell OR data_stream.dataset:windows.powershell_operational)\"}}"},"title":"Host processes [Windows powershell]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"process.title\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"addTooltip\":true,\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\",\"parsedUrl\":{\"basePath\":\"\",\"origin\":\"http://192.168.1.48:5601\",\"pathname\":\"/app/kibana\"}}},\"label\":\"process.title: Descending\",\"params\":{}}],\"metric\":{\"accessor\":1,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"label\":\"Count\",\"params\":{}}},\"isDonut\":false,\"labels\":{\"last_level\":false,\"show\":false,\"truncate\":100,\"values\":false},\"legendPosition\":\"right\",\"type\":\"pie\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Host processes [Windows powershell]\",\"type\":\"pie\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"windows-f9fa55f0-9f34-11ea-bef1-95118e62a7c1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-windows-default","name":"tag-ref-fleet-pkg-windows-default","type":"tag"}],"sort":[1688154054424,8560],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4NjksMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:windows.powershell OR data_stream.dataset:windows.powershell_operational)\"}}"},"title":"Event type [Windows powershell]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Event type\",\"field\":\"event.code\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"addTooltip\":true,\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\",\"parsedUrl\":{\"basePath\":\"\",\"origin\":\"http://192.168.1.48:5601\",\"pathname\":\"/app/kibana\"}}},\"label\":\"event.code: Descending\",\"params\":{}}],\"metric\":{\"accessor\":1,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"label\":\"Count\",\"params\":{}}},\"isDonut\":false,\"labels\":{\"last_level\":false,\"show\":false,\"truncate\":100,\"values\":false},\"legendPosition\":\"right\",\"type\":\"pie\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Event type [Windows powershell]\",\"type\":\"pie\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"windows-d27dea70-9f32-11ea-bef1-95118e62a7c1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-windows-default","name":"tag-ref-fleet-pkg-windows-default","type":"tag"}],"sort":[1688154054424,8564],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4NzAsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:windows.powershell OR data_stream.dataset:windows.powershell_operational)\"}}"},"title":"Event Levels [Windows powershell]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"log.level\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"addTooltip\":true,\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\",\"parsedUrl\":{\"basePath\":\"\",\"origin\":\"http://192.168.1.48:5601\",\"pathname\":\"/app/kibana\"}}},\"label\":\"log.level: Descending\",\"params\":{}}],\"metric\":{\"accessor\":1,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"label\":\"Count\",\"params\":{}}},\"isDonut\":false,\"labels\":{\"last_level\":false,\"show\":false,\"truncate\":100,\"values\":false},\"legendPosition\":\"right\",\"type\":\"pie\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Event Levels [Windows powershell]\",\"type\":\"pie\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"windows-fbb025e0-9e7c-11ea-af6f-cfdb1ee1d6c8","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-windows-default","name":"tag-ref-fleet-pkg-windows-default","type":"tag"}],"sort":[1688154054424,8568],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4NzEsMV0="}
-{"attributes":{"description":"Overview dashboard for powershell integration.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:windows.powershell OR data_stream.dataset:windows.powershell_operational)\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"fa41e799-b6b3-49ec-a11c-3f20231a4a79\",\"w\":13,\"x\":0,\"y\":0},\"panelIndex\":\"fa41e799-b6b3-49ec-a11c-3f20231a4a79\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_fa41e799-b6b3-49ec-a11c-3f20231a4a79\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":6,\"i\":\"65ce6b63-6ce0-4094-ab23-189126fc169f\",\"w\":7,\"x\":13,\"y\":0},\"panelIndex\":\"65ce6b63-6ce0-4094-ab23-189126fc169f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_65ce6b63-6ce0-4094-ab23-189126fc169f\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":6,\"i\":\"314e6f55-a05a-4ae3-ab76-bcae7f2074ab\",\"w\":8,\"x\":20,\"y\":0},\"panelIndex\":\"314e6f55-a05a-4ae3-ab76-bcae7f2074ab\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_314e6f55-a05a-4ae3-ab76-bcae7f2074ab\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":6,\"i\":\"a1f161f6-1abe-4177-9ede-4d1984f5a963\",\"w\":7,\"x\":28,\"y\":0},\"panelIndex\":\"a1f161f6-1abe-4177-9ede-4d1984f5a963\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a1f161f6-1abe-4177-9ede-4d1984f5a963\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":6,\"i\":\"6b7ed122-22f3-4e9d-89eb-8de92c0d2033\",\"w\":4,\"x\":35,\"y\":0},\"panelIndex\":\"6b7ed122-22f3-4e9d-89eb-8de92c0d2033\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6b7ed122-22f3-4e9d-89eb-8de92c0d2033\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":6,\"i\":\"d536f6a7-ad28-4a32-9319-9e0b983828bf\",\"w\":4,\"x\":39,\"y\":0},\"panelIndex\":\"d536f6a7-ad28-4a32-9319-9e0b983828bf\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_d536f6a7-ad28-4a32-9319-9e0b983828bf\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":6,\"i\":\"eda6d08f-b45e-448a-bf9f-afa5516d4b4b\",\"w\":4,\"x\":43,\"y\":0},\"panelIndex\":\"eda6d08f-b45e-448a-bf9f-afa5516d4b4b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_eda6d08f-b45e-448a-bf9f-afa5516d4b4b\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"56d2dd76-6fec-422b-96e9-22791b0c5f0c\",\"w\":10,\"x\":13,\"y\":6},\"panelIndex\":\"56d2dd76-6fec-422b-96e9-22791b0c5f0c\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_56d2dd76-6fec-422b-96e9-22791b0c5f0c\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"3e4a9683-fd6a-4ad7-b05f-c71bcb4d92d5\",\"w\":12,\"x\":23,\"y\":6},\"panelIndex\":\"3e4a9683-fd6a-4ad7-b05f-c71bcb4d92d5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3e4a9683-fd6a-4ad7-b05f-c71bcb4d92d5\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"a8c00572-667b-4e39-8b0c-10be56fbadd5\",\"w\":12,\"x\":35,\"y\":6},\"panelIndex\":\"a8c00572-667b-4e39-8b0c-10be56fbadd5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a8c00572-667b-4e39-8b0c-10be56fbadd5\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"e8a57cba-14d2-4cd9-a727-f5e30165f6ba\",\"w\":13,\"x\":0,\"y\":8},\"panelIndex\":\"e8a57cba-14d2-4cd9-a727-f5e30165f6ba\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e8a57cba-14d2-4cd9-a727-f5e30165f6ba\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"8ae39cfa-cb06-45eb-880e-b749c3355d61\",\"w\":12,\"x\":23,\"y\":13},\"panelIndex\":\"8ae39cfa-cb06-45eb-880e-b749c3355d61\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8ae39cfa-cb06-45eb-880e-b749c3355d61\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"ef92d192-b56d-476c-b640-e226679ed178\",\"w\":12,\"x\":35,\"y\":13},\"panelIndex\":\"ef92d192-b56d-476c-b640-e226679ed178\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_ef92d192-b56d-476c-b640-e226679ed178\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"b15dcac5-3616-4b41-8abb-cb28398b16f4\",\"w\":13,\"x\":0,\"y\":16},\"panelIndex\":\"b15dcac5-3616-4b41-8abb-cb28398b16f4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b15dcac5-3616-4b41-8abb-cb28398b16f4\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"23af61c8-6a45-4d7d-9905-8ed265328130\",\"w\":10,\"x\":13,\"y\":16},\"panelIndex\":\"23af61c8-6a45-4d7d-9905-8ed265328130\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_23af61c8-6a45-4d7d-9905-8ed265328130\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"390068ed-b7fb-4ec1-87d5-e89f7cc82e04\",\"w\":12,\"x\":23,\"y\":20},\"panelIndex\":\"390068ed-b7fb-4ec1-87d5-e89f7cc82e04\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_390068ed-b7fb-4ec1-87d5-e89f7cc82e04\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"45724dca-fea2-4f3b-af79-cf89bb12a31b\",\"w\":12,\"x\":35,\"y\":20},\"panelIndex\":\"45724dca-fea2-4f3b-af79-cf89bb12a31b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_45724dca-fea2-4f3b-af79-cf89bb12a31b\"},{\"version\":\"7.6.0\",\"type\":\"search\",\"gridData\":{\"h\":14,\"i\":\"7f0c4a51-d972-42a5-ba0a-d3de814c7440\",\"w\":47,\"x\":0,\"y\":27},\"panelIndex\":\"7f0c4a51-d972-42a5-ba0a-d3de814c7440\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7f0c4a51-d972-42a5-ba0a-d3de814c7440\"}]","timeRestore":false,"title":"[Windows powershell] Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"windows-c77e06c0-9e7c-11ea-af6f-cfdb1ee1d6c8","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"windows-9ec52c30-9e91-11ea-af6f-cfdb1ee1d6c8","name":"fa41e799-b6b3-49ec-a11c-3f20231a4a79:panel_fa41e799-b6b3-49ec-a11c-3f20231a4a79","type":"visualization"},{"id":"windows-52543ef0-9e95-11ea-af6f-cfdb1ee1d6c8","name":"65ce6b63-6ce0-4094-ab23-189126fc169f:panel_65ce6b63-6ce0-4094-ab23-189126fc169f","type":"visualization"},{"id":"windows-7f3e7710-9e94-11ea-af6f-cfdb1ee1d6c8","name":"314e6f55-a05a-4ae3-ab76-bcae7f2074ab:panel_314e6f55-a05a-4ae3-ab76-bcae7f2074ab","type":"visualization"},{"id":"windows-78874900-9f30-11ea-bef1-95118e62a7c1","name":"a1f161f6-1abe-4177-9ede-4d1984f5a963:panel_a1f161f6-1abe-4177-9ede-4d1984f5a963","type":"visualization"},{"id":"windows-e64ff750-9f28-11ea-bef1-95118e62a7c1","name":"6b7ed122-22f3-4e9d-89eb-8de92c0d2033:panel_6b7ed122-22f3-4e9d-89eb-8de92c0d2033","type":"visualization"},{"id":"windows-2dbabdf0-9f29-11ea-bef1-95118e62a7c1","name":"d536f6a7-ad28-4a32-9319-9e0b983828bf:panel_d536f6a7-ad28-4a32-9319-9e0b983828bf","type":"visualization"},{"id":"windows-92a2a6b0-9f29-11ea-bef1-95118e62a7c1","name":"eda6d08f-b45e-448a-bf9f-afa5516d4b4b:panel_eda6d08f-b45e-448a-bf9f-afa5516d4b4b","type":"visualization"},{"id":"windows-e20b3940-9e9a-11ea-af6f-cfdb1ee1d6c8","name":"56d2dd76-6fec-422b-96e9-22791b0c5f0c:panel_56d2dd76-6fec-422b-96e9-22791b0c5f0c","type":"visualization"},{"id":"windows-1eeaaf70-9f23-11ea-bef1-95118e62a7c1","name":"3e4a9683-fd6a-4ad7-b05f-c71bcb4d92d5:panel_3e4a9683-fd6a-4ad7-b05f-c71bcb4d92d5","type":"visualization"},{"id":"windows-f9fa55f0-9f34-11ea-bef1-95118e62a7c1","name":"a8c00572-667b-4e39-8b0c-10be56fbadd5:panel_a8c00572-667b-4e39-8b0c-10be56fbadd5","type":"visualization"},{"id":"windows-3e55daa0-9e8e-11ea-af6f-cfdb1ee1d6c8","name":"e8a57cba-14d2-4cd9-a727-f5e30165f6ba:panel_e8a57cba-14d2-4cd9-a727-f5e30165f6ba","type":"visualization"},{"id":"windows-d27dea70-9f32-11ea-bef1-95118e62a7c1","name":"8ae39cfa-cb06-45eb-880e-b749c3355d61:panel_8ae39cfa-cb06-45eb-880e-b749c3355d61","type":"visualization"},{"id":"windows-fbb025e0-9e7c-11ea-af6f-cfdb1ee1d6c8","name":"ef92d192-b56d-476c-b640-e226679ed178:panel_ef92d192-b56d-476c-b640-e226679ed178","type":"visualization"},{"id":"windows-7adbce50-9e96-11ea-af6f-cfdb1ee1d6c8","name":"b15dcac5-3616-4b41-8abb-cb28398b16f4:panel_b15dcac5-3616-4b41-8abb-cb28398b16f4","type":"visualization"},{"id":"windows-70751050-9f33-11ea-bef1-95118e62a7c1","name":"23af61c8-6a45-4d7d-9905-8ed265328130:panel_23af61c8-6a45-4d7d-9905-8ed265328130","type":"visualization"},{"id":"windows-b0c5d570-9e7c-11ea-af6f-cfdb1ee1d6c8","name":"390068ed-b7fb-4ec1-87d5-e89f7cc82e04:panel_390068ed-b7fb-4ec1-87d5-e89f7cc82e04","type":"visualization"},{"id":"windows-c0945210-9e8b-11ea-af6f-cfdb1ee1d6c8","name":"45724dca-fea2-4f3b-af79-cf89bb12a31b:panel_45724dca-fea2-4f3b-af79-cf89bb12a31b","type":"visualization"},{"id":"windows-11a61760-9f27-11ea-bef1-95118e62a7c1","name":"7f0c4a51-d972-42a5-ba0a-d3de814c7440:panel_7f0c4a51-d972-42a5-ba0a-d3de814c7440","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-windows-default","name":"tag-ref-fleet-pkg-windows-default","type":"tag"}],"sort":[1688154054424,8589],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4NzIsMV0="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"title":"Service States [Metrics Windows]","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"aggregate\":\"concat\",\"customLabel\":\"Latest Report\",\"field\":\"@timestamp\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\"},\"schema\":\"metric\",\"type\":\"top_hits\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Service\",\"field\":\"windows.service.display_name\",\"order\":\"asc\",\"orderBy\":\"_term\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"5\",\"params\":{\"customLabel\":\"Host\",\"field\":\"host.name\",\"order\":\"desc\",\"orderBy\":\"_term\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"State\",\"field\":\"windows.service.state\",\"order\":\"desc\",\"orderAgg\":{\"enabled\":true,\"id\":\"3-orderAgg\",\"params\":{\"field\":\"@timestamp\"},\"schema\":\"orderAgg\",\"type\":\"max\"},\"orderBy\":\"custom\",\"size\":1},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Startup Type\",\"field\":\"windows.service.start_type\",\"order\":\"desc\",\"orderAgg\":{\"enabled\":true,\"id\":\"4-orderAgg\",\"params\":{\"field\":\"@timestamp\"},\"schema\":\"orderAgg\",\"type\":\"max\"},\"orderBy\":\"custom\",\"size\":1},\"schema\":\"bucket\",\"type\":\"terms\"}],\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"title\":\"Service States [Metrics Windows]\",\"type\":\"table\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"windows-eb8277d0-c98c-11e7-9835-2f31fe08873b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-windows-default","name":"tag-ref-fleet-pkg-windows-default","type":"tag"}],"sort":[1688154054424,8593],"type":"visualization","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4NzMsMV0="}
-{"attributes":{"description":"Overview of the Windows Service States","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.service\"},\"version\":true}"},"optionsJSON":"{\"darkTheme\":false}","panelsJSON":"[{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":20,\"i\":\"1\",\"w\":36,\"x\":12,\"y\":12},\"panelIndex\":\"1\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":20,\"i\":\"2\",\"w\":12,\"x\":0,\"y\":12},\"panelIndex\":\"2\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"3\",\"w\":16,\"x\":0,\"y\":0},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"4\",\"w\":16,\"x\":16,\"y\":0},\"panelIndex\":\"4\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}},\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"5\",\"w\":16,\"x\":32,\"y\":0},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}},\"enhancements\":{}},\"panelRefName\":\"panel_5\"}]","timeRestore":false,"title":"[Metrics Windows] Services","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-06-30T19:40:54.424Z","id":"windows-d9eba730-c991-11e7-9835-2f31fe08873b","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"windows-eb8277d0-c98c-11e7-9835-2f31fe08873b","name":"1:panel_1","type":"visualization"},{"id":"windows-23a5fff0-c98e-11e7-9835-2f31fe08873b","name":"2:panel_2","type":"visualization"},{"id":"windows-830c45f0-c991-11e7-9835-2f31fe08873b","name":"3:panel_3","type":"visualization"},{"id":"windows-35f5ad60-c996-11e7-9835-2f31fe08873b","name":"4:panel_4","type":"visualization"},{"id":"windows-c36b2ba0-ca29-11e7-9835-2f31fe08873b","name":"5:panel_5","type":"visualization"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-windows-default","name":"tag-ref-fleet-pkg-windows-default","type":"tag"}],"sort":[1688154054424,8601],"type":"dashboard","updated_at":"2023-06-30T19:40:54.424Z","version":"WzQ4NzQsMV0="}
-{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":954,"missingRefCount":0,"missingReferences":[]}
+{"attributes":{"fieldFormatMap":"{\"match_body.source_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"match_body.destination_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}}}","fields":"[{\"name\":\"@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"alert_info.slack_username_override\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"alert_info.slack_username_override.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_info.slack_webhook_url\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"alert_info.slack_webhook_url.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_info.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"alert_info.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_sent\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.rule\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.rule.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"endtime\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"exponent\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hits\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.@version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.@version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.signature_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.signature_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body._id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body._id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body._index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body._index.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body._type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body._type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.alert\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.alert.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.category\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.category.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.classification\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.classification.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.connection_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.connection_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.connection_state_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.connection_state_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination_geo.continent_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.country_code2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination_geo.country_code2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.country_code3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination_geo.country_code3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination_geo.country_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination_geo.ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.location.lat\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.location.lon\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination_geo.timezone.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination_ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.duration\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.gid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.history\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.history.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.local_orig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.local_orig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.local_respond\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.local_respond.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.logstash_time\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.missed_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.num_hits\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.num_matches\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.original_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.original_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.original_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.original_ipbytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.original_ipbytes.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.original_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.respond_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.respond_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.respond_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.respond_ipbytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.respond_ipbytes.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.respond_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.rev\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.rev.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.rule\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.rule.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.rule_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.rule_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.sensor_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.sensor_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.service\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.service.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.sid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.source_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.source.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.source_ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.source_ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.source_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-facility.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-host_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-host_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-legacy_msghdr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-legacy_msghdr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-sourceip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-sourceip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-tags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.tags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.total_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.tunnel_parents\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.tunnel_parents.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.uid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"matches\",\"type\":\"number\",\"count\":3,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule_name\",\"type\":\"string\",\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"starttime\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"time_taken\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traceback\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"traceback.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"until\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","notExpandable":true,"timeFieldName":"@timestamp","title":"*:elastalert_status*"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"*:elastalert_status*","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"sort":[1688996741503,4038],"type":"index-pattern","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5MjMsMV0="}
+{"attributes":{"fieldFormatMap":"{\"_id\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/#/hunt?q=_id%3A%22{{value}}%22\",\"labelTemplate\":\"Hunt and optionally pivot to PCAP/Cases\"}},\"uid\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"source_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"destination_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"source_port\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'source_port:\\\"{{value}}\\\" OR destination_port:\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"destination_port\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'source_port:\\\"{{value}}\\\" OR destination_port:\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"fuid\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"resp_fuids\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"orig_fuids\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"sid\":{\"id\":\"number\",\"params\":{\"pattern\":\"0\"}},\"port\":{\"id\":\"number\",\"params\":{\"pattern\":\"0.[000]\"}},\"query\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"query.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"server_name\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"server_name.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"virtual_host\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"virtual_host.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"indicator\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"indicator.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"file_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"file_ip.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"signature_info\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"{{rawValue}}\",\"labelTemplate\":\"{{value}}\"}},\"highest_registered_domain\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"highest_registered_domain.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"domain_name\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"domain_name.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"duration\":{\"id\":\"duration\",\"params\":{\"outputFormat\":\"asSeconds\",\"outputPrecision\":6}},\"missed_bytes\":{\"id\":\"bytes\"},\"missing_bytes\":{\"id\":\"bytes\"},\"original_bytes\":{\"id\":\"bytes\"},\"original_ip_bytes\":{\"id\":\"bytes\"},\"overflow_bytes\":{\"id\":\"bytes\"},\"respond_bytes\":{\"id\":\"bytes\"},\"respond_ip_bytes\":{\"id\":\"bytes\"},\"seen_bytes\":{\"id\":\"bytes\"},\"total_bytes\":{\"id\":\"bytes\"},\"rtt\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0000000]\"}},\"uids\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"osquery.LiveQuery\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/queries/new?host_uuids={{rawValue}}\",\"labelTemplate\":\"LiveQuery\"}},\"TheHive\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"\",\"labelTemplate\":\"Add2Hive\"}}}","fields":"[{\"name\":\"@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"@version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"@version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"aa\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"aa.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ack\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ack.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"action.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"additional_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"additional_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"age\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"age.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"alert.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_level\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_level.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"analyzer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"analyzer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"answers\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"answers.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"assigned_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"assigned_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auth\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"auth.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"authentication_attempts\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"authentication_method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"authentication_method.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"authentication_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"authentication_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"basic_constraints.path_len\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"basic_constraints_ca\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"basic_constraints_ca.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"basic_constraints_path_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"beat.hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"beat.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"beat.version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat_host.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"beat_host.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"bound_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"call_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"call_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"category\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"category.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cc\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cc.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_chain_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_chain_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_chain_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_common_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_common_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_common_name_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_common_name_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_curve\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_curve.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_exponent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_exponent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_issuer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_issuer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_key_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_key_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_key_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_key_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_key_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_locality\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_locality.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_not_valid_after\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_not_valid_before\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_number_days_valid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_organization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_organization.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_organization_unit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_organization_unit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_permanent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_permanent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_serial\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_serial.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_serial_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_serial_number.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_signing_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_signing_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"checksum\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"checksum.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cipher\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cipher.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cipher_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cipher_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"class\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"class.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"classification\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"classification.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_build\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_build.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_certificate_chain_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_certificate_chain_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_certificate_fuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_certificate_fuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_certificate_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_certificate_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_digital_product_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_digital_product_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_fqdn\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_fqdn.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_host_key_algorithms\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_host_key_algorithms.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_issuer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_issuer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_major_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_major_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_minor_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_minor_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"community\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"community.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"company.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"compile_ts\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"compile_ts.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"compression_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"compression_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connect_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connect_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection_state_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection_state_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"content_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"content_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cookie\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cookie.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"creation_date\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"creation_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"current_directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"current_directory.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"curve\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"curve.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.arch\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.arch.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.data.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.dpkg_status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.dpkg_status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.file\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.file.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.cpu_cores\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.cpu_cores.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.cpu_mhz\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.cpu_mhz.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.cpu_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.cpu_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.ram_free\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.ram_free.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.ram_total\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.ram_total.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.ram_usage\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.ram_usage.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.serial\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.serial.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.address.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.broadcast\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.broadcast.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.dhcp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.dhcp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.gateway\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.gateway.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.metric\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.metric.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.netmask\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.netmask.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv6.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.address.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv6.dhcp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.dhcp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv6.netmask\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.netmask.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.mac\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.mac.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.mtu\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.mtu.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.rx_bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_bytes.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.rx_dropped\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_dropped.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.rx_errors\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_errors.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.rx_packets\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_packets.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.tx_bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_bytes.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.tx_dropped\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_dropped.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.tx_errors\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_errors.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.tx_packets\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_packets.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.architecture.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.codename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.codename.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.major\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.major.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.minor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.minor.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.platform\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.platform.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.release\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.release.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.release_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.release_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.sysname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.sysname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.package\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.package.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.inode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.inode.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.local_ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.local_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.local_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.local_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.remote_ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.remote_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.remote_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.remote_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.rx_queue\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.rx_queue.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.tx_queue\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.tx_queue.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.args\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.args.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.cmd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.cmd.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.egroup\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.egroup.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.euser\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.euser.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.fgroup\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.fgroup.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.nice\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.nice.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.nlwp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.nlwp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.pgrp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.pgrp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.pid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.pid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.ppid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.ppid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.processor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.processor.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.resident\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.resident.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.rgroup\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.rgroup.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.ruser\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.ruser.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.session\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.session.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.sgroup\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.sgroup.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.share\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.share.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.start_time\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.start_time.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.stime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.stime.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.suser\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.suser.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.tgid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.tgid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.tty\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.tty.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.utime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.utime.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.vm_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.vm_size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.architecture.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.format\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.format.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.multiarch\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.multiarch.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.section\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.section.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.source\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.source.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.vendor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.vendor.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.pwd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.pwd.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.title\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.title.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.tty\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.tty.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.uid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_destination_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_destination_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_passive\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data_channel_passive.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_source_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"date\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dcc_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dcc_file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dcc_file_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dcc_mime_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dcc_mime_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"decoder.ftscomment\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"decoder.ftscomment.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"decoder.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"decoder.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"decoder.parent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"decoder.parent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"depth\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"desktop_height\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"desktop_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"desktop_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"desktop_width\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dest_is_ipv6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dest_is_ipv6.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_city\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_city.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.city_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.continent_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.continent_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.country_code2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.country_code2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.country_code3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.country_code3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.country_iso_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.country_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.dma_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.longitude.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.postal_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.region_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.region_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.region_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.region_iso_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.region_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.timezone.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_latitude\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_latitude.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_longitude\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_longitude.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_port_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_port_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_region\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_region.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"details\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"details.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dir\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dir.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"direction\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"direction.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"display_string\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"display_string.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"domain_age\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"domain_age.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"domain_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"domain_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dropped\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dropped.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"duration\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"enabled\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"enabled.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"encryption_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"encryption_level.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"encryption_method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"encryption_method.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"endpoint\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"endpoint.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"entry\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"entry.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"entry_location\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"entry_location.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"error_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"error_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"escalated_user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"escalated_user.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"established\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"established.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"exception\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"exception.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"extracted\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"extracted.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"extracted_cutoff\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"extracted_cutoff.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"facility.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fc_reply\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fc_reply.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fc_request\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fc_request.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_mime_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file_mime_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"first_received\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"first_received.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow_label\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"flow_label.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"forwardable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"forwardable.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"framed_addr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"framed_addr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"freq_virtual_host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"freq_virtual_host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"frequency_scores\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"frequency_scores.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp_argument\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp_argument.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp_command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp_command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"full_log\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"full_log.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"function\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"function.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"get_bulk_requests\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"get_bulk_requests.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"get_requests\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"get_requests.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"get_responses\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"get_responses.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"gid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_cert_table\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_cert_table.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_debug_data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_debug_data.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_export_table\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_export_table.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_import_table\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_import_table.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hassh\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hassh.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hassh_algorithms\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hassh_algorithms.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hassh_server\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hassh_server.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hassh_server_algorithms\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hassh_server_algorithms.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hassh_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hassh_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"height\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"helo\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"helo.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"highest_registered_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"highest_registered_domain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"highest_registered_domain_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"history\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"history.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hop_limit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hop_limit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host_key\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host_key.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host_key_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host_key_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"iin\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"iin.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"image_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"image_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"in_reply_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"in_reply_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"indicator\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"indicator.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"indicator_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"indicator_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"info_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"info_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"info_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"initiated\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"initiated.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"input.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"input.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"integrity_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"integrity_level.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"interface\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"interface.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ip_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_ecn\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_ecn.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_flags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_flags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_offset.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_protocol_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_protocol_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_protocol_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_tos\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_tos.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_ttl\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"irc_command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc_command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"irc_username\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc_username.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_64bit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_64bit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_exe\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_exe.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_orig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_orig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_source_ipv6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_source_ipv6.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_webmail\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_webmail.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_common_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_common_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_common_name_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_common_name_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_distinguished_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_distinguished_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_locality\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_locality.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_organization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_organization.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_organization_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_organization_unit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_organization_unit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_serial_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_serial_number.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ja3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ja3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ja3s\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ja3s.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kerberos_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kex_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kex_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"keyboard_layout\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"keyboard_layout.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"last_alert\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"last_alert.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"last_reply\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"last_reply.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"launch_string\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"launch_string.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"lease_time\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"lease_time.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"length\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"length.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"local_orig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"local_orig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"local_respond\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"local_respond.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"location\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"location.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log.file.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.file.path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logged\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logged.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logon_guid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logon_guid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logon_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logon_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash_time\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mac\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mac.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mac_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mac_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"machine\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"machine.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mail_date\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mail_date.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mail_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mail_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"manager.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"manager.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"matched\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"matched.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"md5.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message_types\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message_types.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"method.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mimetype\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mimetype.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"missed_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"missing_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"msg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"msg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql_argument\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql_argument.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql_command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql_command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"n\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"named_pipe\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"named_pipe.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"native_file_system\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"native_file_system.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"next_protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"next_protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nick\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"nick.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"note\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"note.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"notice\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ntlm_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ntlm_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"num_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"object_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"offset\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"operation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"operation.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"options\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"options.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"orig_filenames\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"orig_filenames.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"orig_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"orig_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"orig_mime_types\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"orig_mime_types.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"original_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_ip_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"os\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"os.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.EndpointIP1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.EndpointIP1.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.EndpointIP2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.EndpointIP2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.LiveQuery\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.LiveQuery.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.action.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.calendarTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.calendarTime.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.codename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.codename.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.directory.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.gid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.gid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.gid_signed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.gid_signed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.shell\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.shell.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.uid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.uid_signed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.uid_signed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.username\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.username.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.uuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.uuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.counter\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.epoch\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.hardware_serial\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.hardware_serial.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.hostIdentifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.hostIdentifier.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.unixTime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ossec_agent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ossec_agent_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ossec_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ossec_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"overflow_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"p\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_domain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_domain_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_domain_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_image_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_image_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_process_guid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_process_guid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_process_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_process_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_process_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_process_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"password\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"password.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"peer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"peer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"peer_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"peer_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pesha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"pesha1.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pesha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"pesha256.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"predecoder.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"predecoder.hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"predecoder.timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"predecoder.timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"prev_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"prev_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_arguments\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process_arguments.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_guid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"profile\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"profile.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"program\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"program.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"prospector.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"prospector.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"protocol_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"protocol_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"protocol_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"protocol_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"proxied\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"proxied.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"query.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_class\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_class_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"query_class_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_type\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_type_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"query_type_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ra\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ra.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rcode\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rcode_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rcode_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rd.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reason\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reason.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"recipient_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"recipient_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"referrer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"referrer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rejected\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rejected.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"remote_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"remote_location.country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"renewable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"renewable.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reply_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reply_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reply_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reply_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reply_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reply_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_body_len\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_body_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requested_color_depth\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"requested_color_depth.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requested_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requested_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requested_resource\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"requested_resource.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resp_filenames\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resp_filenames.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resp_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resp_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resp_mime_types\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resp_mime_types.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"respond_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_ip_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_body_len\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_body_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"result\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"result.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resumed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resumed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rev\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rev.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rows\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rows.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rtt\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rtt.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule_number\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule_signature.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"san_dns\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"san_dns.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"second_received\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"second_received.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"section_names\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"section_names.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"security_protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"security_protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seen_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seen_node\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"seen_node.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seen_where\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"seen_where.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sensor_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sensor_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seq\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"seq.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sequence_number\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_certificate_fuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_certificate_fuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_certificate_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_certificate_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_dns_computer_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_dns_computer_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_host_key_algorithms\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_host_key_algorithms.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_major_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_major_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_minor_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_minor_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_name_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_name_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_nb_computer_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_nb_computer_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_tree_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_tree_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"service\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"service.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"set_requests\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"set_requests.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"severity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"severity.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sha1.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sha256.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"share_flag\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"share_flag.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"share_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"share_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"signature_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"signer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"signer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"site\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"site.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"software_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"software_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.city_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.continent_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.country_code2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.country_code2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.country_code3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.country_code3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.country_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.dma_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.postal_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.region_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.region_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.region_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.timezone.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_port_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_port_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sources\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sources.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"status_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status_msg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"status_msg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sub_msg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sub_msg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sub_rule_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sub_rule_number.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subdomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"subdomain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subdomain_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subdomain_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subsystem\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"subsystem.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"suppress_for\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.event\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.event.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.gid_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.gid_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.gname_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.gname_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.inode_after\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.md5_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.md5_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.md5_before\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.md5_before.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.mtime_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.mtime_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.mtime_before\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.mtime_before.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.perm_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.perm_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.sha1_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.sha1_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.sha1_before\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.sha1_before.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.sha256_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.sha256_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.sha256_before\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.sha256_before.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.size_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.size_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.size_before\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.size_before.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.uid_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.uid_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.uname_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.uname_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-facility.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-host_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-host_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-legacy_msghdr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-legacy_msghdr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-pid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-pid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-sourceip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-tags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sysmon_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sysmon_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"target_filename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"target_filename.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tc\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tc.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tcp_flags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tcp_flags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"terminal_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"terminal_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"timed_out\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"timed_out.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_accessed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_accessed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_changed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_changed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_created\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_created.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_modified\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_modified.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tld.subdomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tld.subdomain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tls\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tls.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"top_level_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"top_level_domain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"total_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tracker_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tracker_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"trans_depth\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"transaction_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ttls\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tty\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tty.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tunnel_parents\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tunnel_parents.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tunnel_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tunnel_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"unparsed_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"unparsed_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"up_since\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"up_since.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"urg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"urg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uri\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uri.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uri_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user_agent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"useragent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"useragent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"useragent_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"username\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"username.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_aslr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_aslr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_code_integrity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_code_integrity.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_dep\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_dep.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_seh\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_seh.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"valid_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"valid_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"valid_till\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"valid_till.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"validation_status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"validation_status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"value\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"value.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_additional_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_additional_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_major\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_major.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_minor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_minor.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_minor2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_minor2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_minor3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_minor3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"virtual_host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"virtual_host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"virtual_host_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"virtual_host_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"warning\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"warning.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.firedtimes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.gdpr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"wazuh-rule.gdpr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.gpg13\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"wazuh-rule.gpg13.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.groups\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"wazuh-rule.groups.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"wazuh-rule.id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.mail\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.pci_dss\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"wazuh-rule.pci_dss.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"width\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"width.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"window\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"window.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"x_originating_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"year\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"z\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"z.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"TheHive\",\"type\":\"string\",\"count\":0,\"scripted\":true,\"script\":\"'soctopus/thehive/case/' + doc['_id'].value\",\"lang\":\"painless\",\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false}]","notExpandable":true,"timeFieldName":"@timestamp","title":"*:logstash-*"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"*:logstash-*","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"sort":[1688996741503,4039],"type":"index-pattern","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5MjQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Security Onion - Network Data","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Network Data\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Home](/kibana/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645)     \\n \\n**Datasets**    \\n[Connections](/kibana/app/dashboards#/view/0cc628b0-6e9f-11ea-9266-1fd14ca6af34) |  [DCE/RPC](/kibana/app/dashboards#/view/9e882df0-72c5-11ea-8dd2-9d8795a1200b) |\\n[DHCP](/kibana/app/dashboards#/view/80625c10-96dd-11ea-814e-bb515e873c2c)    \\n[DNP3](/kibana/app/dashboards#/view/b1f52180-755a-11ea-9565-7315f4ee5cac)  |  [DNS](/kibana/app/dashboards#/view/55ac6bf0-6ec4-11ea-9266-1fd14ca6af34) |\\n[FTP](/kibana/app/dashboards#/view/739bfad0-755a-11ea-9565-7315f4ee5cac) |\\n[HTTP](/kibana/app/dashboards#/view/44e9c820-6eb1-11ea-9266-1fd14ca6af34) | [Intel](/kibana/app/dashboards#/view/85b529a0-0e5a-11eb-a255-e1e8e85e3571) | [IRC](/kibana/app/dashboards#/view/38523560-75ba-11ea-9565-7315f4ee5cac)  |\\n[Kerberos](/kibana/app/dashboards#/view/b207ab90-75bc-11ea-9565-7315f4ee5cac)   \\n[Modbus](/kibana/app/dashboards#/view/886a7b90-75bd-11ea-9565-7315f4ee5cac) | \\n[MySQL](/kibana/app/dashboards#/view/c3ced6d0-75be-11ea-9565-7315f4ee5cac)  | \\n[NTLM](/kibana/app/dashboards#/view/558292e0-75c1-11ea-9565-7315f4ee5cac)  | \\n[PE](/kibana/app/dashboards#/view/94b55b90-c761-11ea-bebb-37c5ab5894ea) |\\n[RADIUS](/kibana/app/dashboards#/view/b9769e60-75c4-11ea-9565-7315f4ee5cac) | [RDP](/kibana/app/dashboards#/view/5b743150-75c5-11ea-9565-7315f4ee5cac) | \\n[RFB](/kibana/app/dashboards#/view/c8b3c360-75c6-11ea-9565-7315f4ee5cac) | [SIP](/kibana/app/dashboards#/view/dd98e260-75c6-11ea-9565-7315f4ee5cac)     \\n[SMB](/kibana/app/dashboards#/view/f24d7b80-75c6-11ea-9565-7315f4ee5cac) | [SMTP](/kibana/app/dashboards#/view/00304500-75e7-11ea-9565-7315f4ee5cac) | [SNMP](/kibana/app/dashboards#/view/96522610-75e8-11ea-9565-7315f4ee5cac) | \\n[SSH](/kibana/app/dashboards#/view/9dfd77e0-75eb-11ea-9565-7315f4ee5cac) | [SSL](/kibana/app/dashboards#/view/efae8de0-75eb-11ea-9565-7315f4ee5cac) | [Syslog](/kibana/app/dashboards#/view/66499a20-75ed-11ea-9565-7315f4ee5cac) | [Tunnels](/kibana/app/dashboards#/view/c962dd60-75ed-11ea-9565-7315f4ee5cac) | [X.509](/kibana/app/dashboards#/view/2e0865f0-75ee-11ea-9565-7315f4ee5cac)   \\n\"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[],"sort":[1688996741503,4040],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5MjUsMV0="}
+{"attributes":{"allowNoIndex":true,"fieldFormatMap":"{\"Ransomware.child_processes.pid\":{\"id\":\"string\"},\"Ransomware.pid\":{\"id\":\"string\"},\"Responses.@timestamp\":{\"id\":\"string\"},\"Target.process.parent.pgid\":{\"id\":\"string\"},\"Target.process.parent.pid\":{\"id\":\"string\"},\"Target.process.parent.ppid\":{\"id\":\"string\"},\"Target.process.parent.thread.id\":{\"id\":\"string\"},\"Target.process.pgid\":{\"id\":\"string\"},\"Target.process.pid\":{\"id\":\"string\"},\"Target.process.ppid\":{\"id\":\"string\"},\"Target.process.thread.id\":{\"id\":\"string\"},\"event.sequence\":{\"id\":\"string\"},\"event.severity\":{\"id\":\"string\"},\"process.parent.pgid\":{\"id\":\"string\"},\"process.parent.pid\":{\"id\":\"string\"},\"process.parent.ppid\":{\"id\":\"string\"},\"process.parent.thread.id\":{\"id\":\"string\"},\"process.pgid\":{\"id\":\"string\"},\"process.pid\":{\"id\":\"string\"},\"process.ppid\":{\"id\":\"string\"},\"process.thread.id\":{\"id\":\"string\"},\"threat.enrichments.indicator.file.elf.header.entrypoint\":{\"id\":\"string\"},\"threat.enrichments.indicator.file.elf.sections.chi2\":{\"id\":\"number\"},\"threat.enrichments.indicator.file.elf.sections.entropy\":{\"id\":\"number\"},\"threat.enrichments.indicator.file.elf.sections.physical_size\":{\"id\":\"bytes\"},\"threat.enrichments.indicator.file.elf.sections.virtual_address\":{\"id\":\"string\"},\"threat.enrichments.indicator.file.elf.sections.virtual_size\":{\"id\":\"string\"},\"threat.enrichments.indicator.url.port\":{\"id\":\"string\"},\"threat.indicator.file.elf.header.entrypoint\":{\"id\":\"string\"},\"threat.indicator.file.elf.sections.chi2\":{\"id\":\"number\"},\"threat.indicator.file.elf.sections.entropy\":{\"id\":\"number\"},\"threat.indicator.file.elf.sections.physical_size\":{\"id\":\"bytes\"},\"threat.indicator.file.elf.sections.virtual_address\":{\"id\":\"string\"},\"threat.indicator.file.elf.sections.virtual_size\":{\"id\":\"string\"},\"threat.indicator.url.port\":{\"id\":\"string\"},\"destination.bytes\":{\"id\":\"bytes\"},\"destination.port\":{\"id\":\"string\"},\"http.request.body.bytes\":{\"id\":\"bytes\"},\"http.request.bytes\":{\"id\":\"bytes\"},\"http.response.body.bytes\":{\"id\":\"bytes\"},\"http.response.bytes\":{\"id\":\"bytes\"},\"http.response.status_code\":{\"id\":\"string\"},\"network.bytes\":{\"id\":\"bytes\"},\"source.bytes\":{\"id\":\"bytes\"},\"source.port\":{\"id\":\"string\"}}","fields":"[{\"name\":\"cloud.account.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.availability_zone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.instance.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.instance.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.machine.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.provider\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.region\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.project.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.image.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"container.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"container.image.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"container.labels\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"container.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.mac\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.family\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.kernel\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"host.os.platform\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.containerized\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.build\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.codename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_stream.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_stream.dataset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_stream.namespace\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"elastic_agent.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic_agent.process\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic_agent.snapshot\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic_agent.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.dataset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ecs.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"error.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.category\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.created\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.ingested\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.kind\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.outcome\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.provider\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.sequence\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.full\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"related.hosts\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"related.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"related.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.as.number\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.as.organization.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.region_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.effective.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.dropped_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.event\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.sudo.error\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.sudo.tty\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.sudo.pwd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.sudo.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.sudo.command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.useradd.home\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.useradd.shell\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.original\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.api\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.activity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.computer_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AuthenticationPackageName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Binary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.BitlockerUserInputTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.BootMode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.BootType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.BuildVersion\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.CorruptionActionState\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.CreationUtcTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Detail\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DeviceName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DeviceNameLength\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DeviceTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DeviceVersionMajor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DeviceVersionMinor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DriveName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DriverName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DriverNameLength\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DwordVal\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.EntryCount\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ExtraInfo\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.FailureName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.FailureNameLength\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.FileVersion\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.FinalStatus\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Group\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.IdleImplementation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.IdleStateCount\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ImpersonationLevel\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.IntegrityLevel\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.IpAddress\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.IpPort\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.KeyLength\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.LastBootGood\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.LastShutdownGood\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.LmPackageName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.LogonGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.LogonId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.LogonProcessName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.LogonType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.MajorVersion\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.MaximumPerformancePercent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.MemberName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.MemberSid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.MinimumPerformancePercent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.MinimumThrottlePercent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.MinorVersion\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewProcessId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewProcessName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewSchemeGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NominalFrequency\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.OldSchemeGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.OldTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.OriginalFileName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.PerformanceImplementation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.PreviousCreationUtcTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.PreviousTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.PrivilegeList\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ProcessId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ProcessName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ProcessPath\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ProcessPid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.PuaCount\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.PuaPolicyId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.QfeVersion\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Reason\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SchemaVersion\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ScriptBlockText\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ServiceName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ServiceVersion\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ShutdownActionType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ShutdownEventCode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ShutdownReason\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SignatureStatus\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Signed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.StartTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.State\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.StopTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SubjectDomainName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SubjectLogonId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SubjectUserName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SubjectUserSid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TSId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TargetDomainName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TargetInfo\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TargetLogonGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TargetLogonId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TargetServerName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TargetUserName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TargetUserSid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TerminalSessionId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TokenElevationType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TransmittedServices\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.UserSid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Workstation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.param1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.param2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.param3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.param4\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.param5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.param6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.param7\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.param8\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.keywords\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.channel\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.record_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.related_activity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.opcode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.provider_guid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.process.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.provider_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.task\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.process.thread.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.user_data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.user.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.user.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.user.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.user.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"input.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log.file.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.args\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.args_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.command_line\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.entity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.executable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.executable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.title\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"related.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"service.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"service.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.effective.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.effective.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.group.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.changes.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.logon.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.logon.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.logon.failure.reason\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.logon.failure.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.logon.failure.sub_status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.computerObject.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.computerObject.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.computerObject.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AccessGranted\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AccessList\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AccessListDescription\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AccessMask\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AccessMaskDescription\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AccessRemoved\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AccountDomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AccountExpires\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AccountName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AllowedToDelegateTo\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AuditPolicyChanges\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AuditPolicyChangesDescription\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AuditSourceName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.CallerProcessId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.CallerProcessName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Category\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.CategoryId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ClientAddress\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ClientName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.CommandLine\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.CrashOnAuditFailValue\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DisplayName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DomainBehaviorVersion\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DomainName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DomainPolicyChanged\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DomainSid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Dummy\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.EventSourceId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.FailureReason\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.GroupTypeChange\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.HandleId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.HomeDirectory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.HomePath\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.KerberosPolicyChange\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.LogonHours\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.LogonID\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.MachineAccountQuota\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.MandatoryLabel\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.MixedDomainMode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewSd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewSdDacl0\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewSdDacl1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewSdDacl2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewSdSacl0\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewSdSacl1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewSdSacl2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewTargetUserName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewUACList\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewUacValue\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ObjectName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ObjectServer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ObjectType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.OemInformation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.OldSd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.OldSdDacl0\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.OldSdDacl1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.OldSdDacl2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.OldSdSacl0\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.OldSdSacl1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.OldSdSacl2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.OldTargetUserName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.OldUacValue\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.PackageName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.PasswordLastSet\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.PasswordHistoryLength\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ParentProcessName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.PreAuthType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.PrimaryGroupId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ProfilePath\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ResourceAttributes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SamAccountName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ScriptPath\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SidHistory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Service\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ServiceAccount\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ServiceFileName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ServiceSid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ServiceStartType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ServiceType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SessionName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SidFilteringEnabled\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.StatusDescription\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SubCategory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SubCategoryGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SubcategoryGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SubCategoryId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SubcategoryId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SubStatus\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TargetSid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TdoAttributes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TdoDirection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TdoType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TicketEncryptionType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TicketEncryptionTypeDescription\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TicketOptions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TicketOptionsDescription\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.UserAccountControl\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.UserParameters\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.UserPrincipalName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.UserWorkstations\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.WorkstationName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.outcome\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.time_created\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.trustAttribute\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.trustDirection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.trustType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.user_data.BackupPath\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.user_data.Channel\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.user_data.SubjectDomainName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.user_data.SubjectLogonId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.user_data.SubjectUserName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.user_data.SubjectUserSid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.user_data.xml_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"action_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"completed_at\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.comment\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"started_at\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"EndpointActions.action_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"EndpointActions.completed_at\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"EndpointActions.data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"EndpointActions.data.command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"EndpointActions.data.comment\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"EndpointActions.started_at\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"EndpointActions.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"error.code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"error.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"error.stack_trace\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"error.stack_trace.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"error.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.end\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agents\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"expiration\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"input_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"EndpointActions.expiration\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"EndpointActions.input_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"EndpointActions.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Events\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Endpoint.policy.applied.artifacts.global\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.identifiers\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.identifiers.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.identifiers.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.identifiers\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.identifiers.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.identifiers.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Memory_protection.cross_session\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Memory_protection.feature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Memory_protection.parent_to_child\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Memory_protection.self_injection\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Memory_protection.thread_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Memory_protection.unique_key_v1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.executable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.executable.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.feature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.files\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.files.data\",\"type\":\"binary\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Ransomware.child_processes.files.entropy\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.files.extension\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.files.metrics\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.files.operation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.files.original.extension\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.files.original.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.files.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.files.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.executable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.executable.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Ransomware.feature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files.data\",\"type\":\"binary\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Ransomware.files.entropy\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files.extension\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files.metrics\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files.operation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files.original.extension\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files.original.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Responses.@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Responses.action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Responses.action.action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Responses.action.field\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Responses.action.state\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Responses.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Responses.process\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Responses.process.entity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Responses.process.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Responses.process.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Responses.result\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.compile_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.features\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Target.dll.Ext.malware_classification.features.data.buffer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.features.data.decompressed_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.features.data.encoding\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.threshold\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.upx_packed\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.mapped_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.mapped_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.ancestry\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.authentication_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.compile_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.mapped_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.mapped_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.features\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Target.process.Ext.malware_classification.features.data.buffer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.features.data.decompressed_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.features.data.encoding\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.threshold\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.upx_packed\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.allocation_base\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.allocation_protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.allocation_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.allocation_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.bytes_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.bytes_allocation_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.bytes_compressed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"Target.process.Ext.memory_region.bytes_compressed_present\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.malware_signature.all_names\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.malware_signature.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.malware_signature.primary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.malware_signature.primary.matches\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"Target.process.Ext.memory_region.malware_signature.primary.signature.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.malware_signature.primary.signature.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.malware_signature.primary.signature.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.malware_signature.primary.signature.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.malware_signature.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.mapped_pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.mapped_pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.mapped_pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.mapped_pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.mapped_pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.mapped_pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.mapped_pe_detected\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.memory_pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.memory_pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.memory_pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.memory_pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.memory_pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.memory_pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.memory_pe_detected\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.region_base\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.region_protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.region_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.region_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.strings\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"Target.process.Ext.protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.services\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.session\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.elevation\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.elevation_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.impersonation_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.integrity_level\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.integrity_level_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.is_appcontainer\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.privileges\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.privileges.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.privileges.enabled\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.privileges.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.sid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.args\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.args_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.command_line\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.command_line.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.command_line.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.entity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.executable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.executable.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.executable.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.exit_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.name.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.compile_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.mapped_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.mapped_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.real\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.real.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.elevation\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.elevation_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.impersonation_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.integrity_level\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.integrity_level_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.is_appcontainer\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.privileges\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.privileges.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.privileges.enabled\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.privileges.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.sid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.args\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.args_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.command_line\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.command_line.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.command_line.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.entity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.executable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.executable.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.executable.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.exit_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.name.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.pgid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.ppid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.thread.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.thread.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.title\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.title.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.working_directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.working_directory.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.working_directory.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pgid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.ppid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.instruction_pointer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.memory_section.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.memory_section.protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.memory_section.size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.module_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.rva\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.symbol_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack_final_user_module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack_final_user_module.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack_final_user_module.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack_final_user_module.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack_final_user_module.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack_final_user_module.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack_final_user_module.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack_final_user_module.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack_final_user_module.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack_final_user_module.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack_final_user_module.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack_summary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.parameter\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.parameter_bytes_compressed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"Target.process.thread.Ext.parameter_bytes_compressed_present\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.service\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_allocation_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_bytes_disasm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_bytes_disasm_hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.elevation\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.elevation_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.impersonation_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.integrity_level\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.integrity_level_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.is_appcontainer\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.privileges\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.privileges.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.privileges.enabled\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.privileges.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.sid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.title\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.title.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.working_directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.working_directory.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.working_directory.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"agent.ephemeral_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.region_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.compile_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.features\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dll.Ext.malware_classification.features.data.buffer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.features.data.decompressed_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.features.data.encoding\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.threshold\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.upx_packed\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.mapped_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.mapped_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.code_signature.signing_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.code_signature.team_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.question.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.question.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic.agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic.agent.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.risk_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.severity\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.entry_modified\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.code_page\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.collection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.collection.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.collection.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.collection.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.collection.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.errors\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.errors.count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.errors.error_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.file_extension\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.project_file\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.project_file.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.project_file.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.project_file.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.project_file.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.stream\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.stream.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.stream.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.stream.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.stream.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.stream.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.stream.raw_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.stream.raw_code_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.features\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.Ext.malware_classification.features.data.buffer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.features.data.decompressed_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.features.data.encoding\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.threshold\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.upx_packed\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.gid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.group\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.mode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.owner\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.quarantine_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.quarantine_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.quarantine_result\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.temp_file_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.windows\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.windows.zone_identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.accessed\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.attributes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.code_signature.signing_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.code_signature.team_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.created\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.ctime\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.device\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.drive_letter\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.extension\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.gid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.group\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.inode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.mime_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.mode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.mtime\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.owner\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.path.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.path.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"file.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.target_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.target_path.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.target_path.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"file.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.Ext.real\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.Ext.real.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.Ext.real.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.region_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.Ext.variant\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.full.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.full.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"host.os.name.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.Ext.real\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.Ext.real.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.Ext.real.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.email\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.full_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.full_name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"host.user.group.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.Ext.real\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.Ext.real.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.Ext.real.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.ancestry\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.authentication_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.compile_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.mapped_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.mapped_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.features\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.Ext.malware_classification.features.data.buffer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.features.data.decompressed_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.features.data.encoding\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.threshold\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.upx_packed\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.allocation_base\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.allocation_protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.allocation_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.allocation_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.bytes_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.bytes_allocation_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.bytes_compressed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"process.Ext.memory_region.bytes_compressed_present\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.malware_signature.all_names\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.malware_signature.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.malware_signature.primary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.malware_signature.primary.matches\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"process.Ext.memory_region.malware_signature.primary.signature.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.malware_signature.primary.signature.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.malware_signature.primary.signature.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.malware_signature.primary.signature.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.malware_signature.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.mapped_pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.mapped_pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.mapped_pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.mapped_pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.mapped_pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.mapped_pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.mapped_pe_detected\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.memory_pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.memory_pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.memory_pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.memory_pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.memory_pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.memory_pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.memory_pe_detected\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.region_base\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.region_protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.region_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.region_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.strings\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"process.Ext.protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.services\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.session\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.elevation\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.elevation_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.impersonation_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.integrity_level\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.integrity_level_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.is_appcontainer\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.privileges\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.privileges.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.privileges.enabled\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.privileges.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.sid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.signing_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.team_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.command_line.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.command_line.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.executable.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.executable.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.exit_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.name.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.compile_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.mapped_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.mapped_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.real\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.real.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.elevation\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.elevation_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.impersonation_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.integrity_level\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.integrity_level_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.is_appcontainer\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.privileges\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.privileges.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.privileges.enabled\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.privileges.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.sid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.args\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.args_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.command_line\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.command_line.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.command_line.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.parent.entity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.executable.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.executable.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.parent.exit_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.name.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pgid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.ppid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.thread.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.thread.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.title\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.title.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.parent.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.working_directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.working_directory.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.working_directory.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pgid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.ppid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.instruction_pointer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.memory_section.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.memory_section.protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.memory_section.size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.module_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.rva\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.symbol_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack_final_user_module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack_final_user_module.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack_final_user_module.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack_final_user_module.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack_final_user_module.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack_final_user_module.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack_final_user_module.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack_final_user_module.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack_final_user_module.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack_final_user_module.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack_final_user_module.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack_summary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.parameter\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.parameter_bytes_compressed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"process.thread.Ext.parameter_bytes_compressed_present\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.service\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_allocation_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_bytes_disasm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_bytes_disasm_hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.elevation\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.elevation_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.impersonation_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.integrity_level\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.integrity_level_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.is_appcontainer\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.privileges\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.privileges.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.privileges.enabled\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.privileges.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.sid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.title.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.working_directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.working_directory.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.working_directory.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"registry.data.strings\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"registry.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"registry.value\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.author\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.category\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.license\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.reference\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.ruleset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.uuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.as.number\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.as.organization.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.as.organization.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.confidence\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.email.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.entropy\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.entry_modified\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.header_bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.header_data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_classification.features.data.buffer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_classification.features.data.decompressed_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_classification.features.data.encoding\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_classification.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_classification.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_classification.threshold\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_classification.upx_packed\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_classification.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_signature.all_names\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_signature.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_signature.primary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_signature.primary.matches\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_signature.primary.signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_signature.primary.signature.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_signature.primary.signature.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_signature.primary.signature.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_signature.primary.signature.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_signature.secondary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_signature.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.monotonic_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.original\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.original.gid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.original.group\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.original.mode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.original.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.original.owner\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.original.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.original.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.quarantine_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.quarantine_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.quarantine_result\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.temp_file_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.windows\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.windows.zone_identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.accessed\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.attributes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.code_signature.signing_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.code_signature.team_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.created\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.ctime\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.device\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.drive_letter\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.byte_order\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.cpu_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.creation_date\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.exports\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.header.abi_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.header.class\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.header.data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.header.entrypoint\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.header.object_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.header.os_abi\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.header.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.header.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.imports\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.sections\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.sections.chi2\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.sections.entropy\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.sections.flags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.sections.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.sections.physical_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.sections.physical_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.sections.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.sections.virtual_address\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.sections.virtual_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.segments\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.segments.sections\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.segments.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.shared_libraries\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.telfhash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.extension\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.gid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.group\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.hash.ssdeep\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.inode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.mime_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.mode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.mtime\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.owner\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.path.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.path.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.pe.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.target_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.target_path.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.target_path.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.first_seen\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.geo.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.geo.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.geo.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.geo.region_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.hash.ssdeep\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.last_seen\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.marking.tlp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.modified_at\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.pe.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.provider\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.reference\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.registry.data.bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.registry.data.strings\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.registry.data.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.registry.hive\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.registry.key\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.registry.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.registry.value\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.scanner_stats\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.sightings\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.extension\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.fragment\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.full\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.full.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.original\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.original.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.password\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.query\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.registered_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.scheme\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.subdomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.top_level_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.username\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.alternative_names\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.issuer.common_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.issuer.country\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.issuer.distinguished_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.issuer.locality\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.issuer.organization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.issuer.organizational_unit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.issuer.state_or_province\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.not_after\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.not_before\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.public_key_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.public_key_curve\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.public_key_exponent\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"threat.enrichments.indicator.x509.public_key_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.serial_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.signature_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.subject.common_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.subject.country\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.subject.distinguished_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.subject.locality\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.subject.organization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.subject.organizational_unit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.subject.state_or_province\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.version_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.matched.atomic\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.matched.field\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.matched.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.matched.index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.matched.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.framework\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.group.alias\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.group.reference\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.as.number\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.as.organization.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.as.organization.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.indicator.confidence\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.email.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.entropy\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.entry_modified\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.header_bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.header_data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_classification.features.data.buffer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_classification.features.data.decompressed_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_classification.features.data.encoding\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_classification.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_classification.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_classification.threshold\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_classification.upx_packed\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_classification.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_signature.all_names\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_signature.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_signature.primary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_signature.primary.matches\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_signature.primary.signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_signature.primary.signature.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_signature.primary.signature.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_signature.primary.signature.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_signature.primary.signature.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_signature.secondary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_signature.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.monotonic_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.original\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.original.gid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.original.group\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.original.mode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.original.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.original.owner\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.original.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.original.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.quarantine_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.quarantine_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.quarantine_result\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.temp_file_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.windows\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.windows.zone_identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.accessed\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.attributes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.code_signature.signing_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.code_signature.team_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.created\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.ctime\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.device\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.drive_letter\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.byte_order\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.cpu_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.creation_date\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.exports\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.header.abi_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.header.class\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.header.data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.header.entrypoint\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.header.object_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.header.os_abi\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.header.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.header.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.imports\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.sections\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.sections.chi2\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.sections.entropy\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.sections.flags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.sections.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.sections.physical_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.sections.physical_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.sections.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.sections.virtual_address\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.sections.virtual_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.segments\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.segments.sections\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.segments.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.shared_libraries\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.telfhash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.extension\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.gid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.group\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.hash.ssdeep\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.inode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.mime_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.mode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.mtime\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.owner\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.path.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.path.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.pe.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.target_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.target_path.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.target_path.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.first_seen\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.geo.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.geo.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.geo.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.geo.region_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.hash.ssdeep\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.last_seen\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.marking.tlp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.modified_at\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.pe.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.provider\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.reference\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.registry.data.bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.registry.data.strings\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.registry.data.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.registry.hive\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.registry.key\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.registry.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.registry.value\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.scanner_stats\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.sightings\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.extension\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.fragment\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.full\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.full.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.original\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.original.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.password\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.query\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.registered_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.scheme\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.subdomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.top_level_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.username\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.alternative_names\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.issuer.common_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.issuer.country\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.issuer.distinguished_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.issuer.locality\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.issuer.organization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.issuer.organizational_unit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.issuer.state_or_province\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.not_after\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.not_before\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.public_key_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.public_key_curve\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.public_key_exponent\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"threat.indicator.x509.public_key_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.serial_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.signature_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.subject.common_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.subject.country\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.subject.distinguished_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.subject.locality\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.subject.organization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.subject.organizational_unit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.subject.state_or_province\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.version_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.software.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.software.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.software.platforms\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.software.reference\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.software.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.tactic.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.tactic.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.tactic.reference\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.technique.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.technique.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.technique.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.technique.reference\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.technique.subtechnique.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.technique.subtechnique.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.technique.subtechnique.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.technique.subtechnique.reference\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.Ext.real\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.Ext.real.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.Ext.real.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.email\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.full_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.full_name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"user.group.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.Ext.real\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.Ext.real.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.Ext.real.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"event.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.Ext.correlation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.Ext.correlation.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.entropy\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.header_bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.header_data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_signature.all_names\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_signature.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_signature.primary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_signature.primary.matches\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_signature.primary.signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_signature.primary.signature.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_signature.primary.signature.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_signature.primary.signature.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_signature.primary.signature.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_signature.secondary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_signature.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.monotonic_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.defense_evasions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.load_index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.registered_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.top_level_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.Ext.options\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.Ext.status\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.question.registered_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.question.subdomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.question.top_level_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.resolved_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.request.body.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.request.body.content\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.request.body.content.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"http.request.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.Ext.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.body.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.body.content\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.body.content.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"http.response.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.status_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.community_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.direction\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.iana_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.transport\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.registered_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.top_level_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"package.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.defense_evasions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.elevation_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.security_attributes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.signing_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.team_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"registry.data.bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"registry.data.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"registry.hive\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"registry.key\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","timeFieldName":"@timestamp","title":"logs-*"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"logs-*","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"sort":[1688996741503,4041],"type":"index-pattern","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5MjYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - All Logs","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - All Logs\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":29}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4043],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5MjcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Logs Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Logs Over Time\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"useNormalizedEsInterval\":true,\"extendToTimeRange\":false,\"scaleMetricValues\":false,\"interval\":\"auto\",\"used_interval\":\"0ms\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"}],\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"linear\",\"legendSize\":\"auto\",\"truncateLegend\":true,\"maxLegendLines\":1,\"radiusRatio\":9}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T16:35:15.418Z","id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1689006915418,9322],"type":"visualization","updated_at":"2023-07-10T16:35:15.418Z","version":"WzY0MjYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Source IPs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Source IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4047],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5MjksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Destination IPs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Destination IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4049],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5MzAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SMTP - Sender","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SMTP - Sender\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"smtp.from.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"From\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"7a789740-75e7-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4051],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5MzEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SMTP - Recipient","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SMTP - Recipient\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"To\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"smtp.to.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Recipient\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"a5742950-75e7-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4053],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5MzIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SMTP - TLS","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - SMTP - TLS\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"boolean\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"smtp.tls: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"smtp.tls\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"TLS\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"e77a2b60-75e7-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4055],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5MzMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SMTP - Subject","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SMTP - Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"smtp.subject.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"smtp.subject.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Subject\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"0713ebf0-75e8-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4057],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5MzQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SMTP - User Agent","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SMTP - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"smtp.useragent.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"User Agent\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"4178ce00-75e8-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4059],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5MzUsMV0="}
+{"attributes":{"columns":["source.ip","source.port","destination.ip","destination.port","log.id.uid","network.community_id","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[],"title":"Security Onion - All Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4061],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5MzYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:smtp\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":9,\"i\":\"a603d9db-ab4e-40b0-aeb8-0f1c1f84bd85\"},\"panelIndex\":\"a603d9db-ab4e-40b0-aeb8-0f1c1f84bd85\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a603d9db-ab4e-40b0-aeb8-0f1c1f84bd85\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":14,\"y\":0,\"w\":16,\"h\":9,\"i\":\"6fd30865-1d5d-4f8f-9173-77220bb23395\"},\"panelIndex\":\"6fd30865-1d5d-4f8f-9173-77220bb23395\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6fd30865-1d5d-4f8f-9173-77220bb23395\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":9,\"i\":\"1b0acf7a-2a47-4eb4-9cb2-34cd6c499472\"},\"panelIndex\":\"1b0acf7a-2a47-4eb4-9cb2-34cd6c499472\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1b0acf7a-2a47-4eb4-9cb2-34cd6c499472\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":9,\"h\":18,\"i\":\"d31027fb-a090-474f-9863-712ef30c0b3e\"},\"panelIndex\":\"d31027fb-a090-474f-9863-712ef30c0b3e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_d31027fb-a090-474f-9863-712ef30c0b3e\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":9,\"w\":9,\"h\":18,\"i\":\"fb5452b7-cb91-4415-ad6b-37f2c05955fa\"},\"panelIndex\":\"fb5452b7-cb91-4415-ad6b-37f2c05955fa\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_fb5452b7-cb91-4415-ad6b-37f2c05955fa\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":18,\"y\":9,\"w\":15,\"h\":18,\"i\":\"9aaa1369-1a61-4bb0-bb30-6bbb476fbb8a\"},\"panelIndex\":\"9aaa1369-1a61-4bb0-bb30-6bbb476fbb8a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9aaa1369-1a61-4bb0-bb30-6bbb476fbb8a\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":33,\"y\":9,\"w\":15,\"h\":18,\"i\":\"4bf1751e-8da2-4f5a-b66d-2f09338b2053\"},\"panelIndex\":\"4bf1751e-8da2-4f5a-b66d-2f09338b2053\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4bf1751e-8da2-4f5a-b66d-2f09338b2053\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":27,\"w\":18,\"h\":18,\"i\":\"9365d9e9-478f-499d-aa41-d8f42081ff1c\"},\"panelIndex\":\"9365d9e9-478f-499d-aa41-d8f42081ff1c\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9365d9e9-478f-499d-aa41-d8f42081ff1c\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":18,\"y\":27,\"w\":15,\"h\":18,\"i\":\"18ad4f7a-1a1e-4dcb-8810-bb74d247c9fa\"},\"panelIndex\":\"18ad4f7a-1a1e-4dcb-8810-bb74d247c9fa\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_18ad4f7a-1a1e-4dcb-8810-bb74d247c9fa\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":33,\"y\":27,\"w\":15,\"h\":18,\"i\":\"44a5b84f-2636-45f4-bb5e-9f8ab11f4107\"},\"panelIndex\":\"44a5b84f-2636-45f4-bb5e-9f8ab11f4107\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_44a5b84f-2636-45f4-bb5e-9f8ab11f4107\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":45,\"w\":48,\"h\":29,\"i\":\"4053cc7e-9771-46d9-8e03-e430ab096805\"},\"panelIndex\":\"4053cc7e-9771-46d9-8e03-e430ab096805\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4053cc7e-9771-46d9-8e03-e430ab096805\"}]","timeRestore":false,"title":"Security Onion - SMTP","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"00304500-75e7-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"a603d9db-ab4e-40b0-aeb8-0f1c1f84bd85:panel_a603d9db-ab4e-40b0-aeb8-0f1c1f84bd85","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"6fd30865-1d5d-4f8f-9173-77220bb23395:panel_6fd30865-1d5d-4f8f-9173-77220bb23395","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"1b0acf7a-2a47-4eb4-9cb2-34cd6c499472:panel_1b0acf7a-2a47-4eb4-9cb2-34cd6c499472","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"d31027fb-a090-474f-9863-712ef30c0b3e:panel_d31027fb-a090-474f-9863-712ef30c0b3e","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"fb5452b7-cb91-4415-ad6b-37f2c05955fa:panel_fb5452b7-cb91-4415-ad6b-37f2c05955fa","type":"visualization"},{"id":"7a789740-75e7-11ea-9565-7315f4ee5cac","name":"9aaa1369-1a61-4bb0-bb30-6bbb476fbb8a:panel_9aaa1369-1a61-4bb0-bb30-6bbb476fbb8a","type":"visualization"},{"id":"a5742950-75e7-11ea-9565-7315f4ee5cac","name":"4bf1751e-8da2-4f5a-b66d-2f09338b2053:panel_4bf1751e-8da2-4f5a-b66d-2f09338b2053","type":"visualization"},{"id":"e77a2b60-75e7-11ea-9565-7315f4ee5cac","name":"9365d9e9-478f-499d-aa41-d8f42081ff1c:panel_9365d9e9-478f-499d-aa41-d8f42081ff1c","type":"visualization"},{"id":"0713ebf0-75e8-11ea-9565-7315f4ee5cac","name":"18ad4f7a-1a1e-4dcb-8810-bb74d247c9fa:panel_18ad4f7a-1a1e-4dcb-8810-bb74d247c9fa","type":"visualization"},{"id":"4178ce00-75e8-11ea-9565-7315f4ee5cac","name":"44a5b84f-2636-45f4-bb5e-9f8ab11f4107:panel_44a5b84f-2636-45f4-bb5e-9f8ab11f4107","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"4053cc7e-9771-46d9-8e03-e430ab096805:panel_4053cc7e-9771-46d9-8e03-e430ab096805","type":"search"}],"sort":[1688996741503,4073],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5MzcsMV0="}
+{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.category:network\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Security Onion - Network Data","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"387f44c0-6ea7-11ea-9266-1fd14ca6af34","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4075],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5MzgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Network - Source IPs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Network - Source IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"source.ip: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"0242ab70-6eae-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"387f44c0-6ea7-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1688996741503,4077],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5MzksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Security Onion  - Files","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion  - Files\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Home](/kibana/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645)     \\n \\n**Modules**    \\n[Strelka](/kibana/app/dashboards#/view/ff689c50-75f3-11ea-9565-7315f4ee5cac)    \\n[Zeek](/kibana/app/dashboards#/view/ad4d5d60-75f4-11ea-9565-7315f4ee5cac)\"},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"9a5058f0-6e99-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[],"sort":[1688996741503,4078],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5NDAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Log Count Over Time\",\"type\":\"line\",\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":false,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm\"}},\"params\":{\"date\":true,\"interval\":\"PT30M\",\"intervalESValue\":30,\"intervalESUnit\":\"m\",\"format\":\"HH:mm\",\"bounds\":{\"min\":\"2020-03-29T18:17:18.800Z\",\"max\":\"2020-03-30T18:17:18.800Z\"}},\"label\":\"@timestamp per 30 minutes\",\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"linear\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-24h\",\"to\":\"now\",\"mode\":\"quick\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"c879ad60-72a1-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4080],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5NDEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.module:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Modules","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Modules\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.module\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Module\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"event.module.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"8b065a80-6eca-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4082],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5NDIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Dataset","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Dataset\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Count\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Dataset\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Dataset\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"event.dataset.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"ad398b70-6e9a-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4084],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5NDMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - File - Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - File - Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"file.name.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"bcf25e30-75f1-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4086],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5NDQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - FIle - Total Bytes","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"Security Onion - FIle - Total Bytes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"file.bytes.total: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.bytes.total\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Total Bytes\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"efc25540-75f1-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4088],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5NDUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - File - MIME Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - File - MIME Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"file.mime_type.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.mime_type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MIMEType\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"e8d35c50-75f3-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4090],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5NDYsMV0="}
+{"attributes":{"columns":["event.module","source.ip","destination.ip","file.mime_type","log.id.fuid","hash.sha1","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"tags:file\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[],"title":"Security Onion - File Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"b0dc2460-0e4d-11eb-a255-e1e8e85e3571","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4092],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5NDcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:file\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":7,\"h\":7,\"i\":\"6948ea4a-398f-4ab1-a269-e1e6ecd29e12\"},\"panelIndex\":\"6948ea4a-398f-4ab1-a269-e1e6ecd29e12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6948ea4a-398f-4ab1-a269-e1e6ecd29e12\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":7,\"y\":0,\"w\":15,\"h\":7,\"i\":\"d09eef70-f2b5-4085-b619-11cae812be58\"},\"panelIndex\":\"d09eef70-f2b5-4085-b619-11cae812be58\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_d09eef70-f2b5-4085-b619-11cae812be58\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":22,\"y\":0,\"w\":26,\"h\":7,\"i\":\"0dd18bd2-6631-4772-b3d0-4a92ff713e3a\"},\"panelIndex\":\"0dd18bd2-6631-4772-b3d0-4a92ff713e3a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0dd18bd2-6631-4772-b3d0-4a92ff713e3a\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":7,\"w\":8,\"h\":20,\"i\":\"86d343d4-c030-46a3-9f3e-083ccbf28b04\"},\"panelIndex\":\"86d343d4-c030-46a3-9f3e-083ccbf28b04\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_86d343d4-c030-46a3-9f3e-083ccbf28b04\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":8,\"y\":7,\"w\":8,\"h\":20,\"i\":\"2fb5d1e8-4ac6-42c4-852e-9046c2970086\"},\"panelIndex\":\"2fb5d1e8-4ac6-42c4-852e-9046c2970086\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2fb5d1e8-4ac6-42c4-852e-9046c2970086\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":16,\"y\":7,\"w\":10,\"h\":20,\"i\":\"7875de58-924b-4b27-bd51-159b5657659f\"},\"panelIndex\":\"7875de58-924b-4b27-bd51-159b5657659f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7875de58-924b-4b27-bd51-159b5657659f\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":26,\"y\":7,\"w\":10,\"h\":20,\"i\":\"f1f8a5c7-9e9f-460d-a2b8-eaca8d834c6b\"},\"panelIndex\":\"f1f8a5c7-9e9f-460d-a2b8-eaca8d834c6b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f1f8a5c7-9e9f-460d-a2b8-eaca8d834c6b\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":7,\"w\":12,\"h\":20,\"i\":\"06055634-ec80-478d-93d5-67e1cc46e1ab\"},\"panelIndex\":\"06055634-ec80-478d-93d5-67e1cc46e1ab\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_06055634-ec80-478d-93d5-67e1cc46e1ab\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":20,\"i\":\"cfa99d8f-e7d6-46d5-9e7f-5dc5c3371275\"},\"panelIndex\":\"cfa99d8f-e7d6-46d5-9e7f-5dc5c3371275\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_cfa99d8f-e7d6-46d5-9e7f-5dc5c3371275\"}]","timeRestore":false,"title":"Security Onion - Files","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"0245be10-6ec1-11ea-9266-1fd14ca6af34","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"9a5058f0-6e99-11ea-9266-1fd14ca6af34","name":"6948ea4a-398f-4ab1-a269-e1e6ecd29e12:panel_6948ea4a-398f-4ab1-a269-e1e6ecd29e12","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"d09eef70-f2b5-4085-b619-11cae812be58:panel_d09eef70-f2b5-4085-b619-11cae812be58","type":"visualization"},{"id":"c879ad60-72a1-11ea-8dd2-9d8795a1200b","name":"0dd18bd2-6631-4772-b3d0-4a92ff713e3a:panel_0dd18bd2-6631-4772-b3d0-4a92ff713e3a","type":"visualization"},{"id":"8b065a80-6eca-11ea-9266-1fd14ca6af34","name":"86d343d4-c030-46a3-9f3e-083ccbf28b04:panel_86d343d4-c030-46a3-9f3e-083ccbf28b04","type":"visualization"},{"id":"ad398b70-6e9a-11ea-9266-1fd14ca6af34","name":"2fb5d1e8-4ac6-42c4-852e-9046c2970086:panel_2fb5d1e8-4ac6-42c4-852e-9046c2970086","type":"visualization"},{"id":"bcf25e30-75f1-11ea-9565-7315f4ee5cac","name":"7875de58-924b-4b27-bd51-159b5657659f:panel_7875de58-924b-4b27-bd51-159b5657659f","type":"visualization"},{"id":"efc25540-75f1-11ea-9565-7315f4ee5cac","name":"f1f8a5c7-9e9f-460d-a2b8-eaca8d834c6b:panel_f1f8a5c7-9e9f-460d-a2b8-eaca8d834c6b","type":"visualization"},{"id":"e8d35c50-75f3-11ea-9565-7315f4ee5cac","name":"06055634-ec80-478d-93d5-67e1cc46e1ab:panel_06055634-ec80-478d-93d5-67e1cc46e1ab","type":"visualization"},{"id":"b0dc2460-0e4d-11eb-a255-e1e8e85e3571","name":"cfa99d8f-e7d6-46d5-9e7f-5dc5c3371275:panel_cfa99d8f-e7d6-46d5-9e7f-5dc5c3371275","type":"search"}],"sort":[1688996741503,4102],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5NDgsMV0="}
+{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_ssl\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"SSL - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4104],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5NDksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SSL - Version (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SSL - Version (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":false,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"version.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"02699580-365a-11e7-bf60-314364dd1cde","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4106],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5NTAsMV0="}
+{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_sip\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"SIP - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"9e131480-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4108],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5NTEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SIP - Status","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SIP - Status\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"status_code\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Code\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"status_msg.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Message\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"0291dba0-4c78-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4110],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5NTIsMV0="}
+{"attributes":{"fieldAttrs":"{\"event.action\":{\"count\":8},\"host.user.name\":{\"count\":2},\"endgame.event_type_full\":{\"count\":5},\"host.name\":{\"count\":7},\"host.os.name\":{\"count\":3},\"host.os.name.text\":{\"count\":1},\"endgame.event_subtype_full\":{\"count\":3},\"event.category\":{\"count\":5},\"process.name\":{\"count\":6},\"process.parent.name\":{\"count\":1},\"agent.id\":{\"count\":2},\"process.executable\":{\"count\":3},\"type\":{\"count\":3},\"host.name.keyword\":{\"count\":2},\"event.sequence\":{\"count\":3},\"host.os.family\":{\"count\":1},\"host.os.platform\":{\"count\":1},\"event.type\":{\"count\":8},\"metadata.action\":{\"count\":2},\"user.name\":{\"count\":1},\"@version\":{\"count\":2},\"@timestamp\":{\"count\":1},\"registry.path\":{\"count\":1},\"related.user\":{\"count\":1},\"event.kind\":{\"count\":1},\"event.severity\":{\"count\":1},\"file.name\":{\"count\":4},\"host.domain\":{\"count\":1},\"process.command_line\":{\"count\":1},\"_id\":{\"count\":1},\"client.bytes\":{\"count\":2},\"destination.bytes\":{\"count\":2},\"network.bytes\":{\"count\":2},\"server.bytes\":{\"count\":2},\"source.bytes\":{\"count\":2},\"client.ip\":{\"count\":1},\"destination.ip\":{\"count\":1},\"source.ip\":{\"count\":1},\"file.attributes\":{\"count\":6},\"file.directory\":{\"count\":3},\"file.extension\":{\"count\":2},\"file.gid\":{\"count\":2},\"file.group\":{\"count\":2},\"host.hostname\":{\"count\":1},\"host.ip\":{\"count\":1},\"related.ip\":{\"count\":2},\"user.domain\":{\"count\":2}}","fieldFormatMap":"{\"process.name\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/kibana/app/dashboards#/view/790991a0-6287-11ec-864c-8b5450f97635?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'endgame-*',key:process.name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(process.name:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"user.name\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/kibana/app/dashboards#/view/6063a9e0-61b2-11ec-864c-8b5450f97635?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'endgame-*',key:user.name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(user.name:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"file.name\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/kibana/app/dashboards#/view/4923ad00-6349-11ec-864c-8b5450f97635?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'endgame-*',key:file.name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(file.name:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"file.type\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/kibana/app/dashboards#/view/4923ad00-6349-11ec-864c-8b5450f97635?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'endgame-*',key:file.name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(file.name:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"event.module\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/kibana/app/dashboards#/view/6063a9e0-61b2-11ec-864c-8b5450f97635?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'endgame-*',key:event.module,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(event.module:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"network.transport\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/kibana/app/dashboards#/view/49d34770-53b2-11ec-b3ef-6bcc33056a36?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'endgame-*',key:network.transport,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(network.transport:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"source.ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/kibana/app/dashboards#/view/49d34770-53b2-11ec-b3ef-6bcc33056a36?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'endgame-*',key:source.ip,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(source.ip:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"host.name\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/kibana/app/dashboards#/view/6063a9e0-61b2-11ec-864c-8b5450f97635?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'endgame-*',key:host.name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(host.name:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"registry.key\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/kibana/app/dashboards#/view/a6c6c880-63f7-11ec-864c-8b5450f97635?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'endgame-*',key:registry.key,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(registry.key:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"host.ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/kibana/app/dashboards#/view/6063a9e0-61b2-11ec-864c-8b5450f97635?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'endgame-*',key:host.ip,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(host.ip:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"destination.ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/kibana/app/dashboards#/view/49d34770-53b2-11ec-b3ef-6bcc33056a36?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'endgame-*',key:destination.ip,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(destination.ip:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"event.category.dashboard\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"{{ rawValue }}\",\"labelTemplate\":\"{{ value }}\"}}}","fields":"[]","runtimeFieldMap":"{\"event.category.dashboard\":{\"type\":\"keyword\",\"script\":{\"source\":\"def source = doc['event.category'].value;\\nMap urls = new HashMap();\\nurls.put(\\\"authentication\\\", \\\"dashboards#/view/6c5aaff0-63f6-11ec-864c-8b5450f97635\\\");\\nurls.put(\\\"file\\\", \\\"dashboards#/view/4923ad00-6349-11ec-864c-8b5450f97635\\\");\\nurls.put(\\\"network\\\", \\\"dashboards#/view/49d34770-53b2-11ec-b3ef-6bcc33056a36\\\");\\nurls.put(\\\"process\\\", \\\"dashboards#/view/790991a0-6287-11ec-864c-8b5450f97635\\\");\\nurls.put(\\\"registry\\\", \\\"dashboards#/view/a6c6c880-63f7-11ec-864c-8b5450f97635\\\");\\nurls.put(\\\"driver\\\", \\\"dashboards#/view/6063a9e0-61b2-11ec-864c-8b5450f97635\\\");\\nif (source != null) {\\n\\tdef url = urls.get(source);\\n\\tif (url != null) {\\n\\t\\temit(url);\\n        return;\\n\\t}\\n}\\nemit(\\\"None\\\");\"}}}","timeFieldName":"@timestamp","title":"endgame-*","typeMeta":"{}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"endgame-*","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"sort":[1688996741503,4111],"type":"index-pattern","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5NTMsMV0="}
+{"attributes":{"columns":["host.name","registry.path","related.user"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.category : \\\"registry\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Endgame - Registry Events","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"0359b740-64cc-11ec-864c-8b5450f97635","migrationVersion":{"search":"8.0.0"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4113],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5NTQsMV0="}
+{"attributes":{"columns":["osquery.columns.permissions","osquery.columns.name"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event_type: osquery AND osquery.name:*chrome* AND osquery.columns.permissions:('all_urls','privacy')\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"osquery - Chrome Extensions - Sensitive Permissions","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"040dda10-18d8-11e9-932c-d12d2cf4ee95","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4115],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5NTUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SIP - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SIP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"04e1aea0-3750-11e7-b74a-f5057991ccd2","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4117],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5NTYsMV0="}
+{"attributes":{"columns":["osquery.hostname","osquery.columns.username","osquery.LiveQuery","osquery.columns.name"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event_type: osquery AND osquery.name:*chrome*\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"osquery - Chrome Extensions","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"0eee4360-18d4-11e9-932c-d12d2cf4ee95","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4119],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5NTcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"osquery - Chrome Extensions - Changes by Hostname","uiStateJSON":"{\n  \"vis\": {\n    \"params\": {\n      \"sort\": {\n        \"columnIndex\": null,\n        \"direction\": null\n      }\n    }\n  }\n}","version":1,"visState":"{\"title\":\"osquery - Chrome Extensions - Changes by Hostname\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Changes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"osquery.hostname.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Hostname\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"04f86530-1a59-11e9-ac0b-cb0ba10141ab","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0eee4360-18d4-11e9-932c-d12d2cf4ee95","name":"search_0","type":"search"}],"sort":[1688996741503,4121],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5NTgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"network.protocol:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Top Network Protocols","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Top Network Protocols\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":18,\"maxFontSize\":72,\"showLabel\":false,\"metric\":{\"type\":\"vis_dimension\",\"accessor\":1,\"format\":{\"id\":\"string\",\"params\":{}}},\"bucket\":{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.protocol.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"d9eb5b30-6ea9-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4123],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5NTksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Network - Transport","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Network - Transport\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":false,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"network.transport: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.transport.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"79cc9670-6ead-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"387f44c0-6ea7-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1688996741503,4125],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5NjAsMV0="}
+{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.category: network\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.2\",\"gridData\":{\"h\":9,\"i\":\"b18f064d-2fba-45d8-a3c3-700ecec939a3\",\"w\":13,\"x\":0,\"y\":0},\"panelIndex\":\"b18f064d-2fba-45d8-a3c3-700ecec939a3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.2\",\"gridData\":{\"h\":9,\"i\":\"3bf59d17-132e-47bc-b548-e1e073491ec5\",\"w\":14,\"x\":13,\"y\":0},\"panelIndex\":\"3bf59d17-132e-47bc-b548-e1e073491ec5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.2\",\"gridData\":{\"h\":9,\"i\":\"49c9ae10-3f16-4cec-b044-c5cf2db199ae\",\"w\":21,\"x\":27,\"y\":0},\"panelIndex\":\"49c9ae10-3f16-4cec-b044-c5cf2db199ae\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.2\",\"gridData\":{\"h\":19,\"i\":\"87427ca5-e0b9-4ec8-bb5f-3452803befe1\",\"w\":13,\"x\":0,\"y\":9},\"panelIndex\":\"87427ca5-e0b9-4ec8-bb5f-3452803befe1\",\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true},\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.2\",\"gridData\":{\"h\":19,\"i\":\"3d3199e1-d839-4738-bc99-e030365b7070\",\"w\":11,\"x\":13,\"y\":9},\"panelIndex\":\"3d3199e1-d839-4738-bc99-e030365b7070\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.2\",\"gridData\":{\"h\":19,\"i\":\"a7745b0f-1c69-4837-9f7e-3d79b5a2ac60\",\"w\":12,\"x\":24,\"y\":9},\"panelIndex\":\"a7745b0f-1c69-4837-9f7e-3d79b5a2ac60\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.2\",\"gridData\":{\"h\":19,\"i\":\"221a543a-98d4-46dd-8e7c-bf97bb292021\",\"w\":12,\"x\":36,\"y\":9},\"panelIndex\":\"221a543a-98d4-46dd-8e7c-bf97bb292021\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.2\",\"gridData\":{\"h\":29,\"i\":\"55902091-6959-4127-a969-4015fbf124d3\",\"w\":48,\"x\":0,\"y\":28},\"panelIndex\":\"55902091-6959-4127-a969-4015fbf124d3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"Security Onion - Network","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"04ff3ef0-6ea4-11ea-9266-1fd14ca6af34","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"d9eb5b30-6ea9-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"79cc9670-6ead-11ea-9266-1fd14ca6af34","name":"panel_3","type":"visualization"},{"id":"ad398b70-6e9a-11ea-9266-1fd14ca6af34","name":"panel_4","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_5","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_6","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_7","type":"search"}],"sort":[1688996741503,4134],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5NjEsMV0="}
+{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"size\":10,\"query\":{\"query_string\":{\"query\":\"event_type:bro_conn\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Connections - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"9bf42190-342d-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4136],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5NjIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Missed Bytes","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Connections - Missed Bytes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"missed_bytes\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Missed Bytes\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"05088150-3670-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4138],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5NjMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SMB - Path","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SMB - Path\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"smb.path.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"smb.path.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Path\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"052df440-75f0-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4140],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5NjQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Rule - GID/SID","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Rule - GID/SID\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"GID\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"SID\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rule.rev: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.gid\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"GID\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.signature_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"SID\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.rev\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Revision\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"053f7130-7734-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4142],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5NjUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Source - Originator Bytes ( Tile Map)","uiStateJSON":"{\"mapZoom\":3,\"mapCenter\":[39.70718665682654,-44.912109375]}","version":1,"visState":"{\"title\":\"Connections - Source - Originator Bytes ( Tile Map)\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":0,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"original_bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"source_geo.location\",\"autoPrecision\":true,\"useGeocentroid\":true,\"precision\":2}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"05809df0-46cb-11e7-946f-1bfb1be7c36b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4144],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5NjYsMV0="}
+{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event_type: osquery\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"osquery - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"84116380-14e1-11e9-82f7-0da02d93a48b","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4146],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5NjcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"osquery - Changes by Hostname","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"osquery - Changes by Hostname\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Changes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"osquery.hostname.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Hostname\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"05a5ed10-14e4-11e9-82f7-0da02d93a48b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"84116380-14e1-11e9-82f7-0da02d93a48b","name":"search_0","type":"search"}],"sort":[1688996741503,4148],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5NjgsMV0="}
+{"attributes":{"columns":["source_ip","destination_ip","destination_port","uid","fuid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_ftp\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"FTP - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4150],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5NjksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FTP - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"FTP - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"06f21d60-35b6-11e7-a994-c528746bc6e8","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4152],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5NzAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DNS - Query","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DNS - Query\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"dns.query.name.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dns.query.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Query\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"07065340-72ba-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4154],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5NzEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - PE - Section","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.section_names.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Section\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"Security Onion - PE - Section\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"07419650-c763-11ea-bebb-37c5ab5894ea","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4156],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5NzIsMV0="}
+{"attributes":{"columns":["source_ip","destination_ip","destination_port","uid","fuid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_intel\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Intel - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4158],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5NzMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Intel - Indicator Type (Vertical Bar Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Intel - Indicator Type (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0,\"filter\":true},\"title\":{\"text\":\"Indicator Type\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"indicator_type.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Indicator Type\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"07622d60-6e16-11e7-8624-1fb07dd76c6a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4160],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5NzQsMV0="}
+{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_mysql\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"MySQL - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"5d624230-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4162],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5NzUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"MySQL - Command/Argument","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"MySQL - Command/Argument\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mysql_command.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Command\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mysql_argument.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Argument\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"07e25650-3812-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"5d624230-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4164],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5NzYsMV0="}
+{"attributes":{"columns":["note","source_ip","destination_ip","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event_type:bro_notice\",\"default_field\":\"*\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Notices - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4166],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5NzcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Notices - Notice Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Notices - Notice Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"note.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"07fdf9e0-39ad-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4168],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5NzgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - HTTP - Method","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - HTTP - Method\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"http.method.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"http.method.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Method\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"088aad70-7377-11ea-a3da-cbdb4f8a90c0","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4170],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5NzksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Hash - SHA256","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Hash - SHA256\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"file.hash.sha256.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"hash.sha256.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"08c0b770-772e-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4172],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5ODAsMV0="}
+{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_ssh\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"SSH - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"c33e7600-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4174],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5ODEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSH - Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SSH - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"09457310-3641-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c33e7600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4176],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5ODIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Hash - MD5","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Hash - MD5\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"hash.md5.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MD5\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"09fc6ef0-7732-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4178],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5ODMsMV0="}
+{"attributes":{"columns":["source_ip","syslog-host_from","syslog-priority"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"tags:syslog\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Syslog (All) - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"5a86ffe0-76e3-11e7-ab14-e1a4c1bc11e0","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4180],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5ODQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Syslog - Host From","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Syslog - Host From\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"syslog-host_from.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Host (From)\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"0a2ce700-76e6-11e7-ab14-e1a4c1bc11e0","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"5a86ffe0-76e3-11e7-ab14-e1a4c1bc11e0","name":"search_0","type":"search"}],"sort":[1688996741503,4182],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5ODUsMV0="}
+{"attributes":{"columns":["host","certificate_subject","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_x509\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"X.509 - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"f5038cc0-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4184],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5ODYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"X.509 - Certificate Issuer","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"X.509 - Certificate Issuer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"certificate_issuer.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Issuer\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"0a5f7b30-37d9-11e7-9efb-91e89505091f","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"f5038cc0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4186],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5ODcsMV0="}
+{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_rdp\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"RDP - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"823dd600-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4188],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5ODgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RDP - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RDP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"0b9dea80-371c-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4190],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5ODksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RDP - Certificate Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - RDP - Certificate Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rdp.certificate_type.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rdp.certificate_type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Type\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"0c006bb0-75c6-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4192],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5OTAsMV0="}
+{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_dns\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"DNS - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"d46522e0-342d-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4194],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5OTEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DNS - Query Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNS - Query Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"query_type_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query Type\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"0c338e50-4a4e-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4196],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5OTIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"title":"Endgame - Navigation","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Endgame - Navigation\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"openLinksInNewTab\":true,\"markdown\":\"**Kibana**  \\n[Admin](/kibana/app/dashboards#/view/6063a9e0-61b2-11ec-864c-8b5450f97635) \\n \\n[Alerts](https://PLACEHOLDER/kibana/app/dashboards#/view/0c8e61c0-67fc-11ec-864c-8b5450f97635) |  [Authentication](/kibana/app/dashboards#/view/6c5aaff0-63f6-11ec-864c-8b5450f97635) |\\n[File](/kibana/app/dashboards#/view/4923ad00-6349-11ec-864c-8b5450f97635) | [Network](/kibana/app/dashboards#/view/49d34770-53b2-11ec-b3ef-6bcc33056a36) | [Process](/kibana/app/dashboards#/view/790991a0-6287-11ec-864c-8b5450f97635) | [Registry](/kibana/app/dashboards#/view/a6c6c880-63f7-11ec-864c-8b5450f97635)\\n\\n**Endgame Console**  \\n [Dashboard](https:///dashboard) | [Alerts](https:///alerts/dashboard)\"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"754f7380-6d82-11ec-864c-8b5450f97635","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"},{"id":"0b963f20-6f9c-11ec-864c-8b5450f97635","name":"tag-0b963f20-6f9c-11ec-864c-8b5450f97635","type":"tag"}],"sort":[1688996741503,4199],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5OTMsMV0="}
+{"attributes":{"columns":[],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.kind\",\"params\":{\"query\":\"alert\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"event.kind\":\"alert\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Endgame - Alert Search","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"3ab5c280-6f06-11ec-864c-8b5450f97635","migrationVersion":{"search":"8.0.0"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1688996741503,4202],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5OTQsMV0="}
+{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":10,\"h\":11,\"i\":\"3aa898cc-eaa4-47ea-962f-fd5be8255144\"},\"panelIndex\":\"3aa898cc-eaa4-47ea-962f-fd5be8255144\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"Endgame - Navigation\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Admin](/kibana/app/dashboards#/view/6063a9e0-61b2-11ec-864c-8b5450f97635)     \\n \\n**Event Category**    \\n[Alert](https://PLACEHOLDER/kibana/app/dashboards#/view/0c8e61c0-67fc-11ec-864c-8b5450f97635) | \\n[File](/kibana/app/dashboards#/view/4923ad00-6349-11ec-864c-8b5450f97635) | [Network](/kibana/app/dashboards#/view/49d34770-53b2-11ec-b3ef-6bcc33056a36) | [Process](/kibana/app/dashboards#/view/790991a0-6287-11ec-864c-8b5450f97635) | [Authentication](/kibana/app/dashboards#/view/6c5aaff0-63f6-11ec-864c-8b5450f97635) | [Registry](/kibana/app/dashboards#/view/a6c6c880-63f7-11ec-864c-8b5450f97635)\\n\\n**Endgame**  \\n[Endgame Alerts](https:///alerts/dashboard)\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{},\"type\":\"visualization\"},\"panelRefName\":\"panel_3aa898cc-eaa4-47ea-962f-fd5be8255144\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"x\":10,\"y\":0,\"w\":9,\"h\":11,\"i\":\"1ab268d3-b117-4d65-b568-d53af35bebb4\"},\"panelIndex\":\"1ab268d3-b117-4d65-b568-d53af35bebb4\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_1ab268d3-b117-4d65-b568-d53af35bebb4\",\"type\":\"lens\",\"id\":\"914d4890-6e46-11ec-864c-8b5450f97635\"},{\"name\":\"panel_1ab268d3-b117-4d65-b568-d53af35bebb4\",\"type\":\"lens\",\"id\":\"914d4890-6e46-11ec-864c-8b5450f97635\"},{\"name\":\"panel_1ab268d3-b117-4d65-b568-d53af35bebb4\",\"type\":\"lens\",\"id\":\"914d4890-6e46-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-842f61f9-afc4-44dc-a6bd-e3cc66a8827b\"}],\"state\":{\"visualization\":{\"layerId\":\"842f61f9-afc4-44dc-a6bd-e3cc66a8827b\",\"accessor\":\"2834ba67-2809-442b-b80b-4b17d3a67d43\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"},\"query\":{\"query\":\"event.kind : \\\"alert\\\" \",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"842f61f9-afc4-44dc-a6bd-e3cc66a8827b\":{\"columns\":{\"2834ba67-2809-442b-b80b-4b17d3a67d43\":{\"label\":\" \",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"customLabel\":true}},\"columnOrder\":[\"2834ba67-2809-442b-b80b-4b17d3a67d43\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{},\"type\":\"lens\"},\"panelRefName\":\"panel_1ab268d3-b117-4d65-b568-d53af35bebb4\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"x\":19,\"y\":0,\"w\":29,\"h\":11,\"i\":\"41131702-4832-4ca2-a24c-2418181fa4bb\"},\"panelIndex\":\"41131702-4832-4ca2-a24c-2418181fa4bb\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_41131702-4832-4ca2-a24c-2418181fa4bb\",\"type\":\"lens\",\"id\":\"d94cae10-6e46-11ec-864c-8b5450f97635\"},{\"name\":\"panel_41131702-4832-4ca2-a24c-2418181fa4bb\",\"type\":\"lens\",\"id\":\"d94cae10-6e46-11ec-864c-8b5450f97635\"},{\"name\":\"panel_41131702-4832-4ca2-a24c-2418181fa4bb\",\"type\":\"lens\",\"id\":\"d94cae10-6e46-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-0600494b-6f03-450b-8dab-981005aedf32\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar\",\"layers\":[{\"layerId\":\"0600494b-6f03-450b-8dab-981005aedf32\",\"accessors\":[\"34e0e2cc-aab4-4581-9bc4-aba527024007\"],\"position\":\"top\",\"seriesType\":\"bar\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"0f00561d-d6d7-46b2-af59-4ea225a9893a\"}]},\"query\":{\"query\":\"event.kind : \\\"alert\\\" \",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"0600494b-6f03-450b-8dab-981005aedf32\":{\"columns\":{\"0f00561d-d6d7-46b2-af59-4ea225a9893a\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true}},\"34e0e2cc-aab4-4581-9bc4-aba527024007\":{\"label\":\"Count\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}}},\"customLabel\":true}},\"columnOrder\":[\"0f00561d-d6d7-46b2-af59-4ea225a9893a\",\"34e0e2cc-aab4-4581-9bc4-aba527024007\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Endgame - Alerts Log Count Over Time\",\"panelRefName\":\"panel_41131702-4832-4ca2-a24c-2418181fa4bb\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":11,\"w\":8,\"h\":15,\"i\":\"126f7572-997b-441a-a124-a342a75325d5\"},\"panelIndex\":\"126f7572-997b-441a-a124-a342a75325d5\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_126f7572-997b-441a-a124-a342a75325d5\",\"type\":\"lens\",\"id\":\"f376b820-6e47-11ec-864c-8b5450f97635\"},{\"name\":\"panel_126f7572-997b-441a-a124-a342a75325d5\",\"type\":\"lens\",\"id\":\"f376b820-6e47-11ec-864c-8b5450f97635\"},{\"name\":\"panel_126f7572-997b-441a-a124-a342a75325d5\",\"type\":\"lens\",\"id\":\"f376b820-6e47-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-3b6026b4-9c36-4fbc-9f90-bd5580303bea\"}],\"state\":{\"visualization\":{\"layerId\":\"3b6026b4-9c36-4fbc-9f90-bd5580303bea\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"d3b0fc48-6659-4b1a-b57d-a8b2ee3e8721\"},{\"columnId\":\"ff0a89b4-427d-4739-bb83-86794a1f4289\"}],\"rowHeight\":\"single\",\"rowHeightLines\":1},\"query\":{\"query\":\"event.kind : \\\"alert\\\" \",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"3b6026b4-9c36-4fbc-9f90-bd5580303bea\":{\"columns\":{\"d3b0fc48-6659-4b1a-b57d-a8b2ee3e8721\":{\"label\":\"user.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user.name\",\"isBucketed\":true,\"params\":{\"size\":20,\"orderBy\":{\"type\":\"column\",\"columnId\":\"ff0a89b4-427d-4739-bb83-86794a1f4289\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"ff0a89b4-427d-4739-bb83-86794a1f4289\":{\"label\":\"Count\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"customLabel\":true}},\"columnOrder\":[\"d3b0fc48-6659-4b1a-b57d-a8b2ee3e8721\",\"ff0a89b4-427d-4739-bb83-86794a1f4289\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Endgame - Alerts Users\",\"panelRefName\":\"panel_126f7572-997b-441a-a124-a342a75325d5\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"x\":8,\"y\":11,\"w\":16,\"h\":15,\"i\":\"146912f3-f4f8-4cc3-9226-6f516dd3c3da\"},\"panelIndex\":\"146912f3-f4f8-4cc3-9226-6f516dd3c3da\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_146912f3-f4f8-4cc3-9226-6f516dd3c3da\",\"type\":\"lens\",\"id\":\"0406add0-6e48-11ec-864c-8b5450f97635\"},{\"name\":\"panel_146912f3-f4f8-4cc3-9226-6f516dd3c3da\",\"type\":\"lens\",\"id\":\"0406add0-6e48-11ec-864c-8b5450f97635\"},{\"name\":\"panel_146912f3-f4f8-4cc3-9226-6f516dd3c3da\",\"type\":\"lens\",\"id\":\"0406add0-6e48-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-9643f560-7a46-408c-b61d-ed2a87fc6103\"}],\"state\":{\"visualization\":{\"shape\":\"treemap\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"layers\":[{\"layerId\":\"9643f560-7a46-408c-b61d-ed2a87fc6103\",\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"layerType\":\"data\",\"legendSize\":\"auto\",\"primaryGroups\":[\"305b2f21-9981-40d5-a79b-f7a78eea89b4\"],\"metrics\":[\"3520723b-f0f3-4845-975c-e97380d8124b\"]}]},\"query\":{\"query\":\"event.kind : \\\"alert\\\" \",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9643f560-7a46-408c-b61d-ed2a87fc6103\":{\"columns\":{\"305b2f21-9981-40d5-a79b-f7a78eea89b4\":{\"label\":\"process.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"process.name\",\"isBucketed\":true,\"params\":{\"size\":20,\"orderBy\":{\"type\":\"column\",\"columnId\":\"3520723b-f0f3-4845-975c-e97380d8124b\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"3520723b-f0f3-4845-975c-e97380d8124b\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"columnOrder\":[\"305b2f21-9981-40d5-a79b-f7a78eea89b4\",\"3520723b-f0f3-4845-975c-e97380d8124b\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{\"dynamicActions\":{\"events\":[]}},\"type\":\"lens\"},\"title\":\"Endgame - Alerts Processes\",\"panelRefName\":\"panel_146912f3-f4f8-4cc3-9226-6f516dd3c3da\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":11,\"w\":24,\"h\":15,\"i\":\"7a533f92-16c8-4f34-b31b-8055cce33284\"},\"panelIndex\":\"7a533f92-16c8-4f34-b31b-8055cce33284\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"panelRefName\":\"panel_7a533f92-16c8-4f34-b31b-8055cce33284\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":26,\"w\":48,\"h\":13,\"i\":\"37330ea4-1070-465d-8356-97f438a273f9\"},\"panelIndex\":\"37330ea4-1070-465d-8356-97f438a273f9\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_37330ea4-1070-465d-8356-97f438a273f9\",\"type\":\"lens\",\"id\":\"ca0f3e20-6e48-11ec-864c-8b5450f97635\"},{\"name\":\"panel_37330ea4-1070-465d-8356-97f438a273f9\",\"type\":\"lens\",\"id\":\"ca0f3e20-6e48-11ec-864c-8b5450f97635\"},{\"name\":\"panel_37330ea4-1070-465d-8356-97f438a273f9\",\"type\":\"lens\",\"id\":\"ca0f3e20-6e48-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-46832f84-f86b-4914-a3ac-aaeda9f09cf7\"}],\"state\":{\"visualization\":{\"layerId\":\"46832f84-f86b-4914-a3ac-aaeda9f09cf7\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"77069155-4e9a-4727-b888-648fed60258e\",\"isTransposed\":false},{\"columnId\":\"e7878efe-2181-449d-afd3-771296665829\",\"isTransposed\":false,\"alignment\":\"center\"},{\"isTransposed\":false,\"columnId\":\"738c056c-c4eb-4855-a690-90fa5b9e23f8\"},{\"isTransposed\":false,\"columnId\":\"02c8c47e-9b96-4384-b467-1fd9cff2b78b\"},{\"isTransposed\":false,\"columnId\":\"d61f74aa-1899-4881-a2cc-d0dc7cbf28df\"},{\"isTransposed\":false,\"columnId\":\"6de07e81-5ee7-4885-af47-26b401667757\"},{\"isTransposed\":false,\"columnId\":\"895abdf3-8c99-4473-a904-b379d478aae1\"},{\"columnId\":\"e30b3573-c58d-4b82-853d-70c1d090d641\",\"isTransposed\":false,\"hidden\":true}],\"rowHeight\":\"single\",\"rowHeightLines\":1},\"query\":{\"query\":\"event.kind : \\\"alert\\\" \",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"46832f84-f86b-4914-a3ac-aaeda9f09cf7\":{\"columns\":{\"77069155-4e9a-4727-b888-648fed60258e\":{\"label\":\"event.id (click on + to go to Endgame)\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"event.id\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e30b3573-c58d-4b82-853d-70c1d090d641\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"e7878efe-2181-449d-afd3-771296665829\":{\"label\":\"Severity\",\"dataType\":\"number\",\"operationType\":\"range\",\"sourceField\":\"event.severity\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"type\":\"histogram\",\"ranges\":[{\"from\":0,\"to\":1000,\"label\":\"\"}],\"maxBars\":\"auto\"},\"customLabel\":true},\"738c056c-c4eb-4855-a690-90fa5b9e23f8\":{\"label\":\"Category\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"event.category\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e30b3573-c58d-4b82-853d-70c1d090d641\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"02c8c47e-9b96-4384-b467-1fd9cff2b78b\":{\"label\":\"process.command_line\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"process.command_line\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e30b3573-c58d-4b82-853d-70c1d090d641\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"d61f74aa-1899-4881-a2cc-d0dc7cbf28df\":{\"label\":\"process.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"process.name\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e30b3573-c58d-4b82-853d-70c1d090d641\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"6de07e81-5ee7-4885-af47-26b401667757\":{\"label\":\"file.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"file.name\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e30b3573-c58d-4b82-853d-70c1d090d641\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"895abdf3-8c99-4473-a904-b379d478aae1\":{\"label\":\"host.domain\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.domain\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e30b3573-c58d-4b82-853d-70c1d090d641\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"e30b3573-c58d-4b82-853d-70c1d090d641\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"columnOrder\":[\"77069155-4e9a-4727-b888-648fed60258e\",\"e7878efe-2181-449d-afd3-771296665829\",\"738c056c-c4eb-4855-a690-90fa5b9e23f8\",\"02c8c47e-9b96-4384-b467-1fd9cff2b78b\",\"d61f74aa-1899-4881-a2cc-d0dc7cbf28df\",\"6de07e81-5ee7-4885-af47-26b401667757\",\"895abdf3-8c99-4473-a904-b379d478aae1\",\"e30b3573-c58d-4b82-853d-70c1d090d641\"],\"incompleteColumns\":{}}}}}}},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"28bd4c58-580b-4d1c-b65e-3ddef0fee644\",\"triggers\":[\"VALUE_CLICK_TRIGGER\"],\"action\":{\"factoryId\":\"URL_DRILLDOWN\",\"name\":\"Open event in Endgame\",\"config\":{\"url\":{\"template\":\"https:///alerts/{{event.value}}\"},\"openInNewTab\":true,\"encodeUrl\":false}}}]}},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Endgame - Alerts Event\",\"panelRefName\":\"panel_37330ea4-1070-465d-8356-97f438a273f9\"},{\"version\":\"7.15.2\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":39,\"w\":48,\"h\":18,\"i\":\"b3f00dae-22f1-4455-a672-087870874671\"},\"panelIndex\":\"b3f00dae-22f1-4455-a672-087870874671\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b3f00dae-22f1-4455-a672-087870874671\"}]","timeRestore":false,"title":"Endgame - Alerts","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"0c8e61c0-67fc-11ec-864c-8b5450f97635","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"754f7380-6d82-11ec-864c-8b5450f97635","name":"3aa898cc-eaa4-47ea-962f-fd5be8255144:panel_3aa898cc-eaa4-47ea-962f-fd5be8255144","type":"visualization"},{"id":"914d4890-6e46-11ec-864c-8b5450f97635","name":"1ab268d3-b117-4d65-b568-d53af35bebb4:panel_1ab268d3-b117-4d65-b568-d53af35bebb4","type":"lens"},{"id":"914d4890-6e46-11ec-864c-8b5450f97635","name":"1ab268d3-b117-4d65-b568-d53af35bebb4:panel_1ab268d3-b117-4d65-b568-d53af35bebb4","type":"lens"},{"id":"914d4890-6e46-11ec-864c-8b5450f97635","name":"1ab268d3-b117-4d65-b568-d53af35bebb4:panel_1ab268d3-b117-4d65-b568-d53af35bebb4","type":"lens"},{"id":"914d4890-6e46-11ec-864c-8b5450f97635","name":"1ab268d3-b117-4d65-b568-d53af35bebb4:panel_1ab268d3-b117-4d65-b568-d53af35bebb4","type":"lens"},{"id":"endgame-*","name":"1ab268d3-b117-4d65-b568-d53af35bebb4:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"1ab268d3-b117-4d65-b568-d53af35bebb4:indexpattern-datasource-layer-842f61f9-afc4-44dc-a6bd-e3cc66a8827b","type":"index-pattern"},{"id":"d94cae10-6e46-11ec-864c-8b5450f97635","name":"41131702-4832-4ca2-a24c-2418181fa4bb:panel_41131702-4832-4ca2-a24c-2418181fa4bb","type":"lens"},{"id":"d94cae10-6e46-11ec-864c-8b5450f97635","name":"41131702-4832-4ca2-a24c-2418181fa4bb:panel_41131702-4832-4ca2-a24c-2418181fa4bb","type":"lens"},{"id":"d94cae10-6e46-11ec-864c-8b5450f97635","name":"41131702-4832-4ca2-a24c-2418181fa4bb:panel_41131702-4832-4ca2-a24c-2418181fa4bb","type":"lens"},{"id":"d94cae10-6e46-11ec-864c-8b5450f97635","name":"41131702-4832-4ca2-a24c-2418181fa4bb:panel_41131702-4832-4ca2-a24c-2418181fa4bb","type":"lens"},{"id":"endgame-*","name":"41131702-4832-4ca2-a24c-2418181fa4bb:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"41131702-4832-4ca2-a24c-2418181fa4bb:indexpattern-datasource-layer-0600494b-6f03-450b-8dab-981005aedf32","type":"index-pattern"},{"id":"f376b820-6e47-11ec-864c-8b5450f97635","name":"126f7572-997b-441a-a124-a342a75325d5:panel_126f7572-997b-441a-a124-a342a75325d5","type":"lens"},{"id":"f376b820-6e47-11ec-864c-8b5450f97635","name":"126f7572-997b-441a-a124-a342a75325d5:panel_126f7572-997b-441a-a124-a342a75325d5","type":"lens"},{"id":"f376b820-6e47-11ec-864c-8b5450f97635","name":"126f7572-997b-441a-a124-a342a75325d5:panel_126f7572-997b-441a-a124-a342a75325d5","type":"lens"},{"id":"f376b820-6e47-11ec-864c-8b5450f97635","name":"126f7572-997b-441a-a124-a342a75325d5:panel_126f7572-997b-441a-a124-a342a75325d5","type":"lens"},{"id":"endgame-*","name":"126f7572-997b-441a-a124-a342a75325d5:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"126f7572-997b-441a-a124-a342a75325d5:indexpattern-datasource-layer-3b6026b4-9c36-4fbc-9f90-bd5580303bea","type":"index-pattern"},{"id":"0406add0-6e48-11ec-864c-8b5450f97635","name":"146912f3-f4f8-4cc3-9226-6f516dd3c3da:panel_146912f3-f4f8-4cc3-9226-6f516dd3c3da","type":"lens"},{"id":"0406add0-6e48-11ec-864c-8b5450f97635","name":"146912f3-f4f8-4cc3-9226-6f516dd3c3da:panel_146912f3-f4f8-4cc3-9226-6f516dd3c3da","type":"lens"},{"id":"0406add0-6e48-11ec-864c-8b5450f97635","name":"146912f3-f4f8-4cc3-9226-6f516dd3c3da:panel_146912f3-f4f8-4cc3-9226-6f516dd3c3da","type":"lens"},{"id":"0406add0-6e48-11ec-864c-8b5450f97635","name":"146912f3-f4f8-4cc3-9226-6f516dd3c3da:panel_146912f3-f4f8-4cc3-9226-6f516dd3c3da","type":"lens"},{"id":"endgame-*","name":"146912f3-f4f8-4cc3-9226-6f516dd3c3da:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"146912f3-f4f8-4cc3-9226-6f516dd3c3da:indexpattern-datasource-layer-9643f560-7a46-408c-b61d-ed2a87fc6103","type":"index-pattern"},{"id":"1fd82420-6e3a-11ec-864c-8b5450f97635","name":"7a533f92-16c8-4f34-b31b-8055cce33284:panel_7a533f92-16c8-4f34-b31b-8055cce33284","type":"lens"},{"id":"ca0f3e20-6e48-11ec-864c-8b5450f97635","name":"37330ea4-1070-465d-8356-97f438a273f9:panel_37330ea4-1070-465d-8356-97f438a273f9","type":"lens"},{"id":"ca0f3e20-6e48-11ec-864c-8b5450f97635","name":"37330ea4-1070-465d-8356-97f438a273f9:panel_37330ea4-1070-465d-8356-97f438a273f9","type":"lens"},{"id":"ca0f3e20-6e48-11ec-864c-8b5450f97635","name":"37330ea4-1070-465d-8356-97f438a273f9:panel_37330ea4-1070-465d-8356-97f438a273f9","type":"lens"},{"id":"ca0f3e20-6e48-11ec-864c-8b5450f97635","name":"37330ea4-1070-465d-8356-97f438a273f9:panel_37330ea4-1070-465d-8356-97f438a273f9","type":"lens"},{"id":"endgame-*","name":"37330ea4-1070-465d-8356-97f438a273f9:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"37330ea4-1070-465d-8356-97f438a273f9:indexpattern-datasource-layer-46832f84-f86b-4914-a3ac-aaeda9f09cf7","type":"index-pattern"},{"id":"3ab5c280-6f06-11ec-864c-8b5450f97635","name":"b3f00dae-22f1-4455-a672-087870874671:panel_b3f00dae-22f1-4455-a672-087870874671","type":"search"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1688996741503,4237],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5OTUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RADIUS - Reply","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - RADIUS - Reply\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"radius.reply_message.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"radius.reply_message.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Reply\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"0ca071b0-75c5-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4239],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5OTYsMV0="}
+{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.module:sysmon\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Security Onion - Sysmon","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"6281da80-c780-11ea-bebb-37c5ab5894ea","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4241],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5OTcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security Onion - Sysmon Datasets","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.dataset.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dataset\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Hostname\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"Security Onion - Sysmon Datasets\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"0caa7df0-c781-11ea-bebb-37c5ab5894ea","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"6281da80-c780-11ea-bebb-37c5ab5894ea","name":"search_0","type":"search"}],"sort":[1688996741503,4243],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5OTgsMV0="}
+{"attributes":{"columns":[],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"tags:conn\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Security Onion - Connections","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4245],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzM5OTksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Connections Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Connections Over Time\",\"type\":\"line\",\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date_range\",\"params\":{\"id\":\"date\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}}},\"params\":{},\"label\":\"@timestamp date ranges\",\"aggType\":\"date_range\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"linear\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"34721460-6ebc-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1688996741503,4247],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwMDAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Connections - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Connections - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"c9121690-6ea0-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1688996741503,4249],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwMDEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Connections - State","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Connections - State\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"connection.state.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"connection.state.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"State\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"23b65290-6ea2-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1688996741503,4251],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwMDIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Connections - State (Desc)","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"connection.state_description.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Connection State\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"Security Onion - Connections - State (Desc)\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"dc3f2c10-c6d6-11ea-bebb-37c5ab5894ea","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4253],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwMDMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Connections - Client Bytes","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Connections - Client Bytes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Client Bytes\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client.bytes\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client Bytes\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"98f6e9d0-6ea1-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1688996741503,4255],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwMDQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Connections - Responder Bytes","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Connections - Responder Bytes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Server Bytes\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server.bytes\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server Bytes\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"70565ec0-6ea1-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1688996741503,4257],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwMDUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Connections - History","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Connections - History\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"connection.history.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"History\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"5414ad60-6ea2-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1688996741503,4259],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwMDYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:conn\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":9,\"i\":\"a05b7540-74b1-40db-b1d6-0e151f5bbaba\"},\"panelIndex\":\"a05b7540-74b1-40db-b1d6-0e151f5bbaba\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a05b7540-74b1-40db-b1d6-0e151f5bbaba\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":13,\"y\":0,\"w\":13,\"h\":9,\"i\":\"78f096e9-6e6b-4144-a63f-3767deab6c8c\"},\"panelIndex\":\"78f096e9-6e6b-4144-a63f-3767deab6c8c\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_78f096e9-6e6b-4144-a63f-3767deab6c8c\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":26,\"y\":0,\"w\":22,\"h\":9,\"i\":\"f24faa4b-0270-44e6-af45-639e2d39c2c3\"},\"panelIndex\":\"f24faa4b-0270-44e6-af45-639e2d39c2c3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f24faa4b-0270-44e6-af45-639e2d39c2c3\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":11,\"h\":18,\"i\":\"8cc3f2ee-fcc8-4ddb-8f44-ec0b08da4756\"},\"panelIndex\":\"8cc3f2ee-fcc8-4ddb-8f44-ec0b08da4756\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8cc3f2ee-fcc8-4ddb-8f44-ec0b08da4756\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":11,\"y\":9,\"w\":12,\"h\":18,\"i\":\"5558d00d-f3fd-4051-96a4-384134149228\"},\"panelIndex\":\"5558d00d-f3fd-4051-96a4-384134149228\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5558d00d-f3fd-4051-96a4-384134149228\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":23,\"y\":9,\"w\":13,\"h\":18,\"i\":\"ccdbd90c-299e-4e60-a139-1505f1329071\"},\"panelIndex\":\"ccdbd90c-299e-4e60-a139-1505f1329071\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_ccdbd90c-299e-4e60-a139-1505f1329071\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":9,\"w\":12,\"h\":18,\"i\":\"d678bf2f-f183-4981-9142-976880029daa\"},\"panelIndex\":\"d678bf2f-f183-4981-9142-976880029daa\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_d678bf2f-f183-4981-9142-976880029daa\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":27,\"w\":19,\"h\":18,\"i\":\"97f0546b-01c5-41c1-9316-099f2b3c8d91\"},\"panelIndex\":\"97f0546b-01c5-41c1-9316-099f2b3c8d91\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_97f0546b-01c5-41c1-9316-099f2b3c8d91\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":19,\"y\":27,\"w\":9,\"h\":18,\"i\":\"598bda31-1136-4474-9384-451491a71d23\"},\"panelIndex\":\"598bda31-1136-4474-9384-451491a71d23\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":\"desc\"}}},\"enhancements\":{}},\"panelRefName\":\"panel_598bda31-1136-4474-9384-451491a71d23\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":27,\"w\":9,\"h\":18,\"i\":\"8192def5-399b-4728-8646-edf393b63b7e\"},\"panelIndex\":\"8192def5-399b-4728-8646-edf393b63b7e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8192def5-399b-4728-8646-edf393b63b7e\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":37,\"y\":27,\"w\":11,\"h\":18,\"i\":\"755322ff-13a8-4121-a2db-6322c037e8b3\"},\"panelIndex\":\"755322ff-13a8-4121-a2db-6322c037e8b3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_755322ff-13a8-4121-a2db-6322c037e8b3\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":45,\"w\":48,\"h\":29,\"i\":\"a03bb16a-9d36-4cad-91a3-256b29489fd7\"},\"panelIndex\":\"a03bb16a-9d36-4cad-91a3-256b29489fd7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a03bb16a-9d36-4cad-91a3-256b29489fd7\"}]","timeRestore":false,"title":"Security Onion - Connections","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"0cc628b0-6e9f-11ea-9266-1fd14ca6af34","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"a05b7540-74b1-40db-b1d6-0e151f5bbaba:panel_a05b7540-74b1-40db-b1d6-0e151f5bbaba","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"78f096e9-6e6b-4144-a63f-3767deab6c8c:panel_78f096e9-6e6b-4144-a63f-3767deab6c8c","type":"visualization"},{"id":"34721460-6ebc-11ea-9266-1fd14ca6af34","name":"f24faa4b-0270-44e6-af45-639e2d39c2c3:panel_f24faa4b-0270-44e6-af45-639e2d39c2c3","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"8cc3f2ee-fcc8-4ddb-8f44-ec0b08da4756:panel_8cc3f2ee-fcc8-4ddb-8f44-ec0b08da4756","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"5558d00d-f3fd-4051-96a4-384134149228:panel_5558d00d-f3fd-4051-96a4-384134149228","type":"visualization"},{"id":"c9121690-6ea0-11ea-9266-1fd14ca6af34","name":"ccdbd90c-299e-4e60-a139-1505f1329071:panel_ccdbd90c-299e-4e60-a139-1505f1329071","type":"visualization"},{"id":"23b65290-6ea2-11ea-9266-1fd14ca6af34","name":"d678bf2f-f183-4981-9142-976880029daa:panel_d678bf2f-f183-4981-9142-976880029daa","type":"visualization"},{"id":"dc3f2c10-c6d6-11ea-bebb-37c5ab5894ea","name":"97f0546b-01c5-41c1-9316-099f2b3c8d91:panel_97f0546b-01c5-41c1-9316-099f2b3c8d91","type":"visualization"},{"id":"98f6e9d0-6ea1-11ea-9266-1fd14ca6af34","name":"598bda31-1136-4474-9384-451491a71d23:panel_598bda31-1136-4474-9384-451491a71d23","type":"visualization"},{"id":"70565ec0-6ea1-11ea-9266-1fd14ca6af34","name":"8192def5-399b-4728-8646-edf393b63b7e:panel_8192def5-399b-4728-8646-edf393b63b7e","type":"visualization"},{"id":"5414ad60-6ea2-11ea-9266-1fd14ca6af34","name":"755322ff-13a8-4121-a2db-6322c037e8b3:panel_755322ff-13a8-4121-a2db-6322c037e8b3","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"a03bb16a-9d36-4cad-91a3-256b29489fd7:panel_a03bb16a-9d36-4cad-91a3-256b29489fd7","type":"search"}],"sort":[1688996741503,4272],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwMDcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.category.keyword : \\\"process\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Endgame - All Event.Cat:Process Logs","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Endgame - All Event.Cat:Process Logs\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":42}}}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"0d0c0750-6348-11ec-864c-8b5450f97635","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1688996741503,4275],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwMDgsMV0="}
+{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_modbus\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Modbus - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"52dc9fe0-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4277],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwMDksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Modbus - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Modbus - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"0d168a30-363f-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"52dc9fe0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4279],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwMTAsMV0="}
+{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_weird\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Weird - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"e32d0d50-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4281],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwMTEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Weird - Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1},\"schema\":\"segment\",\"type\":\"date_histogram\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"@timestamp per 12 hours\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"legendSize\":\"auto\"},\"title\":\"Weird - Log Count Over TIme\",\"type\":\"line\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"0dbcade0-3642-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"e32d0d50-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4283],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwMTIsMV0="}
+{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_snmp\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"SNMP - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"b12150a0-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4285],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwMTMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SNMP - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SNMP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"0defabb0-36b9-11e7-9786-41a1d72e15ad","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"b12150a0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4287],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwMTQsMV0="}
+{"attributes":{"fieldFormatMap":"{\"network.community_id\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:network.community_id,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(network.community_id:'{{ value }}')))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"source.ip\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(('$state':(store:globalState),bool:(should:!((term:(source.ip:'{{ value }}')),(term:(destination.ip:'{{ value }}')))),meta:(alias:'source.ip:%20!'{{ value }}!'%20OR%20destination.ip:%20!'{{ value }}!'',disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:bool,negate:!f,type:custom,value:'%7B%22should%22:%5B%7B%22term%22:%7B%22source.ip%22:%2210.200.1.153%22%7D%7D,%7B%22term%22:%7B%22destination.ip%22:%2210.200.1.153%22%7D%7D%5D%7D'))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"destination.ip\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(('$state':(store:globalState),bool:(should:!((term:(source.ip:'{{ value }}')),(term:(destination.ip:'{{ value }}')))),meta:(alias:'source.ip:%20!'{{ value }}!'%20OR%20destination.ip:%20!'{{ value }}!'',disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:bool,negate:!f,type:custom,value:'%7B%22should%22:%5B%7B%22term%22:%7B%22source.ip%22:%2210.200.1.153%22%7D%7D,%7B%22term%22:%7B%22destination.ip%22:%2210.200.1.153%22%7D%7D%5D%7D'))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"source.port\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(('$state':(store:globalState),bool:(should:!((term:(source.port:'{{ value }}')),(term:(destination.port:'{{ value }}')))),meta:(alias:'source.port:%20!'{{ value }}!'%20OR%20destination.port:%20!'{{ value }}!'',disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:bool,negate:!f,type:custom,value:'%7B%22should%22:%5B%7B%22term%22:%7B%22source.port%22:%2210.200.1.153%22%7D%7D,%7B%22term%22:%7B%22destination.port%22:%2210.200.1.153%22%7D%7D%5D%7D'))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"destination.port\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(('$state':(store:globalState),bool:(should:!((term:(source.port:'{{ value }}')),(term:(destination.port:'{{ value }}')))),meta:(alias:'source.port:%20!'{{ value }}!'%20OR%20destination.port:%20!'{{ value }}!'',disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:bool,negate:!f,type:custom,value:'%7B%22should%22:%5B%7B%22term%22:%7B%22source.port%22:%2210.200.1.153%22%7D%7D,%7B%22term%22:%7B%22destination.port%22:%2210.200.1.153%22%7D%7D%5D%7D'))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"log.id.fuid\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:log.id.fuid,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(log.id.fuid:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"log.id.fuid.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:log.id.fuid,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(log.id.fuid:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"log.id.uid\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:log.id.uid,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(log.id.uid:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"log.id.uid.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:log.id.uid,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(log.id.uid:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"_id\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"https://PLACEHOLDER/#/hunt?q=_id%3A%22{{value}}%22\",\"labelTemplate\":\"Hunt and optionally pivot to PCAP/Cases\"}},\"client.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"server.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"event.dataset\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:event.dataset.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(event.dataset.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"event.dataset.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:event.dataset.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(event.dataset.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"event.module\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:event.module.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(event.module.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now%2Fw,to:now%2Fw))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"event.module.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:event.module.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(event.module.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now%2Fw,to:now%2Fw))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"agent.name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:agent.name.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(agent.name.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now%2Fw,to:now%2Fw))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"agent.name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:agent.name.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(agent.name.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now%2Fw,to:now%2Fw))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"rule.name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:rule.name,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(rule.name:'{{ value }}')))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:''),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"rule.name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:rule.name,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(rule.name:'{{ value }}')))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:''),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"osquery.result.live_query\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"https://PLACEHOLDER/fleet/queries/new?host_uuids={{rawValue}}\",\"labelTemplate\":\"Live Query\"}},\"osquery.result.live_query.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"https://PLACEHOLDER/fleet/queries/new?host_uuids={{rawValue}}\",\"labelTemplate\":\"Live Query\"}},\"connection.state_description\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:connection.state_description,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(connection.state_description:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"connection.state_description.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:connection.state_description,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(connection.state_description:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"rule.category.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:rule.category,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(rule.category:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"rule.category\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:rule.category,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(rule.category:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"rule.uuid\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:rule.uuid,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(rule.uuid:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"connection.history\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:connection.history,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(connection.history:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"connection.history.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:connection.history,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(connection.history:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.message_types\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.message_types,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(dhcp.message_types:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.message_types.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.message_types,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(dhcp.message_types:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.requested_address\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.requested_address,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dhcp.requested_address:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.requested_address.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.requested_address,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dhcp.requested_address:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.assigned_ip\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.assigned_ip,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dhcp.assigned_ip:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.assigned_ip.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.assigned_ip,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dhcp.assigned_ip:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"host.mac\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:host.mac,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(host.mac:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"host.mac.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:host.mac,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(host.mac:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.lease_time\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.lease_time,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dhcp.lease_time:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dns.query.name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dns.query.name,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dns.query.name:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dns.query.name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dns.query.name,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dns.query.name:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dns.answers.name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dns.answers.name,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dns.answers.name:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dns.answers.name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dns.answers.name,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dns.answers.name:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dns.response.code_name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dns.response.code_name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(dns.response.code_name:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dns.response.code_name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dns.response.code_name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(dns.response.code_name:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"file.name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:file.name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(file.name:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"file.mime_type\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:file.mime_type,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(file.mime_type:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"file.mime_type.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:file.mime_type,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(file.mime_type:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"file.name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:file.name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(file.name:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ftp.argument\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ftp.argument,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(ftp.argument:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ftp.argument.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ftp.argument,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(ftp.argument:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ftp.user\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ftp.user,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(ftp.user:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ftp.user.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ftp.user,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(ftp.user:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ftp.password\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ftp.password,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(ftp.password:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ftp.password.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ftp.password,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(ftp.password:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.useragent\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.useragent,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(http.useragent:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.useragent.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.useragent,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(http.useragent:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.method\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.method,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(http.method:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.method.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.method,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(http.method:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.virtual_host\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.virtual_host,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(http.virtual_host:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.virtual_host.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.virtual_host,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(http.virtual_host:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.uri.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.uri.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(http.uri.keyword:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.uri\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.uri.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(http.uri.keyword:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"notice.note.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:notice.note,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(notice.note:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"notice.message.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:notice.message,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(notice.message:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"notice.note\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:notice.note,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(notice.note:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"notice.message\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:notice.message,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(notice.message:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ssl.server_name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ssl.server_name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(ssl.server_name:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ssl.server_name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ssl.server_name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(ssl.server_name:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ssl.certificate.subject\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ssl.certificate.subject,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(ssl.certificate.subject:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ssl.certificate.subject.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ssl.certificate.subject,negate:!f,params:(query:'O%3DDefault%20Company%20Ltd,L%3DDefault%20City,C%3DXX'),type:phrase),query:(match_phrase:(ssl.certificate.subject:'O%3DDefault%20Company%20Ltd,L%3DDefault%20City,C%3DXX')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ssl.certificate.issuer\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ssl.certificate.issuer,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(ssl.certificate.issuer:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ssl.certificate.issuer.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ssl.certificate.issuer,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(ssl.certificate.issuer:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"syslog.facility_label\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:syslog.facility_label,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(syslog.facility_label:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"syslog.facility_label\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:syslog.facility_label,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(syslog.facility_label:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"syslog.severity_label\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:syslog.severity_label,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(syslog.severity_label:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"syslog.severity_label\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:syslog.severity_label,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(syslog.severity_label:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.certificate.subject\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.certificate.subject,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(x509.certificate.subject:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.certificate.subject.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.certificate.subject,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(x509.certificate.subject:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.certificate.issuer\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.certificate.issuer,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(x509.certificate.issuer:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.certificate.issuer.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.certificate.issuer,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(x509.certificate.issuer:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.san_dns\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.san_dns,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(x509.san_dns:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.san_dns.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.san_dns,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(x509.san_dns:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.certificate.key.type\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.certificate.key.type,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(x509.certificate.key.type:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:edit)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.certificate.key.type.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.certificate.key.type,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(x509.certificate.key.type:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:edit)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}}}","fields":"[{\"name\":\"@timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"@version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"agent.ephemeral_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.ephemeral_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.ephemeral_id\"}}},{\"name\":\"agent.ephemeral_id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"agent.ephemeral_id\"}}},{\"name\":\"agent.hostname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.hostname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.hostname\"}}},{\"name\":\"agent.hostname.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"agent.hostname\"}}},{\"name\":\"agent.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.id\"}}},{\"name\":\"agent.id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"agent.id\"}}},{\"name\":\"agent.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.name\"}}},{\"name\":\"agent.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"agent.name\"}}},{\"name\":\"agent.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.type\"}}},{\"name\":\"agent.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"agent.type\"}}},{\"name\":\"agent.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.version\"}}},{\"name\":\"agent.version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"agent.version\"}}},{\"name\":\"client.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"client.address\"}}},{\"name\":\"client.address.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"client.address\"}}},{\"name\":\"client.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.id.product\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.id.product.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"client.id.product\"}}},{\"name\":\"client.id.product.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"client.id.product\"}}},{\"name\":\"client.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.ip_bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"client.name\"}}},{\"name\":\"client.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"client.name\"}}},{\"name\":\"client.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.port\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.user_agent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.user_agent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"client.user_agent\"}}},{\"name\":\"client.user_agent.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"client.user_agent\"}}},{\"name\":\"connection.bytes.missed\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection.history\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection.history.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"connection.history\"}}},{\"name\":\"connection.history.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"connection.history\"}}},{\"name\":\"connection.local.originator\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection.local.responder\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"connection.state\"}}},{\"name\":\"connection.state.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"connection.state\"}}},{\"name\":\"connection.state_description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection.state_description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"connection.state_description\"}}},{\"name\":\"connection.state_description.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"connection.state_description\"}}},{\"name\":\"data.euid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.euid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.euid\"}}},{\"name\":\"data.euid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.euid\"}}},{\"name\":\"data.file\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.file.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.file\"}}},{\"name\":\"data.file.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.file\"}}},{\"name\":\"data.hardware.cpu_cores\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.cpu_cores.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.hardware.cpu_cores\"}}},{\"name\":\"data.hardware.cpu_cores.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.hardware.cpu_cores\"}}},{\"name\":\"data.hardware.cpu_mhz\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.cpu_mhz.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.hardware.cpu_mhz\"}}},{\"name\":\"data.hardware.cpu_mhz.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.hardware.cpu_mhz\"}}},{\"name\":\"data.hardware.cpu_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.cpu_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.hardware.cpu_name\"}}},{\"name\":\"data.hardware.cpu_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.hardware.cpu_name\"}}},{\"name\":\"data.hardware.ram_free\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.ram_free.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.hardware.ram_free\"}}},{\"name\":\"data.hardware.ram_free.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.hardware.ram_free\"}}},{\"name\":\"data.hardware.ram_total\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.ram_total.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.hardware.ram_total\"}}},{\"name\":\"data.hardware.ram_total.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.hardware.ram_total\"}}},{\"name\":\"data.hardware.ram_usage\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.ram_usage.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.hardware.ram_usage\"}}},{\"name\":\"data.hardware.ram_usage.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.hardware.ram_usage\"}}},{\"name\":\"data.hardware.serial\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.serial.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.hardware.serial\"}}},{\"name\":\"data.hardware.serial.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.hardware.serial\"}}},{\"name\":\"data.hotfix\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hotfix.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.hotfix\"}}},{\"name\":\"data.hotfix.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.hotfix\"}}},{\"name\":\"data.logname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.logname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.logname\"}}},{\"name\":\"data.logname.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.logname\"}}},{\"name\":\"data.netinfo.iface.adapter\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.adapter.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.adapter\"}}},{\"name\":\"data.netinfo.iface.adapter.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.adapter\"}}},{\"name\":\"data.netinfo.iface.ipv4.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.address\"}}},{\"name\":\"data.netinfo.iface.ipv4.address.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.address\"}}},{\"name\":\"data.netinfo.iface.ipv4.broadcast\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.broadcast.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.broadcast\"}}},{\"name\":\"data.netinfo.iface.ipv4.broadcast.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.broadcast\"}}},{\"name\":\"data.netinfo.iface.ipv4.dhcp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.dhcp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.dhcp\"}}},{\"name\":\"data.netinfo.iface.ipv4.dhcp.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.dhcp\"}}},{\"name\":\"data.netinfo.iface.ipv4.gateway\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.gateway.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.gateway\"}}},{\"name\":\"data.netinfo.iface.ipv4.gateway.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.gateway\"}}},{\"name\":\"data.netinfo.iface.ipv4.metric\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.metric.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.metric\"}}},{\"name\":\"data.netinfo.iface.ipv4.metric.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.metric\"}}},{\"name\":\"data.netinfo.iface.ipv4.netmask\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.netmask.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.netmask\"}}},{\"name\":\"data.netinfo.iface.ipv4.netmask.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.netmask\"}}},{\"name\":\"data.netinfo.iface.ipv6.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv6.address\"}}},{\"name\":\"data.netinfo.iface.ipv6.address.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv6.address\"}}},{\"name\":\"data.netinfo.iface.ipv6.dhcp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.dhcp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv6.dhcp\"}}},{\"name\":\"data.netinfo.iface.ipv6.dhcp.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv6.dhcp\"}}},{\"name\":\"data.netinfo.iface.ipv6.gateway\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.gateway.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv6.gateway\"}}},{\"name\":\"data.netinfo.iface.ipv6.gateway.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv6.gateway\"}}},{\"name\":\"data.netinfo.iface.ipv6.metric\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.metric.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv6.metric\"}}},{\"name\":\"data.netinfo.iface.ipv6.metric.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv6.metric\"}}},{\"name\":\"data.netinfo.iface.ipv6.netmask\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.netmask.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv6.netmask\"}}},{\"name\":\"data.netinfo.iface.ipv6.netmask.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv6.netmask\"}}},{\"name\":\"data.netinfo.iface.mac\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.mac.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.mac\"}}},{\"name\":\"data.netinfo.iface.mac.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.mac\"}}},{\"name\":\"data.netinfo.iface.mtu\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.mtu.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.mtu\"}}},{\"name\":\"data.netinfo.iface.mtu.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.mtu\"}}},{\"name\":\"data.netinfo.iface.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.name\"}}},{\"name\":\"data.netinfo.iface.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.name\"}}},{\"name\":\"data.netinfo.iface.rx_bytes\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_bytes.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.rx_bytes\"}}},{\"name\":\"data.netinfo.iface.rx_bytes.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.rx_bytes\"}}},{\"name\":\"data.netinfo.iface.rx_dropped\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_dropped.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.rx_dropped\"}}},{\"name\":\"data.netinfo.iface.rx_dropped.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.rx_dropped\"}}},{\"name\":\"data.netinfo.iface.rx_errors\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_errors.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.rx_errors\"}}},{\"name\":\"data.netinfo.iface.rx_errors.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.rx_errors\"}}},{\"name\":\"data.netinfo.iface.rx_packets\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_packets.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.rx_packets\"}}},{\"name\":\"data.netinfo.iface.rx_packets.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.rx_packets\"}}},{\"name\":\"data.netinfo.iface.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.state\"}}},{\"name\":\"data.netinfo.iface.state.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.state\"}}},{\"name\":\"data.netinfo.iface.tx_bytes\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_bytes.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.tx_bytes\"}}},{\"name\":\"data.netinfo.iface.tx_bytes.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.tx_bytes\"}}},{\"name\":\"data.netinfo.iface.tx_dropped\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_dropped.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.tx_dropped\"}}},{\"name\":\"data.netinfo.iface.tx_dropped.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.tx_dropped\"}}},{\"name\":\"data.netinfo.iface.tx_errors\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_errors.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.tx_errors\"}}},{\"name\":\"data.netinfo.iface.tx_errors.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.tx_errors\"}}},{\"name\":\"data.netinfo.iface.tx_packets\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_packets.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.tx_packets\"}}},{\"name\":\"data.netinfo.iface.tx_packets.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.tx_packets\"}}},{\"name\":\"data.netinfo.iface.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.type\"}}},{\"name\":\"data.netinfo.iface.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.type\"}}},{\"name\":\"data.os.architecture\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.architecture.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.architecture\"}}},{\"name\":\"data.os.architecture.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.architecture\"}}},{\"name\":\"data.os.build\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.build.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.build\"}}},{\"name\":\"data.os.build.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.build\"}}},{\"name\":\"data.os.hostname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.hostname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.hostname\"}}},{\"name\":\"data.os.hostname.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.hostname\"}}},{\"name\":\"data.os.major\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.major.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.major\"}}},{\"name\":\"data.os.major.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.major\"}}},{\"name\":\"data.os.minor\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.minor.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.minor\"}}},{\"name\":\"data.os.minor.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.minor\"}}},{\"name\":\"data.os.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.name\"}}},{\"name\":\"data.os.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.name\"}}},{\"name\":\"data.os.os_release\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.os_release.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.os_release\"}}},{\"name\":\"data.os.os_release.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.os_release\"}}},{\"name\":\"data.os.platform\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.platform.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.platform\"}}},{\"name\":\"data.os.platform.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.platform\"}}},{\"name\":\"data.os.release\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.release.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.release\"}}},{\"name\":\"data.os.release.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.release\"}}},{\"name\":\"data.os.release_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.release_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.release_version\"}}},{\"name\":\"data.os.release_version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.release_version\"}}},{\"name\":\"data.os.sysname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.sysname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.sysname\"}}},{\"name\":\"data.os.sysname.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.sysname\"}}},{\"name\":\"data.os.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.version\"}}},{\"name\":\"data.os.version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.version\"}}},{\"name\":\"data.port.inode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.inode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.inode\"}}},{\"name\":\"data.port.inode.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.inode\"}}},{\"name\":\"data.port.local_ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.local_ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.local_ip\"}}},{\"name\":\"data.port.local_ip.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.local_ip\"}}},{\"name\":\"data.port.local_port\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.local_port.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.local_port\"}}},{\"name\":\"data.port.local_port.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.local_port\"}}},{\"name\":\"data.port.pid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.pid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.pid\"}}},{\"name\":\"data.port.pid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.pid\"}}},{\"name\":\"data.port.process\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.process.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.process\"}}},{\"name\":\"data.port.process.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.process\"}}},{\"name\":\"data.port.protocol\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.protocol.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.protocol\"}}},{\"name\":\"data.port.protocol.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.protocol\"}}},{\"name\":\"data.port.remote_ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.remote_ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.remote_ip\"}}},{\"name\":\"data.port.remote_ip.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.remote_ip\"}}},{\"name\":\"data.port.remote_port\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.remote_port.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.remote_port\"}}},{\"name\":\"data.port.remote_port.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.remote_port\"}}},{\"name\":\"data.port.rx_queue\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.rx_queue.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.rx_queue\"}}},{\"name\":\"data.port.rx_queue.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.rx_queue\"}}},{\"name\":\"data.port.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.state\"}}},{\"name\":\"data.port.state.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.state\"}}},{\"name\":\"data.port.tx_queue\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.tx_queue.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.tx_queue\"}}},{\"name\":\"data.port.tx_queue.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.tx_queue\"}}},{\"name\":\"data.pwd\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.pwd.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.pwd\"}}},{\"name\":\"data.pwd.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.pwd\"}}},{\"name\":\"data.srcuser\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.srcuser.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.srcuser\"}}},{\"name\":\"data.srcuser.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.srcuser\"}}},{\"name\":\"data.title\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.title.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.title\"}}},{\"name\":\"data.title.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.title\"}}},{\"name\":\"data.tty\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.tty.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.tty\"}}},{\"name\":\"data.tty.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.tty\"}}},{\"name\":\"data.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.type\"}}},{\"name\":\"data.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.type\"}}},{\"name\":\"data.uid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.uid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.uid\"}}},{\"name\":\"data.uid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.uid\"}}},{\"name\":\"dce_rpc.endpoint\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dce_rpc.endpoint.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dce_rpc.endpoint\"}}},{\"name\":\"dce_rpc.endpoint.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dce_rpc.endpoint\"}}},{\"name\":\"dce_rpc.named_pipe\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dce_rpc.named_pipe.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dce_rpc.named_pipe\"}}},{\"name\":\"dce_rpc.named_pipe.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dce_rpc.named_pipe\"}}},{\"name\":\"dce_rpc.operation\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dce_rpc.operation.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dce_rpc.operation\"}}},{\"name\":\"dce_rpc.operation.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dce_rpc.operation\"}}},{\"name\":\"destination.geo.city_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.city_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.city_name\"}}},{\"name\":\"destination.geo.city_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"destination.geo.city_name\"}}},{\"name\":\"destination.geo.continent_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.continent_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.continent_name\"}}},{\"name\":\"destination.geo.continent_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"destination.geo.continent_name\"}}},{\"name\":\"destination.geo.country_iso_code\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.country_iso_code.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.country_iso_code\"}}},{\"name\":\"destination.geo.country_iso_code.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"destination.geo.country_iso_code\"}}},{\"name\":\"destination.geo.country_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.country_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.country_name\"}}},{\"name\":\"destination.geo.country_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"destination.geo.country_name\"}}},{\"name\":\"destination.geo.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.location.lat\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.location.lon\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.region_iso_code\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.region_iso_code.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.region_iso_code\"}}},{\"name\":\"destination.geo.region_iso_code.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"destination.geo.region_iso_code\"}}},{\"name\":\"destination.geo.region_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.region_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.region_name\"}}},{\"name\":\"destination.geo.region_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"destination.geo.region_name\"}}},{\"name\":\"destination.geo.timezone\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.timezone.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.timezone\"}}},{\"name\":\"destination.geo.timezone.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"destination.geo.timezone\"}}},{\"name\":\"destination.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.latitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.location\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.longitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dhcp.assigned_ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dhcp.assigned_ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dhcp.assigned_ip\"}}},{\"name\":\"dhcp.assigned_ip.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dhcp.assigned_ip\"}}},{\"name\":\"dhcp.lease_time\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dhcp.message_types\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dhcp.message_types.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dhcp.message_types\"}}},{\"name\":\"dhcp.message_types.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dhcp.message_types\"}}},{\"name\":\"dhcp.requested_address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dhcp.requested_address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dhcp.requested_address\"}}},{\"name\":\"dhcp.requested_address.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dhcp.requested_address\"}}},{\"name\":\"dnp3.fc_reply\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dnp3.fc_reply.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dnp3.fc_reply\"}}},{\"name\":\"dnp3.fc_reply.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dnp3.fc_reply\"}}},{\"name\":\"dnp3.fc_request\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dnp3.fc_request.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dnp3.fc_request\"}}},{\"name\":\"dnp3.fc_request.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dnp3.fc_request\"}}},{\"name\":\"dnp3.iin\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.answers.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.answers.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.answers.name\"}}},{\"name\":\"dns.answers.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dns.answers.name\"}}},{\"name\":\"dns.authoritative\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.highest_registered_domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.highest_registered_domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.highest_registered_domain\"}}},{\"name\":\"dns.highest_registered_domain.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dns.highest_registered_domain\"}}},{\"name\":\"dns.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.parent_domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.parent_domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.parent_domain\"}}},{\"name\":\"dns.parent_domain.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dns.parent_domain\"}}},{\"name\":\"dns.parent_domain_length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.query.class\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.query.class_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.query.class_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.query.class_name\"}}},{\"name\":\"dns.query.class_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dns.query.class_name\"}}},{\"name\":\"dns.query.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.query.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.query.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.query.name\"}}},{\"name\":\"dns.query.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dns.query.name\"}}},{\"name\":\"dns.query.rejected\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.query.type\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.query.type_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.query.type_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.query.type_name\"}}},{\"name\":\"dns.query.type_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dns.query.type_name\"}}},{\"name\":\"dns.recursion.available\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.recursion.desired\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.reserved\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.response.code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.response.code_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.response.code_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.response.code_name\"}}},{\"name\":\"dns.response.code_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dns.response.code_name\"}}},{\"name\":\"dns.subdomain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.subdomain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.subdomain\"}}},{\"name\":\"dns.subdomain.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dns.subdomain\"}}},{\"name\":\"dns.subdomain_length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.top_level_domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.top_level_domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.top_level_domain\"}}},{\"name\":\"dns.top_level_domain.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dns.top_level_domain\"}}},{\"name\":\"dns.truncated\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.ttls\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ecs.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ecs.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ecs.version\"}}},{\"name\":\"ecs.version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ecs.version\"}}},{\"name\":\"error.reason\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"error.reason.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"error.reason\"}}},{\"name\":\"error.reason.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"error.reason\"}}},{\"name\":\"event.acknowledged\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.action\"}}},{\"name\":\"event.action.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"event.action\"}}},{\"name\":\"event.category\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.category.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.category\"}}},{\"name\":\"event.category.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"event.category\"}}},{\"name\":\"event.code\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.code.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.code\"}}},{\"name\":\"event.code.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"event.code\"}}},{\"name\":\"event.created\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.created.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.created\"}}},{\"name\":\"event.created.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"event.created\"}}},{\"name\":\"event.dataset\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.dataset.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.dataset\"}}},{\"name\":\"event.dataset.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"event.dataset\"}}},{\"name\":\"event.duration\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.escalated\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.kind\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.kind.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.kind\"}}},{\"name\":\"event.kind.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"event.kind\"}}},{\"name\":\"event.module\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.module.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.module\"}}},{\"name\":\"event.module.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"event.module\"}}},{\"name\":\"event.provider\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.provider.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.provider\"}}},{\"name\":\"event.provider.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"event.provider\"}}},{\"name\":\"event.severity\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.severity_label\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.severity_label.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.severity_label\"}}},{\"name\":\"event.severity_label.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"event.severity_label\"}}},{\"name\":\"event.timestamp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.timestamp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.timestamp\"}}},{\"name\":\"event.timestamp.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"event.timestamp\"}}},{\"name\":\"file.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.action\"}}},{\"name\":\"file.action.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.action\"}}},{\"name\":\"file.analyzer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.analyzer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.analyzer\"}}},{\"name\":\"file.analyzer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.analyzer\"}}},{\"name\":\"file.aslr\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.bytes.missing\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.bytes.overflow\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.bytes.seen\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.bytes.total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.code_integrity\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.compile_timestamp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.compile_timestamp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.compile_timestamp\"}}},{\"name\":\"file.compile_timestamp.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.compile_timestamp\"}}},{\"name\":\"file.debug_data\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.dep\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.depth\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.description\"}}},{\"name\":\"file.description.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.description\"}}},{\"name\":\"file.extracted.cutoff\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.extracted.filename\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.extracted.filename.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.extracted.filename\"}}},{\"name\":\"file.extracted.filename.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.extracted.filename\"}}},{\"name\":\"file.flavors.mime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.flavors.mime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.flavors.mime\"}}},{\"name\":\"file.flavors.mime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.flavors.mime\"}}},{\"name\":\"file.flavors.yara\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.flavors.yara.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.flavors.yara\"}}},{\"name\":\"file.flavors.yara.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.flavors.yara\"}}},{\"name\":\"file.is_64bit\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.is_exe\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.is_orig\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.local_orig\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.machine\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.machine.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.machine\"}}},{\"name\":\"file.machine.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.machine\"}}},{\"name\":\"file.mime_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.mime_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.mime_type\"}}},{\"name\":\"file.mime_type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.mime_type\"}}},{\"name\":\"file.mimetype\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.mimetype.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.mimetype\"}}},{\"name\":\"file.mimetype.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.mimetype\"}}},{\"name\":\"file.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.name\"}}},{\"name\":\"file.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.name\"}}},{\"name\":\"file.orig_filenames\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.orig_filenames.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.orig_filenames\"}}},{\"name\":\"file.orig_filenames.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.orig_filenames\"}}},{\"name\":\"file.orig_mime_types\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.orig_mime_types.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.orig_mime_types\"}}},{\"name\":\"file.orig_mime_types.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.orig_mime_types\"}}},{\"name\":\"file.os\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.os.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.os\"}}},{\"name\":\"file.os.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.os\"}}},{\"name\":\"file.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.path\"}}},{\"name\":\"file.path.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.path\"}}},{\"name\":\"file.resp_filenames\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.resp_filenames.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.resp_filenames\"}}},{\"name\":\"file.resp_filenames.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.resp_filenames\"}}},{\"name\":\"file.resp_mime_types\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.resp_mime_types.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.resp_mime_types\"}}},{\"name\":\"file.resp_mime_types.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.resp_mime_types\"}}},{\"name\":\"file.scanners\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.scanners.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.scanners\"}}},{\"name\":\"file.scanners.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.scanners\"}}},{\"name\":\"file.section_names\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.section_names.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.section_names\"}}},{\"name\":\"file.section_names.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.section_names\"}}},{\"name\":\"file.seh\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.source\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.source.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.source\"}}},{\"name\":\"file.source.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.source\"}}},{\"name\":\"file.subsystem\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.subsystem.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.subsystem\"}}},{\"name\":\"file.subsystem.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.subsystem\"}}},{\"name\":\"file.table.cert\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.table.export\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.table.import\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.target\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.target.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.target\"}}},{\"name\":\"file.target.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.target\"}}},{\"name\":\"file.timed_out\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.times_accessed\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.times_accessed.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.times_accessed\"}}},{\"name\":\"file.times_accessed.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.times_accessed\"}}},{\"name\":\"file.times_changed\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.times_changed.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.times_changed\"}}},{\"name\":\"file.times_changed.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.times_changed\"}}},{\"name\":\"file.times_created\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.times_created.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.times_created\"}}},{\"name\":\"file.times_created.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.times_created\"}}},{\"name\":\"file.times_modified\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.times_modified.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.times_modified\"}}},{\"name\":\"file.times_modified.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.times_modified\"}}},{\"name\":\"file.tree.node\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.tree.node.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.tree.node\"}}},{\"name\":\"file.tree.node.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.tree.node\"}}},{\"name\":\"file.tree.parent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.tree.parent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.tree.parent\"}}},{\"name\":\"file.tree.parent.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.tree.parent\"}}},{\"name\":\"file.tree.root\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.tree.root.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.tree.root\"}}},{\"name\":\"file.tree.root.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.tree.root\"}}},{\"name\":\"ftp.argument\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp.argument.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ftp.argument\"}}},{\"name\":\"ftp.argument.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ftp.argument\"}}},{\"name\":\"ftp.command\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp.command.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ftp.command\"}}},{\"name\":\"ftp.command.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ftp.command\"}}},{\"name\":\"ftp.data_channel_destination.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp.data_channel_destination.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp.data_channel_passive\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp.data_channel_source.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp.password\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp.password.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ftp.password\"}}},{\"name\":\"ftp.password.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ftp.password\"}}},{\"name\":\"ftp.user\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp.user.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ftp.user\"}}},{\"name\":\"ftp.user.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ftp.user\"}}},{\"name\":\"geoip.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.latitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.location\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.longitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hash.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hash.hassh\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.hassh.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.hassh\"}}},{\"name\":\"hash.hassh.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"hash.hassh\"}}},{\"name\":\"hash.ja3\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.ja3.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.ja3\"}}},{\"name\":\"hash.ja3.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"hash.ja3\"}}},{\"name\":\"hash.ja3s\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.ja3s.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.ja3s\"}}},{\"name\":\"hash.ja3s.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"hash.ja3s\"}}},{\"name\":\"hash.md5\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.md5.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.md5\"}}},{\"name\":\"hash.md5.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"hash.md5\"}}},{\"name\":\"hash.sha1\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.sha1.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.sha1\"}}},{\"name\":\"hash.sha1.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"hash.sha1\"}}},{\"name\":\"hash.sha256\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.sha256.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.sha256\"}}},{\"name\":\"hash.sha256.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"hash.sha256\"}}},{\"name\":\"hash.ssdeep\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.ssdeep.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.ssdeep\"}}},{\"name\":\"hash.ssdeep.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"hash.ssdeep\"}}},{\"name\":\"host.architecture\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.architecture.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.architecture\"}}},{\"name\":\"host.architecture.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.architecture\"}}},{\"name\":\"host.domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.domain\"}}},{\"name\":\"host.domain.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.domain\"}}},{\"name\":\"host.hostname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.hostname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.hostname\"}}},{\"name\":\"host.hostname.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.hostname\"}}},{\"name\":\"host.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.id\"}}},{\"name\":\"host.id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.id\"}}},{\"name\":\"host.mac\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.mac.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.mac\"}}},{\"name\":\"host.mac.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.mac\"}}},{\"name\":\"host.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.name\"}}},{\"name\":\"host.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.name\"}}},{\"name\":\"host.os.build\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.build.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.build\"}}},{\"name\":\"host.os.build.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.os.build\"}}},{\"name\":\"host.os.family\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.family.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.family\"}}},{\"name\":\"host.os.family.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.os.family\"}}},{\"name\":\"host.os.kernel\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.kernel.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.kernel\"}}},{\"name\":\"host.os.kernel.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.os.kernel\"}}},{\"name\":\"host.os.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.name\"}}},{\"name\":\"host.os.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.os.name\"}}},{\"name\":\"host.os.platform\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.platform.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.platform\"}}},{\"name\":\"host.os.platform.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.os.platform\"}}},{\"name\":\"host.os.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.version\"}}},{\"name\":\"host.os.version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.os.version\"}}},{\"name\":\"host.syscheck.changed_attributes\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.changed_attributes.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.changed_attributes\"}}},{\"name\":\"host.syscheck.changed_attributes.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.changed_attributes\"}}},{\"name\":\"host.syscheck.event\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.event.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.event\"}}},{\"name\":\"host.syscheck.event.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.event\"}}},{\"name\":\"host.syscheck.gid_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.gid_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.gid_after\"}}},{\"name\":\"host.syscheck.gid_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.gid_after\"}}},{\"name\":\"host.syscheck.gname_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.gname_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.gname_after\"}}},{\"name\":\"host.syscheck.gname_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.gname_after\"}}},{\"name\":\"host.syscheck.inode_after\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.syscheck.md5_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.md5_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.md5_after\"}}},{\"name\":\"host.syscheck.md5_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.md5_after\"}}},{\"name\":\"host.syscheck.md5_before\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.md5_before.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.md5_before\"}}},{\"name\":\"host.syscheck.md5_before.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.md5_before\"}}},{\"name\":\"host.syscheck.mode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.mode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.mode\"}}},{\"name\":\"host.syscheck.mode.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.mode\"}}},{\"name\":\"host.syscheck.mtime_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.mtime_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.mtime_after\"}}},{\"name\":\"host.syscheck.mtime_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.mtime_after\"}}},{\"name\":\"host.syscheck.mtime_before\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.mtime_before.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.mtime_before\"}}},{\"name\":\"host.syscheck.mtime_before.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.mtime_before\"}}},{\"name\":\"host.syscheck.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.path\"}}},{\"name\":\"host.syscheck.path.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.path\"}}},{\"name\":\"host.syscheck.perm_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.perm_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.perm_after\"}}},{\"name\":\"host.syscheck.perm_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.perm_after\"}}},{\"name\":\"host.syscheck.sha1_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.sha1_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha1_after\"}}},{\"name\":\"host.syscheck.sha1_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha1_after\"}}},{\"name\":\"host.syscheck.sha1_before\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.sha1_before.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha1_before\"}}},{\"name\":\"host.syscheck.sha1_before.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha1_before\"}}},{\"name\":\"host.syscheck.sha256_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.sha256_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha256_after\"}}},{\"name\":\"host.syscheck.sha256_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha256_after\"}}},{\"name\":\"host.syscheck.sha256_before\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.sha256_before.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha256_before\"}}},{\"name\":\"host.syscheck.sha256_before.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha256_before\"}}},{\"name\":\"host.syscheck.size_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.size_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.size_after\"}}},{\"name\":\"host.syscheck.size_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.size_after\"}}},{\"name\":\"host.syscheck.size_before\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.size_before.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.size_before\"}}},{\"name\":\"host.syscheck.size_before.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.size_before\"}}},{\"name\":\"host.syscheck.uid_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.uid_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.uid_after\"}}},{\"name\":\"host.syscheck.uid_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.uid_after\"}}},{\"name\":\"host.syscheck.uname_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.uname_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.uname_after\"}}},{\"name\":\"host.syscheck.uname_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.uname_after\"}}},{\"name\":\"http.info_code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.info_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.info_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.info_message\"}}},{\"name\":\"http.info_message.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"http.info_message\"}}},{\"name\":\"http.method\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.method.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.method\"}}},{\"name\":\"http.method.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"http.method\"}}},{\"name\":\"http.proxied\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.proxied.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.proxied\"}}},{\"name\":\"http.proxied.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"http.proxied\"}}},{\"name\":\"http.referrer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.referrer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.referrer\"}}},{\"name\":\"http.referrer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"http.referrer\"}}},{\"name\":\"http.request.body.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.body.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.status_code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.status_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.status_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.status_message\"}}},{\"name\":\"http.status_message.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"http.status_message\"}}},{\"name\":\"http.trans_depth\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.uri\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.uri.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.uri\"}}},{\"name\":\"http.uri.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"http.uri\"}}},{\"name\":\"http.useragent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.useragent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.useragent\"}}},{\"name\":\"http.useragent.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"http.useragent\"}}},{\"name\":\"http.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.version\"}}},{\"name\":\"http.version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"http.version\"}}},{\"name\":\"http.virtual_host\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.virtual_host.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.virtual_host\"}}},{\"name\":\"http.virtual_host.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"http.virtual_host\"}}},{\"name\":\"ingest.timestamp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ingest.timestamp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ingest.timestamp\"}}},{\"name\":\"ingest.timestamp.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ingest.timestamp\"}}},{\"name\":\"intel.indicator\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"intel.indicator.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"intel.indicator\"}}},{\"name\":\"intel.indicator_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"intel.indicator_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"intel.indicator_type\"}}},{\"name\":\"intel.indicator_type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"intel.indicator_type\"}}},{\"name\":\"intel.matched\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"intel.matched.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"intel.matched\"}}},{\"name\":\"intel.matched.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"intel.matched\"}}},{\"name\":\"intel.seen_node\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"intel.seen_node.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"intel.seen_node\"}}},{\"name\":\"intel.seen_node.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"intel.seen_node\"}}},{\"name\":\"intel.seen_where\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"intel.seen_where.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"intel.seen_where\"}}},{\"name\":\"intel.seen_where.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"intel.seen_where\"}}},{\"name\":\"intel.sources\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"intel.sources.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"intel.sources\"}}},{\"name\":\"intel.sources.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"intel.sources\"}}},{\"name\":\"irc.command.info\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc.command.info.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"irc.command.info\"}}},{\"name\":\"irc.command.info.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"irc.command.info\"}}},{\"name\":\"irc.command.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc.command.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"irc.command.type\"}}},{\"name\":\"irc.command.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"irc.command.type\"}}},{\"name\":\"irc.command.value\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc.command.value.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"irc.command.value\"}}},{\"name\":\"irc.command.value.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"irc.command.value\"}}},{\"name\":\"irc.nickname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc.nickname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"irc.nickname\"}}},{\"name\":\"irc.nickname.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"irc.nickname\"}}},{\"name\":\"irc.username\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc.username.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"irc.username\"}}},{\"name\":\"irc.username.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"irc.username\"}}},{\"name\":\"kerberos.client\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.client.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.client\"}}},{\"name\":\"kerberos.client.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"kerberos.client\"}}},{\"name\":\"kerberos.client_certificate_subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.client_certificate_subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.client_certificate_subject\"}}},{\"name\":\"kerberos.client_certificate_subject.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"kerberos.client_certificate_subject\"}}},{\"name\":\"kerberos.error_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.error_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.error_message\"}}},{\"name\":\"kerberos.error_message.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"kerberos.error_message\"}}},{\"name\":\"kerberos.request_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.request_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.request_type\"}}},{\"name\":\"kerberos.request_type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"kerberos.request_type\"}}},{\"name\":\"kerberos.server_certificate_subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.server_certificate_subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.server_certificate_subject\"}}},{\"name\":\"kerberos.server_certificate_subject.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"kerberos.server_certificate_subject\"}}},{\"name\":\"kerberos.service\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.service.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.service\"}}},{\"name\":\"kerberos.service.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"kerberos.service\"}}},{\"name\":\"kerberos.success\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kerberos.ticket.cipher\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.ticket.cipher.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.ticket.cipher\"}}},{\"name\":\"kerberos.ticket.cipher.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"kerberos.ticket.cipher\"}}},{\"name\":\"kerberos.ticket.forwardable\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kerberos.ticket.renewable\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kerberos.ticket.valid.from\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.ticket.valid.from.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.ticket.valid.from\"}}},{\"name\":\"kerberos.ticket.valid.from.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"kerberos.ticket.valid.from\"}}},{\"name\":\"kerberos.ticket.valid.until\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.ticket.valid.until.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.ticket.valid.until\"}}},{\"name\":\"kerberos.ticket.valid.until.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"kerberos.ticket.valid.until\"}}},{\"name\":\"log.file.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.file.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.file.path\"}}},{\"name\":\"log.file.path.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.file.path\"}}},{\"name\":\"log.full\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.full.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.full\"}}},{\"name\":\"log.full.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.full\"}}},{\"name\":\"log.id.client_certificate_fuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.client_certificate_fuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.client_certificate_fuid\"}}},{\"name\":\"log.id.client_certificate_fuid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.id.client_certificate_fuid\"}}},{\"name\":\"log.id.fuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.fuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.fuid\"}}},{\"name\":\"log.id.fuid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.id.fuid\"}}},{\"name\":\"log.id.fuids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.fuids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.fuids\"}}},{\"name\":\"log.id.fuids.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.id.fuids\"}}},{\"name\":\"log.id.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.id\"}}},{\"name\":\"log.id.id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.id.id\"}}},{\"name\":\"log.id.orig_fuids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.orig_fuids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.orig_fuids\"}}},{\"name\":\"log.id.orig_fuids.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.id.orig_fuids\"}}},{\"name\":\"log.id.resp_fuids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.resp_fuids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.resp_fuids\"}}},{\"name\":\"log.id.resp_fuids.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.id.resp_fuids\"}}},{\"name\":\"log.id.server_certificate_fuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.server_certificate_fuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.server_certificate_fuid\"}}},{\"name\":\"log.id.server_certificate_fuid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.id.server_certificate_fuid\"}}},{\"name\":\"log.id.tunnel_parents\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.tunnel_parents.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.tunnel_parents\"}}},{\"name\":\"log.id.tunnel_parents.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.id.tunnel_parents\"}}},{\"name\":\"log.id.uid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.uid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.uid\"}}},{\"name\":\"log.id.uid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.id.uid\"}}},{\"name\":\"log.id.uids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.uids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.uids\"}}},{\"name\":\"log.id.uids.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.id.uids\"}}},{\"name\":\"log.level\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.level.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.level\"}}},{\"name\":\"log.level.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.level\"}}},{\"name\":\"log.location\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.location.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.location\"}}},{\"name\":\"log.location.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.location\"}}},{\"name\":\"log.offset\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log.previous_log\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.previous_log.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.previous_log\"}}},{\"name\":\"log.previous_log.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.previous_log\"}}},{\"name\":\"log.previous_output\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.previous_output.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.previous_output\"}}},{\"name\":\"log.previous_output.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.previous_output\"}}},{\"name\":\"manager.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"manager.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"manager.name\"}}},{\"name\":\"manager.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"manager.name\"}}},{\"name\":\"message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"message\"}}},{\"name\":\"modbus.function\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"modbus.function.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"modbus.function\"}}},{\"name\":\"modbus.function.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"modbus.function\"}}},{\"name\":\"mysql.argument\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql.argument.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"mysql.argument\"}}},{\"name\":\"mysql.argument.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"mysql.argument\"}}},{\"name\":\"mysql.command\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql.command.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"mysql.command\"}}},{\"name\":\"mysql.command.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"mysql.command\"}}},{\"name\":\"mysql.response\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql.response.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"mysql.response\"}}},{\"name\":\"mysql.response.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"mysql.response\"}}},{\"name\":\"mysql.rows\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.success\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.community_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"network.community_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"network.community_id\"}}},{\"name\":\"network.community_id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"network.community_id\"}}},{\"name\":\"network.data.decoded\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"network.data.decoded.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"network.data.decoded\"}}},{\"name\":\"network.data.decoded.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"network.data.decoded\"}}},{\"name\":\"network.protocol\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"network.protocol.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"network.protocol\"}}},{\"name\":\"network.protocol.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"network.protocol\"}}},{\"name\":\"network.transport\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"network.transport.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"network.transport\"}}},{\"name\":\"network.transport.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"network.transport\"}}},{\"name\":\"notice.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"notice.action\"}}},{\"name\":\"notice.action.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"notice.action\"}}},{\"name\":\"notice.message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"notice.message\"}}},{\"name\":\"notice.message.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"notice.message\"}}},{\"name\":\"notice.note\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.note.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"notice.note\"}}},{\"name\":\"notice.note.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"notice.note\"}}},{\"name\":\"notice.p\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"notice.peer_description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.peer_description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"notice.peer_description\"}}},{\"name\":\"notice.peer_description.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"notice.peer_description\"}}},{\"name\":\"notice.sub_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.sub_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"notice.sub_message\"}}},{\"name\":\"notice.sub_message.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"notice.sub_message\"}}},{\"name\":\"notice.suppress_for\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ntlm.server.dns.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ntlm.server.dns.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ntlm.server.dns.name\"}}},{\"name\":\"ntlm.server.dns.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ntlm.server.dns.name\"}}},{\"name\":\"ntlm.server.nb.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ntlm.server.nb.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ntlm.server.nb.name\"}}},{\"name\":\"ntlm.server.nb.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ntlm.server.nb.name\"}}},{\"name\":\"ntlm.server.tree.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ntlm.server.tree.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ntlm.server.tree.name\"}}},{\"name\":\"ntlm.server.tree.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ntlm.server.tree.name\"}}},{\"name\":\"ntlm.success\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"observer.analyzer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"observer.analyzer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"observer.analyzer\"}}},{\"name\":\"observer.analyzer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"observer.analyzer\"}}},{\"name\":\"observer.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"observer.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"observer.name\"}}},{\"name\":\"observer.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"observer.name\"}}},{\"name\":\"osquery.result.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.action\"}}},{\"name\":\"osquery.result.action.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.action\"}}},{\"name\":\"osquery.result.calendarTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.calendarTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.calendarTime\"}}},{\"name\":\"osquery.result.calendarTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.calendarTime\"}}},{\"name\":\"osquery.result.codename\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.codename.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.codename\"}}},{\"name\":\"osquery.result.codename.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.codename\"}}},{\"name\":\"osquery.result.columns.command\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.command.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.command\"}}},{\"name\":\"osquery.result.columns.command.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.command\"}}},{\"name\":\"osquery.result.columns.day_of_month\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.day_of_month.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.day_of_month\"}}},{\"name\":\"osquery.result.columns.day_of_month.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.day_of_month\"}}},{\"name\":\"osquery.result.columns.day_of_week\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.day_of_week.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.day_of_week\"}}},{\"name\":\"osquery.result.columns.day_of_week.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.day_of_week\"}}},{\"name\":\"osquery.result.columns.days\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.days.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.days\"}}},{\"name\":\"osquery.result.columns.days.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.days\"}}},{\"name\":\"osquery.result.columns.event\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.event.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.event\"}}},{\"name\":\"osquery.result.columns.event.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.event\"}}},{\"name\":\"osquery.result.columns.hour\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.hour.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.hour\"}}},{\"name\":\"osquery.result.columns.hour.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.hour\"}}},{\"name\":\"osquery.result.columns.hours\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.hours.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.hours\"}}},{\"name\":\"osquery.result.columns.hours.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.hours\"}}},{\"name\":\"osquery.result.columns.minute\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.minute.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.minute\"}}},{\"name\":\"osquery.result.columns.minute.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.minute\"}}},{\"name\":\"osquery.result.columns.minutes\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.minutes.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.minutes\"}}},{\"name\":\"osquery.result.columns.minutes.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.minutes\"}}},{\"name\":\"osquery.result.columns.month\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.month.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.month\"}}},{\"name\":\"osquery.result.columns.month.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.month\"}}},{\"name\":\"osquery.result.columns.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.path\"}}},{\"name\":\"osquery.result.columns.path.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.path\"}}},{\"name\":\"osquery.result.columns.seconds\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.seconds.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.seconds\"}}},{\"name\":\"osquery.result.columns.seconds.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.seconds\"}}},{\"name\":\"osquery.result.columns.total_seconds\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.total_seconds.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.total_seconds\"}}},{\"name\":\"osquery.result.columns.total_seconds.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.total_seconds\"}}},{\"name\":\"osquery.result.counter\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.result.endpoint_ip1\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.endpoint_ip1.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.endpoint_ip1\"}}},{\"name\":\"osquery.result.endpoint_ip1.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.endpoint_ip1\"}}},{\"name\":\"osquery.result.endpoint_ip2\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.endpoint_ip2.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.endpoint_ip2\"}}},{\"name\":\"osquery.result.endpoint_ip2.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.endpoint_ip2\"}}},{\"name\":\"osquery.result.epoch\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.result.hardware_serial\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.hardware_serial.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.hardware_serial\"}}},{\"name\":\"osquery.result.hardware_serial.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.hardware_serial\"}}},{\"name\":\"osquery.result.hostIdentifier\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.hostIdentifier.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.hostIdentifier\"}}},{\"name\":\"osquery.result.hostIdentifier.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.hostIdentifier\"}}},{\"name\":\"osquery.result.hostname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.hostname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.hostname\"}}},{\"name\":\"osquery.result.hostname.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.hostname\"}}},{\"name\":\"osquery.result.live_query\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.live_query.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.live_query\"}}},{\"name\":\"osquery.result.live_query.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.live_query\"}}},{\"name\":\"osquery.result.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.name\"}}},{\"name\":\"osquery.result.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.name\"}}},{\"name\":\"osquery.result.numerics\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.result.unixTime\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.args\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.args.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.args\"}}},{\"name\":\"process.args.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.args\"}}},{\"name\":\"process.cmd\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.cmd.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.cmd\"}}},{\"name\":\"process.cmd.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.cmd\"}}},{\"name\":\"process.command_line\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.command_line.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.command_line\"}}},{\"name\":\"process.command_line.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.command_line\"}}},{\"name\":\"process.egroup\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.egroup.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.egroup\"}}},{\"name\":\"process.egroup.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.egroup\"}}},{\"name\":\"process.entity_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.entity_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.entity_id\"}}},{\"name\":\"process.entity_id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.entity_id\"}}},{\"name\":\"process.euser\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.euser.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.euser\"}}},{\"name\":\"process.euser.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.euser\"}}},{\"name\":\"process.executable\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.executable.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.executable\"}}},{\"name\":\"process.executable.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.executable\"}}},{\"name\":\"process.fgroup\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.fgroup.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.fgroup\"}}},{\"name\":\"process.fgroup.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.fgroup\"}}},{\"name\":\"process.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.name\"}}},{\"name\":\"process.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.name\"}}},{\"name\":\"process.nice\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.nice.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.nice\"}}},{\"name\":\"process.nice.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.nice\"}}},{\"name\":\"process.nlwp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.nlwp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.nlwp\"}}},{\"name\":\"process.nlwp.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.nlwp\"}}},{\"name\":\"process.parent.command_line\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.parent.command_line.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.parent.command_line\"}}},{\"name\":\"process.parent.command_line.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.parent.command_line\"}}},{\"name\":\"process.parent.entity_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.parent.entity_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.parent.entity_id\"}}},{\"name\":\"process.parent.entity_id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.parent.entity_id\"}}},{\"name\":\"process.parent.executable\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.parent.executable.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.parent.executable\"}}},{\"name\":\"process.parent.executable.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.parent.executable\"}}},{\"name\":\"process.pe.company\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pe.company.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pe.company\"}}},{\"name\":\"process.pe.company.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.pe.company\"}}},{\"name\":\"process.pe.description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pe.description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pe.description\"}}},{\"name\":\"process.pe.description.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.pe.description\"}}},{\"name\":\"process.pe.file_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pe.file_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pe.file_version\"}}},{\"name\":\"process.pe.file_version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.pe.file_version\"}}},{\"name\":\"process.pe.original_file_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pe.original_file_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pe.original_file_name\"}}},{\"name\":\"process.pe.original_file_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.pe.original_file_name\"}}},{\"name\":\"process.pe.product\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pe.product.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pe.product\"}}},{\"name\":\"process.pe.product.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.pe.product\"}}},{\"name\":\"process.pgrp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pgrp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pgrp\"}}},{\"name\":\"process.pgrp.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.pgrp\"}}},{\"name\":\"process.pid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pid\"}}},{\"name\":\"process.pid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.pid\"}}},{\"name\":\"process.ppid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.ppid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.ppid\"}}},{\"name\":\"process.ppid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.ppid\"}}},{\"name\":\"process.priority\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.priority.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.priority\"}}},{\"name\":\"process.priority.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.priority\"}}},{\"name\":\"process.processor\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.processor.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.processor\"}}},{\"name\":\"process.processor.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.processor\"}}},{\"name\":\"process.resident\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.resident.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.resident\"}}},{\"name\":\"process.resident.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.resident\"}}},{\"name\":\"process.rgroup\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.rgroup.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.rgroup\"}}},{\"name\":\"process.rgroup.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.rgroup\"}}},{\"name\":\"process.ruser\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.ruser.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.ruser\"}}},{\"name\":\"process.ruser.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.ruser\"}}},{\"name\":\"process.session\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.session.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.session\"}}},{\"name\":\"process.session.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.session\"}}},{\"name\":\"process.sgroup\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.sgroup.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.sgroup\"}}},{\"name\":\"process.sgroup.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.sgroup\"}}},{\"name\":\"process.share\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.share.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.share\"}}},{\"name\":\"process.share.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.share\"}}},{\"name\":\"process.size\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.size.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.size\"}}},{\"name\":\"process.size.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.size\"}}},{\"name\":\"process.start_time\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.start_time.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.start_time\"}}},{\"name\":\"process.start_time.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.start_time\"}}},{\"name\":\"process.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.state\"}}},{\"name\":\"process.state.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.state\"}}},{\"name\":\"process.stime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.stime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.stime\"}}},{\"name\":\"process.stime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.stime\"}}},{\"name\":\"process.suser\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.suser.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.suser\"}}},{\"name\":\"process.suser.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.suser\"}}},{\"name\":\"process.tgid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.tgid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.tgid\"}}},{\"name\":\"process.tgid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.tgid\"}}},{\"name\":\"process.tty\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.tty.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.tty\"}}},{\"name\":\"process.tty.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.tty\"}}},{\"name\":\"process.utime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.utime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.utime\"}}},{\"name\":\"process.utime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.utime\"}}},{\"name\":\"process.vm_size\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.vm_size.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.vm_size\"}}},{\"name\":\"process.vm_size.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.vm_size\"}}},{\"name\":\"process.working_directory\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.working_directory.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.working_directory\"}}},{\"name\":\"process.working_directory.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.working_directory\"}}},{\"name\":\"radius.framed_address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"radius.framed_address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"radius.framed_address\"}}},{\"name\":\"radius.framed_address.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"radius.framed_address\"}}},{\"name\":\"radius.reply_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"radius.reply_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"radius.reply_message\"}}},{\"name\":\"radius.reply_message.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"radius.reply_message\"}}},{\"name\":\"radius.result\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"radius.result.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"radius.result\"}}},{\"name\":\"radius.result.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"radius.result\"}}},{\"name\":\"rdp.certificate_count\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rdp.certificate_permanent\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rdp.certificate_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.certificate_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.certificate_type\"}}},{\"name\":\"rdp.certificate_type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rdp.certificate_type\"}}},{\"name\":\"rdp.client_build\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.client_build.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.client_build\"}}},{\"name\":\"rdp.client_build.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rdp.client_build\"}}},{\"name\":\"rdp.cookie\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.cookie.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.cookie\"}}},{\"name\":\"rdp.cookie.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rdp.cookie\"}}},{\"name\":\"rdp.desktop.height\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rdp.desktop.width\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rdp.encryption_level\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.encryption_level.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.encryption_level\"}}},{\"name\":\"rdp.encryption_level.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rdp.encryption_level\"}}},{\"name\":\"rdp.encryption_method\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.encryption_method.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.encryption_method\"}}},{\"name\":\"rdp.encryption_method.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rdp.encryption_method\"}}},{\"name\":\"rdp.keyboard_layout\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.keyboard_layout.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.keyboard_layout\"}}},{\"name\":\"rdp.keyboard_layout.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rdp.keyboard_layout\"}}},{\"name\":\"rdp.requested_color_depth\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.requested_color_depth.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.requested_color_depth\"}}},{\"name\":\"rdp.requested_color_depth.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rdp.requested_color_depth\"}}},{\"name\":\"rdp.result\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.result.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.result\"}}},{\"name\":\"rdp.result.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rdp.result\"}}},{\"name\":\"rdp.security_protocol\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.security_protocol.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.security_protocol\"}}},{\"name\":\"rdp.security_protocol.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rdp.security_protocol\"}}},{\"name\":\"request.attributes.filename\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request.attributes.filename.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request.attributes.filename\"}}},{\"name\":\"request.attributes.filename.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"request.attributes.filename\"}}},{\"name\":\"request.client\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request.client.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request.client\"}}},{\"name\":\"request.client.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"request.client\"}}},{\"name\":\"request.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request.id\"}}},{\"name\":\"request.id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"request.id\"}}},{\"name\":\"request.source\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request.source.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request.source\"}}},{\"name\":\"request.source.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"request.source\"}}},{\"name\":\"request.time\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.action\"}}},{\"name\":\"rule.action.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.action\"}}},{\"name\":\"rule.author\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.author.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.author\"}}},{\"name\":\"rule.author.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.author\"}}},{\"name\":\"rule.category\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.category.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.category\"}}},{\"name\":\"rule.category.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.category\"}}},{\"name\":\"rule.date\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.date.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.date\"}}},{\"name\":\"rule.date.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.date\"}}},{\"name\":\"rule.description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.description\"}}},{\"name\":\"rule.description.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.description\"}}},{\"name\":\"rule.filetype\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.filetype.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.filetype\"}}},{\"name\":\"rule.filetype.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.filetype\"}}},{\"name\":\"rule.firedtimes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.gdpr\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.gdpr.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.gdpr\"}}},{\"name\":\"rule.gdpr.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.gdpr\"}}},{\"name\":\"rule.gid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.gpg13\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.gpg13.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.gpg13\"}}},{\"name\":\"rule.gpg13.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.gpg13\"}}},{\"name\":\"rule.groups\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.groups.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.groups\"}}},{\"name\":\"rule.groups.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.groups\"}}},{\"name\":\"rule.hash1\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.hash1.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.hash1\"}}},{\"name\":\"rule.hash1.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.hash1\"}}},{\"name\":\"rule.hipaa\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.hipaa.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.hipaa\"}}},{\"name\":\"rule.hipaa.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.hipaa\"}}},{\"name\":\"rule.info\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.info.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.info\"}}},{\"name\":\"rule.info.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.info\"}}},{\"name\":\"rule.level\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.mail\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.maltype\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.maltype.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.maltype\"}}},{\"name\":\"rule.maltype.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.maltype\"}}},{\"name\":\"rule.metadata.affected_product\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.affected_product.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.affected_product\"}}},{\"name\":\"rule.metadata.affected_product.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.affected_product\"}}},{\"name\":\"rule.metadata.attack_target\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.attack_target.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.attack_target\"}}},{\"name\":\"rule.metadata.attack_target.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.attack_target\"}}},{\"name\":\"rule.metadata.created_at\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.created_at.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.created_at\"}}},{\"name\":\"rule.metadata.created_at.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.created_at\"}}},{\"name\":\"rule.metadata.deployment\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.deployment.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.deployment\"}}},{\"name\":\"rule.metadata.deployment.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.deployment\"}}},{\"name\":\"rule.metadata.former_category\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.former_category.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.former_category\"}}},{\"name\":\"rule.metadata.former_category.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.former_category\"}}},{\"name\":\"rule.metadata.malware_family\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.malware_family.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.malware_family\"}}},{\"name\":\"rule.metadata.malware_family.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.malware_family\"}}},{\"name\":\"rule.metadata.performance_impact\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.performance_impact.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.performance_impact\"}}},{\"name\":\"rule.metadata.performance_impact.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.performance_impact\"}}},{\"name\":\"rule.metadata.signature_severity\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.signature_severity.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.signature_severity\"}}},{\"name\":\"rule.metadata.signature_severity.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.signature_severity\"}}},{\"name\":\"rule.metadata.tag\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.tag.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.tag\"}}},{\"name\":\"rule.metadata.tag.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.tag\"}}},{\"name\":\"rule.metadata.updated_at\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.updated_at.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.updated_at\"}}},{\"name\":\"rule.metadata.updated_at.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.updated_at\"}}},{\"name\":\"rule.mitre.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.mitre.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.mitre.id\"}}},{\"name\":\"rule.mitre.id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.mitre.id\"}}},{\"name\":\"rule.mitre.tactic\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.mitre.tactic.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.mitre.tactic\"}}},{\"name\":\"rule.mitre.tactic.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.mitre.tactic\"}}},{\"name\":\"rule.mitre.technique\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.mitre.technique.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.mitre.technique\"}}},{\"name\":\"rule.mitre.technique.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.mitre.technique\"}}},{\"name\":\"rule.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.name\"}}},{\"name\":\"rule.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.name\"}}},{\"name\":\"rule.nist_800_53\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.nist_800_53.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.nist_800_53\"}}},{\"name\":\"rule.nist_800_53.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.nist_800_53\"}}},{\"name\":\"rule.pci_dss\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.pci_dss.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.pci_dss\"}}},{\"name\":\"rule.pci_dss.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.pci_dss\"}}},{\"name\":\"rule.reference\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.reference.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.reference\"}}},{\"name\":\"rule.reference.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.reference\"}}},{\"name\":\"rule.rev\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.rule\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.rule.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.rule\"}}},{\"name\":\"rule.rule.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.rule\"}}},{\"name\":\"rule.ruleset\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.ruleset.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.ruleset\"}}},{\"name\":\"rule.ruleset.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.ruleset\"}}},{\"name\":\"rule.score\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.severity\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.tsc\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.tsc.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.tsc\"}}},{\"name\":\"rule.tsc.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.tsc\"}}},{\"name\":\"rule.uuid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.entropy.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.entropy.entropy\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.exiftool.About\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.About.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.About\"}}},{\"name\":\"scan.exiftool.About.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.About\"}}},{\"name\":\"scan.exiftool.AppVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.AppVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.AppVersion\"}}},{\"name\":\"scan.exiftool.AppVersion.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.AppVersion\"}}},{\"name\":\"scan.exiftool.Author\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Author.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Author\"}}},{\"name\":\"scan.exiftool.Author.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Author\"}}},{\"name\":\"scan.exiftool.BitDepth\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.BitDepth.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.BitDepth\"}}},{\"name\":\"scan.exiftool.BitDepth.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.BitDepth\"}}},{\"name\":\"scan.exiftool.BuildID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.BuildID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.BuildID\"}}},{\"name\":\"scan.exiftool.BuildID.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.BuildID\"}}},{\"name\":\"scan.exiftool.CharCountWithSpaces\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CharCountWithSpaces.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CharCountWithSpaces\"}}},{\"name\":\"scan.exiftool.CharCountWithSpaces.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CharCountWithSpaces\"}}},{\"name\":\"scan.exiftool.CharacterSet\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CharacterSet.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CharacterSet\"}}},{\"name\":\"scan.exiftool.CharacterSet.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CharacterSet\"}}},{\"name\":\"scan.exiftool.Characters\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Characters.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Characters\"}}},{\"name\":\"scan.exiftool.Characters.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Characters\"}}},{\"name\":\"scan.exiftool.CodePage\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CodePage.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CodePage\"}}},{\"name\":\"scan.exiftool.CodePage.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CodePage\"}}},{\"name\":\"scan.exiftool.CodeSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CodeSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CodeSize\"}}},{\"name\":\"scan.exiftool.CodeSize.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CodeSize\"}}},{\"name\":\"scan.exiftool.ColorType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ColorType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ColorType\"}}},{\"name\":\"scan.exiftool.ColorType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ColorType\"}}},{\"name\":\"scan.exiftool.Comments\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Comments.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Comments\"}}},{\"name\":\"scan.exiftool.Comments.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Comments\"}}},{\"name\":\"scan.exiftool.CompObjUserType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CompObjUserType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CompObjUserType\"}}},{\"name\":\"scan.exiftool.CompObjUserType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CompObjUserType\"}}},{\"name\":\"scan.exiftool.CompObjUserTypeLen\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CompObjUserTypeLen.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CompObjUserTypeLen\"}}},{\"name\":\"scan.exiftool.CompObjUserTypeLen.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CompObjUserTypeLen\"}}},{\"name\":\"scan.exiftool.Company\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Company.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Company\"}}},{\"name\":\"scan.exiftool.Company.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Company\"}}},{\"name\":\"scan.exiftool.CompanyName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CompanyName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CompanyName\"}}},{\"name\":\"scan.exiftool.CompanyName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CompanyName\"}}},{\"name\":\"scan.exiftool.Compression\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Compression.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Compression\"}}},{\"name\":\"scan.exiftool.Compression.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Compression\"}}},{\"name\":\"scan.exiftool.CreateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CreateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CreateDate\"}}},{\"name\":\"scan.exiftool.CreateDate.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CreateDate\"}}},{\"name\":\"scan.exiftool.Creator\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Creator.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Creator\"}}},{\"name\":\"scan.exiftool.Creator.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Creator\"}}},{\"name\":\"scan.exiftool.CreatorTool\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CreatorTool.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CreatorTool\"}}},{\"name\":\"scan.exiftool.CreatorTool.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CreatorTool\"}}},{\"name\":\"scan.exiftool.DerivedFromDocumentID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.DerivedFromDocumentID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.DerivedFromDocumentID\"}}},{\"name\":\"scan.exiftool.DerivedFromDocumentID.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.DerivedFromDocumentID\"}}},{\"name\":\"scan.exiftool.DerivedFromInstanceID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.DerivedFromInstanceID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.DerivedFromInstanceID\"}}},{\"name\":\"scan.exiftool.DerivedFromInstanceID.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.DerivedFromInstanceID\"}}},{\"name\":\"scan.exiftool.Directory\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Directory.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Directory\"}}},{\"name\":\"scan.exiftool.Directory.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Directory\"}}},{\"name\":\"scan.exiftool.DocumentID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.DocumentID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.DocumentID\"}}},{\"name\":\"scan.exiftool.DocumentID.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.DocumentID\"}}},{\"name\":\"scan.exiftool.EntryPoint\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.EntryPoint.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.EntryPoint\"}}},{\"name\":\"scan.exiftool.EntryPoint.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.EntryPoint\"}}},{\"name\":\"scan.exiftool.Error\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Error.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Error\"}}},{\"name\":\"scan.exiftool.Error.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Error\"}}},{\"name\":\"scan.exiftool.ExifToolVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ExifToolVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ExifToolVersion\"}}},{\"name\":\"scan.exiftool.ExifToolVersion.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ExifToolVersion\"}}},{\"name\":\"scan.exiftool.FileAccessDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileAccessDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileAccessDate\"}}},{\"name\":\"scan.exiftool.FileAccessDate.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileAccessDate\"}}},{\"name\":\"scan.exiftool.FileDescription\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileDescription.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileDescription\"}}},{\"name\":\"scan.exiftool.FileDescription.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileDescription\"}}},{\"name\":\"scan.exiftool.FileFlags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileFlags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileFlags\"}}},{\"name\":\"scan.exiftool.FileFlags.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileFlags\"}}},{\"name\":\"scan.exiftool.FileFlagsMask\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileFlagsMask.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileFlagsMask\"}}},{\"name\":\"scan.exiftool.FileFlagsMask.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileFlagsMask\"}}},{\"name\":\"scan.exiftool.FileInodeChangeDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileInodeChangeDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileInodeChangeDate\"}}},{\"name\":\"scan.exiftool.FileInodeChangeDate.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileInodeChangeDate\"}}},{\"name\":\"scan.exiftool.FileModifyDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileModifyDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileModifyDate\"}}},{\"name\":\"scan.exiftool.FileModifyDate.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileModifyDate\"}}},{\"name\":\"scan.exiftool.FileName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileName\"}}},{\"name\":\"scan.exiftool.FileName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileName\"}}},{\"name\":\"scan.exiftool.FileOS\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileOS.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileOS\"}}},{\"name\":\"scan.exiftool.FileOS.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileOS\"}}},{\"name\":\"scan.exiftool.FilePermissions\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FilePermissions.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FilePermissions\"}}},{\"name\":\"scan.exiftool.FilePermissions.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FilePermissions\"}}},{\"name\":\"scan.exiftool.FileSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileSize\"}}},{\"name\":\"scan.exiftool.FileSize.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileSize\"}}},{\"name\":\"scan.exiftool.FileSubtype\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileSubtype.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileSubtype\"}}},{\"name\":\"scan.exiftool.FileSubtype.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileSubtype\"}}},{\"name\":\"scan.exiftool.FileType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileType\"}}},{\"name\":\"scan.exiftool.FileType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileType\"}}},{\"name\":\"scan.exiftool.FileTypeExtension\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileTypeExtension.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileTypeExtension\"}}},{\"name\":\"scan.exiftool.FileTypeExtension.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileTypeExtension\"}}},{\"name\":\"scan.exiftool.FileVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileVersion\"}}},{\"name\":\"scan.exiftool.FileVersion.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileVersion\"}}},{\"name\":\"scan.exiftool.FileVersionNumber\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileVersionNumber.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileVersionNumber\"}}},{\"name\":\"scan.exiftool.FileVersionNumber.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileVersionNumber\"}}},{\"name\":\"scan.exiftool.Filter\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Filter.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Filter\"}}},{\"name\":\"scan.exiftool.Filter.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Filter\"}}},{\"name\":\"scan.exiftool.Format\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Format.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Format\"}}},{\"name\":\"scan.exiftool.Format.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Format\"}}},{\"name\":\"scan.exiftool.HasXFA\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.HasXFA.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.HasXFA\"}}},{\"name\":\"scan.exiftool.HasXFA.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.HasXFA\"}}},{\"name\":\"scan.exiftool.HeadingPairs\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.HeadingPairs.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.HeadingPairs\"}}},{\"name\":\"scan.exiftool.HeadingPairs.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.HeadingPairs\"}}},{\"name\":\"scan.exiftool.HyperlinksChanged\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.HyperlinksChanged.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.HyperlinksChanged\"}}},{\"name\":\"scan.exiftool.HyperlinksChanged.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.HyperlinksChanged\"}}},{\"name\":\"scan.exiftool.ImageHeight\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ImageHeight.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ImageHeight\"}}},{\"name\":\"scan.exiftool.ImageHeight.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ImageHeight\"}}},{\"name\":\"scan.exiftool.ImageSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ImageSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ImageSize\"}}},{\"name\":\"scan.exiftool.ImageSize.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ImageSize\"}}},{\"name\":\"scan.exiftool.ImageVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ImageVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ImageVersion\"}}},{\"name\":\"scan.exiftool.ImageVersion.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ImageVersion\"}}},{\"name\":\"scan.exiftool.ImageWidth\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ImageWidth.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ImageWidth\"}}},{\"name\":\"scan.exiftool.ImageWidth.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ImageWidth\"}}},{\"name\":\"scan.exiftool.InitializedDataSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.InitializedDataSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.InitializedDataSize\"}}},{\"name\":\"scan.exiftool.InitializedDataSize.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.InitializedDataSize\"}}},{\"name\":\"scan.exiftool.InstanceID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.InstanceID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.InstanceID\"}}},{\"name\":\"scan.exiftool.InstanceID.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.InstanceID\"}}},{\"name\":\"scan.exiftool.Interlace\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Interlace.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Interlace\"}}},{\"name\":\"scan.exiftool.Interlace.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Interlace\"}}},{\"name\":\"scan.exiftool.InternalName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.InternalName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.InternalName\"}}},{\"name\":\"scan.exiftool.InternalName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.InternalName\"}}},{\"name\":\"scan.exiftool.Keywords\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Keywords.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Keywords\"}}},{\"name\":\"scan.exiftool.Keywords.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Keywords\"}}},{\"name\":\"scan.exiftool.Language\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Language.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Language\"}}},{\"name\":\"scan.exiftool.Language.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Language\"}}},{\"name\":\"scan.exiftool.LanguageCode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.LanguageCode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LanguageCode\"}}},{\"name\":\"scan.exiftool.LanguageCode.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LanguageCode\"}}},{\"name\":\"scan.exiftool.LastModifiedBy\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.LastModifiedBy.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LastModifiedBy\"}}},{\"name\":\"scan.exiftool.LastModifiedBy.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LastModifiedBy\"}}},{\"name\":\"scan.exiftool.LegalCopyright\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.LegalCopyright.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LegalCopyright\"}}},{\"name\":\"scan.exiftool.LegalCopyright.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LegalCopyright\"}}},{\"name\":\"scan.exiftool.LegalTrademarks\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.LegalTrademarks.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LegalTrademarks\"}}},{\"name\":\"scan.exiftool.LegalTrademarks.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LegalTrademarks\"}}},{\"name\":\"scan.exiftool.Linearized\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Linearized.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Linearized\"}}},{\"name\":\"scan.exiftool.Linearized.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Linearized\"}}},{\"name\":\"scan.exiftool.Lines\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Lines.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Lines\"}}},{\"name\":\"scan.exiftool.Lines.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Lines\"}}},{\"name\":\"scan.exiftool.LinkerVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.LinkerVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LinkerVersion\"}}},{\"name\":\"scan.exiftool.LinkerVersion.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LinkerVersion\"}}},{\"name\":\"scan.exiftool.LinksUpToDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.LinksUpToDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LinksUpToDate\"}}},{\"name\":\"scan.exiftool.LinksUpToDate.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LinksUpToDate\"}}},{\"name\":\"scan.exiftool.MIMEType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.MIMEType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.MIMEType\"}}},{\"name\":\"scan.exiftool.MIMEType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.MIMEType\"}}},{\"name\":\"scan.exiftool.MachineType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.MachineType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.MachineType\"}}},{\"name\":\"scan.exiftool.MachineType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.MachineType\"}}},{\"name\":\"scan.exiftool.Megapixels\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Megapixels.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Megapixels\"}}},{\"name\":\"scan.exiftool.Megapixels.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Megapixels\"}}},{\"name\":\"scan.exiftool.ModifyDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ModifyDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ModifyDate\"}}},{\"name\":\"scan.exiftool.ModifyDate.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ModifyDate\"}}},{\"name\":\"scan.exiftool.OSVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.OSVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.OSVersion\"}}},{\"name\":\"scan.exiftool.OSVersion.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.OSVersion\"}}},{\"name\":\"scan.exiftool.ObjectFileType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ObjectFileType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ObjectFileType\"}}},{\"name\":\"scan.exiftool.ObjectFileType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ObjectFileType\"}}},{\"name\":\"scan.exiftool.OriginalFileName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.OriginalFileName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.OriginalFileName\"}}},{\"name\":\"scan.exiftool.OriginalFileName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.OriginalFileName\"}}},{\"name\":\"scan.exiftool.PDFVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.PDFVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PDFVersion\"}}},{\"name\":\"scan.exiftool.PDFVersion.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PDFVersion\"}}},{\"name\":\"scan.exiftool.PEType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.PEType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PEType\"}}},{\"name\":\"scan.exiftool.PEType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PEType\"}}},{\"name\":\"scan.exiftool.PTEX_Fullbanner\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.PTEX_Fullbanner.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PTEX_Fullbanner\"}}},{\"name\":\"scan.exiftool.PTEX_Fullbanner.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PTEX_Fullbanner\"}}},{\"name\":\"scan.exiftool.PageCount\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.PageCount.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PageCount\"}}},{\"name\":\"scan.exiftool.PageCount.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PageCount\"}}},{\"name\":\"scan.exiftool.Pages\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Pages.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Pages\"}}},{\"name\":\"scan.exiftool.Pages.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Pages\"}}},{\"name\":\"scan.exiftool.Paragraphs\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Paragraphs.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Paragraphs\"}}},{\"name\":\"scan.exiftool.Paragraphs.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Paragraphs\"}}},{\"name\":\"scan.exiftool.PrivateBuild\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.PrivateBuild.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PrivateBuild\"}}},{\"name\":\"scan.exiftool.PrivateBuild.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PrivateBuild\"}}},{\"name\":\"scan.exiftool.Producer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Producer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Producer\"}}},{\"name\":\"scan.exiftool.Producer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Producer\"}}},{\"name\":\"scan.exiftool.ProductName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ProductName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ProductName\"}}},{\"name\":\"scan.exiftool.ProductName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ProductName\"}}},{\"name\":\"scan.exiftool.ProductVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ProductVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ProductVersion\"}}},{\"name\":\"scan.exiftool.ProductVersion.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ProductVersion\"}}},{\"name\":\"scan.exiftool.ProductVersionNumber\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ProductVersionNumber.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ProductVersionNumber\"}}},{\"name\":\"scan.exiftool.ProductVersionNumber.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ProductVersionNumber\"}}},{\"name\":\"scan.exiftool.RevisionNumber\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.RevisionNumber.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.RevisionNumber\"}}},{\"name\":\"scan.exiftool.RevisionNumber.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.RevisionNumber\"}}},{\"name\":\"scan.exiftool.ScaleCrop\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ScaleCrop.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ScaleCrop\"}}},{\"name\":\"scan.exiftool.ScaleCrop.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ScaleCrop\"}}},{\"name\":\"scan.exiftool.Security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Security.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Security\"}}},{\"name\":\"scan.exiftool.Security.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Security\"}}},{\"name\":\"scan.exiftool.SharedDoc\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.SharedDoc.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SharedDoc\"}}},{\"name\":\"scan.exiftool.SharedDoc.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SharedDoc\"}}},{\"name\":\"scan.exiftool.Software\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Software.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Software\"}}},{\"name\":\"scan.exiftool.Software.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Software\"}}},{\"name\":\"scan.exiftool.SourceFile\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.SourceFile.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SourceFile\"}}},{\"name\":\"scan.exiftool.SourceFile.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SourceFile\"}}},{\"name\":\"scan.exiftool.SpecialBuild\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.SpecialBuild.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SpecialBuild\"}}},{\"name\":\"scan.exiftool.SpecialBuild.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SpecialBuild\"}}},{\"name\":\"scan.exiftool.Subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Subject\"}}},{\"name\":\"scan.exiftool.Subject.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Subject\"}}},{\"name\":\"scan.exiftool.Subsystem\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Subsystem.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Subsystem\"}}},{\"name\":\"scan.exiftool.Subsystem.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Subsystem\"}}},{\"name\":\"scan.exiftool.SubsystemVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.SubsystemVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SubsystemVersion\"}}},{\"name\":\"scan.exiftool.SubsystemVersion.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SubsystemVersion\"}}},{\"name\":\"scan.exiftool.SvnRevision\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.SvnRevision.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SvnRevision\"}}},{\"name\":\"scan.exiftool.SvnRevision.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SvnRevision\"}}},{\"name\":\"scan.exiftool.Template\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Template.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Template\"}}},{\"name\":\"scan.exiftool.Template.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Template\"}}},{\"name\":\"scan.exiftool.TimeStamp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.TimeStamp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.TimeStamp\"}}},{\"name\":\"scan.exiftool.TimeStamp.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.TimeStamp\"}}},{\"name\":\"scan.exiftool.Title\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Title.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Title\"}}},{\"name\":\"scan.exiftool.Title.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Title\"}}},{\"name\":\"scan.exiftool.TitleOfParts\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.TitleOfParts.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.TitleOfParts\"}}},{\"name\":\"scan.exiftool.TitleOfParts.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.TitleOfParts\"}}},{\"name\":\"scan.exiftool.TotalEditTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.TotalEditTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.TotalEditTime\"}}},{\"name\":\"scan.exiftool.TotalEditTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.TotalEditTime\"}}},{\"name\":\"scan.exiftool.Trapped\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Trapped.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Trapped\"}}},{\"name\":\"scan.exiftool.Trapped.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Trapped\"}}},{\"name\":\"scan.exiftool.UninitializedDataSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.UninitializedDataSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.UninitializedDataSize\"}}},{\"name\":\"scan.exiftool.UninitializedDataSize.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.UninitializedDataSize\"}}},{\"name\":\"scan.exiftool.Warning\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Warning.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Warning\"}}},{\"name\":\"scan.exiftool.Warning.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Warning\"}}},{\"name\":\"scan.exiftool.Words\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Words.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Words\"}}},{\"name\":\"scan.exiftool.Words.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Words\"}}},{\"name\":\"scan.exiftool.XMPToolkit\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.XMPToolkit.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.XMPToolkit\"}}},{\"name\":\"scan.exiftool.XMPToolkit.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.XMPToolkit\"}}},{\"name\":\"scan.exiftool.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.header.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.header.header\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.header.header.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.header.header\"}}},{\"name\":\"scan.header.header.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.header.header\"}}},{\"name\":\"scan.ini.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.ini.keys.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.ini.keys.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.ini.keys.name\"}}},{\"name\":\"scan.ini.keys.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.ini.keys.name\"}}},{\"name\":\"scan.ini.keys.section\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.ini.keys.section.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.ini.keys.section\"}}},{\"name\":\"scan.ini.keys.section.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.ini.keys.section\"}}},{\"name\":\"scan.ini.keys.value\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.ini.keys.value.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.ini.keys.value\"}}},{\"name\":\"scan.ini.keys.value.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.ini.keys.value\"}}},{\"name\":\"scan.ini.sections\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.ini.sections.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.ini.sections\"}}},{\"name\":\"scan.ini.sections.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.ini.sections\"}}},{\"name\":\"scan.libarchive.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.libarchive.total.extracted\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.libarchive.total.files\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.mmbot.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.mmbot.flags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.mmbot.flags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.mmbot.flags\"}}},{\"name\":\"scan.mmbot.flags.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.mmbot.flags\"}}},{\"name\":\"scan.ocr.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.ole.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.ole.flags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.ole.flags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.ole.flags\"}}},{\"name\":\"scan.ole.flags.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.ole.flags\"}}},{\"name\":\"scan.ole.total.extracted\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.ole.total.streams\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pdf.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pdf.total.extracted\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pdf.total.objects\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.debug.age\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.debug.guid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.debug.guid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.debug.guid\"}}},{\"name\":\"scan.pe.debug.guid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.debug.guid\"}}},{\"name\":\"scan.pe.debug.pdb\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.debug.pdb.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.debug.pdb\"}}},{\"name\":\"scan.pe.debug.pdb.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.debug.pdb\"}}},{\"name\":\"scan.pe.debug.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.debug.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.debug.type\"}}},{\"name\":\"scan.pe.debug.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.debug.type\"}}},{\"name\":\"scan.pe.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.file_info.fixed.flags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.fixed.flags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.fixed.flags\"}}},{\"name\":\"scan.pe.file_info.fixed.flags.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.fixed.flags\"}}},{\"name\":\"scan.pe.file_info.fixed.operating_systems\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.fixed.operating_systems.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.fixed.operating_systems\"}}},{\"name\":\"scan.pe.file_info.fixed.operating_systems.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.fixed.operating_systems\"}}},{\"name\":\"scan.pe.file_info.fixed.type.primary\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.fixed.type.primary.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.fixed.type.primary\"}}},{\"name\":\"scan.pe.file_info.fixed.type.primary.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.fixed.type.primary\"}}},{\"name\":\"scan.pe.file_info.string.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.string.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.string.name\"}}},{\"name\":\"scan.pe.file_info.string.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.string.name\"}}},{\"name\":\"scan.pe.file_info.string.value\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.string.value.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.string.value\"}}},{\"name\":\"scan.pe.file_info.string.value.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.string.value\"}}},{\"name\":\"scan.pe.file_info.var.character_set\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.var.character_set.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.var.character_set\"}}},{\"name\":\"scan.pe.file_info.var.character_set.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.var.character_set\"}}},{\"name\":\"scan.pe.file_info.var.language\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.var.language.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.var.language\"}}},{\"name\":\"scan.pe.file_info.var.language.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.var.language\"}}},{\"name\":\"scan.pe.flags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.flags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.flags\"}}},{\"name\":\"scan.pe.flags.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.flags\"}}},{\"name\":\"scan.pe.header.address.code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.address.data\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.address.entry_point\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.address.image\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.alignment.file\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.alignment.section\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.characteristics.dll\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.header.characteristics.dll.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.characteristics.dll\"}}},{\"name\":\"scan.pe.header.characteristics.dll.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.characteristics.dll\"}}},{\"name\":\"scan.pe.header.characteristics.image\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.header.characteristics.image.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.characteristics.image\"}}},{\"name\":\"scan.pe.header.characteristics.image.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.characteristics.image\"}}},{\"name\":\"scan.pe.header.checksum\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.machine.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.machine.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.header.machine.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.machine.type\"}}},{\"name\":\"scan.pe.header.machine.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.machine.type\"}}},{\"name\":\"scan.pe.header.magic.dos\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.header.magic.dos.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.magic.dos\"}}},{\"name\":\"scan.pe.header.magic.dos.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.magic.dos\"}}},{\"name\":\"scan.pe.header.magic.image\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.header.magic.image.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.magic.image\"}}},{\"name\":\"scan.pe.header.magic.image.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.magic.image\"}}},{\"name\":\"scan.pe.header.size.code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.data.initialized\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.data.uninitialized\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.headers\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.heap.commit\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.heap.reserve\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.image\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.stack.commit\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.stack.reserve\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.subsystem\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.header.subsystem.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.subsystem\"}}},{\"name\":\"scan.pe.header.subsystem.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.subsystem\"}}},{\"name\":\"scan.pe.header.timestamp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.version.image\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.version.linker\",\"type\":\"number\",\"esTypes\":[\"float\",\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.version.operating_system\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.version.subsystem\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.imphash\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.imphash.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.imphash\"}}},{\"name\":\"scan.pe.imphash.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.imphash\"}}},{\"name\":\"scan.pe.resources.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.resources.language.primary\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.resources.language.primary.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.resources.language.primary\"}}},{\"name\":\"scan.pe.resources.language.primary.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.resources.language.primary\"}}},{\"name\":\"scan.pe.resources.language.sub\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.resources.language.sub.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.resources.language.sub\"}}},{\"name\":\"scan.pe.resources.language.sub.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.resources.language.sub\"}}},{\"name\":\"scan.pe.resources.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.resources.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.resources.name\"}}},{\"name\":\"scan.pe.resources.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.resources.name\"}}},{\"name\":\"scan.pe.resources.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.resources.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.resources.type\"}}},{\"name\":\"scan.pe.resources.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.resources.type\"}}},{\"name\":\"scan.pe.sections.address.physical\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.sections.address.virtual\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.sections.characteristics\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.sections.characteristics.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.sections.characteristics\"}}},{\"name\":\"scan.pe.sections.characteristics.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.sections.characteristics\"}}},{\"name\":\"scan.pe.sections.entropy\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.sections.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.sections.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.sections.name\"}}},{\"name\":\"scan.pe.sections.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.sections.name\"}}},{\"name\":\"scan.pe.sections.size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.symbols.exported\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.exported.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.exported\"}}},{\"name\":\"scan.pe.symbols.exported.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.exported\"}}},{\"name\":\"scan.pe.symbols.imported\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.imported.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.imported\"}}},{\"name\":\"scan.pe.symbols.imported.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.imported\"}}},{\"name\":\"scan.pe.symbols.libraries\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.libraries.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.libraries\"}}},{\"name\":\"scan.pe.symbols.libraries.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.libraries\"}}},{\"name\":\"scan.pe.symbols.table.address\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.symbols.table.library\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.table.library.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.table.library\"}}},{\"name\":\"scan.pe.symbols.table.library.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.table.library\"}}},{\"name\":\"scan.pe.symbols.table.symbol\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.table.symbol.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.table.symbol\"}}},{\"name\":\"scan.pe.symbols.table.symbol.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.table.symbol\"}}},{\"name\":\"scan.pe.symbols.table.symbols\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.table.symbols.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.table.symbols\"}}},{\"name\":\"scan.pe.symbols.table.symbols.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.table.symbols\"}}},{\"name\":\"scan.pe.symbols.table.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.table.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.table.type\"}}},{\"name\":\"scan.pe.symbols.table.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.table.type\"}}},{\"name\":\"scan.pe.total.libraries\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.total.resources\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.total.sections\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.total.symbols\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pkcs7.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pkcs7.total.certificates\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pkcs7.total.extracted\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.upx.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.url.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.url.urls\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.url.urls.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.url.urls\"}}},{\"name\":\"scan.url.urls.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.url.urls\"}}},{\"name\":\"scan.vb.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.vb.functions\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vb.functions.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vb.functions\"}}},{\"name\":\"scan.vb.functions.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.vb.functions\"}}},{\"name\":\"scan.vb.names\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vb.names.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vb.names\"}}},{\"name\":\"scan.vb.names.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.vb.names\"}}},{\"name\":\"scan.vb.operators\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vb.operators.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vb.operators\"}}},{\"name\":\"scan.vb.operators.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.vb.operators\"}}},{\"name\":\"scan.vb.strings\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vb.strings.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vb.strings\"}}},{\"name\":\"scan.vb.strings.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.vb.strings\"}}},{\"name\":\"scan.vb.tokens\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vb.tokens.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vb.tokens\"}}},{\"name\":\"scan.vb.tokens.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.vb.tokens\"}}},{\"name\":\"scan.vba.auto_exec\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vba.auto_exec.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vba.auto_exec\"}}},{\"name\":\"scan.vba.auto_exec.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.vba.auto_exec\"}}},{\"name\":\"scan.vba.base64\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vba.base64.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vba.base64\"}}},{\"name\":\"scan.vba.base64.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.vba.base64\"}}},{\"name\":\"scan.vba.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.vba.ioc\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vba.ioc.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vba.ioc\"}}},{\"name\":\"scan.vba.ioc.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.vba.ioc\"}}},{\"name\":\"scan.vba.suspicious\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vba.suspicious.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vba.suspicious\"}}},{\"name\":\"scan.vba.suspicious.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.vba.suspicious\"}}},{\"name\":\"scan.vba.total.extracted\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.vba.total.files\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.x509.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.x509.expired\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.x509.fingerprint\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.x509.fingerprint.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.x509.fingerprint\"}}},{\"name\":\"scan.x509.fingerprint.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.x509.fingerprint\"}}},{\"name\":\"scan.x509.issuer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.x509.issuer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.x509.issuer\"}}},{\"name\":\"scan.x509.issuer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.x509.issuer\"}}},{\"name\":\"scan.x509.not_after\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.x509.not_before\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.x509.serial_number\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.x509.serial_number.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.x509.serial_number\"}}},{\"name\":\"scan.x509.serial_number.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.x509.serial_number\"}}},{\"name\":\"scan.x509.subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.x509.subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.x509.subject\"}}},{\"name\":\"scan.x509.subject.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.x509.subject\"}}},{\"name\":\"scan.x509.version\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.xml.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.xml.namespaces\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.xml.namespaces.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.xml.namespaces\"}}},{\"name\":\"scan.xml.namespaces.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.xml.namespaces\"}}},{\"name\":\"scan.xml.tags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.xml.tags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.xml.tags\"}}},{\"name\":\"scan.xml.tags.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.xml.tags\"}}},{\"name\":\"scan.xml.total.extracted\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.xml.total.tags\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.xml.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.xml.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.xml.version\"}}},{\"name\":\"scan.xml.version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.xml.version\"}}},{\"name\":\"scan.yara.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.yara.matches\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.yara.matches.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.yara.matches\"}}},{\"name\":\"scan.yara.matches.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.yara.matches\"}}},{\"name\":\"server.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"server.address\"}}},{\"name\":\"server.address.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"server.address\"}}},{\"name\":\"server.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.ip_bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.port\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.reply_code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.reply_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server.reply_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"server.reply_message\"}}},{\"name\":\"server.reply_message.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"server.reply_message\"}}},{\"name\":\"server.status_code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.status_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server.status_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"server.status_message\"}}},{\"name\":\"server.status_message.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"server.status_message\"}}},{\"name\":\"sip.call_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.call_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.call_id\"}}},{\"name\":\"sip.call_id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.call_id\"}}},{\"name\":\"sip.content_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.content_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.content_type\"}}},{\"name\":\"sip.content_type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.content_type\"}}},{\"name\":\"sip.date\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.date.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.date\"}}},{\"name\":\"sip.date.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.date\"}}},{\"name\":\"sip.method\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.method.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.method\"}}},{\"name\":\"sip.method.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.method\"}}},{\"name\":\"sip.request.body.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sip.request.from\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.request.from.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.request.from\"}}},{\"name\":\"sip.request.from.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.request.from\"}}},{\"name\":\"sip.request.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.request.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.request.path\"}}},{\"name\":\"sip.request.path.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.request.path\"}}},{\"name\":\"sip.request.to\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.request.to.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.request.to\"}}},{\"name\":\"sip.request.to.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.request.to\"}}},{\"name\":\"sip.response.body.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sip.response.from\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.response.from.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.response.from\"}}},{\"name\":\"sip.response.from.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.response.from\"}}},{\"name\":\"sip.response.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.response.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.response.path\"}}},{\"name\":\"sip.response.path.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.response.path\"}}},{\"name\":\"sip.response.to\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.response.to.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.response.to\"}}},{\"name\":\"sip.response.to.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.response.to\"}}},{\"name\":\"sip.seq\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.seq.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.seq\"}}},{\"name\":\"sip.seq.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.seq\"}}},{\"name\":\"sip.transaction.depth\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sip.uri\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.uri.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.uri\"}}},{\"name\":\"sip.uri.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.uri\"}}},{\"name\":\"sip.warning\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.warning.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.warning\"}}},{\"name\":\"sip.warning.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.warning\"}}},{\"name\":\"smb.file_system\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smb.file_system.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smb.file_system\"}}},{\"name\":\"smb.file_system.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smb.file_system\"}}},{\"name\":\"smb.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smb.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smb.path\"}}},{\"name\":\"smb.path.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smb.path\"}}},{\"name\":\"smb.service\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smb.service.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smb.service\"}}},{\"name\":\"smb.service.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smb.service\"}}},{\"name\":\"smb.share_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smb.share_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smb.share_type\"}}},{\"name\":\"smb.share_type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smb.share_type\"}}},{\"name\":\"smtp.cc\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.cc.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.cc\"}}},{\"name\":\"smtp.cc.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.cc\"}}},{\"name\":\"smtp.first_received\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.first_received.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.first_received\"}}},{\"name\":\"smtp.first_received.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.first_received\"}}},{\"name\":\"smtp.from\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.from.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.from\"}}},{\"name\":\"smtp.from.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.from\"}}},{\"name\":\"smtp.helo\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.helo.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.helo\"}}},{\"name\":\"smtp.helo.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.helo\"}}},{\"name\":\"smtp.in_reply_to\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.in_reply_to.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.in_reply_to\"}}},{\"name\":\"smtp.in_reply_to.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.in_reply_to\"}}},{\"name\":\"smtp.is_webmail\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smtp.last_reply\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.last_reply.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.last_reply\"}}},{\"name\":\"smtp.last_reply.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.last_reply\"}}},{\"name\":\"smtp.mail_date\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.mail_date.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.mail_date\"}}},{\"name\":\"smtp.mail_date.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.mail_date\"}}},{\"name\":\"smtp.mail_from\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.mail_from.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.mail_from\"}}},{\"name\":\"smtp.mail_from.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.mail_from\"}}},{\"name\":\"smtp.message_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.message_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.message_id\"}}},{\"name\":\"smtp.message_id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.message_id\"}}},{\"name\":\"smtp.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.path\"}}},{\"name\":\"smtp.path.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.path\"}}},{\"name\":\"smtp.recipient_to\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.recipient_to.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.recipient_to\"}}},{\"name\":\"smtp.recipient_to.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.recipient_to\"}}},{\"name\":\"smtp.second_received\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.second_received.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.second_received\"}}},{\"name\":\"smtp.second_received.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.second_received\"}}},{\"name\":\"smtp.subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.subject\"}}},{\"name\":\"smtp.subject.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.subject\"}}},{\"name\":\"smtp.tls\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smtp.to\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.to.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.to\"}}},{\"name\":\"smtp.to.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.to\"}}},{\"name\":\"smtp.transaction_depth\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smtp.useragent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.useragent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.useragent\"}}},{\"name\":\"smtp.useragent.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.useragent\"}}},{\"name\":\"snmp.community\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"snmp.community.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"snmp.community\"}}},{\"name\":\"snmp.community.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"snmp.community\"}}},{\"name\":\"snmp.display_string\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"snmp.display_string.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"snmp.display_string\"}}},{\"name\":\"snmp.display_string.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"snmp.display_string\"}}},{\"name\":\"snmp.get.bulk_requests\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"snmp.get.requests\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"snmp.get.responses\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"snmp.set.requests\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"snmp.up_since\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"snmp.up_since.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"snmp.up_since\"}}},{\"name\":\"snmp.up_since.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"snmp.up_since\"}}},{\"name\":\"snmp.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"snmp.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"snmp.version\"}}},{\"name\":\"snmp.version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"snmp.version\"}}},{\"name\":\"socks.bound.host\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"socks.bound.host.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"socks.bound.host\"}}},{\"name\":\"socks.bound.host.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"socks.bound.host\"}}},{\"name\":\"socks.bound.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"socks.request.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"socks.request.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"socks.request.name\"}}},{\"name\":\"socks.request.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"socks.request.name\"}}},{\"name\":\"socks.request.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"socks.status\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"socks.status.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"socks.status\"}}},{\"name\":\"socks.status.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"socks.status\"}}},{\"name\":\"socks.user\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"socks.user.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"socks.user\"}}},{\"name\":\"socks.user.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"socks.user\"}}},{\"name\":\"socks.version\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"software.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"software.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"software.name\"}}},{\"name\":\"software.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"software.name\"}}},{\"name\":\"software.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"software.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"software.type\"}}},{\"name\":\"software.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"software.type\"}}},{\"name\":\"software.version.additional_info\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"software.version.additional_info.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"software.version.additional_info\"}}},{\"name\":\"software.version.additional_info.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"software.version.additional_info\"}}},{\"name\":\"software.version.major\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"software.version.minor\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"software.version.minor2\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"software.version.unparsed\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"software.version.unparsed.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"software.version.unparsed\"}}},{\"name\":\"software.version.unparsed.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"software.version.unparsed\"}}},{\"name\":\"source.geo.city_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.city_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.city_name\"}}},{\"name\":\"source.geo.city_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"source.geo.city_name\"}}},{\"name\":\"source.geo.continent_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.continent_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.continent_name\"}}},{\"name\":\"source.geo.continent_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"source.geo.continent_name\"}}},{\"name\":\"source.geo.country_iso_code\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.country_iso_code.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.country_iso_code\"}}},{\"name\":\"source.geo.country_iso_code.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"source.geo.country_iso_code\"}}},{\"name\":\"source.geo.country_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.country_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.country_name\"}}},{\"name\":\"source.geo.country_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"source.geo.country_name\"}}},{\"name\":\"source.geo.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.location.lat\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.location.lon\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.region_iso_code\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.region_iso_code.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.region_iso_code\"}}},{\"name\":\"source.geo.region_iso_code.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"source.geo.region_iso_code\"}}},{\"name\":\"source.geo.region_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.region_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.region_name\"}}},{\"name\":\"source.geo.region_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"source.geo.region_name\"}}},{\"name\":\"source.geo.timezone\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.timezone.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.timezone\"}}},{\"name\":\"source.geo.timezone.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"source.geo.timezone\"}}},{\"name\":\"source.hostname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.hostname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.hostname\"}}},{\"name\":\"source.hostname.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"source.hostname\"}}},{\"name\":\"source.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.latitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.location\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.longitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssh.authentication.attempts\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssh.authentication.success\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssh.cipher_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.cipher_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.cipher_algorithm\"}}},{\"name\":\"ssh.cipher_algorithm.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.cipher_algorithm\"}}},{\"name\":\"ssh.client\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.client.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.client\"}}},{\"name\":\"ssh.client.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.client\"}}},{\"name\":\"ssh.client_host_key_algorithms\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.client_host_key_algorithms.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.client_host_key_algorithms\"}}},{\"name\":\"ssh.client_host_key_algorithms.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.client_host_key_algorithms\"}}},{\"name\":\"ssh.compression_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.compression_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.compression_algorithm\"}}},{\"name\":\"ssh.compression_algorithm.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.compression_algorithm\"}}},{\"name\":\"ssh.direction\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.direction.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.direction\"}}},{\"name\":\"ssh.direction.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.direction\"}}},{\"name\":\"ssh.hassh_algorithms\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.hassh_algorithms.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_algorithms\"}}},{\"name\":\"ssh.hassh_algorithms.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_algorithms\"}}},{\"name\":\"ssh.hassh_server\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.hassh_server.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_server\"}}},{\"name\":\"ssh.hassh_server.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_server\"}}},{\"name\":\"ssh.hassh_server_algorithms\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.hassh_server_algorithms.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_server_algorithms\"}}},{\"name\":\"ssh.hassh_server_algorithms.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_server_algorithms\"}}},{\"name\":\"ssh.hassh_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.hassh_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_version\"}}},{\"name\":\"ssh.hassh_version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_version\"}}},{\"name\":\"ssh.host_key\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.host_key.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.host_key\"}}},{\"name\":\"ssh.host_key.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.host_key\"}}},{\"name\":\"ssh.host_key_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.host_key_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.host_key_algorithm\"}}},{\"name\":\"ssh.host_key_algorithm.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.host_key_algorithm\"}}},{\"name\":\"ssh.kex_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.kex_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.kex_algorithm\"}}},{\"name\":\"ssh.kex_algorithm.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.kex_algorithm\"}}},{\"name\":\"ssh.mac_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.mac_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.mac_algorithm\"}}},{\"name\":\"ssh.mac_algorithm.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.mac_algorithm\"}}},{\"name\":\"ssh.server\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.server.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.server\"}}},{\"name\":\"ssh.server.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.server\"}}},{\"name\":\"ssh.server_host_key_algorithms\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.server_host_key_algorithms.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.server_host_key_algorithms\"}}},{\"name\":\"ssh.server_host_key_algorithms.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.server_host_key_algorithms\"}}},{\"name\":\"ssh.version\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssl.certificate.chain_fuids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.certificate.chain_fuids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.certificate.chain_fuids\"}}},{\"name\":\"ssl.certificate.chain_fuids.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.certificate.chain_fuids\"}}},{\"name\":\"ssl.certificate.issuer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.certificate.issuer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.certificate.issuer\"}}},{\"name\":\"ssl.certificate.issuer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.certificate.issuer\"}}},{\"name\":\"ssl.certificate.subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.certificate.subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.certificate.subject\"}}},{\"name\":\"ssl.certificate.subject.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.certificate.subject\"}}},{\"name\":\"ssl.cipher\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.cipher.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.cipher\"}}},{\"name\":\"ssl.cipher.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.cipher\"}}},{\"name\":\"ssl.client.certificate.chain_fuids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.client.certificate.chain_fuids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.client.certificate.chain_fuids\"}}},{\"name\":\"ssl.client.certificate.chain_fuids.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.client.certificate.chain_fuids\"}}},{\"name\":\"ssl.client.issuer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.client.issuer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.client.issuer\"}}},{\"name\":\"ssl.client.issuer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.client.issuer\"}}},{\"name\":\"ssl.client.subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.client.subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.client.subject\"}}},{\"name\":\"ssl.client.subject.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.client.subject\"}}},{\"name\":\"ssl.curve\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.curve.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.curve\"}}},{\"name\":\"ssl.curve.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.curve\"}}},{\"name\":\"ssl.established\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssl.last_alert\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.last_alert.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.last_alert\"}}},{\"name\":\"ssl.last_alert.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.last_alert\"}}},{\"name\":\"ssl.next_protocol\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.next_protocol.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.next_protocol\"}}},{\"name\":\"ssl.next_protocol.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.next_protocol\"}}},{\"name\":\"ssl.resumed\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssl.server_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.server_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.server_name\"}}},{\"name\":\"ssl.server_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.server_name\"}}},{\"name\":\"ssl.validation_status\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.validation_status.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.validation_status\"}}},{\"name\":\"ssl.validation_status.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.validation_status\"}}},{\"name\":\"ssl.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.version\"}}},{\"name\":\"ssl.version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.version\"}}},{\"name\":\"syslog.facility_label\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog.facility_label.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"syslog.facility_label\"}}},{\"name\":\"syslog.facility_label.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"syslog.facility_label\"}}},{\"name\":\"syslog.severity_label\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog.severity_label\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"syslog.severity_label\"}}},{\"name\":\"syslog.severity_label.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"syslog.severity_label\"}}},{\"name\":\"tags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"tags\"}}},{\"name\":\"tunnel.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tunnel.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"tunnel.type\"}}},{\"name\":\"tunnel.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"tunnel.type\"}}},{\"name\":\"user.escalated\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.escalated.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"user.escalated\"}}},{\"name\":\"user.escalated.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"user.escalated\"}}},{\"name\":\"user.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"user.name\"}}},{\"name\":\"user.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"user.name\"}}},{\"name\":\"version.minor3\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"weird.additional_info\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"weird.additional_info.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"weird.additional_info\"}}},{\"name\":\"weird.additional_info.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"weird.additional_info\"}}},{\"name\":\"weird.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"weird.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"weird.name\"}}},{\"name\":\"weird.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"weird.name\"}}},{\"name\":\"weird.notice\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"weird.peer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"weird.peer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"weird.peer\"}}},{\"name\":\"weird.peer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"weird.peer\"}}},{\"name\":\"winlog.activity_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.activity_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.activity_id\"}}},{\"name\":\"winlog.activity_id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.activity_id\"}}},{\"name\":\"winlog.api\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.api.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.api\"}}},{\"name\":\"winlog.api.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.api\"}}},{\"name\":\"winlog.channel\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.channel.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.channel\"}}},{\"name\":\"winlog.channel.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.channel\"}}},{\"name\":\"winlog.computer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.computer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.computer\"}}},{\"name\":\"winlog.computer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.computer\"}}},{\"name\":\"winlog.computer_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.computer_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.computer_name\"}}},{\"name\":\"winlog.computer_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.computer_name\"}}},{\"name\":\"winlog.eventRecordID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.eventRecordID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.eventRecordID\"}}},{\"name\":\"winlog.eventRecordID.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.eventRecordID\"}}},{\"name\":\"winlog.eventSourceName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.eventSourceName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.eventSourceName\"}}},{\"name\":\"winlog.eventSourceName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.eventSourceName\"}}},{\"name\":\"winlog.event_data.AccessList\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.AccessList.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.AccessList\"}}},{\"name\":\"winlog.event_data.AccessList.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.AccessList\"}}},{\"name\":\"winlog.event_data.AccessMask\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.AccessMask.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.AccessMask\"}}},{\"name\":\"winlog.event_data.AccessMask.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.AccessMask\"}}},{\"name\":\"winlog.event_data.Address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Address\"}}},{\"name\":\"winlog.event_data.Address.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Address\"}}},{\"name\":\"winlog.event_data.AddressLength\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.AddressLength.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.AddressLength\"}}},{\"name\":\"winlog.event_data.AddressLength.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.AddressLength\"}}},{\"name\":\"winlog.event_data.Binary\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Binary.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Binary\"}}},{\"name\":\"winlog.event_data.Binary.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Binary\"}}},{\"name\":\"winlog.event_data.CreationUtcTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.CreationUtcTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.CreationUtcTime\"}}},{\"name\":\"winlog.event_data.CreationUtcTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.CreationUtcTime\"}}},{\"name\":\"winlog.event_data.DeviceName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.DeviceName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceName\"}}},{\"name\":\"winlog.event_data.DeviceName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceName\"}}},{\"name\":\"winlog.event_data.DeviceNameLength\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.DeviceNameLength.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceNameLength\"}}},{\"name\":\"winlog.event_data.DeviceNameLength.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceNameLength\"}}},{\"name\":\"winlog.event_data.DeviceTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.DeviceTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceTime\"}}},{\"name\":\"winlog.event_data.DeviceTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceTime\"}}},{\"name\":\"winlog.event_data.DeviceVersionMajor\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.DeviceVersionMajor.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceVersionMajor\"}}},{\"name\":\"winlog.event_data.DeviceVersionMajor.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceVersionMajor\"}}},{\"name\":\"winlog.event_data.DeviceVersionMinor\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.DeviceVersionMinor.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceVersionMinor\"}}},{\"name\":\"winlog.event_data.DeviceVersionMinor.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceVersionMinor\"}}},{\"name\":\"winlog.event_data.DirtyPages\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.DirtyPages.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DirtyPages\"}}},{\"name\":\"winlog.event_data.DirtyPages.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DirtyPages\"}}},{\"name\":\"winlog.event_data.FileName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.FileName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.FileName\"}}},{\"name\":\"winlog.event_data.FileName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.FileName\"}}},{\"name\":\"winlog.event_data.FinalStatus\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.FinalStatus.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.FinalStatus\"}}},{\"name\":\"winlog.event_data.FinalStatus.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.FinalStatus\"}}},{\"name\":\"winlog.event_data.HandleId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.HandleId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.HandleId\"}}},{\"name\":\"winlog.event_data.HandleId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.HandleId\"}}},{\"name\":\"winlog.event_data.Hashes\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Hashes.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Hashes\"}}},{\"name\":\"winlog.event_data.Hashes.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Hashes\"}}},{\"name\":\"winlog.event_data.HiveName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.HiveName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.HiveName\"}}},{\"name\":\"winlog.event_data.HiveName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.HiveName\"}}},{\"name\":\"winlog.event_data.HiveNameLength\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.HiveNameLength.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.HiveNameLength\"}}},{\"name\":\"winlog.event_data.HiveNameLength.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.HiveNameLength\"}}},{\"name\":\"winlog.event_data.ImageLoaded\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ImageLoaded.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ImageLoaded\"}}},{\"name\":\"winlog.event_data.ImageLoaded.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ImageLoaded\"}}},{\"name\":\"winlog.event_data.IntegrityLevel\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.IntegrityLevel.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.IntegrityLevel\"}}},{\"name\":\"winlog.event_data.IntegrityLevel.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.IntegrityLevel\"}}},{\"name\":\"winlog.event_data.KeysUpdated\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.KeysUpdated.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.KeysUpdated\"}}},{\"name\":\"winlog.event_data.KeysUpdated.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.KeysUpdated\"}}},{\"name\":\"winlog.event_data.LinkName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.LinkName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.LinkName\"}}},{\"name\":\"winlog.event_data.LinkName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.LinkName\"}}},{\"name\":\"winlog.event_data.LogonGuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.LogonGuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.LogonGuid\"}}},{\"name\":\"winlog.event_data.LogonGuid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.LogonGuid\"}}},{\"name\":\"winlog.event_data.LogonId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.LogonId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.LogonId\"}}},{\"name\":\"winlog.event_data.LogonId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.LogonId\"}}},{\"name\":\"winlog.event_data.NewSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.NewSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.NewSize\"}}},{\"name\":\"winlog.event_data.NewSize.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.NewSize\"}}},{\"name\":\"winlog.event_data.NewState\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.NewState.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.NewState\"}}},{\"name\":\"winlog.event_data.NewState.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.NewState\"}}},{\"name\":\"winlog.event_data.NewTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.NewTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.NewTime\"}}},{\"name\":\"winlog.event_data.NewTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.NewTime\"}}},{\"name\":\"winlog.event_data.ObjectName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ObjectName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ObjectName\"}}},{\"name\":\"winlog.event_data.ObjectName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ObjectName\"}}},{\"name\":\"winlog.event_data.ObjectServer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ObjectServer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ObjectServer\"}}},{\"name\":\"winlog.event_data.ObjectServer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ObjectServer\"}}},{\"name\":\"winlog.event_data.ObjectType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ObjectType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ObjectType\"}}},{\"name\":\"winlog.event_data.ObjectType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ObjectType\"}}},{\"name\":\"winlog.event_data.OldTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.OldTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.OldTime\"}}},{\"name\":\"winlog.event_data.OldTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.OldTime\"}}},{\"name\":\"winlog.event_data.OriginalSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.OriginalSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.OriginalSize\"}}},{\"name\":\"winlog.event_data.OriginalSize.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.OriginalSize\"}}},{\"name\":\"winlog.event_data.PreviousCreationUtcTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.PreviousCreationUtcTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.PreviousCreationUtcTime\"}}},{\"name\":\"winlog.event_data.PreviousCreationUtcTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.PreviousCreationUtcTime\"}}},{\"name\":\"winlog.event_data.PreviousTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.PreviousTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.PreviousTime\"}}},{\"name\":\"winlog.event_data.PreviousTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.PreviousTime\"}}},{\"name\":\"winlog.event_data.ProcessID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ProcessID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ProcessID\"}}},{\"name\":\"winlog.event_data.ProcessID.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ProcessID\"}}},{\"name\":\"winlog.event_data.ProcessId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ProcessId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ProcessId\"}}},{\"name\":\"winlog.event_data.ProcessId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ProcessId\"}}},{\"name\":\"winlog.event_data.ProcessName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ProcessName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ProcessName\"}}},{\"name\":\"winlog.event_data.ProcessName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ProcessName\"}}},{\"name\":\"winlog.event_data.QueryName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.QueryName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.QueryName\"}}},{\"name\":\"winlog.event_data.QueryName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.QueryName\"}}},{\"name\":\"winlog.event_data.QueryResults\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.QueryResults.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.QueryResults\"}}},{\"name\":\"winlog.event_data.QueryResults.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.QueryResults\"}}},{\"name\":\"winlog.event_data.QueryStatus\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.QueryStatus.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.QueryStatus\"}}},{\"name\":\"winlog.event_data.QueryStatus.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.QueryStatus\"}}},{\"name\":\"winlog.event_data.Reason\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Reason.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Reason\"}}},{\"name\":\"winlog.event_data.Reason.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Reason\"}}},{\"name\":\"winlog.event_data.ResourceAttributes\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ResourceAttributes.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ResourceAttributes\"}}},{\"name\":\"winlog.event_data.ResourceAttributes.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ResourceAttributes\"}}},{\"name\":\"winlog.event_data.ResourceManager\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ResourceManager.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ResourceManager\"}}},{\"name\":\"winlog.event_data.ResourceManager.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ResourceManager\"}}},{\"name\":\"winlog.event_data.RuleName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.RuleName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.RuleName\"}}},{\"name\":\"winlog.event_data.RuleName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.RuleName\"}}},{\"name\":\"winlog.event_data.Signature\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Signature.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Signature\"}}},{\"name\":\"winlog.event_data.Signature.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Signature\"}}},{\"name\":\"winlog.event_data.SignatureStatus\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.SignatureStatus.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SignatureStatus\"}}},{\"name\":\"winlog.event_data.SignatureStatus.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SignatureStatus\"}}},{\"name\":\"winlog.event_data.Signed\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Signed.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Signed\"}}},{\"name\":\"winlog.event_data.Signed.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Signed\"}}},{\"name\":\"winlog.event_data.SubjectDomainName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.SubjectDomainName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SubjectDomainName\"}}},{\"name\":\"winlog.event_data.SubjectDomainName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SubjectDomainName\"}}},{\"name\":\"winlog.event_data.SubjectLogonId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.SubjectLogonId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SubjectLogonId\"}}},{\"name\":\"winlog.event_data.SubjectLogonId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SubjectLogonId\"}}},{\"name\":\"winlog.event_data.SubjectUserSid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.SubjectUserSid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SubjectUserSid\"}}},{\"name\":\"winlog.event_data.SubjectUserSid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SubjectUserSid\"}}},{\"name\":\"winlog.event_data.TerminalSessionId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.TerminalSessionId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.TerminalSessionId\"}}},{\"name\":\"winlog.event_data.TerminalSessionId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.TerminalSessionId\"}}},{\"name\":\"winlog.event_data.TransactionId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.TransactionId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.TransactionId\"}}},{\"name\":\"winlog.event_data.TransactionId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.TransactionId\"}}},{\"name\":\"winlog.event_data.UtcTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.UtcTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.UtcTime\"}}},{\"name\":\"winlog.event_data.UtcTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.UtcTime\"}}},{\"name\":\"winlog.event_data.authenticationPackageName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.authenticationPackageName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.authenticationPackageName\"}}},{\"name\":\"winlog.event_data.authenticationPackageName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.authenticationPackageName\"}}},{\"name\":\"winlog.event_data.callerProcessId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.callerProcessId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.callerProcessId\"}}},{\"name\":\"winlog.event_data.callerProcessId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.callerProcessId\"}}},{\"name\":\"winlog.event_data.callerProcessName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.callerProcessName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.callerProcessName\"}}},{\"name\":\"winlog.event_data.callerProcessName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.callerProcessName\"}}},{\"name\":\"winlog.event_data.clientProcessId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.clientProcessId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.clientProcessId\"}}},{\"name\":\"winlog.event_data.clientProcessId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.clientProcessId\"}}},{\"name\":\"winlog.event_data.countOfCredentialsReturned\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.countOfCredentialsReturned.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.countOfCredentialsReturned\"}}},{\"name\":\"winlog.event_data.countOfCredentialsReturned.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.countOfCredentialsReturned\"}}},{\"name\":\"winlog.event_data.creationUtcTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.creationUtcTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.creationUtcTime\"}}},{\"name\":\"winlog.event_data.creationUtcTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.creationUtcTime\"}}},{\"name\":\"winlog.event_data.data\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.data.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.data\"}}},{\"name\":\"winlog.event_data.data.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.data\"}}},{\"name\":\"winlog.event_data.destinationIsIpv6\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.destinationIsIpv6.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.destinationIsIpv6\"}}},{\"name\":\"winlog.event_data.destinationIsIpv6.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.destinationIsIpv6\"}}},{\"name\":\"winlog.event_data.destinationPortName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.destinationPortName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.destinationPortName\"}}},{\"name\":\"winlog.event_data.destinationPortName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.destinationPortName\"}}},{\"name\":\"winlog.event_data.details\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.details.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.details\"}}},{\"name\":\"winlog.event_data.details.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.details\"}}},{\"name\":\"winlog.event_data.elevatedToken\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.elevatedToken.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.elevatedToken\"}}},{\"name\":\"winlog.event_data.elevatedToken.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.elevatedToken\"}}},{\"name\":\"winlog.event_data.errorCode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.errorCode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.errorCode\"}}},{\"name\":\"winlog.event_data.errorCode.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.errorCode\"}}},{\"name\":\"winlog.event_data.eventType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.eventType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.eventType\"}}},{\"name\":\"winlog.event_data.eventType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.eventType\"}}},{\"name\":\"winlog.event_data.hashes\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.hashes.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.hashes\"}}},{\"name\":\"winlog.event_data.hashes.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.hashes\"}}},{\"name\":\"winlog.event_data.imagePath\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.imagePath.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.imagePath\"}}},{\"name\":\"winlog.event_data.imagePath.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.imagePath\"}}},{\"name\":\"winlog.event_data.impersonationLevel\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.impersonationLevel.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.impersonationLevel\"}}},{\"name\":\"winlog.event_data.impersonationLevel.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.impersonationLevel\"}}},{\"name\":\"winlog.event_data.initiated\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.initiated.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.initiated\"}}},{\"name\":\"winlog.event_data.initiated.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.initiated\"}}},{\"name\":\"winlog.event_data.integrityLevel\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.integrityLevel.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.integrityLevel\"}}},{\"name\":\"winlog.event_data.integrityLevel.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.integrityLevel\"}}},{\"name\":\"winlog.event_data.keyLength\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.keyLength.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.keyLength\"}}},{\"name\":\"winlog.event_data.keyLength.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.keyLength\"}}},{\"name\":\"winlog.event_data.logonGuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.logonGuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.logonGuid\"}}},{\"name\":\"winlog.event_data.logonGuid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.logonGuid\"}}},{\"name\":\"winlog.event_data.logonId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.logonId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.logonId\"}}},{\"name\":\"winlog.event_data.logonId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.logonId\"}}},{\"name\":\"winlog.event_data.logonProcessName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.logonProcessName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.logonProcessName\"}}},{\"name\":\"winlog.event_data.logonProcessName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.logonProcessName\"}}},{\"name\":\"winlog.event_data.logonType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.logonType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.logonType\"}}},{\"name\":\"winlog.event_data.logonType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.logonType\"}}},{\"name\":\"winlog.event_data.param1\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param1.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param1\"}}},{\"name\":\"winlog.event_data.param1.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param1\"}}},{\"name\":\"winlog.event_data.param10\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param10.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param10\"}}},{\"name\":\"winlog.event_data.param10.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param10\"}}},{\"name\":\"winlog.event_data.param11\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param11.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param11\"}}},{\"name\":\"winlog.event_data.param11.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param11\"}}},{\"name\":\"winlog.event_data.param16\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param16.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param16\"}}},{\"name\":\"winlog.event_data.param16.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param16\"}}},{\"name\":\"winlog.event_data.param19\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param19.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param19\"}}},{\"name\":\"winlog.event_data.param19.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param19\"}}},{\"name\":\"winlog.event_data.param2\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param2.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param2\"}}},{\"name\":\"winlog.event_data.param2.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param2\"}}},{\"name\":\"winlog.event_data.param20\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param20.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param20\"}}},{\"name\":\"winlog.event_data.param20.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param20\"}}},{\"name\":\"winlog.event_data.param21\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param21.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param21\"}}},{\"name\":\"winlog.event_data.param21.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param21\"}}},{\"name\":\"winlog.event_data.param22\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param22.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param22\"}}},{\"name\":\"winlog.event_data.param22.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param22\"}}},{\"name\":\"winlog.event_data.param23\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param23.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param23\"}}},{\"name\":\"winlog.event_data.param23.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param23\"}}},{\"name\":\"winlog.event_data.param3\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param3.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param3\"}}},{\"name\":\"winlog.event_data.param3.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param3\"}}},{\"name\":\"winlog.event_data.param4\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param4.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param4\"}}},{\"name\":\"winlog.event_data.param4.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param4\"}}},{\"name\":\"winlog.event_data.param5\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param5.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param5\"}}},{\"name\":\"winlog.event_data.param5.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param5\"}}},{\"name\":\"winlog.event_data.param6\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param6.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param6\"}}},{\"name\":\"winlog.event_data.param6.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param6\"}}},{\"name\":\"winlog.event_data.param7\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param7.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param7\"}}},{\"name\":\"winlog.event_data.param7.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param7\"}}},{\"name\":\"winlog.event_data.param8\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param8.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param8\"}}},{\"name\":\"winlog.event_data.param8.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param8\"}}},{\"name\":\"winlog.event_data.param9\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param9.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param9\"}}},{\"name\":\"winlog.event_data.param9.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param9\"}}},{\"name\":\"winlog.event_data.privilegeList\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.privilegeList.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.privilegeList\"}}},{\"name\":\"winlog.event_data.privilegeList.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.privilegeList\"}}},{\"name\":\"winlog.event_data.processCreationTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.processCreationTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.processCreationTime\"}}},{\"name\":\"winlog.event_data.processCreationTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.processCreationTime\"}}},{\"name\":\"winlog.event_data.processId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.processId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.processId\"}}},{\"name\":\"winlog.event_data.processId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.processId\"}}},{\"name\":\"winlog.event_data.processName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.processName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.processName\"}}},{\"name\":\"winlog.event_data.processName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.processName\"}}},{\"name\":\"winlog.event_data.protocol\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.protocol.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.protocol\"}}},{\"name\":\"winlog.event_data.protocol.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.protocol\"}}},{\"name\":\"winlog.event_data.queryName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.queryName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.queryName\"}}},{\"name\":\"winlog.event_data.queryName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.queryName\"}}},{\"name\":\"winlog.event_data.queryResults\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.queryResults.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.queryResults\"}}},{\"name\":\"winlog.event_data.queryResults.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.queryResults\"}}},{\"name\":\"winlog.event_data.queryStatus\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.queryStatus.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.queryStatus\"}}},{\"name\":\"winlog.event_data.queryStatus.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.queryStatus\"}}},{\"name\":\"winlog.event_data.readOperation\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.readOperation.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.readOperation\"}}},{\"name\":\"winlog.event_data.readOperation.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.readOperation\"}}},{\"name\":\"winlog.event_data.returnCode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.returnCode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.returnCode\"}}},{\"name\":\"winlog.event_data.returnCode.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.returnCode\"}}},{\"name\":\"winlog.event_data.ruleName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ruleName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ruleName\"}}},{\"name\":\"winlog.event_data.ruleName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ruleName\"}}},{\"name\":\"winlog.event_data.serviceGuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.serviceGuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.serviceGuid\"}}},{\"name\":\"winlog.event_data.serviceGuid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.serviceGuid\"}}},{\"name\":\"winlog.event_data.serviceName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.serviceName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.serviceName\"}}},{\"name\":\"winlog.event_data.serviceName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.serviceName\"}}},{\"name\":\"winlog.event_data.serviceType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.serviceType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.serviceType\"}}},{\"name\":\"winlog.event_data.serviceType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.serviceType\"}}},{\"name\":\"winlog.event_data.sourceIsIpv6\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.sourceIsIpv6.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.sourceIsIpv6\"}}},{\"name\":\"winlog.event_data.sourceIsIpv6.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.sourceIsIpv6\"}}},{\"name\":\"winlog.event_data.startType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.startType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.startType\"}}},{\"name\":\"winlog.event_data.startType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.startType\"}}},{\"name\":\"winlog.event_data.subjectDomainName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.subjectDomainName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.subjectDomainName\"}}},{\"name\":\"winlog.event_data.subjectDomainName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.subjectDomainName\"}}},{\"name\":\"winlog.event_data.subjectLogonId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.subjectLogonId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.subjectLogonId\"}}},{\"name\":\"winlog.event_data.subjectLogonId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.subjectLogonId\"}}},{\"name\":\"winlog.event_data.subjectUserName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.subjectUserName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.subjectUserName\"}}},{\"name\":\"winlog.event_data.subjectUserName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.subjectUserName\"}}},{\"name\":\"winlog.event_data.subjectUserSid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.subjectUserSid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.subjectUserSid\"}}},{\"name\":\"winlog.event_data.subjectUserSid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.subjectUserSid\"}}},{\"name\":\"winlog.event_data.targetDomainName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.targetDomainName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetDomainName\"}}},{\"name\":\"winlog.event_data.targetDomainName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetDomainName\"}}},{\"name\":\"winlog.event_data.targetLinkedLogonId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.targetLinkedLogonId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetLinkedLogonId\"}}},{\"name\":\"winlog.event_data.targetLinkedLogonId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetLinkedLogonId\"}}},{\"name\":\"winlog.event_data.targetLogonId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.targetLogonId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetLogonId\"}}},{\"name\":\"winlog.event_data.targetLogonId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetLogonId\"}}},{\"name\":\"winlog.event_data.targetName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.targetName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetName\"}}},{\"name\":\"winlog.event_data.targetName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetName\"}}},{\"name\":\"winlog.event_data.targetObject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.targetObject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetObject\"}}},{\"name\":\"winlog.event_data.targetObject.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetObject\"}}},{\"name\":\"winlog.event_data.targetSid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.targetSid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetSid\"}}},{\"name\":\"winlog.event_data.targetSid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetSid\"}}},{\"name\":\"winlog.event_data.targetUserName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.targetUserName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetUserName\"}}},{\"name\":\"winlog.event_data.targetUserName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetUserName\"}}},{\"name\":\"winlog.event_data.targetUserSid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.targetUserSid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetUserSid\"}}},{\"name\":\"winlog.event_data.targetUserSid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetUserSid\"}}},{\"name\":\"winlog.event_data.terminalSessionId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.terminalSessionId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.terminalSessionId\"}}},{\"name\":\"winlog.event_data.terminalSessionId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.terminalSessionId\"}}},{\"name\":\"winlog.event_data.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.type\"}}},{\"name\":\"winlog.event_data.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.type\"}}},{\"name\":\"winlog.event_data.updateGuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.updateGuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.updateGuid\"}}},{\"name\":\"winlog.event_data.updateGuid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.updateGuid\"}}},{\"name\":\"winlog.event_data.updateRevisionNumber\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.updateRevisionNumber.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.updateRevisionNumber\"}}},{\"name\":\"winlog.event_data.updateRevisionNumber.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.updateRevisionNumber\"}}},{\"name\":\"winlog.event_data.updateTitle\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.updateTitle.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.updateTitle\"}}},{\"name\":\"winlog.event_data.updateTitle.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.updateTitle\"}}},{\"name\":\"winlog.event_data.utcTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.utcTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.utcTime\"}}},{\"name\":\"winlog.event_data.utcTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.utcTime\"}}},{\"name\":\"winlog.event_data.virtualAccount\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.virtualAccount.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.virtualAccount\"}}},{\"name\":\"winlog.event_data.virtualAccount.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.virtualAccount\"}}},{\"name\":\"winlog.event_id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.keywords\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.keywords.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.keywords\"}}},{\"name\":\"winlog.keywords.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.keywords\"}}},{\"name\":\"winlog.level\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.level.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.level\"}}},{\"name\":\"winlog.level.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.level\"}}},{\"name\":\"winlog.message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.message\"}}},{\"name\":\"winlog.message.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.message\"}}},{\"name\":\"winlog.opcode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.opcode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.opcode\"}}},{\"name\":\"winlog.opcode.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.opcode\"}}},{\"name\":\"winlog.process.pid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.process.thread.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.processID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.processID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.processID\"}}},{\"name\":\"winlog.processID.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.processID\"}}},{\"name\":\"winlog.providerGuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.providerGuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.providerGuid\"}}},{\"name\":\"winlog.providerGuid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.providerGuid\"}}},{\"name\":\"winlog.providerName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.providerName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.providerName\"}}},{\"name\":\"winlog.providerName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.providerName\"}}},{\"name\":\"winlog.provider_guid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.provider_guid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.provider_guid\"}}},{\"name\":\"winlog.provider_guid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.provider_guid\"}}},{\"name\":\"winlog.provider_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.provider_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.provider_name\"}}},{\"name\":\"winlog.provider_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.provider_name\"}}},{\"name\":\"winlog.record_id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.severityValue\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.severityValue.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.severityValue\"}}},{\"name\":\"winlog.severityValue.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.severityValue\"}}},{\"name\":\"winlog.systemTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.systemTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.systemTime\"}}},{\"name\":\"winlog.systemTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.systemTime\"}}},{\"name\":\"winlog.task\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.task.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.task\"}}},{\"name\":\"winlog.task.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.task\"}}},{\"name\":\"winlog.threadID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.threadID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.threadID\"}}},{\"name\":\"winlog.threadID.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.threadID\"}}},{\"name\":\"winlog.user.domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user.domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user.domain\"}}},{\"name\":\"winlog.user.domain.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.user.domain\"}}},{\"name\":\"winlog.user.identifier\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user.identifier.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user.identifier\"}}},{\"name\":\"winlog.user.identifier.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.user.identifier\"}}},{\"name\":\"winlog.user.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user.name\"}}},{\"name\":\"winlog.user.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.user.name\"}}},{\"name\":\"winlog.user.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user.type\"}}},{\"name\":\"winlog.user.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.user.type\"}}},{\"name\":\"winlog.user_data.SubjectDomainName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user_data.SubjectDomainName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.SubjectDomainName\"}}},{\"name\":\"winlog.user_data.SubjectDomainName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.SubjectDomainName\"}}},{\"name\":\"winlog.user_data.SubjectLogonId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user_data.SubjectLogonId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.SubjectLogonId\"}}},{\"name\":\"winlog.user_data.SubjectLogonId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.SubjectLogonId\"}}},{\"name\":\"winlog.user_data.SubjectUserName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user_data.SubjectUserName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.SubjectUserName\"}}},{\"name\":\"winlog.user_data.SubjectUserName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.SubjectUserName\"}}},{\"name\":\"winlog.user_data.SubjectUserSid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user_data.SubjectUserSid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.SubjectUserSid\"}}},{\"name\":\"winlog.user_data.SubjectUserSid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.SubjectUserSid\"}}},{\"name\":\"winlog.user_data.xml_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user_data.xml_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.xml_name\"}}},{\"name\":\"winlog.user_data.xml_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.xml_name\"}}},{\"name\":\"winlog.version\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"x509.basic_constraints.ca\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"x509.certificate.curve\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.curve.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.curve\"}}},{\"name\":\"x509.certificate.curve.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.curve\"}}},{\"name\":\"x509.certificate.exponent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.exponent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.exponent\"}}},{\"name\":\"x509.certificate.exponent.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.exponent\"}}},{\"name\":\"x509.certificate.issuer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.issuer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.issuer\"}}},{\"name\":\"x509.certificate.issuer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.issuer\"}}},{\"name\":\"x509.certificate.key.algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.key.algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.key.algorithm\"}}},{\"name\":\"x509.certificate.key.algorithm.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.key.algorithm\"}}},{\"name\":\"x509.certificate.key.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"x509.certificate.key.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.key.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.key.type\"}}},{\"name\":\"x509.certificate.key.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.key.type\"}}},{\"name\":\"x509.certificate.not_valid_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.not_valid_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.not_valid_after\"}}},{\"name\":\"x509.certificate.not_valid_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.not_valid_after\"}}},{\"name\":\"x509.certificate.not_valid_before\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.not_valid_before.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.not_valid_before\"}}},{\"name\":\"x509.certificate.not_valid_before.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.not_valid_before\"}}},{\"name\":\"x509.certificate.serial\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.serial.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.serial\"}}},{\"name\":\"x509.certificate.serial.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.serial\"}}},{\"name\":\"x509.certificate.signing_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.signing_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.signing_algorithm\"}}},{\"name\":\"x509.certificate.signing_algorithm.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.signing_algorithm\"}}},{\"name\":\"x509.certificate.subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.subject\"}}},{\"name\":\"x509.certificate.subject.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.subject\"}}},{\"name\":\"x509.certificate.version\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"x509.san_dns\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.san_dns.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.san_dns\"}}},{\"name\":\"x509.san_dns.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.san_dns\"}}}]","timeFieldName":"@timestamp","title":"*:so-*"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"sort":[1688996741503,4288],"type":"index-pattern","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwMTUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Security Onion - Alert Data","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Home](/kibana/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645)     \\n \\n**Modules**    \\n[Playbook](/kibana/app/dashboards#/view/f449f0a0-c77c-11ea-bebb-37c5ab5894ea)  \\n[Suricata](/kibana/app/dashboards#/view/81057f40-7733-11ea-bee5-af7f7c7b8e05)    \\n\"},\"title\":\"Security Onion - Alert Data\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"30df00e0-7733-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"8.5.0"},"references":[],"sort":[1688996741503,4289],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwMTYsMV0="}
+{"attributes":{"columns":[],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.dataset:*alert\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Security Onion - Alerts","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"5c3effd0-72ae-11ea-8dd2-9d8795a1200b","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4291],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwMTcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Alerts - Count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Alerts - Count\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":40}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"931cb6f0-72ae-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"5c3effd0-72ae-11ea-8dd2-9d8795a1200b","name":"search_0","type":"search"}],"sort":[1688996741503,4293],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwMTgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Alerts Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Alerts Over Time\",\"type\":\"line\",\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"linear\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"b419b100-72ae-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"5c3effd0-72ae-11ea-8dd2-9d8795a1200b","name":"search_0","type":"search"}],"sort":[1688996741503,4295],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwMTksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security Onion - Rule - Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.module.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Module\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rule.name.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"title\":\"Security Onion - Rule - Name\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"508fb520-72af-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"5c3effd0-72ae-11ea-8dd2-9d8795a1200b","name":"search_0","type":"search"}],"sort":[1688996741503,4297],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwMjAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Rule - Severity","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"event.severity_label.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Severity\"}}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Security Onion - Rule - Severity\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"a37b9fa0-72b0-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4299],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwMjEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Rule - Category","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Rule - Category\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.category.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"f7e1d570-72ae-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"5c3effd0-72ae-11ea-8dd2-9d8795a1200b","name":"search_0","type":"search"}],"sort":[1688996741503,4301],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwMjIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Destination Ports","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Destination Ports\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"destination.port: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4303],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwMjMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:alert\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"Low & Medium Severity\",\"disabled\":true,\"key\":\"event.severity\",\"negate\":false,\"params\":{\"gte\":1,\"lt\":3},\"type\":\"range\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"range\":{\"event.severity\":{\"gte\":1,\"lt\":3}}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"High & Critical Severity\",\"disabled\":true,\"key\":\"event.severity\",\"negate\":false,\"params\":{\"gte\":3,\"lt\":5},\"type\":\"range\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"range\":{\"event.severity\":{\"gte\":3,\"lt\":5}}}}]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":10,\"h\":8,\"i\":\"c2ddba4b-b0a1-4204-b952-fdc8073dd3c6\"},\"panelIndex\":\"c2ddba4b-b0a1-4204-b952-fdc8073dd3c6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_c2ddba4b-b0a1-4204-b952-fdc8073dd3c6\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":10,\"y\":0,\"w\":13,\"h\":8,\"i\":\"5a22818d-a0f7-4b39-978f-bee1e4280a54\"},\"panelIndex\":\"5a22818d-a0f7-4b39-978f-bee1e4280a54\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5a22818d-a0f7-4b39-978f-bee1e4280a54\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":23,\"y\":0,\"w\":25,\"h\":8,\"i\":\"41a7c313-2dc3-4563-8545-a55f57af532c\"},\"panelIndex\":\"41a7c313-2dc3-4563-8545-a55f57af532c\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_41a7c313-2dc3-4563-8545-a55f57af532c\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":8,\"w\":29,\"h\":19,\"i\":\"7f00befc-4315-45d2-b686-fa99db9fb79c\"},\"panelIndex\":\"7f00befc-4315-45d2-b686-fa99db9fb79c\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7f00befc-4315-45d2-b686-fa99db9fb79c\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":29,\"y\":8,\"w\":19,\"h\":19,\"i\":\"1fa5c765-6991-4ece-a6a4-cdb6f2d35553\"},\"panelIndex\":\"1fa5c765-6991-4ece-a6a4-cdb6f2d35553\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1fa5c765-6991-4ece-a6a4-cdb6f2d35553\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":27,\"w\":19,\"h\":18,\"i\":\"eee74597-fa74-4bf6-9c71-429bfe4c3ecd\"},\"panelIndex\":\"eee74597-fa74-4bf6-9c71-429bfe4c3ecd\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_eee74597-fa74-4bf6-9c71-429bfe4c3ecd\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":19,\"y\":27,\"w\":10,\"h\":18,\"i\":\"fa0e8955-a837-400c-abcb-43394471b39d\"},\"panelIndex\":\"fa0e8955-a837-400c-abcb-43394471b39d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_fa0e8955-a837-400c-abcb-43394471b39d\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":29,\"y\":27,\"w\":10,\"h\":18,\"i\":\"b60abef8-9b1e-4bae-ac3f-d7eb5a230430\"},\"panelIndex\":\"b60abef8-9b1e-4bae-ac3f-d7eb5a230430\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b60abef8-9b1e-4bae-ac3f-d7eb5a230430\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":39,\"y\":27,\"w\":9,\"h\":18,\"i\":\"799598a4-39de-455d-bc39-409466b8b119\"},\"panelIndex\":\"799598a4-39de-455d-bc39-409466b8b119\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_799598a4-39de-455d-bc39-409466b8b119\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":45,\"w\":48,\"h\":29,\"i\":\"a801f4a1-b678-47f2-9602-9c46e65533ca\"},\"panelIndex\":\"a801f4a1-b678-47f2-9602-9c46e65533ca\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a801f4a1-b678-47f2-9602-9c46e65533ca\"}]","timeRestore":false,"title":"Security Onion - Alerts","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"0e4af1d0-72ae-11ea-8dd2-9d8795a1200b","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"30df00e0-7733-11ea-bee5-af7f7c7b8e05","name":"c2ddba4b-b0a1-4204-b952-fdc8073dd3c6:panel_c2ddba4b-b0a1-4204-b952-fdc8073dd3c6","type":"visualization"},{"id":"931cb6f0-72ae-11ea-8dd2-9d8795a1200b","name":"5a22818d-a0f7-4b39-978f-bee1e4280a54:panel_5a22818d-a0f7-4b39-978f-bee1e4280a54","type":"visualization"},{"id":"b419b100-72ae-11ea-8dd2-9d8795a1200b","name":"41a7c313-2dc3-4563-8545-a55f57af532c:panel_41a7c313-2dc3-4563-8545-a55f57af532c","type":"visualization"},{"id":"508fb520-72af-11ea-8dd2-9d8795a1200b","name":"7f00befc-4315-45d2-b686-fa99db9fb79c:panel_7f00befc-4315-45d2-b686-fa99db9fb79c","type":"visualization"},{"id":"a37b9fa0-72b0-11ea-8dd2-9d8795a1200b","name":"1fa5c765-6991-4ece-a6a4-cdb6f2d35553:panel_1fa5c765-6991-4ece-a6a4-cdb6f2d35553","type":"visualization"},{"id":"f7e1d570-72ae-11ea-8dd2-9d8795a1200b","name":"eee74597-fa74-4bf6-9c71-429bfe4c3ecd:panel_eee74597-fa74-4bf6-9c71-429bfe4c3ecd","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"fa0e8955-a837-400c-abcb-43394471b39d:panel_fa0e8955-a837-400c-abcb-43394471b39d","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"b60abef8-9b1e-4bae-ac3f-d7eb5a230430:panel_b60abef8-9b1e-4bae-ac3f-d7eb5a230430","type":"visualization"},{"id":"f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b","name":"799598a4-39de-455d-bc39-409466b8b119:panel_799598a4-39de-455d-bc39-409466b8b119","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"a801f4a1-b678-47f2-9602-9c46e65533ca:panel_a801f4a1-b678-47f2-9602-9c46e65533ca","type":"search"}],"sort":[1688996741503,4316],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwMjQsMV0="}
+{"attributes":{"columns":["event_type","source_ip","source_port","destination_ip","destination_port","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:sysmon\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Sysmon - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4318],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwMjUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Sysmon - Summary","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Sysmon - Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"image_path.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Image\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_hostname.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source Hostname\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_hostname.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Hostname\"}},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"0eb1fd80-6d70-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688996741503,4320],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwMjYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Kerberos Client","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Kerberos Client\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"kerberos.client.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"kerberos.client.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"0ecc7310-75bd-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4322],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwMjcsMV0="}
+{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"All Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"aa05e920-3433-11e7-8867-29a39c0f86b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4324],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwMjgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Sensors/Devices - Total Number of Logs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Sensors/Devices - Total Number of Logs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"syslog-host_from.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Sensor/Device\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"0f25aac0-3434-11e7-8867-29a39c0f86b2","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"aa05e920-3433-11e7-8867-29a39c0f86b2","name":"search_0","type":"search"}],"sort":[1688996741503,4326],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwMjksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SSH - Direction","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - SSH - Direction\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ssh.direction.keyword: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ssh.direction.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Direction\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"104a4a90-75eb-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4328],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwMzAsMV0="}
+{"attributes":{"columns":["source_ip","destination_ip","message_types","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"event_type:bro_dhcp\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"DHCP - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"ac1799d0-342d-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4330],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwMzEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DHCP - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DHCP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"1055ada0-3655-11e7-baa7-b7de4ee40605","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"ac1799d0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4332],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwMzIsMV0="}
+{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_dce_rpc\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"DCE/RPC - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4334],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwMzMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DCE/RPC - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DCE/RPC - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"10b8a610-3af3-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688996741503,4336],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwMzQsMV0="}
+{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_radius\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"RADIUS - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"75545310-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4338],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwMzUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RADIUS - MAC","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RADIUS - MAC\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mac.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MAC Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"10cd7190-3809-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"75545310-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4340],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwMzYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Source - Sum of Total Bytes ( Tile Map)","uiStateJSON":"{\"mapZoom\":3,\"mapCenter\":[39.70718665682654,-44.912109375]}","version":1,"visState":"{\"title\":\"Connections - Source - Sum of Total Bytes ( Tile Map)\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":0,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"total_bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"source_geo.location\",\"autoPrecision\":true,\"useGeocentroid\":true,\"precision\":2}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"1156b1e0-46c7-11e7-946f-1bfb1be7c36b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4342],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwMzcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Destination - Sum of Total Bytes ( Tile Map)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Connections - Destination - Sum of Total Bytes ( Tile Map)\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":0,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"total_bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.location\",\"autoPrecision\":true,\"useGeocentroid\":true,\"precision\":2}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"1342e630-4632-11e7-9903-85f789353078","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4344],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwMzgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DNS - Response Code Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dns.response.code_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Response Code Name\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"Security Onion - DNS - Response Code Name\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"13cda410-c770-11ea-bebb-37c5ab5894ea","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4346],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwMzksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Sysmon - Username","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Sysmon - Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"User\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"13ed0810-6d72-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688996741503,4348],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwNDAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Connection State","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Connections - Connection State\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"connection_state_description.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Connection State Description\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"13fe29c0-3b17-11e7-b871-5f76306b9694","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4350],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwNDEsMV0="}
+{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_rfb\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"RFB - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"8ba53710-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4352],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwNDIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Exclusive Session (Donut Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":true}}","version":1,"visState":"{\"title\":\"RFB - Exclusive Session (Donut Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"share_flag.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"14274040-371f-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4354],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwNDMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Agents","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Agents\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"agent.type.keyword: Descending\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"agent.version.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"agent.type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Agent\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"agent.version.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Version\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"14ed9540-6ed7-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4356],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwNDQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"X.509 - Certificate Key Length (Vertical Bar Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"X.509 - Certificate Key Length (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Key Length\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"certificate_key_length\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Key Length\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"150f7280-6e37-11e7-a8d6-ed2e692de531","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"f5038cc0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4358],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwNDUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Rule - Description","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Rule - Description\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.description.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"1563f380-7737-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4360],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwNDYsMV0="}
+{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query_string\":{\"query\":\"(event_type:bro_smb_mapping OR event_type:bro_smb_files)\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"SMB - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"19849f30-3aab-11e7-8b17-0d8709b02c80","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4362],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwNDcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMB - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMB - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"15b4e7a0-3aad-11e7-8b17-0d8709b02c80","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688996741503,4364],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwNDgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DHCP - Server Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DHCP - Server Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Server Address\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server.address.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server Address\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"15fa3b30-7375-11ea-a3da-cbdb4f8a90c0","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4366],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwNDksMV0="}
+{"attributes":{"fieldAttrs":"{}","fieldFormatMap":"{}","fields":"[]","name":"logs-osquery_manager.result*","runtimeFieldMap":"{}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"logs-osquery_manager.result*","typeMeta":"{}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:37:35.112Z","id":"170529c8-e406-407e-9ccb-7689b31c2dfa","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"sort":[1688996255112,2932],"type":"index-pattern","updated_at":"2023-07-10T13:37:35.112Z","version":"WzMyNDEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Modbus - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Modbus - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"178209e0-6e1b-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"52dc9fe0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4368],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwNTAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"RDP - Destination Port","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"RDP - Destination Port\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"19dfd180-371c-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4370],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwNTEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Notices - Destination Country","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Notices - Destination Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"1a879c90-4ca5-11e8-888d-71b91451cf05","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4372],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwNTIsMV0="}
+{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":\"event_type:ids\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"NIDS - Alerts","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4374],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwNTMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NIDS - Drilldown - Alert Title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"NIDS - Drilldown - Alert Title\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":false},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":12}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"top_hits\",\"schema\":\"metric\",\"params\":{\"field\":\"alert.keyword\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"1b3faca0-e064-11e9-8f0c-2ddbf5ed9290","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4376],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwNTQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Weird - Source IP Address","uiStateJSON":"{\"P-5\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"P-6\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Weird - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"1b837b00-364e-11e7-9dc3-d35061cb642d","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"e32d0d50-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4378],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwNTUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Total Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Total Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 seconds\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"1c2aeb50-365e-11e7-b896-5bdd6bfa1561","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"aa05e920-3433-11e7-8867-29a39c0f86b2","name":"search_0","type":"search"}],"sort":[1688996741503,4380],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwNTYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SMB - Service","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SMB - Service\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"smb.service.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"1c6567b0-75f0-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4382],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwNTcsMV0="}
+{"attributes":{"columns":["entry","entry_location","image_path","hostname","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:autoruns\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Autoruns - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"dd700830-6d69-11e7-ad64-15aa071374a6","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4384],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwNTgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Autoruns - Profile","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Autoruns - Profile\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"profile.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Profile\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"1cd6a970-6d79-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"dd700830-6d69-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688996741503,4386],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwNTksMV0="}
+{"attributes":{"columns":["alert_level","classification","description"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[{\"meta\":{\"negate\":false,\"key\":\"tags\",\"value\":\"alert\",\"disabled\":false,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"tags\":{\"query\":\"alert\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query_string\":{\"query\":\"event_type:ossec\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"OSSEC - Alerts","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"d9096bb0-342f-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1688996741503,4389],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwNjAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"OSSEC Alerts - User to Escalated User (Data Table)","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"OSSEC Alerts - User to Escalated User (Data Table)\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"User\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"escalated_user.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Escalated User\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"1de31b40-4a42-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d9096bb0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4391],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwNjEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNS - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"DNS - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 minutes\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"1ecdd2e0-34c0-11e7-9b32-bb903919ead9","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4393],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwNjIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SIP - Method (Horizontal Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SIP - Method (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"method.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Method\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"1ef5c230-6e24-11e7-a261-55504638cf3b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4395],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwNjMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - MySQL - Command/Argument","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - MySQL - Command/Argument\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"mysql.command.keyword: Descending\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"mysql.argument.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mysql.command.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Command\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mysql.argument.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Argument\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"1f306f60-75c0-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4397],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwNjQsMV0="}
+{"attributes":{"columns":["data_stream.dataset","user.email","onepassword.client.app_name","source.geo.country_iso_code"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlight\":{\"fields\":{\"*\":{}},\"fragment_size\":2147483647,\"post_tags\":[\"@/kibana-highlighted-field@\"],\"pre_tags\":[\"@kibana-highlighted-field@\"],\"require_field_match\":false},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"event.module:1password\"}}"},"sort":[["@timestamp","desc"]],"title":"1Password all events [1Password]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"1password-all-events","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-1password-default","name":"tag-ref-fleet-pkg-1password-default","type":"tag"}],"sort":[1688996741503,4401],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwNjUsMV0="}
+{"attributes":{"columns":["user.id","event.action","onepassword.object_type","onepassword.object_uuid","source.geo.country_iso_code"],"description":"","grid":{"columns":{"user.id":{"width":321.3333333333333}}},"hideChart":false,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlight\":{\"fields\":{\"*\":{}},\"fragment_size\":2147483647,\"post_tags\":[\"@/kibana-highlighted-field@\"],\"pre_tags\":[\"@kibana-highlighted-field@\"],\"require_field_match\":false},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:1password.audit_events\"}}"},"sort":[["@timestamp","desc"]],"title":"1Password audit events [1Password]"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"1password-audit-events","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-1password-default","name":"tag-ref-fleet-pkg-1password-default","type":"tag"}],"sort":[1688996741503,4405],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwNjYsMV0="}
+{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"useMargins\":true}","panelsJSON":"[{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":15,\"i\":\"a9a9a507-ae79-422c-ac05-2f4d9a2bb5e6\",\"w\":31,\"x\":0,\"y\":0},\"panelIndex\":\"a9a9a507-ae79-422c-ac05-2f4d9a2bb5e6\",\"panelRefName\":\"panel_a9a9a507-ae79-422c-ac05-2f4d9a2bb5e6\",\"type\":\"search\",\"version\":\"8.4.1\"},{\"version\":\"8.7.0\",\"type\":\"map\",\"gridData\":{\"h\":15,\"i\":\"5191f658-f717-49ec-9d3c-7c881c07a502\",\"w\":17,\"x\":31,\"y\":0},\"panelIndex\":\"5191f658-f717-49ec-9d3c-7c881c07a502\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"layerListJSON\":\"[{\\\"alpha\\\":1,\\\"id\\\":\\\"11a86591-809c-4c7b-9668-0d0cc31980c9\\\",\\\"label\\\":null,\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"sourceDescriptor\\\":{\\\"isAutoSelect\\\":true,\\\"type\\\":\\\"EMS_TMS\\\"},\\\"style\\\":{},\\\"type\\\":\\\"EMS_VECTOR_TILE\\\",\\\"visible\\\":true},{\\\"alpha\\\":0.75,\\\"id\\\":\\\"55025914-752d-4a12-88f4-c9fe89ddbb9d\\\",\\\"joins\\\":[],\\\"label\\\":\\\"Source Locations\\\",\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"query\\\":{\\\"language\\\":\\\"kuery\\\",\\\"query\\\":\\\"data_stream.dataset:1password.audit_events\\\"},\\\"sourceDescriptor\\\":{\\\"applyGlobalQuery\\\":true,\\\"filterByMapBounds\\\":true,\\\"geoField\\\":\\\"source.geo.location\\\",\\\"id\\\":\\\"ae93e398-4d52-4616-99c3-783c0f34d767\\\",\\\"indexPatternRefName\\\":\\\"layer_1_source_index_pattern\\\",\\\"scalingType\\\":\\\"LIMIT\\\",\\\"sortField\\\":\\\"\\\",\\\"sortOrder\\\":\\\"desc\\\",\\\"tooltipProperties\\\":[],\\\"topHitsSize\\\":1,\\\"type\\\":\\\"ES_SEARCH\\\"},\\\"style\\\":{\\\"isTimeAware\\\":true,\\\"properties\\\":{\\\"fillColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#54B399\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"icon\\\":{\\\"options\\\":{\\\"value\\\":\\\"marker\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"iconOrientation\\\":{\\\"options\\\":{\\\"orientation\\\":0},\\\"type\\\":\\\"STATIC\\\"},\\\"iconSize\\\":{\\\"options\\\":{\\\"size\\\":6},\\\"type\\\":\\\"STATIC\\\"},\\\"labelBorderColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#FFFFFF\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"labelBorderSize\\\":{\\\"options\\\":{\\\"size\\\":\\\"SMALL\\\"}},\\\"labelColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#000000\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"labelSize\\\":{\\\"options\\\":{\\\"size\\\":14},\\\"type\\\":\\\"STATIC\\\"},\\\"labelText\\\":{\\\"options\\\":{\\\"value\\\":\\\"\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"lineColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#41937c\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"lineWidth\\\":{\\\"options\\\":{\\\"size\\\":1},\\\"type\\\":\\\"STATIC\\\"},\\\"symbolizeAs\\\":{\\\"options\\\":{\\\"value\\\":\\\"circle\\\"}}},\\\"type\\\":\\\"VECTOR\\\"},\\\"type\\\":\\\"GEOJSON_VECTOR\\\",\\\"visible\\\":true}]\",\"mapStateJSON\":\"{\\\"center\\\":{\\\"lat\\\":0,\\\"lon\\\":156.44164},\\\"filters\\\":[],\\\"query\\\":{\\\"language\\\":\\\"kuery\\\",\\\"query\\\":\\\"\\\"},\\\"refreshConfig\\\":{\\\"interval\\\":0,\\\"isPaused\\\":true},\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false,\\\"backgroundColor\\\":\\\"#ffffff\\\",\\\"browserLocation\\\":{\\\"zoom\\\":2},\\\"customIcons\\\":[],\\\"disableInteractive\\\":false,\\\"disableTooltipControl\\\":false,\\\"fixedLocation\\\":{\\\"lat\\\":0,\\\"lon\\\":0,\\\"zoom\\\":2},\\\"hideLayerControl\\\":false,\\\"hideToolbarOverlay\\\":false,\\\"hideViewControl\\\":false,\\\"initialLocation\\\":\\\"LAST_SAVED_LOCATION\\\",\\\"keydownScrollZoom\\\":false,\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"showScaleControl\\\":false,\\\"showSpatialFilters\\\":true,\\\"showTimesliderToggleButton\\\":true,\\\"spatialFiltersAlpa\\\":0.3,\\\"spatialFiltersFillColor\\\":\\\"#DA8B45\\\",\\\"spatialFiltersLineColor\\\":\\\"#DA8B45\\\"},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-15M\\\",\\\"to\\\":\\\"now\\\"},\\\"zoom\\\":1.11}\",\"title\":\"Audit events Source Locations [1Password]\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[]}\"},\"enhancements\":{},\"hiddenLayers\":[],\"isLayerTOCOpen\":false,\"mapBuffer\":{\"maxLat\":85.05113,\"maxLon\":360,\"minLat\":-85.05113,\"minLon\":-360},\"mapCenter\":{\"lat\":54.23367,\"lon\":-72.77235,\"zoom\":0.5},\"openTOCDetails\":[],\"type\":\"map\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"7521b1b8-37a6-4890-a450-631bf653fb93\",\"w\":24,\"x\":0,\"y\":15},\"panelIndex\":\"7521b1b8-37a6-4890-a450-631bf653fb93\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extendToTimeRange\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"scaleMetricValues\":false,\"timeRange\":{\"from\":\"now-15M\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"used_interval\":\"1w\"},\"schema\":\"segment\",\"type\":\"date_histogram\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"detailedTooltip\":true,\"fittingFunction\":\"linear\",\"grid\":{\"categoryLines\":false},\"labels\":{},\"legendPosition\":\"right\",\"legendSize\":\"auto\",\"maxLegendLines\":1,\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"radiusRatio\":9,\"seriesParams\":[{\"circlesRadius\":3,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"truncateLegend\":true,\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"defaultYExtents\":true,\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}]},\"title\":\"Audit Events over time [1Password]\",\"type\":\"line\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"c76ab1dd-2177-4b19-8d0f-a44cd7280a79\",\"w\":24,\"x\":24,\"y\":15},\"panelIndex\":\"c76ab1dd-2177-4b19-8d0f-a44cd7280a79\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"User UUID\",\"excludeIsRegex\":true,\"field\":\"user.id\",\"includeIsRegex\":true,\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"autoFitRowToContent\":false,\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":false,\"showTotal\":false,\"totalFunc\":\"sum\"},\"title\":\"Audit Events hot users [1Password]\",\"type\":\"table\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"6785d29f-971b-445d-8997-dd97f302814d\",\"w\":24,\"x\":0,\"y\":26},\"panelIndex\":\"6785d29f-971b-445d-8997-dd97f302814d\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"\",\"emptyAsNull\":false},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Action\",\"excludeIsRegex\":true,\"field\":\"event.action\",\"includeIsRegex\":true,\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"autoFitRowToContent\":false,\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":false,\"showTotal\":false,\"totalFunc\":\"sum\"},\"title\":\"Audit Events hot actions [1Password]\",\"type\":\"table\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"60da356b-c843-4d41-8bf4-04e04ef77734\",\"w\":24,\"x\":24,\"y\":26},\"panelIndex\":\"60da356b-c843-4d41-8bf4-04e04ef77734\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"\",\"emptyAsNull\":false},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Object Type\",\"excludeIsRegex\":true,\"field\":\"onepassword.object_type\",\"includeIsRegex\":true,\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"autoFitRowToContent\":false,\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":false,\"showTotal\":false,\"totalFunc\":\"sum\"},\"title\":\"Audit Events hot object types [1Password]\",\"type\":\"table\",\"uiState\":{}},\"type\":\"visualization\"}}]","timeRestore":false,"title":"Audit Events [1Password]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"1password-audit-events-full-dashboard","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"1password-audit-events","name":"a9a9a507-ae79-422c-ac05-2f4d9a2bb5e6:panel_a9a9a507-ae79-422c-ac05-2f4d9a2bb5e6","type":"search"},{"id":"logs-*","name":"5191f658-f717-49ec-9d3c-7c881c07a502:layer_1_source_index_pattern","type":"index-pattern"},{"id":"1password-audit-events","name":"7521b1b8-37a6-4890-a450-631bf653fb93:search_0","type":"search"},{"id":"1password-audit-events","name":"c76ab1dd-2177-4b19-8d0f-a44cd7280a79:search_0","type":"search"},{"id":"1password-audit-events","name":"6785d29f-971b-445d-8997-dd97f302814d:search_0","type":"search"},{"id":"1password-audit-events","name":"60da356b-c843-4d41-8bf4-04e04ef77734:search_0","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-1password-default","name":"tag-ref-fleet-pkg-1password-default","type":"tag"}],"sort":[1688996741503,4414],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwNjcsMV0="}
+{"attributes":{"columns":["user.email","event.action","onepassword.vault_uuid","onepassword.item_uuid","source.geo.country_iso_code"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlight\":{\"fields\":{\"*\":{}},\"fragment_size\":2147483647,\"post_tags\":[\"@/kibana-highlighted-field@\"],\"pre_tags\":[\"@kibana-highlighted-field@\"],\"require_field_match\":false},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:1password.item_usages\"}}"},"sort":[["@timestamp","desc"]],"title":"1Password item usages [1Password]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"1password-item-usages","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-1password-default","name":"tag-ref-fleet-pkg-1password-default","type":"tag"}],"sort":[1688996741503,4418],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwNjgsMV0="}
+{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"useMargins\":true}","panelsJSON":"[{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":15,\"i\":\"33e47a7b-72d2-4721-818c-8df8d710c5ea\",\"w\":31,\"x\":0,\"y\":0},\"panelIndex\":\"33e47a7b-72d2-4721-818c-8df8d710c5ea\",\"panelRefName\":\"panel_33e47a7b-72d2-4721-818c-8df8d710c5ea\",\"type\":\"search\",\"version\":\"7.15.0-SNAPSHOT\"},{\"version\":\"8.7.0\",\"type\":\"map\",\"gridData\":{\"h\":15,\"i\":\"5270ad02-a029-4aab-a42a-b0b38988d36d\",\"w\":17,\"x\":31,\"y\":0},\"panelIndex\":\"5270ad02-a029-4aab-a42a-b0b38988d36d\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"layerListJSON\":\"[{\\\"alpha\\\":1,\\\"id\\\":\\\"11a86591-809c-4c7b-9668-0d0cc31980c9\\\",\\\"label\\\":null,\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"sourceDescriptor\\\":{\\\"isAutoSelect\\\":true,\\\"type\\\":\\\"EMS_TMS\\\",\\\"lightModeDefault\\\":\\\"road_map\\\"},\\\"style\\\":{},\\\"type\\\":\\\"EMS_VECTOR_TILE\\\",\\\"visible\\\":true},{\\\"alpha\\\":0.75,\\\"id\\\":\\\"55025914-752d-4a12-88f4-c9fe89ddbb9d\\\",\\\"joins\\\":[],\\\"label\\\":\\\"Source Locations\\\",\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"query\\\":{\\\"language\\\":\\\"kuery\\\",\\\"query\\\":\\\"data_stream.dataset:1password.item_usages\\\"},\\\"sourceDescriptor\\\":{\\\"applyGlobalQuery\\\":true,\\\"filterByMapBounds\\\":true,\\\"geoField\\\":\\\"source.geo.location\\\",\\\"id\\\":\\\"ae93e398-4d52-4616-99c3-783c0f34d767\\\",\\\"indexPatternRefName\\\":\\\"layer_1_source_index_pattern\\\",\\\"scalingType\\\":\\\"LIMIT\\\",\\\"sortField\\\":\\\"\\\",\\\"sortOrder\\\":\\\"desc\\\",\\\"tooltipProperties\\\":[],\\\"topHitsSize\\\":1,\\\"type\\\":\\\"ES_SEARCH\\\"},\\\"style\\\":{\\\"isTimeAware\\\":true,\\\"properties\\\":{\\\"fillColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#54B399\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"icon\\\":{\\\"options\\\":{\\\"value\\\":\\\"marker\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"iconOrientation\\\":{\\\"options\\\":{\\\"orientation\\\":0},\\\"type\\\":\\\"STATIC\\\"},\\\"iconSize\\\":{\\\"options\\\":{\\\"size\\\":6},\\\"type\\\":\\\"STATIC\\\"},\\\"labelBorderColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#FFFFFF\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"labelBorderSize\\\":{\\\"options\\\":{\\\"size\\\":\\\"SMALL\\\"}},\\\"labelColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#000000\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"labelSize\\\":{\\\"options\\\":{\\\"size\\\":14},\\\"type\\\":\\\"STATIC\\\"},\\\"labelText\\\":{\\\"options\\\":{\\\"value\\\":\\\"\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"lineColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#41937c\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"lineWidth\\\":{\\\"options\\\":{\\\"size\\\":1},\\\"type\\\":\\\"STATIC\\\"},\\\"symbolizeAs\\\":{\\\"options\\\":{\\\"value\\\":\\\"circle\\\"}}},\\\"type\\\":\\\"VECTOR\\\"},\\\"type\\\":\\\"GEOJSON_VECTOR\\\",\\\"visible\\\":true}]\",\"title\":\"Audit item usages Source Locations [1Password]\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[]}\"},\"enhancements\":{},\"hiddenLayers\":[],\"isLayerTOCOpen\":true,\"mapBuffer\":{\"maxLat\":85.05113,\"maxLon\":360,\"minLat\":-85.05113,\"minLon\":-360},\"mapCenter\":{\"lat\":19.94277,\"lon\":0,\"zoom\":0.5},\"openTOCDetails\":[],\"type\":\"map\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"1591a01e-b61e-4f3a-88d5-f825e39e60b6\",\"w\":24,\"x\":0,\"y\":15},\"panelIndex\":\"1591a01e-b61e-4f3a-88d5-f825e39e60b6\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"scaleMetricValues\":false,\"timeRange\":{\"from\":\"now-7d/d\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"used_interval\":\"3h\"},\"schema\":\"segment\",\"type\":\"date_histogram\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"detailedTooltip\":true,\"fittingFunction\":\"linear\",\"grid\":{\"categoryLines\":false},\"labels\":{},\"legendPosition\":\"right\",\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"radiusRatio\":9,\"seriesParams\":[{\"circlesRadius\":3,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"defaultYExtents\":true,\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"legendSize\":\"auto\"},\"title\":\"Item Usages over time [1Password]\",\"type\":\"line\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"3e1ea7df-1443-41c2-a4b4-45389042d2d4\",\"w\":24,\"x\":24,\"y\":15},\"panelIndex\":\"3e1ea7df-1443-41c2-a4b4-45389042d2d4\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"3\",\"params\":{\"aggregate\":\"concat\",\"customLabel\":\"Name\",\"field\":\"user.full_name\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"asc\"},\"schema\":\"metric\",\"type\":\"top_hits\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"aggregate\":\"concat\",\"customLabel\":\"Email\",\"field\":\"user.email\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"asc\"},\"schema\":\"metric\",\"type\":\"top_hits\"},{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"\"},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"User UUID\",\"field\":\"user.id\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":false,\"showTotal\":false,\"totalFunc\":\"sum\"},\"title\":\"Item Usages hot users [1Password]\",\"type\":\"table\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"36297d46-8bb5-476c-b772-479be5811393\",\"w\":24,\"x\":24,\"y\":26},\"panelIndex\":\"36297d46-8bb5-476c-b772-479be5811393\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"\"},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Last usage\",\"field\":\"@timestamp\"},\"schema\":\"metric\",\"type\":\"max\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Item UUID\",\"field\":\"onepassword.item_uuid\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":false,\"showTotal\":false,\"totalFunc\":\"sum\"},\"title\":\"Item Usages hot items [1Password]\",\"type\":\"table\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"d7f0be27-d6ed-4ef6-a217-3ee1837a7988\",\"w\":24,\"x\":0,\"y\":26},\"panelIndex\":\"d7f0be27-d6ed-4ef6-a217-3ee1837a7988\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"\"},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"aggregate\":\"concat\",\"customLabel\":\"Top Item UUID\",\"field\":\"onepassword.item_uuid\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\"},\"schema\":\"metric\",\"type\":\"top_hits\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Vault UUID\",\"field\":\"onepassword.vault_uuid\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":false,\"showTotal\":false,\"totalFunc\":\"sum\"},\"title\":\"Item Usages hot vaults [1Password]\",\"type\":\"table\",\"uiState\":{}},\"type\":\"visualization\"}}]","timeRestore":false,"title":"Item Usages [1Password]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"1password-item-usages-full-dashboard","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"1password-item-usages","name":"33e47a7b-72d2-4721-818c-8df8d710c5ea:panel_33e47a7b-72d2-4721-818c-8df8d710c5ea","type":"search"},{"id":"logs-*","name":"5270ad02-a029-4aab-a42a-b0b38988d36d:layer_1_source_index_pattern","type":"index-pattern"},{"id":"1password-item-usages","name":"1591a01e-b61e-4f3a-88d5-f825e39e60b6:search_0","type":"search"},{"id":"1password-item-usages","name":"3e1ea7df-1443-41c2-a4b4-45389042d2d4:search_0","type":"search"},{"id":"1password-item-usages","name":"36297d46-8bb5-476c-b772-479be5811393:search_0","type":"search"},{"id":"1password-item-usages","name":"d7f0be27-d6ed-4ef6-a217-3ee1837a7988:search_0","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-1password-default","name":"tag-ref-fleet-pkg-1password-default","type":"tag"}],"sort":[1688996741503,4427],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwNjksMV0="}
+{"attributes":{"columns":["user.email","event.action","onepassword.type","source.geo.country_iso_code"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlight\":{\"fields\":{\"*\":{}},\"fragment_size\":2147483647,\"post_tags\":[\"@/kibana-highlighted-field@\"],\"pre_tags\":[\"@kibana-highlighted-field@\"],\"require_field_match\":false},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:1password.signin_attempts\"}}"},"sort":[["@timestamp","desc"]],"title":"1Password sign-in attempts [1Password]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"1password-signin-attempts","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-1password-default","name":"tag-ref-fleet-pkg-1password-default","type":"tag"}],"sort":[1688996741503,4431],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwNzAsMV0="}
+{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"useMargins\":true}","panelsJSON":"[{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":15,\"i\":\"944e346e-36df-430b-9734-5d91da79bdc1\",\"w\":31,\"x\":0,\"y\":0},\"panelIndex\":\"944e346e-36df-430b-9734-5d91da79bdc1\",\"panelRefName\":\"panel_944e346e-36df-430b-9734-5d91da79bdc1\",\"type\":\"search\",\"version\":\"7.15.0-SNAPSHOT\"},{\"version\":\"8.7.0\",\"type\":\"map\",\"gridData\":{\"h\":15,\"i\":\"5a635dbb-4cb6-46f8-9d4c-dd12078b184f\",\"w\":17,\"x\":31,\"y\":0},\"panelIndex\":\"5a635dbb-4cb6-46f8-9d4c-dd12078b184f\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"layerListJSON\":\"[{\\\"alpha\\\":1,\\\"id\\\":\\\"db596930-2b43-4b31-b555-5bfb2ef9a3b3\\\",\\\"label\\\":null,\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"sourceDescriptor\\\":{\\\"isAutoSelect\\\":true,\\\"type\\\":\\\"EMS_TMS\\\",\\\"lightModeDefault\\\":\\\"road_map\\\"},\\\"style\\\":{},\\\"type\\\":\\\"EMS_VECTOR_TILE\\\",\\\"visible\\\":true},{\\\"alpha\\\":0.75,\\\"id\\\":\\\"a912dae9-61dd-4f45-96d4-15968e14aa79\\\",\\\"joins\\\":[],\\\"label\\\":\\\"Source Locations\\\",\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"query\\\":{\\\"language\\\":\\\"kuery\\\",\\\"query\\\":\\\"data_stream.dataset:1password.signin_attempts\\\"},\\\"sourceDescriptor\\\":{\\\"applyGlobalQuery\\\":true,\\\"filterByMapBounds\\\":true,\\\"geoField\\\":\\\"source.geo.location\\\",\\\"id\\\":\\\"98b57871-9ec7-49ce-b371-bd052adaf795\\\",\\\"indexPatternRefName\\\":\\\"layer_1_source_index_pattern\\\",\\\"scalingType\\\":\\\"LIMIT\\\",\\\"sortField\\\":\\\"\\\",\\\"sortOrder\\\":\\\"desc\\\",\\\"tooltipProperties\\\":[],\\\"topHitsSize\\\":1,\\\"type\\\":\\\"ES_SEARCH\\\"},\\\"style\\\":{\\\"isTimeAware\\\":true,\\\"properties\\\":{\\\"fillColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#54B399\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"icon\\\":{\\\"options\\\":{\\\"value\\\":\\\"marker\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"iconOrientation\\\":{\\\"options\\\":{\\\"orientation\\\":0},\\\"type\\\":\\\"STATIC\\\"},\\\"iconSize\\\":{\\\"options\\\":{\\\"size\\\":6},\\\"type\\\":\\\"STATIC\\\"},\\\"labelBorderColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#FFFFFF\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"labelBorderSize\\\":{\\\"options\\\":{\\\"size\\\":\\\"SMALL\\\"}},\\\"labelColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#000000\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"labelSize\\\":{\\\"options\\\":{\\\"size\\\":14},\\\"type\\\":\\\"STATIC\\\"},\\\"labelText\\\":{\\\"options\\\":{\\\"value\\\":\\\"\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"lineColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#41937c\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"lineWidth\\\":{\\\"options\\\":{\\\"size\\\":1},\\\"type\\\":\\\"STATIC\\\"},\\\"symbolizeAs\\\":{\\\"options\\\":{\\\"value\\\":\\\"circle\\\"}}},\\\"type\\\":\\\"VECTOR\\\"},\\\"type\\\":\\\"GEOJSON_VECTOR\\\",\\\"visible\\\":true}]\",\"title\":\"Audit sign-in attempts Source Locations [1Password]\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[]}\"},\"enhancements\":{},\"hiddenLayers\":[],\"isLayerTOCOpen\":false,\"mapBuffer\":{\"maxLat\":85.05113,\"maxLon\":360,\"minLat\":-85.05113,\"minLon\":-360},\"mapCenter\":{\"lat\":18.69679,\"lon\":-18.18807,\"zoom\":0.62},\"openTOCDetails\":[],\"type\":\"map\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"1249ea4b-cf49-4d87-8125-7f1dba37353f\",\"w\":11,\"x\":0,\"y\":15},\"panelIndex\":\"1249ea4b-cf49-4d87-8125-7f1dba37353f\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"filters\":[{\"input\":{\"language\":\"lucene\",\"query\":\"NOT event.action: (\\\"success\\\" \\\"firewall_reported_success\\\")\"},\"label\":\"Failed Sign-in attempts\"}]},\"schema\":\"group\",\"type\":\"filters\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"gauge\":{\"alignment\":\"automatic\",\"backStyle\":\"Full\",\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10},{\"from\":10,\"to\":30},{\"from\":30,\"to\":100}],\"extendRange\":true,\"gaugeColorMode\":\"Labels\",\"gaugeStyle\":\"Full\",\"gaugeType\":\"Arc\",\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"orientation\":\"vertical\",\"percentageMode\":false,\"scale\":{\"color\":\"rgba(105,112,125,0.2)\",\"labels\":false,\"show\":true},\"style\":{\"bgColor\":true,\"bgFill\":\"rgba(105,112,125,0.2)\",\"bgMask\":false,\"bgWidth\":0.9,\"fontSize\":60,\"mask\":false,\"maskBars\":50,\"subText\":\"\",\"width\":0.9},\"type\":\"meter\"},\"isDisplayWarning\":false,\"type\":\"gauge\"},\"title\":\"Sign-in Attempts unsuccessful gauge [1Password]\",\"type\":\"gauge\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"51433376-546a-492a-906e-9ca7f5d34f68\",\"w\":20,\"x\":11,\"y\":15},\"panelIndex\":\"51433376-546a-492a-906e-9ca7f5d34f68\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"scaleMetricValues\":false,\"timeRange\":{\"from\":\"now-7d/d\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"used_interval\":\"3h\"},\"schema\":\"segment\",\"type\":\"date_histogram\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"detailedTooltip\":true,\"fittingFunction\":\"linear\",\"grid\":{\"categoryLines\":false},\"labels\":{},\"legendPosition\":\"right\",\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"radiusRatio\":9,\"seriesParams\":[{\"circlesRadius\":3,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"defaultYExtents\":true,\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"legendSize\":\"auto\"},\"title\":\"Sign-in Attempts over time [1Password]\",\"type\":\"line\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"8f8ae43c-e8d4-4425-b418-224a7db57e86\",\"w\":17,\"x\":31,\"y\":15},\"panelIndex\":\"8f8ae43c-e8d4-4425-b418-224a7db57e86\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"scaleMetricValues\":false,\"timeRange\":{\"from\":\"now-7d/d\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"used_interval\":\"3h\"},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"event.action\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10},\"schema\":\"group\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"grid\":{\"categoryLines\":false},\"labels\":{},\"legendPosition\":\"right\",\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"radiusRatio\":9,\"seriesParams\":[{\"circlesRadius\":3,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"defaultYExtents\":true,\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"legendSize\":\"auto\"},\"title\":\"Sign-in Attempts categories over time [1Password]\",\"type\":\"line\",\"uiState\":{\"vis\":{\"colors\":{\"credentials_failed\":\"#e7664c\",\"firewall_failed\":\"#d36086\",\"firewall_reported_success\":\"#6092c0\",\"mfa_failed\":\"#9170b8\",\"modern_version_failed\":\"#d6bf57\",\"success\":\"#54b399\"}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"683d1c8e-bb0f-4048-8c15-e9dc3e40fcfd\",\"w\":48,\"x\":0,\"y\":24},\"panelIndex\":\"683d1c8e-bb0f-4048-8c15-e9dc3e40fcfd\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"3\",\"params\":{\"aggregate\":\"concat\",\"customLabel\":\"Name\",\"field\":\"user.full_name\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"asc\"},\"schema\":\"metric\",\"type\":\"top_hits\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"aggregate\":\"concat\",\"customLabel\":\"Email\",\"field\":\"user.email\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"asc\"},\"schema\":\"metric\",\"type\":\"top_hits\"},{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"\"},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Target User UUID\",\"field\":\"user.id\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":false,\"showTotal\":false,\"totalFunc\":\"sum\"},\"title\":\"Sign-in Attempts hot users [1Password]\",\"type\":\"table\",\"uiState\":{}},\"type\":\"visualization\"}}]","timeRestore":false,"title":"Sign-in Attempts [1Password]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"1password-signin-attempts-full-dashboard","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"1password-signin-attempts","name":"944e346e-36df-430b-9734-5d91da79bdc1:panel_944e346e-36df-430b-9734-5d91da79bdc1","type":"search"},{"id":"logs-*","name":"5a635dbb-4cb6-46f8-9d4c-dd12078b184f:layer_1_source_index_pattern","type":"index-pattern"},{"id":"1password-signin-attempts","name":"1249ea4b-cf49-4d87-8125-7f1dba37353f:search_0","type":"search"},{"id":"1password-signin-attempts","name":"51433376-546a-492a-906e-9ca7f5d34f68:search_0","type":"search"},{"id":"1password-signin-attempts","name":"8f8ae43c-e8d4-4425-b418-224a7db57e86:search_0","type":"search"},{"id":"1password-signin-attempts","name":"683d1c8e-bb0f-4048-8c15-e9dc3e40fcfd:search_0","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-1password-default","name":"tag-ref-fleet-pkg-1password-default","type":"tag"}],"sort":[1688996741503,4440],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwNzEsMV0="}
+{"attributes":{"columns":[],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Endgame","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"20c85b70-53aa-11ec-b3ef-6bcc33056a36","migrationVersion":{"search":"8.0.0"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4442],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwNzIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Modbus - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Modbus - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"20eabd60-380b-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"52dc9fe0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4444],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwNzMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DNP3 - FC Reply","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - DNP3 - FC Reply\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dnp3.fc_reply.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"FC Reply\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"214793c0-75b9-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4446],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwNzQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSL - Destination Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSL - Destination Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"21d090d0-365b-11e7-8bd0-1db2c55fb7a1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4448],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwNzUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DNS - Response Code (Name)","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNS - Response Code (Name)\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rcode_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Response Code (Name)\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"22f7de30-4949-11e8-9576-313be7c6b44b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4450],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwNzYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSL - Validation Status","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSL - Validation Status\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"validation_status.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Validation Status\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"23d22bd0-70b4-11e7-810e-2bafe9e41c10","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4452],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwNzcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"},"title":"Connections - Bytes and Duration","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Connections - Bytes and Duration\",\"type\":\"markdown\",\"params\":{\"markdown\":\"[Top Total Bytes](/kibana/app/dashboards#/view/a2ab0c40-3b0a-11e7-a6f9-5d3fe735ec2b)    \\n[Source - Originator Bytes](/kibana/app/dashboards#/view/68f738e0-46ca-11e7-946f-1bfb1be7c36b) | [Destination - Responder Bytes](/kibana/app/dashboards#/view/b65775e0-46cb-11e7-946f-1bfb1be7c36b)   \\n[Source - Sum of Total Bytes](/kibana/app/dashboards#/view/f042ad60-46c6-11e7-946f-1bfb1be7c36b) | [Destination - Sum of Total Bytes](/kibana/app/dashboards#/view/ccfcc540-4638-11e7-a82e-d97152153689)   \\n[Source - Top Connection Duration](/kibana/app/dashboards#/view/4e108070-46c7-11e7-946f-1bfb1be7c36b) | [Destination - Top Connection Duration](/kibana/app/dashboards#/view/ea211360-46c4-11e7-a82e-d97152153689)\",\"fontSize\":12,\"openLinksInNewTab\":false},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"25ce6eb0-463b-11e7-a82e-d97152153689","migrationVersion":{"visualization":"8.5.0"},"references":[],"sort":[1688996741503,4453],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwNzgsMV0="}
+{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_tunnels\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Tunnels - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"d26d5510-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4455],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwNzksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Tunnels - Destination Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Tunnels - Destination Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"26457730-3808-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d26d5510-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4457],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwODAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"RFB - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"265a04d0-3640-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4459],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwODEsMV0="}
+{"attributes":{"columns":["source_ip","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_syslog\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Syslog (Bro) - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"269ca380-76b4-11e7-8c3e-cfcdd8c95d87","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4461],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwODIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.category.keyword : \\\"process\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Endgame - Event.Cat:Process Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Endgame - Event.Cat:Process Log Count Over Time\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-24h\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"used_interval\":\"30m\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"}],\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{},\"style\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"},\"style\":{}}],\"seriesParams\":[{\"show\":true,\"type\":\"area\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true,\"circlesRadius\":3}],\"addTooltip\":true,\"detailedTooltip\":true,\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"addLegend\":true,\"legendPosition\":\"right\",\"fittingFunction\":\"linear\",\"times\":[],\"addTimeMarker\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"labels\":{},\"radiusRatio\":9,\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"legendSize\":\"auto\"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"269cd740-634c-11ec-864c-8b5450f97635","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1688996741503,4464],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwODMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SIP - Method","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SIP - Method\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"sip.method.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sip.method.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Method\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"272b8ab0-75ca-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4466],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwODQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Bro - Connections - Service By Destination Country","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Bro - Connections - Service By Destination Country\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"top\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"\",\"row\":false}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"service.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Service\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"277f3250-4161-11e7-8493-51634b0a4565","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4468],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwODUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RADIUS - Result","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - RADIUS - Result\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"radius.result.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Result\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"27ab8260-75c5-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4470],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwODYsMV0="}
+{"attributes":{"columns":["alert_level","classification","description"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query_string\":{\"query\":\"event_type:ossec\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"OSSEC - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"efba60c0-3642-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4472],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwODcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"OSSEC - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"OSSEC - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"2817b300-3643-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"efba60c0-3642-11e7-a6f7-4f44d7bf1c33","name":"search_0","type":"search"}],"sort":[1688996741503,4474],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwODgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - PE - Machine","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.machine.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Machine\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"Security Onion - PE - Machine\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"282bf2c0-c763-11ea-bebb-37c5ab5894ea","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4476],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwODksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - X.509 - Key Type (Donut)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"x509.certificate.key.type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"boolean\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"x509.basic_constraints.ca: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Security Onion - X.509 - Key Type (Donut)\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"2895c940-75ef-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4478],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwOTAsMV0="}
+{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"tags:http\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Security Onion - HTTP","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"9ee33aa0-6eb1-11ea-9266-1fd14ca6af34","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4480],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwOTEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - HTTP - Virtual Host","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - HTTP - Virtual Host\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"http.virtual_host.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Virtual Host\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"28bf2ef0-6eb7-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9ee33aa0-6eb1-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1688996741503,4482],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwOTIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Top Source IPs","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Connections - Top Source IPs\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":false,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source_ip\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"28c27f80-3b05-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4484],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwOTMsMV0="}
+{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","request_type","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_kerberos\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Kerberos - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"452daa10-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4486],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwOTQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Kerberos - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Kerberos - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"28d04080-3636-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4488],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwOTUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SSH - Client","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SSH - Client\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"CLient\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ssh.client.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"292b1db0-75ea-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4490],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwOTYsMV0="}
+{"attributes":{"columns":["file_ip","destination_ip","source","uid","fuid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event_type:bro_files\"}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Files - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"e929e8a0-342d-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4492],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwOTcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FIles - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"FIles - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"295d7ed0-3656-11e7-baa7-b7de4ee40605","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"e929e8a0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4494],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwOTgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Sysmon - Target Filename","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Sysmon - Target Filename\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"target_filename.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Filename\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"29611940-6d75-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688996741503,4496],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQwOTksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Source Country","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Connections - Source Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_geo.country_name.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"296823d0-366f-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4498],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxMDAsMV0="}
+{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_ntlm\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"NTLM - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4500],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxMDEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NTLM - Server Tree Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NTLM - Server Tree Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server_tree_name.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server Tree Name\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"2a054320-0edd-11e9-9846-59f545e7293f","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688996741503,4502],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxMDIsMV0="}
+{"attributes":{"columns":["action","reason","source_ip","source_port","destination_ip","destination_port","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:firewall\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Firewall - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"37c16940-6d6b-11e7-ad64-15aa071374a6","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4504],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxMDMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Firewall - Action/Reason (Vertical Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Firewall - Action/Reason (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"Action\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"action.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Action\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"reason.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Reason\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"2a1eb100-6d82-11e7-bcd4-0d514e0e7da1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"37c16940-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688996741503,4506],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxMDQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SNMP - Version","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SNMP - Version\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"top\",\"isDonut\":true,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"version.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"2a3ae810-36ba-11e7-9786-41a1d72e15ad","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"b12150a0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4508],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxMDUsMV0="}
+{"attributes":{"columns":["source_ip","destination_ip","destination_port","resp_fuids","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_http\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"HTTP - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"fad7d170-342d-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4510],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxMDYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HTTP - Referrer","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"HTTP - Referrer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"referrer.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"2a7c21d0-4165-11e7-9850-b78558d0ac17","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4512],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxMDcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Bro - Notices - Notice Types","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Bro - Notices - Notice Types\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"note.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Note\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"2a949080-4a3d-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4514],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxMDgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DHCP - Lease Time","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DHCP - Lease Time\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"dhcp.lease_time: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dhcp.lease_time\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Lease Time\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"2af5f980-96e2-11ea-814e-bb515e873c2c","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4516],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxMDksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSH - Client/Server","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSH - Client/Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"2bbdc020-6e34-11e7-9a19-a5996f8250c6","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c33e7600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4518],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxMTAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.category : \\\"registry\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Endgame - Registry Events","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Endgame - Registry Events\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.hostname\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":7,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"hostname\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"registry.key\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"registry key\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"registry.value\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"value\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"showToolbar\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"2cb579d0-64bd-11ec-864c-8b5450f97635","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1688996741503,4521],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxMTEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Kerberos - Request Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Kerberos - Request Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"kerberos.request_type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Request Type\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"2d73e460-75bd-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4523],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxMTIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Connections - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"2da139c0-34e7-11e7-9118-45bd317f0ca4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4525],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxMTMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SIP - Content Type (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SIP - Content Type (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"content_type.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"2db47070-3754-11e7-b74a-f5057991ccd2","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4527],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxMTQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - X.509 - Subject","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - X.509 - Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"x509.certificate.subject.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Subject\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"e3fb39a0-75ee-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4529],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxMTUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - X.509 - SAN DNS","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - X.509 - SAN DNS\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"x509.san_dns.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"x509.san_dns.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"SAN DNS\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"47f40770-75ef-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4531],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxMTYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - X.509 - Issuer","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - X.509 - Issuer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"x509.certificate.issuer.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"x509.certificate.issuer.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Issuer\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"b7334c00-75ee-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4533],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxMTcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - X509 - Key Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"x509.certificate.key.type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Key Type\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"Security Onion - X509 - Key Type\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"8d4a9990-c77c-11ea-bebb-37c5ab5894ea","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4535],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxMTgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:x509\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":8,\"i\":\"2d374b61-ac4b-4f89-aec2-254ab0a2e011\"},\"panelIndex\":\"2d374b61-ac4b-4f89-aec2-254ab0a2e011\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2d374b61-ac4b-4f89-aec2-254ab0a2e011\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":14,\"y\":0,\"w\":16,\"h\":8,\"i\":\"7372042e-3e70-4764-abb1-0c4c9288ff23\"},\"panelIndex\":\"7372042e-3e70-4764-abb1-0c4c9288ff23\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7372042e-3e70-4764-abb1-0c4c9288ff23\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":8,\"i\":\"eee8c3b6-66eb-4427-99ed-459c294599c7\"},\"panelIndex\":\"eee8c3b6-66eb-4427-99ed-459c294599c7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_eee8c3b6-66eb-4427-99ed-459c294599c7\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":8,\"w\":30,\"h\":22,\"i\":\"3c5d4fc3-bad7-435e-aadc-21de562b638d\"},\"panelIndex\":\"3c5d4fc3-bad7-435e-aadc-21de562b638d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3c5d4fc3-bad7-435e-aadc-21de562b638d\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":30,\"y\":8,\"w\":18,\"h\":22,\"i\":\"3fb3ec30-312a-45aa-93be-b8955615bf71\"},\"panelIndex\":\"3fb3ec30-312a-45aa-93be-b8955615bf71\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3fb3ec30-312a-45aa-93be-b8955615bf71\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":30,\"w\":30,\"h\":21,\"i\":\"0a395978-b95f-4bfc-82fa-737307cd8ebd\"},\"panelIndex\":\"0a395978-b95f-4bfc-82fa-737307cd8ebd\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0a395978-b95f-4bfc-82fa-737307cd8ebd\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":30,\"y\":30,\"w\":18,\"h\":21,\"i\":\"e6e39ec1-063a-4e34-a909-4f47397fa79b\"},\"panelIndex\":\"e6e39ec1-063a-4e34-a909-4f47397fa79b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e6e39ec1-063a-4e34-a909-4f47397fa79b\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":51,\"w\":48,\"h\":29,\"i\":\"3fa098f8-4a37-410e-a8f5-fd3667865c3f\"},\"panelIndex\":\"3fa098f8-4a37-410e-a8f5-fd3667865c3f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3fa098f8-4a37-410e-a8f5-fd3667865c3f\"}]","timeRestore":false,"title":"Security Onion - X509","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"2e0865f0-75ee-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"2d374b61-ac4b-4f89-aec2-254ab0a2e011:panel_2d374b61-ac4b-4f89-aec2-254ab0a2e011","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"7372042e-3e70-4764-abb1-0c4c9288ff23:panel_7372042e-3e70-4764-abb1-0c4c9288ff23","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"eee8c3b6-66eb-4427-99ed-459c294599c7:panel_eee8c3b6-66eb-4427-99ed-459c294599c7","type":"visualization"},{"id":"e3fb39a0-75ee-11ea-9565-7315f4ee5cac","name":"3c5d4fc3-bad7-435e-aadc-21de562b638d:panel_3c5d4fc3-bad7-435e-aadc-21de562b638d","type":"visualization"},{"id":"47f40770-75ef-11ea-9565-7315f4ee5cac","name":"3fb3ec30-312a-45aa-93be-b8955615bf71:panel_3fb3ec30-312a-45aa-93be-b8955615bf71","type":"visualization"},{"id":"b7334c00-75ee-11ea-9565-7315f4ee5cac","name":"0a395978-b95f-4bfc-82fa-737307cd8ebd:panel_0a395978-b95f-4bfc-82fa-737307cd8ebd","type":"visualization"},{"id":"8d4a9990-c77c-11ea-bebb-37c5ab5894ea","name":"e6e39ec1-063a-4e34-a909-4f47397fa79b:panel_e6e39ec1-063a-4e34-a909-4f47397fa79b","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"3fa098f8-4a37-410e-a8f5-fd3667865c3f:panel_3fa098f8-4a37-410e-a8f5-fd3667865c3f","type":"search"}],"sort":[1688996741503,4544],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxMTksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RDP - Cookie","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - RDP - Cookie\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rdp.cookie.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rdp.cookie.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Cookie\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"2e7363f0-75c6-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4546],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxMjAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Autoruns - Entry","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Autoruns - Entry\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"entry.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Entry\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"entry_location.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Entry Location\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"2ef9ccd0-6d7a-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"dd700830-6d69-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688996741503,4548],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxMjEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"osquery - Change Stats","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"osquery - Change Stats\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Changes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"osquery.hostIdentifier.keyword\",\"customLabel\":\"Endpoints\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"2f556c90-14e3-11e9-82f7-0da02d93a48b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"84116380-14e1-11e9-82f7-0da02d93a48b","name":"search_0","type":"search"}],"sort":[1688996741503,4550],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxMjIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Endgame - All Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Endgame - All Log Count Over Time\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-24h\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"used_interval\":\"30m\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"}],\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{},\"style\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"},\"style\":{}}],\"seriesParams\":[{\"show\":true,\"type\":\"area\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true,\"circlesRadius\":3}],\"addTooltip\":true,\"detailedTooltip\":true,\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"addLegend\":true,\"legendPosition\":\"right\",\"fittingFunction\":\"linear\",\"times\":[],\"addTimeMarker\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"labels\":{},\"radiusRatio\":9,\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"legendSize\":\"auto\"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"2f7966b0-53a4-11ec-b3ef-6bcc33056a36","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1688996741503,4553],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxMjMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:file\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - File - Analyzer","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - File - Analyzer\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"file.analyzer.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Analyzer\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"file.analyzer.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T14:59:18.935Z","id":"2fc4bea0-7730-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1689001158935,8610],"type":"visualization","updated_at":"2023-07-10T14:59:18.935Z","version":"WzQ5ODMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Intel - Seen (Donut Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":true}}","version":1,"visState":"{\"title\":\"Intel - Seen (Donut Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"seen_where.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Seen (Where)\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"3013af40-399b-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4557],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxMjUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Notices - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Notices - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"3027c4f0-34e4-11e7-9669-7f1d3242b798","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4559],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxMjYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"RADIUS - Authentication Result","uiStateJSON":"{\"vis\":{\"legendOpen\":true}}","version":1,"visState":"{\"title\":\"RADIUS - Authentication Result\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"result.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"30348db0-4a5b-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"75545310-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4561],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxMjcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMB - File/Path Summary","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"SMB - File/Path Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"path.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File Path\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"name.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"File Name\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"action.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Action\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"306c4330-4175-11e7-a0f7-47f4c03e3306","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688996741503,4563],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxMjgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Sysmon - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Sysmon - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_hostname.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Hostname\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"3072c750-6d71-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688996741503,4565],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxMjksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Security Onion - Navigation","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Navigation\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Home](/kibana/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645)     \\n \\n**Event Category**    \\n[Alert](/kibana/app/dashboards#/view/0e4af1d0-72ae-11ea-8dd2-9d8795a1200b) | \\n[File](/kibana/app/dashboards#/view/0245be10-6ec1-11ea-9266-1fd14ca6af34) |\\n[Host](/kibana/app/dashboards#/view/92e63cc0-6ec0-11ea-9266-1fd14ca6af34)  | [Network](/kibana/app/dashboards#/view/04ff3ef0-6ea4-11ea-9266-1fd14ca6af34) \"},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"8cfec8c0-6ec2-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[],"sort":[1688996741503,4566],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxMzAsMV0="}
+{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"*\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":9,\"h\":8,\"i\":\"c706b8e5-9d49-4700-a3ea-26e86ac3a4c4\"},\"panelIndex\":\"c706b8e5-9d49-4700-a3ea-26e86ac3a4c4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":9,\"y\":0,\"w\":16,\"h\":8,\"i\":\"77c5d557-83e4-40b9-9177-388db29d711d\"},\"panelIndex\":\"77c5d557-83e4-40b9-9177-388db29d711d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":25,\"y\":0,\"w\":23,\"h\":8,\"i\":\"f044ff9c-455a-4085-88c8-92e9ead2bba0\"},\"panelIndex\":\"f044ff9c-455a-4085-88c8-92e9ead2bba0\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":8,\"w\":9,\"h\":19,\"i\":\"54873f75-4452-4938-840d-3a2f50547a88\"},\"panelIndex\":\"54873f75-4452-4938-840d-3a2f50547a88\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":9,\"y\":8,\"w\":13,\"h\":19,\"i\":\"30749cb6-18ad-4069-b18d-5912086fff9c\"},\"panelIndex\":\"30749cb6-18ad-4069-b18d-5912086fff9c\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":22,\"y\":8,\"w\":13,\"h\":19,\"i\":\"7c498d50-d009-493a-a8c9-c91303ad5556\"},\"panelIndex\":\"7c498d50-d009-493a-a8c9-c91303ad5556\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":35,\"y\":8,\"w\":13,\"h\":19,\"i\":\"2f69e716-e6e9-4595-801d-8f59b7d2c574\"},\"panelIndex\":\"2f69e716-e6e9-4595-801d-8f59b7d2c574\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":31,\"i\":\"6ddfd0a2-337e-47d1-8d4c-bc386a4210af\"},\"panelIndex\":\"6ddfd0a2-337e-47d1-8d4c-bc386a4210af\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"Security Onion - Indicator","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"30d0ac90-729f-11ea-8dd2-9d8795a1200b","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"8cfec8c0-6ec2-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"d9eb5b30-6ea9-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"ad398b70-6e9a-11ea-9266-1fd14ca6af34","name":"panel_3","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_5","type":"visualization"},{"id":"f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_6","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_7","type":"search"}],"sort":[1688996741503,4575],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxMzEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - HTTP - Destination IPs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - HTTP - Destination IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Source IP\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"30e97190-6eb6-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9ee33aa0-6eb1-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1688996741503,4577],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxMzIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Weird - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Weird - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"312cd460-364e-11e7-9dc3-d35061cb642d","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"e32d0d50-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4579],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxMzMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RFB - Server Version","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - RFB - Server Version\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rfb.server_major_version.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rfb.server_major_version.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Major Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rfb.server_minor_version.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Minor Version\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"316e90a0-75c8-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4581],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxMzQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DHCP - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DHCP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"317f8410-3655-11e7-baa7-b7de4ee40605","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"ac1799d0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4583],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxMzUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMB - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMB - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"31f5e040-3aad-11e7-8b17-0d8709b02c80","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688996741503,4585],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxMzYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Security Onion - Host Data","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Home](/kibana/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645)     \\n \\n**Modules**    \\n[Osquery](/kibana/app/dashboards#/view/bf7cf8d0-7732-11ea-bee5-af7f7c7b8e05)    \\n[Sysmon](/kibana/app/dashboards#/view/32f01e80-c780-11ea-bebb-37c5ab5894ea)    \\n\"},\"title\":\"Security Onion - Host Data\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"df50eba0-6ec0-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[],"sort":[1688996741503,4586],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxMzcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Username","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Username\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"Security Onion - Username\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"767c89f0-af4c-11ea-b262-353d451b125b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4588],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxMzgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Host - Process CLI","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Host - Process CLI\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"process.command_line\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Command Line\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"process.command_line.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"758187b0-72bd-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4590],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxMzksMV0="}
+{"attributes":{"columns":["host.name","event.module","event.dataset","process.command_line","_id"],"description":"","grid":{},"hideChart":false,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.dataset:sysmon*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Security Onion - Sysmon Logs","usesAdHocDataView":false},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T16:54:16.655Z","id":"67e6ddf0-1f42-11ee-8fae-052318508911","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1689008056655,9823],"type":"search","updated_at":"2023-07-10T16:54:16.655Z","version":"WzY4OTMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset:sysmon*\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":7,\"h\":7,\"i\":\"7f9eaa30-b358-4027-a312-249defe273c4\"},\"panelIndex\":\"7f9eaa30-b358-4027-a312-249defe273c4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7f9eaa30-b358-4027-a312-249defe273c4\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":7,\"y\":0,\"w\":17,\"h\":7,\"i\":\"ca041a33-b29f-4ce6-8762-2dd86a9c27a2\"},\"panelIndex\":\"ca041a33-b29f-4ce6-8762-2dd86a9c27a2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_ca041a33-b29f-4ce6-8762-2dd86a9c27a2\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":7,\"i\":\"4e6cdaec-ad6d-46b2-abdc-7383382635c7\"},\"panelIndex\":\"4e6cdaec-ad6d-46b2-abdc-7383382635c7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4e6cdaec-ad6d-46b2-abdc-7383382635c7\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":7,\"w\":12,\"h\":16,\"i\":\"a49b6a25-fbb1-45bb-9585-c6ade0fced1f\"},\"panelIndex\":\"a49b6a25-fbb1-45bb-9585-c6ade0fced1f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a49b6a25-fbb1-45bb-9585-c6ade0fced1f\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":7,\"w\":12,\"h\":16,\"i\":\"0172c75f-b90b-4bd6-852f-0852a2ace598\"},\"panelIndex\":\"0172c75f-b90b-4bd6-852f-0852a2ace598\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0172c75f-b90b-4bd6-852f-0852a2ace598\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":7,\"w\":24,\"h\":16,\"i\":\"1d246882-3945-4a7e-b602-15ccf3f09310\"},\"panelIndex\":\"1d246882-3945-4a7e-b602-15ccf3f09310\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}},\"enhancements\":{}},\"panelRefName\":\"panel_1d246882-3945-4a7e-b602-15ccf3f09310\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":23,\"w\":48,\"h\":32,\"i\":\"80839f3d-5ac5-487f-8495-f67e306cacdb\"},\"panelIndex\":\"80839f3d-5ac5-487f-8495-f67e306cacdb\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_80839f3d-5ac5-487f-8495-f67e306cacdb\"}]","timeRestore":false,"title":"Security Onion - Sysmon","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T16:55:06.903Z","id":"32f01e80-c780-11ea-bebb-37c5ab5894ea","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"df50eba0-6ec0-11ea-9266-1fd14ca6af34","name":"7f9eaa30-b358-4027-a312-249defe273c4:panel_7f9eaa30-b358-4027-a312-249defe273c4","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"ca041a33-b29f-4ce6-8762-2dd86a9c27a2:panel_ca041a33-b29f-4ce6-8762-2dd86a9c27a2","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"4e6cdaec-ad6d-46b2-abdc-7383382635c7:panel_4e6cdaec-ad6d-46b2-abdc-7383382635c7","type":"visualization"},{"id":"ad398b70-6e9a-11ea-9266-1fd14ca6af34","name":"a49b6a25-fbb1-45bb-9585-c6ade0fced1f:panel_a49b6a25-fbb1-45bb-9585-c6ade0fced1f","type":"visualization"},{"id":"767c89f0-af4c-11ea-b262-353d451b125b","name":"0172c75f-b90b-4bd6-852f-0852a2ace598:panel_0172c75f-b90b-4bd6-852f-0852a2ace598","type":"visualization"},{"id":"758187b0-72bd-11ea-8dd2-9d8795a1200b","name":"1d246882-3945-4a7e-b602-15ccf3f09310:panel_1d246882-3945-4a7e-b602-15ccf3f09310","type":"visualization"},{"id":"67e6ddf0-1f42-11ee-8fae-052318508911","name":"80839f3d-5ac5-487f-8495-f67e306cacdb:panel_80839f3d-5ac5-487f-8495-f67e306cacdb","type":"search"}],"sort":[1689008106903,9877],"type":"dashboard","updated_at":"2023-07-10T16:55:06.903Z","version":"WzY5MTMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DNS - Query Type Name (Donut)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - DNS - Query Type Name (Donut)\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"dns.query.type_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"336dbde0-88aa-11eb-9841-852c8cc8a2e8","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4602],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxNDIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Tunnels - Action (Horizontal Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Tunnels - Action (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":false,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"action.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Action\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"33b39a60-6e35-11e7-9a19-a5996f8250c6","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d26d5510-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4604],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxNDMsMV0="}
+{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_irc\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"IRC - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"344c6010-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4606],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxNDQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Bro - Syslog - Severity (Horizontal Bar Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false},\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}","version":1,"visState":"{\"title\":\"Bro - Syslog - Severity (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":false,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{\"text\":\"Severity\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":false,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"severity.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Severity\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"346e5c30-76b7-11e7-94e1-3d2ec4e57ed9","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"269ca380-76b4-11e7-8c3e-cfcdd8c95d87","name":"search_0","type":"search"}],"sort":[1688996741503,4608],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxNDUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SMB - Share Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SMB - Share Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"smb.share_type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"34762420-75f0-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4610],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxNDYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Intel - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Intel - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"361d0bd0-35b7-11e7-a994-c528746bc6e8","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4612],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxNDcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DHCP - Message Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dhcp.message_types.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Message Type\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"Security Onion - DHCP - Message Type\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"36200e40-c76b-11ea-bebb-37c5ab5894ea","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4614],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxNDgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"osquery - Changes by Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"osquery - Changes by Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Count\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"osquery.name.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Change Type\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"369e16e0-14e4-11e9-82f7-0da02d93a48b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"84116380-14e1-11e9-82f7-0da02d93a48b","name":"search_0","type":"search"}],"sort":[1688996741503,4616],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxNDksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NTLM - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"NTLM - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per minute\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"36f23eb0-3ab0-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688996741503,4618],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxNTAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSL - Certificate Subject","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSL - Certificate Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"certificate_subject.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Subject\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"3753e110-365a-11e7-bf60-314364dd1cde","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4620],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxNTEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HTTP - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"HTTP - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"37f19e40-34c6-11e7-8360-0b86c90983fd","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4622],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxNTIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - IRC - Command Info","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - IRC - Command Info\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"irc.command.info.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"irc.command.info.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Command Info\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"db279540-75bb-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4624],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxNTMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - User Command Overview","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - User Command Overview\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"irc.nickname.keyword: Descending\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Command Type\",\"aggType\":\"terms\"},{\"accessor\":4,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"irc.username.keyword: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"irc.username.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"irc.nickname.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"irc.command.type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Command Type\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"f7ee5fb0-75bb-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4626],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxNTQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:irc\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"2d2b4444-14c0-4812-a22e-ca6d509a0c7f\"},\"panelIndex\":\"2d2b4444-14c0-4812-a22e-ca6d509a0c7f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2d2b4444-14c0-4812-a22e-ca6d509a0c7f\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":13,\"y\":0,\"w\":16,\"h\":8,\"i\":\"0035e7f6-2c85-494d-88aa-0f6ebc21f6c8\"},\"panelIndex\":\"0035e7f6-2c85-494d-88aa-0f6ebc21f6c8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0035e7f6-2c85-494d-88aa-0f6ebc21f6c8\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":8,\"i\":\"147c5d40-556b-4b41-a1bb-ed0976fae0c8\"},\"panelIndex\":\"147c5d40-556b-4b41-a1bb-ed0976fae0c8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_147c5d40-556b-4b41-a1bb-ed0976fae0c8\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":8,\"w\":8,\"h\":19,\"i\":\"9a9084a5-0f74-4bdd-befd-b9bece56ea53\"},\"panelIndex\":\"9a9084a5-0f74-4bdd-befd-b9bece56ea53\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9a9084a5-0f74-4bdd-befd-b9bece56ea53\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":8,\"y\":8,\"w\":9,\"h\":19,\"i\":\"9ffba622-36f6-4343-b0a3-1c59e3f6d297\"},\"panelIndex\":\"9ffba622-36f6-4343-b0a3-1c59e3f6d297\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9ffba622-36f6-4343-b0a3-1c59e3f6d297\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":17,\"y\":8,\"w\":15,\"h\":19,\"i\":\"f0f0af04-4f81-437a-ada5-173a1ef8bd11\"},\"panelIndex\":\"f0f0af04-4f81-437a-ada5-173a1ef8bd11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f0f0af04-4f81-437a-ada5-173a1ef8bd11\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":32,\"y\":8,\"w\":16,\"h\":19,\"i\":\"3dab7339-3266-4127-86f3-eef2108d5dbf\"},\"panelIndex\":\"3dab7339-3266-4127-86f3-eef2108d5dbf\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3dab7339-3266-4127-86f3-eef2108d5dbf\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":27,\"w\":47,\"h\":29,\"i\":\"f5bae4c6-d940-4a76-ba9c-3d5c5ab6849e\"},\"panelIndex\":\"f5bae4c6-d940-4a76-ba9c-3d5c5ab6849e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f5bae4c6-d940-4a76-ba9c-3d5c5ab6849e\"}]","timeRestore":false,"title":"Security Onion - IRC","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"38523560-75ba-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"2d2b4444-14c0-4812-a22e-ca6d509a0c7f:panel_2d2b4444-14c0-4812-a22e-ca6d509a0c7f","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"0035e7f6-2c85-494d-88aa-0f6ebc21f6c8:panel_0035e7f6-2c85-494d-88aa-0f6ebc21f6c8","type":"visualization"},{"id":"c879ad60-72a1-11ea-8dd2-9d8795a1200b","name":"147c5d40-556b-4b41-a1bb-ed0976fae0c8:panel_147c5d40-556b-4b41-a1bb-ed0976fae0c8","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"9a9084a5-0f74-4bdd-befd-b9bece56ea53:panel_9a9084a5-0f74-4bdd-befd-b9bece56ea53","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"9ffba622-36f6-4343-b0a3-1c59e3f6d297:panel_9ffba622-36f6-4343-b0a3-1c59e3f6d297","type":"visualization"},{"id":"db279540-75bb-11ea-9565-7315f4ee5cac","name":"f0f0af04-4f81-437a-ada5-173a1ef8bd11:panel_f0f0af04-4f81-437a-ada5-173a1ef8bd11","type":"visualization"},{"id":"f7ee5fb0-75bb-11ea-9565-7315f4ee5cac","name":"3dab7339-3266-4127-86f3-eef2108d5dbf:panel_3dab7339-3266-4127-86f3-eef2108d5dbf","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"f5bae4c6-d940-4a76-ba9c-3d5c5ab6849e:panel_f5bae4c6-d940-4a76-ba9c-3d5c5ab6849e","type":"search"}],"sort":[1688996741503,4635],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxNTUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"NIDS - Alert Summary - Drilldown","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NIDS - Alert Summary - Drilldown\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP Address\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"3a1b54b0-e061-11e9-8f0c-2ddbf5ed9290","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4637],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxNTYsMV0="}
+{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"tags:_grokparsefailure OR tags:_csvparsefailure OR tags:_rubyexception\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Errors","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"ef487fd0-46cf-11e7-ba56-317a6969f55c","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4639],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxNTcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Logstash - Error Type (Donut Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Logstash - Error Type (Donut Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tags.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"exclude\":\"\",\"include\":\"_csvparsefailure|_grokparsefailure|_rubyexception\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"event_type.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"3a273780-46d0-11e7-946f-1bfb1be7c36b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"ef487fd0-46cf-11e7-ba56-317a6969f55c","name":"search_0","type":"search"}],"sort":[1688996741503,4641],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxNTgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Endgame - All Log Count Over Time Stacked Bar Graph","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Endgame - All Log Count Over Time Stacked Bar Graph\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-24h\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"used_interval\":\"30m\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"group\"}],\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{},\"style\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"},\"style\":{}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true,\"circlesRadius\":3}],\"addTooltip\":true,\"detailedTooltip\":true,\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"addLegend\":true,\"legendPosition\":\"right\",\"fittingFunction\":\"linear\",\"times\":[],\"addTimeMarker\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"labels\":{},\"radiusRatio\":9,\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"row\":true,\"legendSize\":\"auto\"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"3ae34620-6258-11ec-864c-8b5450f97635","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1688996741503,4644],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxNTksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - MySQL - Response","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - MySQL - Response\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"mysql.response.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T15:49:03.413Z","id":"3af496e0-75c0-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1689004143413,8667],"type":"visualization","updated_at":"2023-07-10T15:49:03.413Z","version":"WzU3MDYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Endgame - Hosts","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Endgame - Hosts\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"showToolbar\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"3b50b220-53ab-11ec-b3ef-6bcc33056a36","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4648],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxNjEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}"},"savedSearchRefName":"search_0","title":"Sysmon - Image","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"Sysmon - Image\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"image_path.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"None\",\"exclude\":\"\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Image\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"parent_image_path.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"None\",\"exclude\":\"\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Parent Image\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"3b6c92c0-6d72-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688996741503,4650],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxNjIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Syslog - Priority (Vertical bar Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Syslog - Priority (Vertical bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Priority\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"syslog-priority.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Priority\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"3bf1fdc0-76e6-11e7-ab14-e1a4c1bc11e0","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"5a86ffe0-76e3-11e7-ab14-e1a4c1bc11e0","name":"search_0","type":"search"}],"sort":[1688996741503,4652],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxNjMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"IRC - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"IRC - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"3c073d20-6e17-11e7-8624-1fb07dd76c6a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"344c6010-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4654],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxNjQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Modbus - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Modbus - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"3c65f500-380b-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"52dc9fe0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4656],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxNjUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Tunnels - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Tunnels - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"3cdf2400-3808-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d26d5510-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4658],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxNjYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - File - Source","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - File - Source\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"file.action.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.source.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"3e6037d0-75f2-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4660],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxNjcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"NIDS - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NIDS - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"3f040620-4a44-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4662],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxNjgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Kerberos - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Kerberos - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"3f34faa0-3636-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4664],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxNjksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"HTTP - Destination Port (Vertical Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"HTTP - Destination Port (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":75,\"filter\":true},\"title\":{\"text\":\"Port\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"3f4abb40-6e0a-11e7-84cc-b363f104b3c7","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4666],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxNzAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Agent - Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Agent - Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"agent.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"407784f0-7738-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4668],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxNzEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Connections - Top 10 - Total Bytes By Source IP","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Connections - Top 10 - Total Bytes By Source IP\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100,\"filter\":true},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Source IP Address\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"left\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\",\"circlesRadius\":1}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"total_bytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"source_ip\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source_ip\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP Address\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"41a33c80-3b0d-11e7-a6f9-5d3fe735ec2b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4670],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxNzIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"X.509 - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"X.509 - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"41bee360-3642-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"f5038cc0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4672],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxNzMsMV0="}
+{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query_string\":{\"query\":\"event_type:bro_dns AND _exists_:creation_date AND creation_date:[now-3M TO now]\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"DNS - Domains with creation date < 3 months","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"fce833e0-6f12-11e7-86c8-a1b6db3b051a","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4674],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxNzQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNS - Baby Domain Requests","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNS - Baby Domain Requests\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"highest_registered_domain.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Domain\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"creation_date\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"_term\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"41ec0ca0-6f13-11e7-86c8-a1b6db3b051a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fce833e0-6f12-11e7-86c8-a1b6db3b051a","name":"search_0","type":"search"}],"sort":[1688996741503,4676],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxNzUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SNMP - Community String","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SNMP - Community String\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"snmp.community.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"snmp.community.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Community String\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"424ace90-75e9-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4678],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxNzYsMV0="}
+{"attributes":{"columns":[],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.category\",\"params\":{\"query\":\"process\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"event.category\":\"process\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Endgame - Process Search","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"424d7a60-6f0b-11ec-864c-8b5450f97635","migrationVersion":{"search":"8.0.0"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1688996741503,4681],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxNzcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DCE/RPC - Summary","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DCE/RPC - Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"endpoint.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Endpoint\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"operation.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Operation\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"named_pipe.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Named Pipe\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"42b17660-4a47-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688996741503,4683],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxNzgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Tunnels - Type (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Tunnels - Type (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tunnel_type.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"43b2b040-3807-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d26d5510-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4685],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxNzksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"X.509 - Certificate Key Algorithm (Horizontal Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"X.509 - Certificate Key Algorithm (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"certificate_key_algorithm.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Algorithm\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"446e85c0-6e37-11e7-a8d6-ed2e692de531","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"f5038cc0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4687],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxODAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"OSSEC Alerts - Process and Username (Data Table)","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"OSSEC Alerts - Process and Username (Data Table)\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"process.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Process\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"447bd2f0-4a43-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d9096bb0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4689],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxODEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Least Common HTTP Methods","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Least Common HTTP Methods\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":13,\"maxFontSize\":39,\"showLabel\":false,\"metric\":{\"type\":\"vis_dimension\",\"accessor\":1,\"format\":{\"id\":\"string\",\"params\":{}}},\"bucket\":{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.method.keyword\",\"orderBy\":\"1\",\"order\":\"asc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"6411e5b0-6eb2-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9ee33aa0-6eb1-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1688996741503,4691],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxODIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - HTTP - Source IPs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - HTTP - Source IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Destination IP\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"6d0fb2b0-6eb6-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9ee33aa0-6eb1-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1688996741503,4693],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxODMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - HTTP - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - HTTP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"destination.port: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"51ad64d0-6eb7-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9ee33aa0-6eb1-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1688996741503,4695],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxODQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - HTTP - UserAgent","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - HTTP - UserAgent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"http.useragent.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"UserAgent\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"c2f93f40-6ed7-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9ee33aa0-6eb1-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1688996741503,4697],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxODUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - HTTP - URI","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - HTTP - URI\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"http.uri.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"http.uri.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"URI\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"f22e8660-6eb6-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9ee33aa0-6eb1-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1688996741503,4699],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxODYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:http\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":9,\"i\":\"6e3caf86-a1ea-4363-9c73-205de5f43ba9\"},\"panelIndex\":\"6e3caf86-a1ea-4363-9c73-205de5f43ba9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6e3caf86-a1ea-4363-9c73-205de5f43ba9\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":14,\"y\":0,\"w\":16,\"h\":9,\"i\":\"0b0546ef-637b-4a40-b87b-a454b78cc810\"},\"panelIndex\":\"0b0546ef-637b-4a40-b87b-a454b78cc810\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0b0546ef-637b-4a40-b87b-a454b78cc810\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":9,\"i\":\"9c49b93a-5b5d-4613-8342-c01c69970bce\"},\"panelIndex\":\"9c49b93a-5b5d-4613-8342-c01c69970bce\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9c49b93a-5b5d-4613-8342-c01c69970bce\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":8,\"h\":18,\"i\":\"15d7c88b-1619-4290-8968-fa2adfddd72f\"},\"panelIndex\":\"15d7c88b-1619-4290-8968-fa2adfddd72f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_15d7c88b-1619-4290-8968-fa2adfddd72f\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":8,\"y\":9,\"w\":8,\"h\":18,\"i\":\"d1219968-6b7f-4040-9c75-0611b9cbf8a0\"},\"panelIndex\":\"d1219968-6b7f-4040-9c75-0611b9cbf8a0\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_d1219968-6b7f-4040-9c75-0611b9cbf8a0\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":16,\"y\":9,\"w\":9,\"h\":18,\"i\":\"377e3099-7aec-474c-9201-2f1845c58d24\"},\"panelIndex\":\"377e3099-7aec-474c-9201-2f1845c58d24\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_377e3099-7aec-474c-9201-2f1845c58d24\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":25,\"y\":9,\"w\":23,\"h\":18,\"i\":\"1b444602-2f1c-4c32-85fc-1e5f46235303\"},\"panelIndex\":\"1b444602-2f1c-4c32-85fc-1e5f46235303\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1b444602-2f1c-4c32-85fc-1e5f46235303\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":27,\"w\":11,\"h\":18,\"i\":\"9b1df72c-b6fd-4abd-a961-32176c26cc3d\"},\"panelIndex\":\"9b1df72c-b6fd-4abd-a961-32176c26cc3d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9b1df72c-b6fd-4abd-a961-32176c26cc3d\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":11,\"y\":27,\"w\":10,\"h\":18,\"i\":\"52c3ab70-9b8d-4c26-953d-f1a943fdff38\"},\"panelIndex\":\"52c3ab70-9b8d-4c26-953d-f1a943fdff38\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_52c3ab70-9b8d-4c26-953d-f1a943fdff38\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":21,\"y\":27,\"w\":27,\"h\":18,\"i\":\"ea97cb71-fbb6-46ae-bb4a-4d01c3a6edb2\"},\"panelIndex\":\"ea97cb71-fbb6-46ae-bb4a-4d01c3a6edb2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_ea97cb71-fbb6-46ae-bb4a-4d01c3a6edb2\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":45,\"w\":48,\"h\":29,\"i\":\"17d41692-eb81-4c13-aaa3-2a4bccc125df\"},\"panelIndex\":\"17d41692-eb81-4c13-aaa3-2a4bccc125df\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_17d41692-eb81-4c13-aaa3-2a4bccc125df\"}]","timeRestore":false,"title":"Security Onion - HTTP","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"44e9c820-6eb1-11ea-9266-1fd14ca6af34","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"6e3caf86-a1ea-4363-9c73-205de5f43ba9:panel_6e3caf86-a1ea-4363-9c73-205de5f43ba9","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"0b0546ef-637b-4a40-b87b-a454b78cc810:panel_0b0546ef-637b-4a40-b87b-a454b78cc810","type":"visualization"},{"id":"6411e5b0-6eb2-11ea-9266-1fd14ca6af34","name":"9c49b93a-5b5d-4613-8342-c01c69970bce:panel_9c49b93a-5b5d-4613-8342-c01c69970bce","type":"visualization"},{"id":"6d0fb2b0-6eb6-11ea-9266-1fd14ca6af34","name":"15d7c88b-1619-4290-8968-fa2adfddd72f:panel_15d7c88b-1619-4290-8968-fa2adfddd72f","type":"visualization"},{"id":"30e97190-6eb6-11ea-9266-1fd14ca6af34","name":"d1219968-6b7f-4040-9c75-0611b9cbf8a0:panel_d1219968-6b7f-4040-9c75-0611b9cbf8a0","type":"visualization"},{"id":"51ad64d0-6eb7-11ea-9266-1fd14ca6af34","name":"377e3099-7aec-474c-9201-2f1845c58d24:panel_377e3099-7aec-474c-9201-2f1845c58d24","type":"visualization"},{"id":"c2f93f40-6ed7-11ea-9266-1fd14ca6af34","name":"1b444602-2f1c-4c32-85fc-1e5f46235303:panel_1b444602-2f1c-4c32-85fc-1e5f46235303","type":"visualization"},{"id":"088aad70-7377-11ea-a3da-cbdb4f8a90c0","name":"9b1df72c-b6fd-4abd-a961-32176c26cc3d:panel_9b1df72c-b6fd-4abd-a961-32176c26cc3d","type":"visualization"},{"id":"28bf2ef0-6eb7-11ea-9266-1fd14ca6af34","name":"52c3ab70-9b8d-4c26-953d-f1a943fdff38:panel_52c3ab70-9b8d-4c26-953d-f1a943fdff38","type":"visualization"},{"id":"f22e8660-6eb6-11ea-9266-1fd14ca6af34","name":"ea97cb71-fbb6-46ae-bb4a-4d01c3a6edb2:panel_ea97cb71-fbb6-46ae-bb4a-4d01c3a6edb2","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"17d41692-eb81-4c13-aaa3-2a4bccc125df:panel_17d41692-eb81-4c13-aaa3-2a4bccc125df","type":"search"}],"sort":[1688996741503,4711],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxODcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Modbus - Function","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Modbus - Function\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"function.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Function\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"453f8b90-4a58-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"52dc9fe0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4713],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxODgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"NIDS Alerts - Category","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"NIDS Alerts - Category\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":200},\"position\":\"left\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Category\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\",\"circlesRadius\":1}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":true,\"rotate\":75,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"bottom\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"category.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Category\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"45464b50-3af6-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4715],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxODksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DNS - Query Class (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"DNS - Query Class (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"query_class_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query Class\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"45a652b0-34c1-11e7-917c-af7a9d11771a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4717],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxOTAsMV0="}
+{"attributes":{"columns":["message","fuid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_pe\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"PE - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"66288140-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4719],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxOTEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"PE - OS (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"PE - OS (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"os.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"45c4ae10-380c-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"66288140-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4721],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxOTIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SSH - Server","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SSH - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ssh.server.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ssh.server.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"46221fe0-75ea-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4723],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxOTMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Autoruns - Category","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Autoruns - Category\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":75},\"title\":{\"text\":\"Category\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"category.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Category\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"482be9b0-6d78-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"dd700830-6d69-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688996741503,4725],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxOTQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Kerberos - Service","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Kerberos - Service\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"kerberos.service.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"kerberos.service.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"48331f00-75bd-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4727],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxOTUsMV0="}
+{"attributes":{"columns":["source_ip","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_dnp3\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"DNP3 - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"c2587840-342d-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4729],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxOTYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNP3 - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNP3 - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"4898f230-6e0e-11e7-8624-1fb07dd76c6a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c2587840-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4731],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxOTcsMV0="}
+{"attributes":{"columns":["file.name","file.directory"],"description":"","grid":{},"hideChart":false,"hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.category\",\"params\":{\"query\":\"file\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"event.category\":\"file\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Endgame - File Search","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"90facda0-6f08-11ec-864c-8b5450f97635","migrationVersion":{"search":"8.0.0"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1688996741503,4734],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxOTgsMV0="}
+{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":10,\"h\":12,\"i\":\"d3fd89cc-9483-41b1-90e8-c2e86b862d4c\"},\"panelIndex\":\"d3fd89cc-9483-41b1-90e8-c2e86b862d4c\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"Endgame - Navigation\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Admin](/kibana/app/dashboards#/view/6063a9e0-61b2-11ec-864c-8b5450f97635)     \\n \\n**Event Category**    \\n[Alert](https://PLACEHOLDER/kibana/app/dashboards#/view/0c8e61c0-67fc-11ec-864c-8b5450f97635) | \\n[File](/kibana/app/dashboards#/view/4923ad00-6349-11ec-864c-8b5450f97635) | [Network](/kibana/app/dashboards#/view/49d34770-53b2-11ec-b3ef-6bcc33056a36) | [Process](/kibana/app/dashboards#/view/790991a0-6287-11ec-864c-8b5450f97635) | [Authentication](/kibana/app/dashboards#/view/6c5aaff0-63f6-11ec-864c-8b5450f97635) | [Registry](/kibana/app/dashboards#/view/a6c6c880-63f7-11ec-864c-8b5450f97635)\\n\\n**Endgame**  \\n[Endgame Alerts](https:///alerts/dashboard)\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{},\"type\":\"visualization\"},\"panelRefName\":\"panel_d3fd89cc-9483-41b1-90e8-c2e86b862d4c\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"x\":10,\"y\":0,\"w\":13,\"h\":12,\"i\":\"dcf897df-beb2-4a1b-86b2-4b8b0370aa94\"},\"panelIndex\":\"dcf897df-beb2-4a1b-86b2-4b8b0370aa94\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"id\":\"3505d400-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_dcf897df-beb2-4a1b-86b2-4b8b0370aa94\",\"type\":\"lens\"},{\"id\":\"3505d400-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_dcf897df-beb2-4a1b-86b2-4b8b0370aa94\",\"type\":\"lens\"},{\"id\":\"3505d400-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_dcf897df-beb2-4a1b-86b2-4b8b0370aa94\",\"type\":\"lens\"},{\"id\":\"3505d400-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_dcf897df-beb2-4a1b-86b2-4b8b0370aa94\",\"type\":\"lens\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-265fc12b-5b8f-4440-9d9a-77ca0e8b2ac0\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"layerId\":\"265fc12b-5b8f-4440-9d9a-77ca0e8b2ac0\",\"accessor\":\"b2fc5f2d-52a4-4e20-9ca6-1afad1b8b45e\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"},\"query\":{\"query\":\"event.category.keyword : \\\"file\\\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.category\",\"params\":{\"query\":\"file\"},\"index\":\"filter-index-pattern-0\"},\"query\":{\"match_phrase\":{\"event.category\":\"file\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"265fc12b-5b8f-4440-9d9a-77ca0e8b2ac0\":{\"columns\":{\"b2fc5f2d-52a4-4e20-9ca6-1afad1b8b45e\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"columnOrder\":[\"b2fc5f2d-52a4-4e20-9ca6-1afad1b8b45e\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Endgame - File All Logs\",\"panelRefName\":\"panel_dcf897df-beb2-4a1b-86b2-4b8b0370aa94\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"x\":23,\"y\":0,\"w\":25,\"h\":12,\"i\":\"fb5061a4-571d-4f4d-a3b5-fd7851d324ca\"},\"panelIndex\":\"fb5061a4-571d-4f4d-a3b5-fd7851d324ca\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"42a22c30-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_fb5061a4-571d-4f4d-a3b5-fd7851d324ca\",\"type\":\"lens\"},{\"id\":\"42a22c30-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_fb5061a4-571d-4f4d-a3b5-fd7851d324ca\",\"type\":\"lens\"},{\"id\":\"42a22c30-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_fb5061a4-571d-4f4d-a3b5-fd7851d324ca\",\"type\":\"lens\"},{\"id\":\"42a22c30-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_fb5061a4-571d-4f4d-a3b5-fd7851d324ca\",\"type\":\"lens\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-10863c78-73fc-4739-88ea-b6e3419da4db\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"line\",\"layers\":[{\"layerId\":\"10863c78-73fc-4739-88ea-b6e3419da4db\",\"accessors\":[\"4e101a7c-04a5-4ab9-96c5-ef10fc92547b\"],\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"e472c6a1-d786-43f7-95f0-df55a990e268\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.category\",\"params\":{\"query\":\"file\"},\"index\":\"filter-index-pattern-0\"},\"query\":{\"match_phrase\":{\"event.category\":\"file\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"10863c78-73fc-4739-88ea-b6e3419da4db\":{\"columns\":{\"e472c6a1-d786-43f7-95f0-df55a990e268\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true}},\"4e101a7c-04a5-4ab9-96c5-ef10fc92547b\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"columnOrder\":[\"e472c6a1-d786-43f7-95f0-df55a990e268\",\"4e101a7c-04a5-4ab9-96c5-ef10fc92547b\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Endgame - File Log Count Over Time\",\"panelRefName\":\"panel_fb5061a4-571d-4f4d-a3b5-fd7851d324ca\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":12,\"w\":32,\"h\":16,\"i\":\"30774bd7-ee7f-4c21-aa67-104e961664ee\"},\"panelIndex\":\"30774bd7-ee7f-4c21-aa67-104e961664ee\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"4d6bdc60-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_30774bd7-ee7f-4c21-aa67-104e961664ee\",\"type\":\"lens\"},{\"id\":\"4d6bdc60-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_30774bd7-ee7f-4c21-aa67-104e961664ee\",\"type\":\"lens\"},{\"id\":\"4d6bdc60-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_30774bd7-ee7f-4c21-aa67-104e961664ee\",\"type\":\"lens\"},{\"id\":\"4d6bdc60-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_30774bd7-ee7f-4c21-aa67-104e961664ee\",\"type\":\"lens\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-860e44c0-e06a-4d8a-9172-b542532df353\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"860e44c0-e06a-4d8a-9172-b542532df353\",\"accessors\":[\"63defa8c-527b-4165-9fb9-4e564bd03695\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"0c6f3897-05c7-4aa3-90e5-17f58946a3af\",\"splitAccessor\":\"55eacb06-199f-41eb-b6dc-b5b1407b7073\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.category\",\"params\":{\"query\":\"file\"},\"index\":\"filter-index-pattern-0\"},\"query\":{\"match_phrase\":{\"event.category\":\"file\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"860e44c0-e06a-4d8a-9172-b542532df353\":{\"columns\":{\"55eacb06-199f-41eb-b6dc-b5b1407b7073\":{\"label\":\"Top values of event.action\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"event.action\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"63defa8c-527b-4165-9fb9-4e564bd03695\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"0c6f3897-05c7-4aa3-90e5-17f58946a3af\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true}},\"63defa8c-527b-4165-9fb9-4e564bd03695\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"columnOrder\":[\"55eacb06-199f-41eb-b6dc-b5b1407b7073\",\"0c6f3897-05c7-4aa3-90e5-17f58946a3af\",\"63defa8c-527b-4165-9fb9-4e564bd03695\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Endgame - File Event Action\",\"panelRefName\":\"panel_30774bd7-ee7f-4c21-aa67-104e961664ee\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"x\":32,\"y\":12,\"w\":16,\"h\":16,\"i\":\"8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1\"},\"panelIndex\":\"8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"id\":\"5a43fa30-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1\",\"type\":\"lens\"},{\"id\":\"5a43fa30-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1\",\"type\":\"lens\"},{\"id\":\"5a43fa30-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1\",\"type\":\"lens\"},{\"id\":\"5a43fa30-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1\",\"type\":\"lens\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-b12aced8-11a0-4a83-a7c5-129f142e8f04\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"layerId\":\"b12aced8-11a0-4a83-a7c5-129f142e8f04\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"bc61b519-0caa-4bf7-bbe7-6077fb307d0a\"},{\"columnId\":\"f549d182-14e5-4395-b185-4cd192e4030c\"}],\"rowHeight\":\"single\",\"rowHeightLines\":1},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.category\",\"params\":{\"query\":\"file\"},\"index\":\"filter-index-pattern-0\"},\"query\":{\"match_phrase\":{\"event.category\":\"file\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"b12aced8-11a0-4a83-a7c5-129f142e8f04\":{\"columns\":{\"bc61b519-0caa-4bf7-bbe7-6077fb307d0a\":{\"label\":\"Top values of user.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user.name\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"f549d182-14e5-4395-b185-4cd192e4030c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"f549d182-14e5-4395-b185-4cd192e4030c\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"columnOrder\":[\"bc61b519-0caa-4bf7-bbe7-6077fb307d0a\",\"f549d182-14e5-4395-b185-4cd192e4030c\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Endgame - File Username\",\"panelRefName\":\"panel_8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":28,\"w\":23,\"h\":31,\"i\":\"cd2e58e6-ecaf-46ff-89ae-3f6c104137b2\"},\"panelIndex\":\"cd2e58e6-ecaf-46ff-89ae-3f6c104137b2\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2\",\"type\":\"lens\"},{\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2\",\"type\":\"lens\"},{\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2\",\"type\":\"lens\"},{\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2\",\"type\":\"lens\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-e5f77e35-1bc5-4487-9602-e2962cafa87b\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"layerId\":\"e5f77e35-1bc5-4487-9602-e2962cafa87b\",\"layerType\":\"data\",\"columns\":[{\"isTransposed\":false,\"columnId\":\"ade5af28-bac8-4a2d-adff-28580282a9d2\"},{\"isTransposed\":false,\"columnId\":\"e480935c-b388-48c6-9582-fb4600b462fb\"},{\"columnId\":\"bb5f0057-5e74-4baf-9839-aff53de6d145\",\"isTransposed\":false}],\"rowHeight\":\"single\",\"rowHeightLines\":1},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.category\",\"params\":{\"query\":\"file\"},\"index\":\"filter-index-pattern-0\"},\"query\":{\"match_phrase\":{\"event.category\":\"file\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"e5f77e35-1bc5-4487-9602-e2962cafa87b\":{\"columns\":{\"ade5af28-bac8-4a2d-adff-28580282a9d2\":{\"label\":\"Top values of file.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"file.name\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e480935c-b388-48c6-9582-fb4600b462fb\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true}},\"e480935c-b388-48c6-9582-fb4600b462fb\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"bb5f0057-5e74-4baf-9839-aff53de6d145\":{\"label\":\"Top values of file.path\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"file.path\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e480935c-b388-48c6-9582-fb4600b462fb\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true}}},\"columnOrder\":[\"ade5af28-bac8-4a2d-adff-28580282a9d2\",\"bb5f0057-5e74-4baf-9839-aff53de6d145\",\"e480935c-b388-48c6-9582-fb4600b462fb\"],\"incompleteColumns\":{}}}}}}},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Endgame - File Name\",\"panelRefName\":\"panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"x\":23,\"y\":28,\"w\":25,\"h\":11,\"i\":\"7e1aecd8-bbbe-453c-868b-8335f5ab65ea\"},\"panelIndex\":\"7e1aecd8-bbbe-453c-868b-8335f5ab65ea\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"id\":\"74daec50-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_7e1aecd8-bbbe-453c-868b-8335f5ab65ea\",\"type\":\"lens\"},{\"id\":\"74daec50-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_7e1aecd8-bbbe-453c-868b-8335f5ab65ea\",\"type\":\"lens\"},{\"id\":\"74daec50-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_7e1aecd8-bbbe-453c-868b-8335f5ab65ea\",\"type\":\"lens\"},{\"id\":\"74daec50-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_7e1aecd8-bbbe-453c-868b-8335f5ab65ea\",\"type\":\"lens\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-377145dd-d931-4e01-8719-fa4e36df631a\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"layerId\":\"377145dd-d931-4e01-8719-fa4e36df631a\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"6ba09492-0ce8-4f51-9263-e85a0a74225c\"},{\"columnId\":\"123ad80c-6989-4387-a25a-9f0a60d6ea7b\"}],\"rowHeight\":\"single\",\"rowHeightLines\":1},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.category\",\"params\":{\"query\":\"file\"},\"index\":\"filter-index-pattern-0\"},\"query\":{\"match_phrase\":{\"event.category\":\"file\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"377145dd-d931-4e01-8719-fa4e36df631a\":{\"columns\":{\"6ba09492-0ce8-4f51-9263-e85a0a74225c\":{\"label\":\"Top values of host.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.name\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"123ad80c-6989-4387-a25a-9f0a60d6ea7b\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"123ad80c-6989-4387-a25a-9f0a60d6ea7b\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"columnOrder\":[\"6ba09492-0ce8-4f51-9263-e85a0a74225c\",\"123ad80c-6989-4387-a25a-9f0a60d6ea7b\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Endgame - File Hostname\",\"panelRefName\":\"panel_7e1aecd8-bbbe-453c-868b-8335f5ab65ea\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"x\":23,\"y\":39,\"w\":25,\"h\":20,\"i\":\"9fa50224-7ba0-4adb-806a-bca0ddaf81d0\"},\"panelIndex\":\"9fa50224-7ba0-4adb-806a-bca0ddaf81d0\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"id\":\"82ab9af0-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_9fa50224-7ba0-4adb-806a-bca0ddaf81d0\",\"type\":\"lens\"},{\"id\":\"82ab9af0-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_9fa50224-7ba0-4adb-806a-bca0ddaf81d0\",\"type\":\"lens\"},{\"id\":\"82ab9af0-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_9fa50224-7ba0-4adb-806a-bca0ddaf81d0\",\"type\":\"lens\"},{\"id\":\"82ab9af0-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_9fa50224-7ba0-4adb-806a-bca0ddaf81d0\",\"type\":\"lens\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-3320254d-3b41-4746-946e-70357e58da19\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"3320254d-3b41-4746-946e-70357e58da19\",\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"layerType\":\"data\",\"legendSize\":\"auto\",\"primaryGroups\":[\"4a9a0ae7-34cc-407e-8f0c-a60c234179b7\"],\"metrics\":[\"9ee7fb17-68de-4b29-b3e8-21336f4b15ca\"]}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.category\",\"params\":{\"query\":\"file\"},\"index\":\"filter-index-pattern-0\"},\"query\":{\"match_phrase\":{\"event.category\":\"file\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"3320254d-3b41-4746-946e-70357e58da19\":{\"columns\":{\"4a9a0ae7-34cc-407e-8f0c-a60c234179b7\":{\"label\":\"Top values of event.type\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"event.type\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"9ee7fb17-68de-4b29-b3e8-21336f4b15ca\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"9ee7fb17-68de-4b29-b3e8-21336f4b15ca\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"columnOrder\":[\"4a9a0ae7-34cc-407e-8f0c-a60c234179b7\",\"9ee7fb17-68de-4b29-b3e8-21336f4b15ca\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"fa53d234-1d45-4a90-8468-631012e68ce8\",\"triggers\":[\"FILTER_TRIGGER\"],\"action\":{\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"Go to File Dashboard\",\"config\":{\"useCurrentFilters\":true,\"useCurrentDateRange\":true}}}]}},\"type\":\"lens\"},\"title\":\"Endgame - File Event Type (Donut)\",\"panelRefName\":\"panel_9fa50224-7ba0-4adb-806a-bca0ddaf81d0\"},{\"version\":\"7.16.2\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":59,\"w\":48,\"h\":16,\"i\":\"0f24d345-114e-44a8-ac45-75258008cf3b\"},\"panelIndex\":\"0f24d345-114e-44a8-ac45-75258008cf3b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0f24d345-114e-44a8-ac45-75258008cf3b\"}]","timeRestore":false,"title":"Endgame - File","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"4923ad00-6349-11ec-864c-8b5450f97635","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"754f7380-6d82-11ec-864c-8b5450f97635","name":"d3fd89cc-9483-41b1-90e8-c2e86b862d4c:panel_d3fd89cc-9483-41b1-90e8-c2e86b862d4c","type":"visualization"},{"id":"3505d400-6d6d-11ec-864c-8b5450f97635","name":"dcf897df-beb2-4a1b-86b2-4b8b0370aa94:panel_dcf897df-beb2-4a1b-86b2-4b8b0370aa94","type":"lens"},{"id":"3505d400-6d6d-11ec-864c-8b5450f97635","name":"dcf897df-beb2-4a1b-86b2-4b8b0370aa94:panel_dcf897df-beb2-4a1b-86b2-4b8b0370aa94","type":"lens"},{"id":"3505d400-6d6d-11ec-864c-8b5450f97635","name":"dcf897df-beb2-4a1b-86b2-4b8b0370aa94:panel_dcf897df-beb2-4a1b-86b2-4b8b0370aa94","type":"lens"},{"id":"3505d400-6d6d-11ec-864c-8b5450f97635","name":"dcf897df-beb2-4a1b-86b2-4b8b0370aa94:panel_dcf897df-beb2-4a1b-86b2-4b8b0370aa94","type":"lens"},{"id":"3505d400-6d6d-11ec-864c-8b5450f97635","name":"dcf897df-beb2-4a1b-86b2-4b8b0370aa94:panel_dcf897df-beb2-4a1b-86b2-4b8b0370aa94","type":"lens"},{"id":"endgame-*","name":"dcf897df-beb2-4a1b-86b2-4b8b0370aa94:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"dcf897df-beb2-4a1b-86b2-4b8b0370aa94:indexpattern-datasource-layer-265fc12b-5b8f-4440-9d9a-77ca0e8b2ac0","type":"index-pattern"},{"id":"endgame-*","name":"dcf897df-beb2-4a1b-86b2-4b8b0370aa94:filter-index-pattern-0","type":"index-pattern"},{"id":"42a22c30-6d6d-11ec-864c-8b5450f97635","name":"fb5061a4-571d-4f4d-a3b5-fd7851d324ca:panel_fb5061a4-571d-4f4d-a3b5-fd7851d324ca","type":"lens"},{"id":"42a22c30-6d6d-11ec-864c-8b5450f97635","name":"fb5061a4-571d-4f4d-a3b5-fd7851d324ca:panel_fb5061a4-571d-4f4d-a3b5-fd7851d324ca","type":"lens"},{"id":"42a22c30-6d6d-11ec-864c-8b5450f97635","name":"fb5061a4-571d-4f4d-a3b5-fd7851d324ca:panel_fb5061a4-571d-4f4d-a3b5-fd7851d324ca","type":"lens"},{"id":"42a22c30-6d6d-11ec-864c-8b5450f97635","name":"fb5061a4-571d-4f4d-a3b5-fd7851d324ca:panel_fb5061a4-571d-4f4d-a3b5-fd7851d324ca","type":"lens"},{"id":"42a22c30-6d6d-11ec-864c-8b5450f97635","name":"fb5061a4-571d-4f4d-a3b5-fd7851d324ca:panel_fb5061a4-571d-4f4d-a3b5-fd7851d324ca","type":"lens"},{"id":"endgame-*","name":"fb5061a4-571d-4f4d-a3b5-fd7851d324ca:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"fb5061a4-571d-4f4d-a3b5-fd7851d324ca:indexpattern-datasource-layer-10863c78-73fc-4739-88ea-b6e3419da4db","type":"index-pattern"},{"id":"endgame-*","name":"fb5061a4-571d-4f4d-a3b5-fd7851d324ca:filter-index-pattern-0","type":"index-pattern"},{"id":"4d6bdc60-6d6d-11ec-864c-8b5450f97635","name":"30774bd7-ee7f-4c21-aa67-104e961664ee:panel_30774bd7-ee7f-4c21-aa67-104e961664ee","type":"lens"},{"id":"4d6bdc60-6d6d-11ec-864c-8b5450f97635","name":"30774bd7-ee7f-4c21-aa67-104e961664ee:panel_30774bd7-ee7f-4c21-aa67-104e961664ee","type":"lens"},{"id":"4d6bdc60-6d6d-11ec-864c-8b5450f97635","name":"30774bd7-ee7f-4c21-aa67-104e961664ee:panel_30774bd7-ee7f-4c21-aa67-104e961664ee","type":"lens"},{"id":"4d6bdc60-6d6d-11ec-864c-8b5450f97635","name":"30774bd7-ee7f-4c21-aa67-104e961664ee:panel_30774bd7-ee7f-4c21-aa67-104e961664ee","type":"lens"},{"id":"4d6bdc60-6d6d-11ec-864c-8b5450f97635","name":"30774bd7-ee7f-4c21-aa67-104e961664ee:panel_30774bd7-ee7f-4c21-aa67-104e961664ee","type":"lens"},{"id":"endgame-*","name":"30774bd7-ee7f-4c21-aa67-104e961664ee:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"30774bd7-ee7f-4c21-aa67-104e961664ee:indexpattern-datasource-layer-860e44c0-e06a-4d8a-9172-b542532df353","type":"index-pattern"},{"id":"endgame-*","name":"30774bd7-ee7f-4c21-aa67-104e961664ee:filter-index-pattern-0","type":"index-pattern"},{"id":"5a43fa30-6d6d-11ec-864c-8b5450f97635","name":"8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1:panel_8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1","type":"lens"},{"id":"5a43fa30-6d6d-11ec-864c-8b5450f97635","name":"8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1:panel_8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1","type":"lens"},{"id":"5a43fa30-6d6d-11ec-864c-8b5450f97635","name":"8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1:panel_8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1","type":"lens"},{"id":"5a43fa30-6d6d-11ec-864c-8b5450f97635","name":"8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1:panel_8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1","type":"lens"},{"id":"5a43fa30-6d6d-11ec-864c-8b5450f97635","name":"8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1:panel_8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1","type":"lens"},{"id":"endgame-*","name":"8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1:indexpattern-datasource-layer-b12aced8-11a0-4a83-a7c5-129f142e8f04","type":"index-pattern"},{"id":"endgame-*","name":"8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1:filter-index-pattern-0","type":"index-pattern"},{"id":"676296e0-6d6d-11ec-864c-8b5450f97635","name":"cd2e58e6-ecaf-46ff-89ae-3f6c104137b2:panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2","type":"lens"},{"id":"676296e0-6d6d-11ec-864c-8b5450f97635","name":"cd2e58e6-ecaf-46ff-89ae-3f6c104137b2:panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2","type":"lens"},{"id":"676296e0-6d6d-11ec-864c-8b5450f97635","name":"cd2e58e6-ecaf-46ff-89ae-3f6c104137b2:panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2","type":"lens"},{"id":"676296e0-6d6d-11ec-864c-8b5450f97635","name":"cd2e58e6-ecaf-46ff-89ae-3f6c104137b2:panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2","type":"lens"},{"id":"676296e0-6d6d-11ec-864c-8b5450f97635","name":"cd2e58e6-ecaf-46ff-89ae-3f6c104137b2:panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2","type":"lens"},{"id":"endgame-*","name":"cd2e58e6-ecaf-46ff-89ae-3f6c104137b2:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"cd2e58e6-ecaf-46ff-89ae-3f6c104137b2:indexpattern-datasource-layer-e5f77e35-1bc5-4487-9602-e2962cafa87b","type":"index-pattern"},{"id":"endgame-*","name":"cd2e58e6-ecaf-46ff-89ae-3f6c104137b2:filter-index-pattern-0","type":"index-pattern"},{"id":"74daec50-6d6d-11ec-864c-8b5450f97635","name":"7e1aecd8-bbbe-453c-868b-8335f5ab65ea:panel_7e1aecd8-bbbe-453c-868b-8335f5ab65ea","type":"lens"},{"id":"74daec50-6d6d-11ec-864c-8b5450f97635","name":"7e1aecd8-bbbe-453c-868b-8335f5ab65ea:panel_7e1aecd8-bbbe-453c-868b-8335f5ab65ea","type":"lens"},{"id":"74daec50-6d6d-11ec-864c-8b5450f97635","name":"7e1aecd8-bbbe-453c-868b-8335f5ab65ea:panel_7e1aecd8-bbbe-453c-868b-8335f5ab65ea","type":"lens"},{"id":"74daec50-6d6d-11ec-864c-8b5450f97635","name":"7e1aecd8-bbbe-453c-868b-8335f5ab65ea:panel_7e1aecd8-bbbe-453c-868b-8335f5ab65ea","type":"lens"},{"id":"74daec50-6d6d-11ec-864c-8b5450f97635","name":"7e1aecd8-bbbe-453c-868b-8335f5ab65ea:panel_7e1aecd8-bbbe-453c-868b-8335f5ab65ea","type":"lens"},{"id":"endgame-*","name":"7e1aecd8-bbbe-453c-868b-8335f5ab65ea:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"7e1aecd8-bbbe-453c-868b-8335f5ab65ea:indexpattern-datasource-layer-377145dd-d931-4e01-8719-fa4e36df631a","type":"index-pattern"},{"id":"endgame-*","name":"7e1aecd8-bbbe-453c-868b-8335f5ab65ea:filter-index-pattern-0","type":"index-pattern"},{"id":"82ab9af0-6d6d-11ec-864c-8b5450f97635","name":"9fa50224-7ba0-4adb-806a-bca0ddaf81d0:panel_9fa50224-7ba0-4adb-806a-bca0ddaf81d0","type":"lens"},{"id":"82ab9af0-6d6d-11ec-864c-8b5450f97635","name":"9fa50224-7ba0-4adb-806a-bca0ddaf81d0:panel_9fa50224-7ba0-4adb-806a-bca0ddaf81d0","type":"lens"},{"id":"82ab9af0-6d6d-11ec-864c-8b5450f97635","name":"9fa50224-7ba0-4adb-806a-bca0ddaf81d0:panel_9fa50224-7ba0-4adb-806a-bca0ddaf81d0","type":"lens"},{"id":"82ab9af0-6d6d-11ec-864c-8b5450f97635","name":"9fa50224-7ba0-4adb-806a-bca0ddaf81d0:panel_9fa50224-7ba0-4adb-806a-bca0ddaf81d0","type":"lens"},{"id":"82ab9af0-6d6d-11ec-864c-8b5450f97635","name":"9fa50224-7ba0-4adb-806a-bca0ddaf81d0:panel_9fa50224-7ba0-4adb-806a-bca0ddaf81d0","type":"lens"},{"id":"endgame-*","name":"9fa50224-7ba0-4adb-806a-bca0ddaf81d0:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"9fa50224-7ba0-4adb-806a-bca0ddaf81d0:indexpattern-datasource-layer-3320254d-3b41-4746-946e-70357e58da19","type":"index-pattern"},{"id":"endgame-*","name":"9fa50224-7ba0-4adb-806a-bca0ddaf81d0:filter-index-pattern-0","type":"index-pattern"},{"id":"4923ad00-6349-11ec-864c-8b5450f97635","name":"9fa50224-7ba0-4adb-806a-bca0ddaf81d0:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:fa53d234-1d45-4a90-8468-631012e68ce8:dashboardId","type":"dashboard"},{"id":"90facda0-6f08-11ec-864c-8b5450f97635","name":"0f24d345-114e-44a8-ac45-75258008cf3b:panel_0f24d345-114e-44a8-ac45-75258008cf3b","type":"search"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1688996741503,4795],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxOTksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SIP - Request From","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SIP - Request From\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"sip.request.from.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sip.request.from.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Request From\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"49384710-75ca-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4797],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyMDAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"network.transport:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Network - Transport","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Network - Transport\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"network.transport: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.transport\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Network Transport\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"499a0690-6ead-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4799],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyMDEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Strelka - File - Source","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Strelka - File - Source\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.source.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"49cfe850-772c-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4801],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyMDIsMV0="}
+{"attributes":{"columns":[],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.category\",\"params\":{\"query\":\"network\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"event.category\":\"network\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Endgame - Network Search","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"4e1aa7c0-6ed2-11ec-864c-8b5450f97635","migrationVersion":{"search":"8.0.0"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1688996741503,4804],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyMDMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Endgame - Network Heatmap","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 5,500,000,000\":\"rgb(247,252,245)\",\"5,500,000,000 - 11,000,000,000\":\"rgb(198,232,191)\",\"11,000,000,000 - 16,500,000,000\":\"rgb(114,195,120)\",\"16,500,000,000 - 22,000,000,000\":\"rgb(34,139,69)\"},\"legendOpen\":true}}","version":1,"visState":"{\"title\":\"Endgame - Network Heatmap\",\"type\":\"heatmap\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":17,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"source.ip\"},\"schema\":\"group\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"destination.ip\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"heatmap\",\"addTooltip\":true,\"addLegend\":true,\"enableHover\":false,\"legendPosition\":\"right\",\"times\":[],\"colorsNumber\":4,\"colorSchema\":\"Greens\",\"setColorRange\":false,\"colorsRange\":[],\"invertColors\":false,\"percentageMode\":false,\"valueAxes\":[{\"show\":false,\"id\":\"ValueAxis-1\",\"type\":\"value\",\"scale\":{\"type\":\"linear\",\"defaultYExtents\":false},\"labels\":{\"show\":false,\"rotate\":0,\"overwriteColor\":false,\"color\":\"black\"}}],\"legendSize\":\"auto\"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"de389910-6f0a-11ec-864c-8b5450f97635","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"4e1aa7c0-6ed2-11ec-864c-8b5450f97635","name":"search_0","type":"search"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1688996741503,4807],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyMDQsMV0="}
+{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":10,\"h\":10,\"i\":\"5485c8f5-90ea-409f-8522-f0a58716a12e\"},\"panelIndex\":\"5485c8f5-90ea-409f-8522-f0a58716a12e\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"Endgame - Navigation\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Admin](/kibana/app/dashboards#/view/6063a9e0-61b2-11ec-864c-8b5450f97635)     \\n \\n**Event Category**    \\n[Alert](https://PLACEHOLDER/kibana/app/dashboards#/view/0c8e61c0-67fc-11ec-864c-8b5450f97635) | \\n[File](/kibana/app/dashboards#/view/4923ad00-6349-11ec-864c-8b5450f97635) | [Network](/kibana/app/dashboards#/view/49d34770-53b2-11ec-b3ef-6bcc33056a36) | [Process](/kibana/app/dashboards#/view/790991a0-6287-11ec-864c-8b5450f97635) | [Authentication](/kibana/app/dashboards#/view/6c5aaff0-63f6-11ec-864c-8b5450f97635) | [Registry](/kibana/app/dashboards#/view/a6c6c880-63f7-11ec-864c-8b5450f97635)\\n\\n**Endgame**  \\n[Endgame Alerts](https:///alerts/dashboard)\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{},\"type\":\"visualization\"},\"panelRefName\":\"panel_5485c8f5-90ea-409f-8522-f0a58716a12e\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":10,\"y\":0,\"w\":14,\"h\":10,\"i\":\"2fcc00ab-4db8-4760-9bd0-111a3cd1c822\"},\"panelIndex\":\"2fcc00ab-4db8-4760-9bd0-111a3cd1c822\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2fcc00ab-4db8-4760-9bd0-111a3cd1c822\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":0,\"w\":12,\"h\":13,\"i\":\"0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\"},\"panelIndex\":\"0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\",\"type\":\"lens\",\"id\":\"a82d8250-6324-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\",\"type\":\"lens\",\"id\":\"a82d8250-6324-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\",\"type\":\"lens\",\"id\":\"a82d8250-6324-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\",\"type\":\"lens\",\"id\":\"a82d8250-6324-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\",\"type\":\"lens\",\"id\":\"a82d8250-6324-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\",\"type\":\"lens\",\"id\":\"a82d8250-6324-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\",\"type\":\"lens\",\"id\":\"a82d8250-6324-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\",\"type\":\"lens\",\"id\":\"a82d8250-6324-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\",\"type\":\"lens\",\"id\":\"a82d8250-6324-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\",\"type\":\"lens\",\"id\":\"a82d8250-6324-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\",\"type\":\"lens\",\"id\":\"a82d8250-6324-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\",\"type\":\"lens\",\"id\":\"a82d8250-6324-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-909005b3-b986-4bf6-9504-f4a9c877a966\"}],\"state\":{\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"909005b3-b986-4bf6-9504-f4a9c877a966\",\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"layerType\":\"data\",\"legendSize\":\"auto\",\"primaryGroups\":[\"b65c177b-364a-4656-854a-69e6b07f05ff\"],\"metrics\":[\"98109e10-1bb1-4a93-bd3f-64a228aba2c4\"]}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"909005b3-b986-4bf6-9504-f4a9c877a966\":{\"columns\":{\"b65c177b-364a-4656-854a-69e6b07f05ff\":{\"label\":\"Top values of network.transport\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"network.transport\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"98109e10-1bb1-4a93-bd3f-64a228aba2c4\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"98109e10-1bb1-4a93-bd3f-64a228aba2c4\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"columnOrder\":[\"b65c177b-364a-4656-854a-69e6b07f05ff\",\"98109e10-1bb1-4a93-bd3f-64a228aba2c4\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Endgame - Network Transport\",\"panelRefName\":\"panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":36,\"y\":0,\"w\":12,\"h\":13,\"i\":\"3db56ff3-17bb-4304-95ca-5b7b6254257a\"},\"panelIndex\":\"3db56ff3-17bb-4304-95ca-5b7b6254257a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3db56ff3-17bb-4304-95ca-5b7b6254257a\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":10,\"w\":24,\"h\":19,\"i\":\"0fd77215-f380-4e05-8e8d-7eff24e7eb10\"},\"panelIndex\":\"0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"type\":\"lens\",\"id\":\"22ffcc70-6322-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"type\":\"lens\",\"id\":\"22ffcc70-6322-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"type\":\"lens\",\"id\":\"22ffcc70-6322-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"type\":\"lens\",\"id\":\"22ffcc70-6322-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"type\":\"lens\",\"id\":\"22ffcc70-6322-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"type\":\"lens\",\"id\":\"22ffcc70-6322-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"type\":\"lens\",\"id\":\"22ffcc70-6322-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"type\":\"lens\",\"id\":\"22ffcc70-6322-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"type\":\"lens\",\"id\":\"22ffcc70-6322-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"type\":\"lens\",\"id\":\"22ffcc70-6322-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"type\":\"lens\",\"id\":\"22ffcc70-6322-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"type\":\"lens\",\"id\":\"22ffcc70-6322-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"type\":\"lens\",\"id\":\"22ffcc70-6322-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-7d4edcbb-fca9-47d9-93df-acba6aaf6f58\"}],\"state\":{\"visualization\":{\"layerId\":\"7d4edcbb-fca9-47d9-93df-acba6aaf6f58\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"0cbe5805-5e69-4a7e-a5ef-21dfabd592f5\"},{\"columnId\":\"92a4b279-4a18-4513-a75c-52dcf79a6801\"}],\"rowHeight\":\"single\",\"rowHeightLines\":1},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"7d4edcbb-fca9-47d9-93df-acba6aaf6f58\":{\"columns\":{\"0cbe5805-5e69-4a7e-a5ef-21dfabd592f5\":{\"label\":\"Top values of event.category\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"event.category\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"column\",\"columnId\":\"92a4b279-4a18-4513-a75c-52dcf79a6801\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"92a4b279-4a18-4513-a75c-52dcf79a6801\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"columnOrder\":[\"0cbe5805-5e69-4a7e-a5ef-21dfabd592f5\",\"92a4b279-4a18-4513-a75c-52dcf79a6801\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Endgame - Network Events\",\"panelRefName\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":13,\"w\":12,\"h\":16,\"i\":\"55ac1386-6ccb-4926-813d-1dc397a60036\"},\"panelIndex\":\"55ac1386-6ccb-4926-813d-1dc397a60036\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_55ac1386-6ccb-4926-813d-1dc397a60036\",\"type\":\"lens\",\"id\":\"ac2e7c60-6e41-11ec-864c-8b5450f97635\"},{\"name\":\"panel_55ac1386-6ccb-4926-813d-1dc397a60036\",\"type\":\"lens\",\"id\":\"ac2e7c60-6e41-11ec-864c-8b5450f97635\"},{\"name\":\"panel_55ac1386-6ccb-4926-813d-1dc397a60036\",\"type\":\"lens\",\"id\":\"ac2e7c60-6e41-11ec-864c-8b5450f97635\"},{\"name\":\"panel_55ac1386-6ccb-4926-813d-1dc397a60036\",\"type\":\"lens\",\"id\":\"ac2e7c60-6e41-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-f2b4871a-9aca-4016-848c-331b8c221cf7\"}],\"state\":{\"visualization\":{\"layerId\":\"f2b4871a-9aca-4016-848c-331b8c221cf7\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"a06965e8-9258-490d-9765-54afc2fb5073\"},{\"columnId\":\"e81257d5-bbe1-406d-b8b7-01db30a05390\"}],\"rowHeight\":\"single\",\"rowHeightLines\":1},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"f2b4871a-9aca-4016-848c-331b8c221cf7\":{\"columns\":{\"a06965e8-9258-490d-9765-54afc2fb5073\":{\"label\":\"Top values of source.ip\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"source.ip\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e81257d5-bbe1-406d-b8b7-01db30a05390\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"e81257d5-bbe1-406d-b8b7-01db30a05390\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"columnOrder\":[\"a06965e8-9258-490d-9765-54afc2fb5073\",\"e81257d5-bbe1-406d-b8b7-01db30a05390\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Endgame - Network Source IP\",\"panelRefName\":\"panel_55ac1386-6ccb-4926-813d-1dc397a60036\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"x\":36,\"y\":13,\"w\":12,\"h\":16,\"i\":\"0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6\"},\"panelIndex\":\"0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6\",\"type\":\"lens\",\"id\":\"c7f8be60-6e41-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6\",\"type\":\"lens\",\"id\":\"c7f8be60-6e41-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6\",\"type\":\"lens\",\"id\":\"c7f8be60-6e41-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6\",\"type\":\"lens\",\"id\":\"c7f8be60-6e41-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-d76872f3-61fb-4b26-8440-0ca886e33224\"}],\"state\":{\"visualization\":{\"layerId\":\"d76872f3-61fb-4b26-8440-0ca886e33224\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"822af2db-f82f-4f05-a4c3-8c6b7808d79a\"},{\"columnId\":\"6f747e8d-b264-42e8-ae88-2df81bf5bfa5\"}],\"rowHeight\":\"single\",\"rowHeightLines\":1},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"d76872f3-61fb-4b26-8440-0ca886e33224\":{\"columns\":{\"822af2db-f82f-4f05-a4c3-8c6b7808d79a\":{\"label\":\"Top values of destination.ip\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"destination.ip\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6f747e8d-b264-42e8-ae88-2df81bf5bfa5\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"6f747e8d-b264-42e8-ae88-2df81bf5bfa5\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"columnOrder\":[\"822af2db-f82f-4f05-a4c3-8c6b7808d79a\",\"6f747e8d-b264-42e8-ae88-2df81bf5bfa5\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Endgame - Network Destination IP\",\"panelRefName\":\"panel_0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":29,\"w\":48,\"h\":12,\"i\":\"93e059d5-fc50-4357-9dfa-939f48da5834\"},\"panelIndex\":\"93e059d5-fc50-4357-9dfa-939f48da5834\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_93e059d5-fc50-4357-9dfa-939f48da5834\"},{\"version\":\"7.15.2\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":41,\"w\":48,\"h\":21,\"i\":\"cb25c6cd-4360-4a3f-8c5c-49a1b1a3d002\"},\"panelIndex\":\"cb25c6cd-4360-4a3f-8c5c-49a1b1a3d002\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_cb25c6cd-4360-4a3f-8c5c-49a1b1a3d002\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":62,\"w\":28,\"h\":17,\"i\":\"1d174f74-9575-4827-8ae0-d5db7d53777b\"},\"panelIndex\":\"1d174f74-9575-4827-8ae0-d5db7d53777b\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_1d174f74-9575-4827-8ae0-d5db7d53777b\",\"type\":\"lens\",\"id\":\"85048e40-6329-11ec-864c-8b5450f97635\"},{\"name\":\"panel_1d174f74-9575-4827-8ae0-d5db7d53777b\",\"type\":\"lens\",\"id\":\"85048e40-6329-11ec-864c-8b5450f97635\"},{\"name\":\"panel_1d174f74-9575-4827-8ae0-d5db7d53777b\",\"type\":\"lens\",\"id\":\"85048e40-6329-11ec-864c-8b5450f97635\"},{\"name\":\"panel_1d174f74-9575-4827-8ae0-d5db7d53777b\",\"type\":\"lens\",\"id\":\"85048e40-6329-11ec-864c-8b5450f97635\"},{\"name\":\"panel_1d174f74-9575-4827-8ae0-d5db7d53777b\",\"type\":\"lens\",\"id\":\"85048e40-6329-11ec-864c-8b5450f97635\"},{\"name\":\"panel_1d174f74-9575-4827-8ae0-d5db7d53777b\",\"type\":\"lens\",\"id\":\"85048e40-6329-11ec-864c-8b5450f97635\"},{\"name\":\"panel_1d174f74-9575-4827-8ae0-d5db7d53777b\",\"type\":\"lens\",\"id\":\"85048e40-6329-11ec-864c-8b5450f97635\"},{\"name\":\"panel_1d174f74-9575-4827-8ae0-d5db7d53777b\",\"type\":\"lens\",\"id\":\"85048e40-6329-11ec-864c-8b5450f97635\"},{\"name\":\"panel_1d174f74-9575-4827-8ae0-d5db7d53777b\",\"type\":\"lens\",\"id\":\"85048e40-6329-11ec-864c-8b5450f97635\"},{\"name\":\"panel_1d174f74-9575-4827-8ae0-d5db7d53777b\",\"type\":\"lens\",\"id\":\"85048e40-6329-11ec-864c-8b5450f97635\"},{\"name\":\"panel_1d174f74-9575-4827-8ae0-d5db7d53777b\",\"type\":\"lens\",\"id\":\"85048e40-6329-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-89c7faa8-15c2-4772-95a6-8049a683be1a\"}],\"state\":{\"visualization\":{\"layerId\":\"89c7faa8-15c2-4772-95a6-8049a683be1a\",\"layerType\":\"data\",\"columns\":[{\"isTransposed\":false,\"columnId\":\"0cf6d6cf-9585-4e5f-8729-af8484507670\"},{\"isTransposed\":false,\"columnId\":\"e520b985-a9b8-4183-b29c-61373ed817c8\"},{\"isTransposed\":false,\"columnId\":\"fa5a503a-c448-4dc7-8b1e-5679822218ae\"},{\"isTransposed\":false,\"columnId\":\"9079d4df-8e60-4749-bc38-b3b52782f71d\"}],\"rowHeight\":\"single\",\"rowHeightLines\":1},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"89c7faa8-15c2-4772-95a6-8049a683be1a\":{\"columns\":{\"0cf6d6cf-9585-4e5f-8729-af8484507670\":{\"label\":\"Top values of dns.question.type\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"dns.question.type\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"column\",\"columnId\":\"9079d4df-8e60-4749-bc38-b3b52782f71d\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"e520b985-a9b8-4183-b29c-61373ed817c8\":{\"label\":\"Top values of dns.question.registered_domain\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"dns.question.registered_domain\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"column\",\"columnId\":\"9079d4df-8e60-4749-bc38-b3b52782f71d\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"fa5a503a-c448-4dc7-8b1e-5679822218ae\":{\"label\":\"Top values of dns.question.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"dns.question.name\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"column\",\"columnId\":\"9079d4df-8e60-4749-bc38-b3b52782f71d\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"9079d4df-8e60-4749-bc38-b3b52782f71d\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"columnOrder\":[\"0cf6d6cf-9585-4e5f-8729-af8484507670\",\"e520b985-a9b8-4183-b29c-61373ed817c8\",\"fa5a503a-c448-4dc7-8b1e-5679822218ae\",\"9079d4df-8e60-4749-bc38-b3b52782f71d\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Endgame - Network DNS Query\",\"panelRefName\":\"panel_1d174f74-9575-4827-8ae0-d5db7d53777b\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":28,\"y\":62,\"w\":20,\"h\":17,\"i\":\"0dc8b0a7-c750-4e4d-8fa3-fa9fb8814fa1\"},\"panelIndex\":\"0dc8b0a7-c750-4e4d-8fa3-fa9fb8814fa1\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Endgame - Network DNS Requests Chart\",\"panelRefName\":\"panel_0dc8b0a7-c750-4e4d-8fa3-fa9fb8814fa1\"},{\"version\":\"7.15.2\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":79,\"w\":48,\"h\":17,\"i\":\"fb5ece46-c6e7-4d56-a48a-607783ad818f\"},\"panelIndex\":\"fb5ece46-c6e7-4d56-a48a-607783ad818f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_fb5ece46-c6e7-4d56-a48a-607783ad818f\"}]","timeRestore":false,"title":"Endgame - Network","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"49d34770-53b2-11ec-b3ef-6bcc33056a36","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"754f7380-6d82-11ec-864c-8b5450f97635","name":"5485c8f5-90ea-409f-8522-f0a58716a12e:panel_5485c8f5-90ea-409f-8522-f0a58716a12e","type":"visualization"},{"id":"ec0fa520-6329-11ec-864c-8b5450f97635","name":"2fcc00ab-4db8-4760-9bd0-111a3cd1c822:panel_2fcc00ab-4db8-4760-9bd0-111a3cd1c822","type":"lens"},{"id":"a82d8250-6324-11ec-864c-8b5450f97635","name":"0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800","type":"lens"},{"id":"a82d8250-6324-11ec-864c-8b5450f97635","name":"0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800","type":"lens"},{"id":"a82d8250-6324-11ec-864c-8b5450f97635","name":"0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800","type":"lens"},{"id":"a82d8250-6324-11ec-864c-8b5450f97635","name":"0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800","type":"lens"},{"id":"a82d8250-6324-11ec-864c-8b5450f97635","name":"0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800","type":"lens"},{"id":"a82d8250-6324-11ec-864c-8b5450f97635","name":"0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800","type":"lens"},{"id":"a82d8250-6324-11ec-864c-8b5450f97635","name":"0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800","type":"lens"},{"id":"a82d8250-6324-11ec-864c-8b5450f97635","name":"0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800","type":"lens"},{"id":"a82d8250-6324-11ec-864c-8b5450f97635","name":"0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800","type":"lens"},{"id":"a82d8250-6324-11ec-864c-8b5450f97635","name":"0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800","type":"lens"},{"id":"a82d8250-6324-11ec-864c-8b5450f97635","name":"0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800","type":"lens"},{"id":"a82d8250-6324-11ec-864c-8b5450f97635","name":"0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800","type":"lens"},{"id":"a82d8250-6324-11ec-864c-8b5450f97635","name":"0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800","type":"lens"},{"id":"endgame-*","name":"0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:indexpattern-datasource-layer-909005b3-b986-4bf6-9504-f4a9c877a966","type":"index-pattern"},{"id":"2f20b2c0-6323-11ec-864c-8b5450f97635","name":"3db56ff3-17bb-4304-95ca-5b7b6254257a:panel_3db56ff3-17bb-4304-95ca-5b7b6254257a","type":"lens"},{"id":"22ffcc70-6322-11ec-864c-8b5450f97635","name":"0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10","type":"lens"},{"id":"22ffcc70-6322-11ec-864c-8b5450f97635","name":"0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10","type":"lens"},{"id":"22ffcc70-6322-11ec-864c-8b5450f97635","name":"0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10","type":"lens"},{"id":"22ffcc70-6322-11ec-864c-8b5450f97635","name":"0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10","type":"lens"},{"id":"22ffcc70-6322-11ec-864c-8b5450f97635","name":"0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10","type":"lens"},{"id":"22ffcc70-6322-11ec-864c-8b5450f97635","name":"0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10","type":"lens"},{"id":"22ffcc70-6322-11ec-864c-8b5450f97635","name":"0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10","type":"lens"},{"id":"22ffcc70-6322-11ec-864c-8b5450f97635","name":"0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10","type":"lens"},{"id":"22ffcc70-6322-11ec-864c-8b5450f97635","name":"0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10","type":"lens"},{"id":"22ffcc70-6322-11ec-864c-8b5450f97635","name":"0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10","type":"lens"},{"id":"22ffcc70-6322-11ec-864c-8b5450f97635","name":"0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10","type":"lens"},{"id":"22ffcc70-6322-11ec-864c-8b5450f97635","name":"0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10","type":"lens"},{"id":"22ffcc70-6322-11ec-864c-8b5450f97635","name":"0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10","type":"lens"},{"id":"22ffcc70-6322-11ec-864c-8b5450f97635","name":"0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10","type":"lens"},{"id":"endgame-*","name":"0fd77215-f380-4e05-8e8d-7eff24e7eb10:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"0fd77215-f380-4e05-8e8d-7eff24e7eb10:indexpattern-datasource-layer-7d4edcbb-fca9-47d9-93df-acba6aaf6f58","type":"index-pattern"},{"id":"ac2e7c60-6e41-11ec-864c-8b5450f97635","name":"55ac1386-6ccb-4926-813d-1dc397a60036:panel_55ac1386-6ccb-4926-813d-1dc397a60036","type":"lens"},{"id":"ac2e7c60-6e41-11ec-864c-8b5450f97635","name":"55ac1386-6ccb-4926-813d-1dc397a60036:panel_55ac1386-6ccb-4926-813d-1dc397a60036","type":"lens"},{"id":"ac2e7c60-6e41-11ec-864c-8b5450f97635","name":"55ac1386-6ccb-4926-813d-1dc397a60036:panel_55ac1386-6ccb-4926-813d-1dc397a60036","type":"lens"},{"id":"ac2e7c60-6e41-11ec-864c-8b5450f97635","name":"55ac1386-6ccb-4926-813d-1dc397a60036:panel_55ac1386-6ccb-4926-813d-1dc397a60036","type":"lens"},{"id":"ac2e7c60-6e41-11ec-864c-8b5450f97635","name":"55ac1386-6ccb-4926-813d-1dc397a60036:panel_55ac1386-6ccb-4926-813d-1dc397a60036","type":"lens"},{"id":"endgame-*","name":"55ac1386-6ccb-4926-813d-1dc397a60036:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"55ac1386-6ccb-4926-813d-1dc397a60036:indexpattern-datasource-layer-f2b4871a-9aca-4016-848c-331b8c221cf7","type":"index-pattern"},{"id":"c7f8be60-6e41-11ec-864c-8b5450f97635","name":"0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6:panel_0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6","type":"lens"},{"id":"c7f8be60-6e41-11ec-864c-8b5450f97635","name":"0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6:panel_0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6","type":"lens"},{"id":"c7f8be60-6e41-11ec-864c-8b5450f97635","name":"0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6:panel_0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6","type":"lens"},{"id":"c7f8be60-6e41-11ec-864c-8b5450f97635","name":"0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6:panel_0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6","type":"lens"},{"id":"c7f8be60-6e41-11ec-864c-8b5450f97635","name":"0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6:panel_0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6","type":"lens"},{"id":"endgame-*","name":"0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6:indexpattern-datasource-layer-d76872f3-61fb-4b26-8440-0ca886e33224","type":"index-pattern"},{"id":"38c95ae0-6e4d-11ec-864c-8b5450f97635","name":"93e059d5-fc50-4357-9dfa-939f48da5834:panel_93e059d5-fc50-4357-9dfa-939f48da5834","type":"lens"},{"id":"de389910-6f0a-11ec-864c-8b5450f97635","name":"cb25c6cd-4360-4a3f-8c5c-49a1b1a3d002:panel_cb25c6cd-4360-4a3f-8c5c-49a1b1a3d002","type":"visualization"},{"id":"85048e40-6329-11ec-864c-8b5450f97635","name":"1d174f74-9575-4827-8ae0-d5db7d53777b:panel_1d174f74-9575-4827-8ae0-d5db7d53777b","type":"lens"},{"id":"85048e40-6329-11ec-864c-8b5450f97635","name":"1d174f74-9575-4827-8ae0-d5db7d53777b:panel_1d174f74-9575-4827-8ae0-d5db7d53777b","type":"lens"},{"id":"85048e40-6329-11ec-864c-8b5450f97635","name":"1d174f74-9575-4827-8ae0-d5db7d53777b:panel_1d174f74-9575-4827-8ae0-d5db7d53777b","type":"lens"},{"id":"85048e40-6329-11ec-864c-8b5450f97635","name":"1d174f74-9575-4827-8ae0-d5db7d53777b:panel_1d174f74-9575-4827-8ae0-d5db7d53777b","type":"lens"},{"id":"85048e40-6329-11ec-864c-8b5450f97635","name":"1d174f74-9575-4827-8ae0-d5db7d53777b:panel_1d174f74-9575-4827-8ae0-d5db7d53777b","type":"lens"},{"id":"85048e40-6329-11ec-864c-8b5450f97635","name":"1d174f74-9575-4827-8ae0-d5db7d53777b:panel_1d174f74-9575-4827-8ae0-d5db7d53777b","type":"lens"},{"id":"85048e40-6329-11ec-864c-8b5450f97635","name":"1d174f74-9575-4827-8ae0-d5db7d53777b:panel_1d174f74-9575-4827-8ae0-d5db7d53777b","type":"lens"},{"id":"85048e40-6329-11ec-864c-8b5450f97635","name":"1d174f74-9575-4827-8ae0-d5db7d53777b:panel_1d174f74-9575-4827-8ae0-d5db7d53777b","type":"lens"},{"id":"85048e40-6329-11ec-864c-8b5450f97635","name":"1d174f74-9575-4827-8ae0-d5db7d53777b:panel_1d174f74-9575-4827-8ae0-d5db7d53777b","type":"lens"},{"id":"85048e40-6329-11ec-864c-8b5450f97635","name":"1d174f74-9575-4827-8ae0-d5db7d53777b:panel_1d174f74-9575-4827-8ae0-d5db7d53777b","type":"lens"},{"id":"85048e40-6329-11ec-864c-8b5450f97635","name":"1d174f74-9575-4827-8ae0-d5db7d53777b:panel_1d174f74-9575-4827-8ae0-d5db7d53777b","type":"lens"},{"id":"85048e40-6329-11ec-864c-8b5450f97635","name":"1d174f74-9575-4827-8ae0-d5db7d53777b:panel_1d174f74-9575-4827-8ae0-d5db7d53777b","type":"lens"},{"id":"endgame-*","name":"1d174f74-9575-4827-8ae0-d5db7d53777b:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"1d174f74-9575-4827-8ae0-d5db7d53777b:indexpattern-datasource-layer-89c7faa8-15c2-4772-95a6-8049a683be1a","type":"index-pattern"},{"id":"f30bef10-6328-11ec-864c-8b5450f97635","name":"0dc8b0a7-c750-4e4d-8fa3-fa9fb8814fa1:panel_0dc8b0a7-c750-4e4d-8fa3-fa9fb8814fa1","type":"lens"},{"id":"4e1aa7c0-6ed2-11ec-864c-8b5450f97635","name":"fb5ece46-c6e7-4d56-a48a-607783ad818f:panel_fb5ece46-c6e7-4d56-a48a-607783ad818f","type":"search"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1688996741503,4875],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyMDUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DNS - Protocol (Donut Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"DNS - Protocol (Donut Chart)\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"protocol.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Protocol\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"49e04860-4a4e-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4877],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyMDYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Kerberos - Request Type (Horizontal Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Kerberos - Request Type (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":false,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"request_type.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Request Type\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"4aa0b2a0-6e1a-11e7-89e4-613b96f597e1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4879],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyMDcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Network - Destination IPs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Network - Destination IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IPs\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"4adca340-6eae-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"387f44c0-6ea7-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1688996741503,4881],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyMDgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NTLM - Username","uiStateJSON":"{\n  \"vis\": {\n    \"params\": {\n      \"sort\": {\n        \"columnIndex\": null,\n        \"direction\": null\n      }\n    }\n  }\n}","version":1,"visState":"{\"title\":\"NTLM - Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"4d869ee0-3ab1-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688996741503,4883],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyMDksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_dns AND highest_registered_domain:google.com~ -highest_registered_domain:google.com AND highest_registered_domain:youtube.com~ -highest_registered_domain:youtube.com AND highest_registered_domain:facebook.com~ -highest_registered_domain:facebook.com AND highest_registered_domain:wikipedia.org~ -highest_registered_domain:wikipedia.org AND highest_registered_domain:google.co.in~ -highest_registered_domain:google.co.in AND highest_registered_domain:reddit.com~ -highest_registered_domain:reddit.com AND highest_registered_domain:amazon.com~ -highest_registered_domain:amazon.com AND highest_registered_domain:taobao.com~ -highest_registered_domain:taobao.com AND highest_registered_domain:twitter.com~ -highest_registered_domain:twitter.com AND highest_registered_domain:google.co.jp~ -highest_registered_domain:google.co.jp AND highest_registered_domain:instagram.com~ -highest_registered_domain:instagram.com AND highest_registered_domain:sina.com.cn~ -highest_registered_domain:sina.com.cn AND highest_registered_domain:google.co.uk~ -highest_registered_domain:google.co.uk AND highest_registered_domain:linkedin.com~ -highest_registered_domain:linkedin.com AND highest_registered_domain:list.tmall.com~ -highest_registered_domain:list.tmall.com AND highest_registered_domain:google.com.br~ -highest_registered_domain:google.com.br AND highest_registered_domain:google.com.hk~ -highest_registered_domain:google.com.hk AND highest_registered_domain:netflix.com~ -highest_registered_domain:netflix.com AND highest_registered_domain:yahoo.co.jp~ -highest_registered_domain:yahoo.co.jp AND highest_registered_domain:pornhub.com~ -highest_registered_domain:pornhub.com AND highest_registered_domain:xvideos.com~ -highest_registered_domain:xvideos.com AND highest_registered_domain:microsoft.com~ -highest_registered_domain:microsoft.com AND highest_registered_domain:livejasmin.com~ -highest_registered_domain:livejasmin.com AND highest_registered_domain:aliexpress.com~ -highest_registered_domain:aliexpress.com AND highest_registered_domain:stackoverflow.com~ -highest_registered_domain:stackoverflow.com AND highest_registered_domain:wordpress.com~ -highest_registered_domain:wordpress.com AND highest_registered_domain:hao123.com~ -highest_registered_domain:hao123.com AND highest_registered_domain:github.com~ -highest_registered_domain:github.com AND highest_registered_domain:amazon.co.jp~ -highest_registered_domain:amazon.co.jp AND highest_registered_domain:blogspot.com~ -highest_registered_domain:blogspot.com AND highest_registered_domain:pinterest.com~ -highest_registered_domain:pinterest.com AND highest_registered_domain:bongacams.com~ -highest_registered_domain:bongacams.com AND highest_registered_domain:google.com.tr~ -highest_registered_domain:google.com.tr AND highest_registered_domain:popads.net~ -highest_registered_domain:popads.net AND highest_registered_domain:paypal.com~ -highest_registered_domain:paypal.com AND highest_registered_domain:office.com~ -highest_registered_domain:office.com AND highest_registered_domain:google.com.tw~ -highest_registered_domain:google.com.tw AND highest_registered_domain:google.com.au~ -highest_registered_domain:google.com.au AND highest_registered_domain:whatsapp.com~ -highest_registered_domain:whatsapp.com AND highest_registered_domain:microsoftonline.com~ -highest_registered_domain:microsoftonline.com\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"DNS - Phishing Attempts Against Alexa Top Sites","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 0\":\"rgb(0,104,55)\",\"1 - 999999\":\"rgb(165,0,38)\"}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Phishing attempts against your domain(s)\"},\"schema\":\"metric\",\"type\":\"count\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTooltip\":true,\"gauge\":{\"backStyle\":\"Full\",\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":0},{\"from\":1,\"to\":999999}],\"extendRange\":true,\"gaugeColorMode\":\"Labels\",\"gaugeStyle\":\"Full\",\"gaugeType\":\"Arc\",\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"orientation\":\"vertical\",\"percentageMode\":false,\"scale\":{\"color\":\"#333\",\"labels\":false,\"show\":true},\"style\":{\"bgColor\":false,\"bgFill\":\"#eee\",\"bgMask\":false,\"bgWidth\":0.9,\"fontSize\":60,\"labelColor\":true,\"mask\":false,\"maskBars\":50,\"subText\":\"Edit this to reflect your domain(s)\",\"width\":0.9},\"type\":\"meter\",\"alignment\":\"horizontal\"}},\"title\":\"DNS - Phishing Attempts Against Alexa Top Sites\",\"type\":\"gauge\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"4d89e140-6f09-11e7-9d31-23c0596994a7","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4885],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyMTAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"},"title":"Navigation","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"[Home](/kibana/app/dashboards#/view/94b52620-342a-11e7-9d52-4f090484f59e)   \\n[Help](/kibana/app/dashboards#/view/AV6-POJSDwoBUzALqKAg)   \\n\\n**Alert Data**  \\n[Bro Notices](/kibana/app/dashboards#/view/01600fb0-34e4-11e7-9669-7f1d3242b798)   \\n[ElastAlert](/kibana/app/dashboards#/view/1d98d620-7dce-11e7-846a-150cdcaf3374)   \\n[HIDS](/kibana/app/dashboards#/view/0de7a390-3644-11e7-a6f7-4f44d7bf1c33)  \\n[NIDS](/kibana/app/dashboards#/view/7f27a830-34e5-11e7-9669-7f1d3242b798)      \\n\\n**Bro Hunting**   \\n[Connections](/kibana/app/dashboards#/view/e0a34b90-34e6-11e7-9118-45bd317f0ca4)   \\n[DCE/RPC](/kibana/app/dashboards#/view/46582d50-3af2-11e7-a83b-b1b4da7d15f4)   \\n[DHCP](/kibana/app/dashboards#/view/85348270-357b-11e7-ac34-8965f6420c51)  \\n[DNP3](/kibana/app/dashboards#/view/2fdf5bf0-3581-11e7-98ef-19df58fe538b)  \\n[DNS](/kibana/app/dashboards#/view/ebf5ec90-34bf-11e7-9b32-bb903919ead9)  \\n[Files](/kibana/app/dashboards#/view/2d315d80-3582-11e7-98ef-19df58fe538b)  \\n[FTP](/kibana/app/dashboards#/view/27f3b380-3583-11e7-a588-05992195c551)  \\n[HTTP](/kibana/app/dashboards#/view/230134a0-34c6-11e7-8360-0b86c90983fd)  \\n[Intel](/kibana/app/dashboards#/view/468022c0-3583-11e7-a588-05992195c551)  \\n[IRC](/kibana/app/dashboards#/view/56a34ce0-3583-11e7-a588-05992195c551)  \\n[Kerberos](/kibana/app/dashboards#/view/6b0d4870-3583-11e7-a588-05992195c551)  \\n[Modbus](/kibana/app/dashboards#/view/70c005f0-3583-11e7-a588-05992195c551)  \\n[MySQL](/kibana/app/dashboards#/view/7929f430-3583-11e7-a588-05992195c551)  \\n[NTLM](/kibana/app/dashboards#/view/022713e0-3ab0-11e7-a83b-b1b4da7d15f4)  \\n[PE](/kibana/app/dashboards#/view/8a10e380-3583-11e7-a588-05992195c551)  \\n[RADIUS](/kibana/app/dashboards#/view/90b246c0-3583-11e7-a588-05992195c551)  \\n[RDP](/kibana/app/dashboards#/view/97f8c3a0-3583-11e7-a588-05992195c551)  \\n[RFB](/kibana/app/dashboards#/view/9ef20ae0-3583-11e7-a588-05992195c551)  \\n[SIP](/kibana/app/dashboards#/view/ad3c0830-3583-11e7-a588-05992195c551)  \\n[SMB](/kibana/app/dashboards#/view/b3a53710-3aaa-11e7-8b17-0d8709b02c80)  \\n[SMTP](/kibana/app/dashboards#/view/b10a9c60-3583-11e7-a588-05992195c551)  \\n[SNMP](/kibana/app/dashboards#/view/b65c2710-3583-11e7-a588-05992195c551)  \\n[Software](/kibana/app/dashboards#/view/c2c99c30-3583-11e7-a588-05992195c551)  \\n[SSH](/kibana/app/dashboards#/view/c6ccfc00-3583-11e7-a588-05992195c551)  \\n[SSL](/kibana/app/dashboards#/view/cca67b60-3583-11e7-a588-05992195c551)  \\n[Syslog](/kibana/app/dashboards#/view/c4bbe040-76b3-11e7-ba96-cba76a1e264d)   \\n[Tunnels](/kibana/app/dashboards#/view/d7b54ae0-3583-11e7-a588-05992195c551)  \\n[Weird](/kibana/app/dashboards#/view/de2da250-3583-11e7-a588-05992195c551)  \\n[X.509](/kibana/app/dashboards#/view/e5aa7170-3583-11e7-a588-05992195c551)  \\n\\n**Host Hunting**   \\n[Autoruns](/kibana/app/dashboards#/view/61d43810-6d62-11e7-8ddb-e71eb260f4a3)   \\n[Beats](/kibana/app/dashboards#/view/AWBLNS3CRuBloj96jxub)  \\n[Osquery](/kibana/app/dashboards#/view/9d0e2da0-14e1-11e9-82f7-0da02d93a48b)      \\n[OSSEC](/kibana/app/dashboards#/view/3a457d70-3583-11e7-a588-05992195c551)    \\n[Sysmon](/kibana/app/dashboards#/view/6d189680-6d62-11e7-8ddb-e71eb260f4a3)      \\n\\n**Other**   \\n[Domain Stats](/kibana/app/dashboards#/view/AWAi6wvxAvKNGEbUWO_j)  \\n[Firewall](/kibana/app/dashboards#/view/50173bd0-3582-11e7-98ef-19df58fe538b)   \\n[Frequency](/kibana/app/dashboards#/view/AWAi5k4jAvKNGEbUWFis)  \\n[Stats](/kibana/app/dashboards#/view/130017f0-46ce-11e7-946f-1bfb1be7c36b)   \\n[Syslog](/kibana/app/dashboards#/view/4323af90-76e5-11e7-ab14-e1a4c1bc11e0)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"b3b449d0-3429-11e7-9d52-4f090484f59e","migrationVersion":{"visualization":"8.5.0"},"references":[],"sort":[1688996741503,4886],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyMTEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Source - Top Connection Duration  (Tile Map)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Connections - Source - Top Connection Duration  (Tile Map)\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":0,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"duration\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"source_geo.location\",\"autoPrecision\":true,\"useGeocentroid\":true,\"precision\":2}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"5ea38360-46c7-11e7-946f-1bfb1be7c36b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4888],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyMTIsMV0="}
+{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.3.0\",\"gridData\":{\"w\":8,\"h\":44,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.3.0\",\"gridData\":{\"w\":40,\"h\":40,\"x\":8,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[14.604847155053898,0.17578125],\"mapZoom\":2,\"enhancements\":{}},\"panelRefName\":\"panel_1\"}]","timeRestore":false,"title":"Connections - Source - Top Connection Duration","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"4e108070-46c7-11e7-946f-1bfb1be7c36b","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"5ea38360-46c7-11e7-946f-1bfb1be7c36b","name":"panel_1","type":"visualization"}],"sort":[1688996741503,4891],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyMTMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"PE - Section Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"PE - Section Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"section_names.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"4e56b4d0-416f-11e7-9850-b78558d0ac17","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"66288140-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4893],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyMTQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DHCP - IP to MAC Assignment","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DHCP - IP to MAC Assignment\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"assigned_ip.keyword\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Assigned IP Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mac.keyword\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MAC Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP Address\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"4e877100-4a48-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"ac1799d0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4895],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyMTUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SSL - Issuer","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SSL - Issuer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ssl.certificate.issuer.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ssl.certificate.issuer.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Issuer\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"4e8cbf80-75ec-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4897],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyMTYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"OSSEC Alerts - Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"OSSEC Alerts - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"4fa0e530-3644-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d9096bb0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4899],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyMTcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Server Version","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RFB - Server Version\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server_major_version.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Major Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server_minor_version.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Minor Version\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"4fade7b0-6e22-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4901],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyMTgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - File Size","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - File Size\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"file.size: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.size\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Size\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"50b4c880-72df-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4903],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyMTksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RDP - Client","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RDP - Client\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client_name.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"524e13b0-371c-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4905],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyMjAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DNS - Answers","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DNS - Answers\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"dns.answers.name.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dns.answers.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Answer\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"536876a0-72ba-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4907],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyMjEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Tunnels - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Tunnels - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"53824da0-6e35-11e7-9a19-a5996f8250c6","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d26d5510-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4909],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyMjIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SIP - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SIP - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"5393c710-3640-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4911],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyMjMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSL - Server","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSL - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server_name.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"53ac63e0-365b-11e7-8bd0-1db2c55fb7a1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4913],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyMjQsMV0="}
+{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_smtp\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"SMTP - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"a6cea530-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4915],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyMjUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - Webmail - True/False (Vertical Bar Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"SMTP - Webmail - True/False (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Webmail\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"is_webmail.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Webmail\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"53beb0d0-6e29-11e7-8b76-75eee0095daa","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4917],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyMjYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Notices - File MIME Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Notices - File MIME Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file_mime_type.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MIME Type\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"53c62730-39ad-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4919],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyMjcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSH - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSH - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"54d78f50-6e33-11e7-9a19-a5996f8250c6","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c33e7600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4921],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyMjgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DCE/RPC - Endpoint","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DCE/RPC - Endpoint\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"endpoint.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Endpoint\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"553acbb0-3af3-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688996741503,4923],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyMjksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - NTLM - Success","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - NTLM - Success\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"boolean\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ntlm.success: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ntlm.success\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Success\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"e9f31a70-75c2-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4925],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyMzAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - NTLM - Tree","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - NTLM - Tree\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ntlm.server.tree.name.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ntlm.server.tree.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Tree\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"8cb83890-75c2-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4927],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyMzEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - NTLM - Server","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - NTLM - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Netbios\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"DNS\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ntlm.server.nb.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"NetBIOS\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ntlm.server.dns.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"\",\"customLabel\":\"DNS\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"63f139c0-75c2-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4929],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyMzIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:ntlm\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":9,\"i\":\"4555a871-9c2c-48d4-b143-bffc6d41ea4d\"},\"panelIndex\":\"4555a871-9c2c-48d4-b143-bffc6d41ea4d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4555a871-9c2c-48d4-b143-bffc6d41ea4d\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":14,\"y\":0,\"w\":16,\"h\":9,\"i\":\"0bc9ae29-cbc1-4272-ad27-9c2ff51c19ff\"},\"panelIndex\":\"0bc9ae29-cbc1-4272-ad27-9c2ff51c19ff\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0bc9ae29-cbc1-4272-ad27-9c2ff51c19ff\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":9,\"i\":\"d32748d9-d47b-41bb-ab9f-b59817230998\"},\"panelIndex\":\"d32748d9-d47b-41bb-ab9f-b59817230998\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_d32748d9-d47b-41bb-ab9f-b59817230998\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":8,\"h\":18,\"i\":\"2f7a5ee8-2258-4c8d-af2d-99a9e11defa2\"},\"panelIndex\":\"2f7a5ee8-2258-4c8d-af2d-99a9e11defa2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2f7a5ee8-2258-4c8d-af2d-99a9e11defa2\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":8,\"y\":9,\"w\":8,\"h\":18,\"i\":\"4a50def3-c905-4493-b352-59741d68326e\"},\"panelIndex\":\"4a50def3-c905-4493-b352-59741d68326e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4a50def3-c905-4493-b352-59741d68326e\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":16,\"y\":9,\"w\":10,\"h\":18,\"i\":\"075d7365-e106-4a1e-b003-bab7abbb7146\"},\"panelIndex\":\"075d7365-e106-4a1e-b003-bab7abbb7146\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_075d7365-e106-4a1e-b003-bab7abbb7146\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":26,\"y\":9,\"w\":9,\"h\":18,\"i\":\"5202d0b2-7f34-4182-8e25-ec87d4df0965\"},\"panelIndex\":\"5202d0b2-7f34-4182-8e25-ec87d4df0965\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5202d0b2-7f34-4182-8e25-ec87d4df0965\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":35,\"y\":9,\"w\":13,\"h\":18,\"i\":\"f93042fa-bdd7-495f-af7b-eec95073e015\"},\"panelIndex\":\"f93042fa-bdd7-495f-af7b-eec95073e015\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f93042fa-bdd7-495f-af7b-eec95073e015\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":29,\"i\":\"c72c241d-5b6f-475c-831b-4419dd437a26\"},\"panelIndex\":\"c72c241d-5b6f-475c-831b-4419dd437a26\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_c72c241d-5b6f-475c-831b-4419dd437a26\"}]","timeRestore":false,"title":"Security Onion - NTLM","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"558292e0-75c1-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"4555a871-9c2c-48d4-b143-bffc6d41ea4d:panel_4555a871-9c2c-48d4-b143-bffc6d41ea4d","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"0bc9ae29-cbc1-4272-ad27-9c2ff51c19ff:panel_0bc9ae29-cbc1-4272-ad27-9c2ff51c19ff","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"d32748d9-d47b-41bb-ab9f-b59817230998:panel_d32748d9-d47b-41bb-ab9f-b59817230998","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"2f7a5ee8-2258-4c8d-af2d-99a9e11defa2:panel_2f7a5ee8-2258-4c8d-af2d-99a9e11defa2","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"4a50def3-c905-4493-b352-59741d68326e:panel_4a50def3-c905-4493-b352-59741d68326e","type":"visualization"},{"id":"e9f31a70-75c2-11ea-9565-7315f4ee5cac","name":"075d7365-e106-4a1e-b003-bab7abbb7146:panel_075d7365-e106-4a1e-b003-bab7abbb7146","type":"visualization"},{"id":"8cb83890-75c2-11ea-9565-7315f4ee5cac","name":"5202d0b2-7f34-4182-8e25-ec87d4df0965:panel_5202d0b2-7f34-4182-8e25-ec87d4df0965","type":"visualization"},{"id":"63f139c0-75c2-11ea-9565-7315f4ee5cac","name":"f93042fa-bdd7-495f-af7b-eec95073e015:panel_f93042fa-bdd7-495f-af7b-eec95073e015","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"c72c241d-5b6f-475c-831b-4419dd437a26:panel_c72c241d-5b6f-475c-831b-4419dd437a26","type":"search"}],"sort":[1688996741503,4939],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyMzMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:dns\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":9,\"i\":\"ae3e83b1-5e53-40eb-8e4f-541e4851ddd2\"},\"panelIndex\":\"ae3e83b1-5e53-40eb-8e4f-541e4851ddd2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_ae3e83b1-5e53-40eb-8e4f-541e4851ddd2\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":14,\"y\":0,\"w\":14,\"h\":9,\"i\":\"4b8b4859-bd5c-446c-94e1-6d9b57cbe922\"},\"panelIndex\":\"4b8b4859-bd5c-446c-94e1-6d9b57cbe922\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4b8b4859-bd5c-446c-94e1-6d9b57cbe922\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":20,\"h\":9,\"i\":\"ee03c5c1-9e26-42e3-b569-afa2712d7047\"},\"panelIndex\":\"ee03c5c1-9e26-42e3-b569-afa2712d7047\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_ee03c5c1-9e26-42e3-b569-afa2712d7047\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":9,\"h\":19,\"i\":\"706d8a5a-a263-48d0-8eb8-12eeade27115\"},\"panelIndex\":\"706d8a5a-a263-48d0-8eb8-12eeade27115\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_706d8a5a-a263-48d0-8eb8-12eeade27115\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":9,\"w\":9,\"h\":19,\"i\":\"bf29b086-8b8d-47a5-8280-afeb737d6163\"},\"panelIndex\":\"bf29b086-8b8d-47a5-8280-afeb737d6163\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_bf29b086-8b8d-47a5-8280-afeb737d6163\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":18,\"y\":9,\"w\":8,\"h\":19,\"i\":\"e99fb09c-6d8a-4a26-87ca-9ab82ef137c9\"},\"panelIndex\":\"e99fb09c-6d8a-4a26-87ca-9ab82ef137c9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e99fb09c-6d8a-4a26-87ca-9ab82ef137c9\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":26,\"y\":9,\"w\":11,\"h\":19,\"i\":\"499d1548-292c-47a9-8f26-73a6af91d004\"},\"panelIndex\":\"499d1548-292c-47a9-8f26-73a6af91d004\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_499d1548-292c-47a9-8f26-73a6af91d004\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":28,\"w\":23,\"h\":21,\"i\":\"e41240ec-8024-4f3f-9de0-869622470e4d\"},\"panelIndex\":\"e41240ec-8024-4f3f-9de0-869622470e4d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e41240ec-8024-4f3f-9de0-869622470e4d\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":23,\"y\":28,\"w\":25,\"h\":21,\"i\":\"fe297ab2-9a4b-438c-913b-7b5d1dea6182\"},\"panelIndex\":\"fe297ab2-9a4b-438c-913b-7b5d1dea6182\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_fe297ab2-9a4b-438c-913b-7b5d1dea6182\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":49,\"w\":48,\"h\":29,\"i\":\"ae756423-c1d9-46f8-a1ee-28ee9626349d\"},\"panelIndex\":\"ae756423-c1d9-46f8-a1ee-28ee9626349d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_ae756423-c1d9-46f8-a1ee-28ee9626349d\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":37,\"y\":9,\"w\":11,\"h\":19,\"i\":\"e79ec813-6af2-4618-ad48-a25444a8abe4\"},\"panelIndex\":\"e79ec813-6af2-4618-ad48-a25444a8abe4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e79ec813-6af2-4618-ad48-a25444a8abe4\"}]","timeRestore":false,"title":"Security Onion - DNS","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"55ac6bf0-6ec4-11ea-9266-1fd14ca6af34","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"ae3e83b1-5e53-40eb-8e4f-541e4851ddd2:panel_ae3e83b1-5e53-40eb-8e4f-541e4851ddd2","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"4b8b4859-bd5c-446c-94e1-6d9b57cbe922:panel_4b8b4859-bd5c-446c-94e1-6d9b57cbe922","type":"visualization"},{"id":"c879ad60-72a1-11ea-8dd2-9d8795a1200b","name":"ee03c5c1-9e26-42e3-b569-afa2712d7047:panel_ee03c5c1-9e26-42e3-b569-afa2712d7047","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"706d8a5a-a263-48d0-8eb8-12eeade27115:panel_706d8a5a-a263-48d0-8eb8-12eeade27115","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"bf29b086-8b8d-47a5-8280-afeb737d6163:panel_bf29b086-8b8d-47a5-8280-afeb737d6163","type":"visualization"},{"id":"f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b","name":"e99fb09c-6d8a-4a26-87ca-9ab82ef137c9:panel_e99fb09c-6d8a-4a26-87ca-9ab82ef137c9","type":"visualization"},{"id":"13cda410-c770-11ea-bebb-37c5ab5894ea","name":"499d1548-292c-47a9-8f26-73a6af91d004:panel_499d1548-292c-47a9-8f26-73a6af91d004","type":"visualization"},{"id":"07065340-72ba-11ea-8dd2-9d8795a1200b","name":"e41240ec-8024-4f3f-9de0-869622470e4d:panel_e41240ec-8024-4f3f-9de0-869622470e4d","type":"visualization"},{"id":"536876a0-72ba-11ea-8dd2-9d8795a1200b","name":"fe297ab2-9a4b-438c-913b-7b5d1dea6182:panel_fe297ab2-9a4b-438c-913b-7b5d1dea6182","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"ae756423-c1d9-46f8-a1ee-28ee9626349d:panel_ae756423-c1d9-46f8-a1ee-28ee9626349d","type":"search"},{"id":"336dbde0-88aa-11eb-9841-852c8cc8a2e8","name":"e79ec813-6af2-4618-ad48-a25444a8abe4:panel_e79ec813-6af2-4618-ad48-a25444a8abe4","type":"visualization"}],"sort":[1688996741503,4951],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyMzQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNS - Client","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNS - Client\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"57a9a3f0-34c0-11e7-9b32-bb903919ead9","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4953],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyMzUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DHCP - Lease Time","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DHCP - Lease Time\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"lease_time.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Lease Time\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"58c84f60-0edb-11e9-9846-59f545e7293f","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"ac1799d0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4955],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyMzYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNP3 - Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"DNP3 - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 minutes\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"593f1850-3581-11e7-98ef-19df58fe538b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c2587840-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4957],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyMzcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Devices - Log Count By Device","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Devices - Log Count By Device\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"type\":\"table\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"syslog-host_from.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Device\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"5b3988c0-a840-11e7-893a-1b88920b2837","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4959],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyMzgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RDP - Client Build","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - RDP - Client Build\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rdp.client_build.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rdp.client_build.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Build\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"bdae8640-75c5-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4961],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyMzksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RDP - Security Protocol","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - RDP - Security Protocol\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rdp.security_protocol.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rdp.security_protocol.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"dad85840-75c5-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4963],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyNDAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:rdp\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"1aacbaf6-078a-4b6e-bbd2-ae21a4974aba\"},\"panelIndex\":\"1aacbaf6-078a-4b6e-bbd2-ae21a4974aba\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1aacbaf6-078a-4b6e-bbd2-ae21a4974aba\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":13,\"y\":0,\"w\":16,\"h\":8,\"i\":\"8abc0250-1076-45e8-b62b-54dc7dd0cfca\"},\"panelIndex\":\"8abc0250-1076-45e8-b62b-54dc7dd0cfca\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8abc0250-1076-45e8-b62b-54dc7dd0cfca\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":8,\"i\":\"dc48b27e-f00b-4723-87ab-64f726e51e74\"},\"panelIndex\":\"dc48b27e-f00b-4723-87ab-64f726e51e74\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_dc48b27e-f00b-4723-87ab-64f726e51e74\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":8,\"w\":9,\"h\":19,\"i\":\"da3945b4-9e74-4bb9-8868-a13f1d9bc0d8\"},\"panelIndex\":\"da3945b4-9e74-4bb9-8868-a13f1d9bc0d8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_da3945b4-9e74-4bb9-8868-a13f1d9bc0d8\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":8,\"w\":9,\"h\":19,\"i\":\"f4437b55-61ef-4818-a8c4-448407c7052b\"},\"panelIndex\":\"f4437b55-61ef-4818-a8c4-448407c7052b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f4437b55-61ef-4818-a8c4-448407c7052b\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":18,\"y\":8,\"w\":7,\"h\":19,\"i\":\"33630c53-4de4-4064-a319-bd71be01dc06\"},\"panelIndex\":\"33630c53-4de4-4064-a319-bd71be01dc06\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_33630c53-4de4-4064-a319-bd71be01dc06\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":25,\"y\":8,\"w\":7,\"h\":19,\"i\":\"ed8dee78-79d4-47cf-9ed5-6120f00f3aaf\"},\"panelIndex\":\"ed8dee78-79d4-47cf-9ed5-6120f00f3aaf\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_ed8dee78-79d4-47cf-9ed5-6120f00f3aaf\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":32,\"y\":8,\"w\":7,\"h\":19,\"i\":\"35083762-4591-44ac-a31f-36bed3414af2\"},\"panelIndex\":\"35083762-4591-44ac-a31f-36bed3414af2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_35083762-4591-44ac-a31f-36bed3414af2\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":39,\"y\":8,\"w\":9,\"h\":19,\"i\":\"66e7cf00-ec90-4df3-acd3-02fb271f0959\"},\"panelIndex\":\"66e7cf00-ec90-4df3-acd3-02fb271f0959\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_66e7cf00-ec90-4df3-acd3-02fb271f0959\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":29,\"i\":\"f84fe347-bdda-4297-b460-eee297f7e91e\"},\"panelIndex\":\"f84fe347-bdda-4297-b460-eee297f7e91e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f84fe347-bdda-4297-b460-eee297f7e91e\"}]","timeRestore":false,"title":"Security Onion - RDP","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"5b743150-75c5-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"1aacbaf6-078a-4b6e-bbd2-ae21a4974aba:panel_1aacbaf6-078a-4b6e-bbd2-ae21a4974aba","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"8abc0250-1076-45e8-b62b-54dc7dd0cfca:panel_8abc0250-1076-45e8-b62b-54dc7dd0cfca","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"dc48b27e-f00b-4723-87ab-64f726e51e74:panel_dc48b27e-f00b-4723-87ab-64f726e51e74","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"da3945b4-9e74-4bb9-8868-a13f1d9bc0d8:panel_da3945b4-9e74-4bb9-8868-a13f1d9bc0d8","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"f4437b55-61ef-4818-a8c4-448407c7052b:panel_f4437b55-61ef-4818-a8c4-448407c7052b","type":"visualization"},{"id":"bdae8640-75c5-11ea-9565-7315f4ee5cac","name":"33630c53-4de4-4064-a319-bd71be01dc06:panel_33630c53-4de4-4064-a319-bd71be01dc06","type":"visualization"},{"id":"dad85840-75c5-11ea-9565-7315f4ee5cac","name":"ed8dee78-79d4-47cf-9ed5-6120f00f3aaf:panel_ed8dee78-79d4-47cf-9ed5-6120f00f3aaf","type":"visualization"},{"id":"0c006bb0-75c6-11ea-9565-7315f4ee5cac","name":"35083762-4591-44ac-a31f-36bed3414af2:panel_35083762-4591-44ac-a31f-36bed3414af2","type":"visualization"},{"id":"2e7363f0-75c6-11ea-9565-7315f4ee5cac","name":"66e7cf00-ec90-4df3-acd3-02fb271f0959:panel_66e7cf00-ec90-4df3-acd3-02fb271f0959","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"f84fe347-bdda-4297-b460-eee297f7e91e:panel_f84fe347-bdda-4297-b460-eee297f7e91e","type":"search"}],"sort":[1688996741503,4974],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyNDEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Nodes","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Nodes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"agent.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"5cba9760-6e9b-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4976],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyNDIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Endgame - All Logs","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Endgame - All Logs\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":50}}}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"e2da1340-53a3-11ec-b3ef-6bcc33056a36","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1688996741503,4979],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyNDMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Endgame - Categories with Full Event Type","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Endgame - Categories with Full Event Type\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"endgame.event_type_full\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Event Type\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Event Category\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"showToolbar\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"row\":true}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"af1768b0-53ac-11ec-b3ef-6bcc33056a36","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1688996741503,4982],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyNDQsMV0="}
+{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"7.15.2\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":9,\"i\":\"fe254730-eee5-4aff-b672-a83e54b49c12\"},\"panelIndex\":\"fe254730-eee5-4aff-b672-a83e54b49c12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_fe254730-eee5-4aff-b672-a83e54b49c12\"},{\"version\":\"7.15.2\",\"type\":\"visualization\",\"gridData\":{\"x\":13,\"y\":0,\"w\":25,\"h\":9,\"i\":\"5e96a8cf-1dab-4df2-a4be-baf960448da4\"},\"panelIndex\":\"5e96a8cf-1dab-4df2-a4be-baf960448da4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5e96a8cf-1dab-4df2-a4be-baf960448da4\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"x\":38,\"y\":0,\"w\":10,\"h\":9,\"i\":\"38c65a86-724b-4c25-818b-1564fbb3793f\"},\"panelIndex\":\"38c65a86-724b-4c25-818b-1564fbb3793f\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"Endgame - Alert Count\",\"description\":\"\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"uiState\":{},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"}],\"searchSource\":{\"index\":\"endgame-*\",\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"endgame-*\",\"key\":\"event.action\",\"negate\":false,\"params\":{\"query\":\"detection\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.action\":\"detection\"}}}]}}},\"enhancements\":{},\"type\":\"visualization\"}},{\"version\":\"7.15.2\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":13,\"h\":16,\"i\":\"680adbf3-9347-4c45-87b8-d87587e38b09\"},\"panelIndex\":\"680adbf3-9347-4c45-87b8-d87587e38b09\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_680adbf3-9347-4c45-87b8-d87587e38b09\"},{\"version\":\"7.15.2\",\"type\":\"visualization\",\"gridData\":{\"x\":13,\"y\":9,\"w\":25,\"h\":16,\"i\":\"6569d104-bb49-4de6-8d2d-9dc49739b291\"},\"panelIndex\":\"6569d104-bb49-4de6-8d2d-9dc49739b291\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6569d104-bb49-4de6-8d2d-9dc49739b291\"},{\"version\":\"7.15.2\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":25,\"w\":48,\"h\":13,\"i\":\"4a354630-93fd-4370-b10f-80386aee6d00\"},\"panelIndex\":\"4a354630-93fd-4370-b10f-80386aee6d00\",\"embeddableConfig\":{\"columns\":[],\"enhancements\":{}},\"panelRefName\":\"panel_4a354630-93fd-4370-b10f-80386aee6d00\"}]","timeRestore":false,"title":"Endgame - Host","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"5d8f04d0-53b6-11ec-b3ef-6bcc33056a36","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"e2da1340-53a3-11ec-b3ef-6bcc33056a36","name":"fe254730-eee5-4aff-b672-a83e54b49c12:panel_fe254730-eee5-4aff-b672-a83e54b49c12","type":"visualization"},{"id":"2f7966b0-53a4-11ec-b3ef-6bcc33056a36","name":"5e96a8cf-1dab-4df2-a4be-baf960448da4:panel_5e96a8cf-1dab-4df2-a4be-baf960448da4","type":"visualization"},{"id":"endgame-*","name":"38c65a86-724b-4c25-818b-1564fbb3793f:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"endgame-*","name":"38c65a86-724b-4c25-818b-1564fbb3793f:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"3b50b220-53ab-11ec-b3ef-6bcc33056a36","name":"680adbf3-9347-4c45-87b8-d87587e38b09:panel_680adbf3-9347-4c45-87b8-d87587e38b09","type":"visualization"},{"id":"af1768b0-53ac-11ec-b3ef-6bcc33056a36","name":"6569d104-bb49-4de6-8d2d-9dc49739b291:panel_6569d104-bb49-4de6-8d2d-9dc49739b291","type":"visualization"},{"id":"20c85b70-53aa-11ec-b3ef-6bcc33056a36","name":"4a354630-93fd-4370-b10f-80386aee6d00:panel_4a354630-93fd-4370-b10f-80386aee6d00","type":"search"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1688996741503,4991],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyNDUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"MySQL - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"MySQL - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"5d9031a0-363f-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"5d624230-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4993],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyNDYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RFB - Client Version","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - RFB - Client Version\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Major Version\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rfb.client_major_version.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Major Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rfb.client_minor_version.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Minor Version\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"5dcf09e0-75c8-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4995],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyNDcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RADIUS - Connection Information","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RADIUS - Connection Information\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"connect_info.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Connection Info\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"5df79fe0-3809-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"75545310-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,4997],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyNDgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Host - Process Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"process.executable.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Process Image\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"process.command_line.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"title\":\"Security Onion - Host - Process Name\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"5e18a970-c77f-11ea-bebb-37c5ab5894ea","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4999],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyNDksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastAlert - Rule","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastAlert - Rule\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule_name\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Rule\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"5e1dc100-7dcf-11e7-a1a2-3be6827d22ce","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:elastalert_status*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5001],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyNTAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SIP - URI","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SIP - URI\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"uri.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"URI\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"5e36c370-3753-11e7-b74a-f5057991ccd2","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5003],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyNTEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - FTP - Argument","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - FTP - Argument\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ftp.argument.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"5fcdb0c0-755f-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5005],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyNTIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMB - FIle Path","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMB - FIle Path\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"path.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File Path\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"60384e00-3aaf-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688996741503,5007],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyNTMsMV0="}
+{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":11,\"i\":\"26712c83-24f3-4af6-a20e-edab103002fd\"},\"panelIndex\":\"26712c83-24f3-4af6-a20e-edab103002fd\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"Endgame - Navigation\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Admin](/kibana/app/dashboards#/view/6063a9e0-61b2-11ec-864c-8b5450f97635)     \\n \\n**Event Category**    \\n[Alert](https://PLACEHOLDER/kibana/app/dashboards#/view/0c8e61c0-67fc-11ec-864c-8b5450f97635) | \\n[File](/kibana/app/dashboards#/view/4923ad00-6349-11ec-864c-8b5450f97635) | [Network](/kibana/app/dashboards#/view/49d34770-53b2-11ec-b3ef-6bcc33056a36) | [Process](/kibana/app/dashboards#/view/790991a0-6287-11ec-864c-8b5450f97635) | [Authentication](/kibana/app/dashboards#/view/6c5aaff0-63f6-11ec-864c-8b5450f97635) | [Registry](/kibana/app/dashboards#/view/a6c6c880-63f7-11ec-864c-8b5450f97635)\\n\\n**Endgame**  \\n[Endgame Alerts](https:///alerts/dashboard)\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{},\"type\":\"visualization\"},\"panelRefName\":\"panel_26712c83-24f3-4af6-a20e-edab103002fd\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":8,\"y\":0,\"w\":11,\"h\":11,\"i\":\"b7feb2b8-999d-433e-9b12-85aacdc61f16\"},\"panelIndex\":\"b7feb2b8-999d-433e-9b12-85aacdc61f16\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - Process Logs\",\"panelRefName\":\"panel_b7feb2b8-999d-433e-9b12-85aacdc61f16\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":19,\"y\":0,\"w\":29,\"h\":11,\"i\":\"8b515da9-7c43-4e1a-872f-e92da896933f\"},\"panelIndex\":\"8b515da9-7c43-4e1a-872f-e92da896933f\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - Process Log Count Over Time\",\"panelRefName\":\"panel_8b515da9-7c43-4e1a-872f-e92da896933f\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":11,\"w\":24,\"h\":15,\"i\":\"7837aa9f-dca6-4a7b-9881-65f26b2a5f4f\"},\"panelIndex\":\"7837aa9f-dca6-4a7b-9881-65f26b2a5f4f\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - Processes\",\"panelRefName\":\"panel_7837aa9f-dca6-4a7b-9881-65f26b2a5f4f\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":11,\"w\":10,\"h\":15,\"i\":\"26df0dd7-8042-4e69-a4b1-c8ed5a677f6a\"},\"panelIndex\":\"26df0dd7-8042-4e69-a4b1-c8ed5a677f6a\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - Process Users\",\"panelRefName\":\"panel_26df0dd7-8042-4e69-a4b1-c8ed5a677f6a\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":34,\"y\":11,\"w\":14,\"h\":15,\"i\":\"508bbc67-1a96-465d-b30d-23aecaaf4895\"},\"panelIndex\":\"508bbc67-1a96-465d-b30d-23aecaaf4895\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - Process Actions\",\"panelRefName\":\"panel_508bbc67-1a96-465d-b30d-23aecaaf4895\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":26,\"w\":48,\"h\":14,\"i\":\"a89ab8ad-a272-405f-8db8-4f722bbfeb61\"},\"panelIndex\":\"a89ab8ad-a272-405f-8db8-4f722bbfeb61\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Endgame - Process Information\",\"panelRefName\":\"panel_a89ab8ad-a272-405f-8db8-4f722bbfeb61\"},{\"version\":\"7.15.2\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":40,\"w\":48,\"h\":17,\"i\":\"9248209e-9f35-48c5-958c-3cab215eb410\"},\"panelIndex\":\"9248209e-9f35-48c5-958c-3cab215eb410\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9248209e-9f35-48c5-958c-3cab215eb410\"}]","timeRestore":false,"title":"Endgame - Process","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"790991a0-6287-11ec-864c-8b5450f97635","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"754f7380-6d82-11ec-864c-8b5450f97635","name":"26712c83-24f3-4af6-a20e-edab103002fd:panel_26712c83-24f3-4af6-a20e-edab103002fd","type":"visualization"},{"id":"ed1f0300-6cd1-11ec-864c-8b5450f97635","name":"b7feb2b8-999d-433e-9b12-85aacdc61f16:panel_b7feb2b8-999d-433e-9b12-85aacdc61f16","type":"lens"},{"id":"f1e98360-6cd1-11ec-864c-8b5450f97635","name":"8b515da9-7c43-4e1a-872f-e92da896933f:panel_8b515da9-7c43-4e1a-872f-e92da896933f","type":"lens"},{"id":"e2cff350-6ccc-11ec-864c-8b5450f97635","name":"7837aa9f-dca6-4a7b-9881-65f26b2a5f4f:panel_7837aa9f-dca6-4a7b-9881-65f26b2a5f4f","type":"lens"},{"id":"e88fd030-6ccc-11ec-864c-8b5450f97635","name":"26df0dd7-8042-4e69-a4b1-c8ed5a677f6a:panel_26df0dd7-8042-4e69-a4b1-c8ed5a677f6a","type":"lens"},{"id":"edca7780-6ccc-11ec-864c-8b5450f97635","name":"508bbc67-1a96-465d-b30d-23aecaaf4895:panel_508bbc67-1a96-465d-b30d-23aecaaf4895","type":"lens"},{"id":"dbb93900-6ccc-11ec-864c-8b5450f97635","name":"a89ab8ad-a272-405f-8db8-4f722bbfeb61:panel_a89ab8ad-a272-405f-8db8-4f722bbfeb61","type":"lens"},{"id":"424d7a60-6f0b-11ec-864c-8b5450f97635","name":"9248209e-9f35-48c5-958c-3cab215eb410:panel_9248209e-9f35-48c5-958c-3cab215eb410","type":"search"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1688996741503,5017],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyNTQsMV0="}
+{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":11,\"h\":9,\"i\":\"64356467-dfe4-4eed-b53d-0cdf0b94f6d0\"},\"panelIndex\":\"64356467-dfe4-4eed-b53d-0cdf0b94f6d0\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"Endgame - Navigation\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Admin](/kibana/app/dashboards#/view/6063a9e0-61b2-11ec-864c-8b5450f97635)     \\n \\n**Event Category**    \\n[Alert](https://PLACEHOLDER/kibana/app/dashboards#/view/0c8e61c0-67fc-11ec-864c-8b5450f97635) | \\n[File](/kibana/app/dashboards#/view/4923ad00-6349-11ec-864c-8b5450f97635) | [Network](/kibana/app/dashboards#/view/49d34770-53b2-11ec-b3ef-6bcc33056a36) | [Process](/kibana/app/dashboards#/view/790991a0-6287-11ec-864c-8b5450f97635) | [Authentication](/kibana/app/dashboards#/view/6c5aaff0-63f6-11ec-864c-8b5450f97635) | [Registry](/kibana/app/dashboards#/view/a6c6c880-63f7-11ec-864c-8b5450f97635)\\n\\n**Endgame**  \\n[Endgame Alerts](https:///alerts/dashboard)\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{},\"type\":\"visualization\"},\"panelRefName\":\"panel_64356467-dfe4-4eed-b53d-0cdf0b94f6d0\"},{\"version\":\"7.15.2\",\"type\":\"visualization\",\"gridData\":{\"x\":11,\"y\":0,\"w\":15,\"h\":9,\"i\":\"cc23bd7c-9000-4af9-875e-5779794011d0\"},\"panelIndex\":\"cc23bd7c-9000-4af9-875e-5779794011d0\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"panelRefName\":\"panel_cc23bd7c-9000-4af9-875e-5779794011d0\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"x\":26,\"y\":0,\"w\":11,\"h\":9,\"i\":\"276394f1-fa5b-42b2-ab7c-8db18bd367a3\"},\"panelIndex\":\"276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-97b747de-fee3-4557-84f6-3d6aecd1f5c7\"}],\"state\":{\"visualization\":{\"layerId\":\"97b747de-fee3-4557-84f6-3d6aecd1f5c7\",\"accessor\":\"dccdca2f-fac1-43ce-8c74-d50a8a007366\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"97b747de-fee3-4557-84f6-3d6aecd1f5c7\":{\"columns\":{\"dccdca2f-fac1-43ce-8c74-d50a8a007366\":{\"label\":\"Hosts\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.ip\",\"isBucketed\":false,\"customLabel\":true}},\"columnOrder\":[\"dccdca2f-fac1-43ce-8c74-d50a8a007366\"],\"incompleteColumns\":{}}}}}}},\"enhancements\":{},\"type\":\"lens\"},\"panelRefName\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"x\":37,\"y\":0,\"w\":11,\"h\":9,\"i\":\"2c8d6219-3e37-47c9-bfb2-9330167ad7b8\"},\"panelIndex\":\"2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-fac6e4a9-2d36-463c-b2b0-b451546f6f20\"},{\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\",\"id\":\"endgame-*\"}],\"state\":{\"visualization\":{\"layerId\":\"fac6e4a9-2d36-463c-b2b0-b451546f6f20\",\"accessor\":\"2bea62c1-f8ef-43c3-b9c3-1931437bc5db\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.action\",\"params\":{\"query\":\"detection\"},\"index\":\"filter-index-pattern-0\"},\"query\":{\"match_phrase\":{\"event.action\":\"detection\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"fac6e4a9-2d36-463c-b2b0-b451546f6f20\":{\"columns\":{\"2bea62c1-f8ef-43c3-b9c3-1931437bc5db\":{\"label\":\"Alerts\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"customLabel\":true}},\"columnOrder\":[\"2bea62c1-f8ef-43c3-b9c3-1931437bc5db\"],\"incompleteColumns\":{}}}}}}},\"enhancements\":{},\"type\":\"lens\"},\"panelRefName\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":9,\"w\":48,\"h\":13,\"i\":\"f702b2f2-5fc3-4a29-90a6-0d0d223fd358\"},\"panelIndex\":\"f702b2f2-5fc3-4a29-90a6-0d0d223fd358\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f702b2f2-5fc3-4a29-90a6-0d0d223fd358\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":22,\"w\":48,\"h\":14,\"i\":\"93800440-ed84-48b6-8055-c58a5d290ec6\"},\"panelIndex\":\"93800440-ed84-48b6-8055-c58a5d290ec6\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-1828f449-a2e9-4ed2-a72c-e6f22382569e\"}],\"state\":{\"visualization\":{\"columns\":[{\"columnId\":\"e5498d4d-b9af-4016-8afc-e4639ceb6c10\",\"isTransposed\":false},{\"columnId\":\"b76f4623-7690-4ad3-ae68-d19b80a2361a\",\"isTransposed\":false}],\"layerId\":\"1828f449-a2e9-4ed2-a72c-e6f22382569e\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"1828f449-a2e9-4ed2-a72c-e6f22382569e\":{\"columns\":{\"e5498d4d-b9af-4016-8afc-e4639ceb6c10\":{\"label\":\"Top values of host.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.name\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"alphabetical\",\"fallback\":true},\"orderDirection\":\"asc\",\"otherBucket\":true,\"missingBucket\":false}},\"b76f4623-7690-4ad3-ae68-d19b80a2361a\":{\"label\":\"Last value of host.ip\",\"dataType\":\"ip\",\"operationType\":\"last_value\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"host.ip\",\"params\":{\"sortField\":\"@timestamp\",\"showArrayValues\":true}}},\"columnOrder\":[\"e5498d4d-b9af-4016-8afc-e4639ceb6c10\",\"b76f4623-7690-4ad3-ae68-d19b80a2361a\"],\"incompleteColumns\":{}}}}}}},\"enhancements\":{},\"type\":\"lens\"},\"panelRefName\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\"},{\"version\":\"7.15.2\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":36,\"w\":48,\"h\":14,\"i\":\"f389ba6c-bcad-4564-aca0-e696e2981239\"},\"panelIndex\":\"f389ba6c-bcad-4564-aca0-e696e2981239\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f389ba6c-bcad-4564-aca0-e696e2981239\"},{\"version\":\"7.15.2\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":50,\"w\":48,\"h\":18,\"i\":\"1ae20b57-e5db-4e2b-b45b-51132e0892d2\"},\"panelIndex\":\"1ae20b57-e5db-4e2b-b45b-51132e0892d2\",\"embeddableConfig\":{\"enhancements\":{},\"vis\":null},\"panelRefName\":\"panel_1ae20b57-e5db-4e2b-b45b-51132e0892d2\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":68,\"w\":23,\"h\":16,\"i\":\"64991e9b-5624-4d8d-9624-3077e970068f\"},\"panelIndex\":\"64991e9b-5624-4d8d-9624-3077e970068f\",\"embeddableConfig\":{\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"842ed2f7-3fb1-4c0d-a62c-dd9d06de42da\",\"triggers\":[\"FILTER_TRIGGER\"],\"action\":{\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"Go to Dashboard\",\"config\":{\"useCurrentFilters\":true,\"useCurrentDateRange\":true}}}]}},\"hidePanelTitles\":false},\"title\":\"Endgame - Network DNS Requests Chart\",\"panelRefName\":\"panel_64991e9b-5624-4d8d-9624-3077e970068f\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":23,\"y\":68,\"w\":25,\"h\":16,\"i\":\"d3b35751-4ec0-441c-a399-4c56a38ea9d3\"},\"panelIndex\":\"d3b35751-4ec0-441c-a399-4c56a38ea9d3\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"99f3c946-0494-42aa-a14f-cac5dce6757d\",\"triggers\":[\"FILTER_TRIGGER\"],\"action\":{\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"View in Process Dashboard\",\"config\":{\"useCurrentFilters\":true,\"useCurrentDateRange\":true}}}]}}},\"title\":\"Endgame - Processes\",\"panelRefName\":\"panel_d3b35751-4ec0-441c-a399-4c56a38ea9d3\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":84,\"w\":24,\"h\":15,\"i\":\"77406005-0714-4d8f-a535-79c693437dfe\"},\"panelIndex\":\"77406005-0714-4d8f-a535-79c693437dfe\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Endgame - Auth Event Outcome\",\"panelRefName\":\"panel_77406005-0714-4d8f-a535-79c693437dfe\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":84,\"w\":24,\"h\":15,\"i\":\"79b433c6-e740-40be-8b5e-02155ee11955\"},\"panelIndex\":\"79b433c6-e740-40be-8b5e-02155ee11955\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_79b433c6-e740-40be-8b5e-02155ee11955\",\"type\":\"lens\",\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\"},{\"name\":\"panel_79b433c6-e740-40be-8b5e-02155ee11955\",\"type\":\"lens\",\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\"},{\"name\":\"panel_79b433c6-e740-40be-8b5e-02155ee11955\",\"type\":\"lens\",\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\"},{\"name\":\"panel_79b433c6-e740-40be-8b5e-02155ee11955\",\"type\":\"lens\",\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\"},{\"name\":\"panel_79b433c6-e740-40be-8b5e-02155ee11955\",\"type\":\"lens\",\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\"},{\"name\":\"panel_79b433c6-e740-40be-8b5e-02155ee11955\",\"type\":\"lens\",\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\"},{\"name\":\"panel_79b433c6-e740-40be-8b5e-02155ee11955\",\"type\":\"lens\",\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\"},{\"name\":\"panel_79b433c6-e740-40be-8b5e-02155ee11955\",\"type\":\"lens\",\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\"},{\"name\":\"panel_79b433c6-e740-40be-8b5e-02155ee11955\",\"type\":\"lens\",\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\"},{\"name\":\"panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2\",\"type\":\"lens\",\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\"},{\"name\":\"panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2\",\"type\":\"lens\",\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-e5f77e35-1bc5-4487-9602-e2962cafa87b\"},{\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\",\"id\":\"endgame-*\"}],\"state\":{\"visualization\":{\"layerId\":\"e5f77e35-1bc5-4487-9602-e2962cafa87b\",\"layerType\":\"data\",\"columns\":[{\"isTransposed\":false,\"columnId\":\"ade5af28-bac8-4a2d-adff-28580282a9d2\"},{\"isTransposed\":false,\"columnId\":\"e480935c-b388-48c6-9582-fb4600b462fb\"},{\"columnId\":\"bb5f0057-5e74-4baf-9839-aff53de6d145\",\"isTransposed\":false}],\"rowHeight\":\"single\",\"rowHeightLines\":1},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.category\",\"params\":{\"query\":\"file\"},\"index\":\"filter-index-pattern-0\"},\"query\":{\"match_phrase\":{\"event.category\":\"file\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"e5f77e35-1bc5-4487-9602-e2962cafa87b\":{\"columns\":{\"ade5af28-bac8-4a2d-adff-28580282a9d2\":{\"label\":\"Top values of file.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"file.name\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e480935c-b388-48c6-9582-fb4600b462fb\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true}},\"e480935c-b388-48c6-9582-fb4600b462fb\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"bb5f0057-5e74-4baf-9839-aff53de6d145\":{\"label\":\"Top values of file.path\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"file.path\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e480935c-b388-48c6-9582-fb4600b462fb\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true}}},\"columnOrder\":[\"ade5af28-bac8-4a2d-adff-28580282a9d2\",\"bb5f0057-5e74-4baf-9839-aff53de6d145\",\"e480935c-b388-48c6-9582-fb4600b462fb\"],\"incompleteColumns\":{}}}}}}},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Endgame - File Name\",\"panelRefName\":\"panel_79b433c6-e740-40be-8b5e-02155ee11955\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":99,\"w\":48,\"h\":15,\"i\":\"812191d7-0fc5-4dba-8cb6-600b9e3ee15c\"},\"panelIndex\":\"812191d7-0fc5-4dba-8cb6-600b9e3ee15c\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Endgame - Registry Events\",\"panelRefName\":\"panel_812191d7-0fc5-4dba-8cb6-600b9e3ee15c\"},{\"version\":\"7.15.2\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":114,\"w\":48,\"h\":19,\"i\":\"b4898ca9-c99e-4ea2-a269-4e60616f2a4f\"},\"panelIndex\":\"b4898ca9-c99e-4ea2-a269-4e60616f2a4f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b4898ca9-c99e-4ea2-a269-4e60616f2a4f\"}]","timeRestore":false,"title":"Endgame - Admin","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"6063a9e0-61b2-11ec-864c-8b5450f97635","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"754f7380-6d82-11ec-864c-8b5450f97635","name":"64356467-dfe4-4eed-b53d-0cdf0b94f6d0:panel_64356467-dfe4-4eed-b53d-0cdf0b94f6d0","type":"visualization"},{"id":"e2da1340-53a3-11ec-b3ef-6bcc33056a36","name":"cc23bd7c-9000-4af9-875e-5779794011d0:panel_cc23bd7c-9000-4af9-875e-5779794011d0","type":"visualization"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"endgame-*","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:indexpattern-datasource-layer-97b747de-fee3-4557-84f6-3d6aecd1f5c7","type":"index-pattern"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"endgame-*","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:indexpattern-datasource-layer-fac6e4a9-2d36-463c-b2b0-b451546f6f20","type":"index-pattern"},{"id":"endgame-*","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:filter-index-pattern-0","type":"index-pattern"},{"id":"82185ff0-696d-11ec-864c-8b5450f97635","name":"f702b2f2-5fc3-4a29-90a6-0d0d223fd358:panel_f702b2f2-5fc3-4a29-90a6-0d0d223fd358","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"endgame-*","name":"93800440-ed84-48b6-8055-c58a5d290ec6:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"93800440-ed84-48b6-8055-c58a5d290ec6:indexpattern-datasource-layer-1828f449-a2e9-4ed2-a72c-e6f22382569e","type":"index-pattern"},{"id":"3ae34620-6258-11ec-864c-8b5450f97635","name":"f389ba6c-bcad-4564-aca0-e696e2981239:panel_f389ba6c-bcad-4564-aca0-e696e2981239","type":"visualization"},{"id":"de389910-6f0a-11ec-864c-8b5450f97635","name":"1ae20b57-e5db-4e2b-b45b-51132e0892d2:panel_1ae20b57-e5db-4e2b-b45b-51132e0892d2","type":"visualization"},{"id":"f30bef10-6328-11ec-864c-8b5450f97635","name":"64991e9b-5624-4d8d-9624-3077e970068f:panel_64991e9b-5624-4d8d-9624-3077e970068f","type":"lens"},{"id":"49d34770-53b2-11ec-b3ef-6bcc33056a36","name":"64991e9b-5624-4d8d-9624-3077e970068f:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:842ed2f7-3fb1-4c0d-a62c-dd9d06de42da:dashboardId","type":"dashboard"},{"id":"e2cff350-6ccc-11ec-864c-8b5450f97635","name":"d3b35751-4ec0-441c-a399-4c56a38ea9d3:panel_d3b35751-4ec0-441c-a399-4c56a38ea9d3","type":"lens"},{"id":"790991a0-6287-11ec-864c-8b5450f97635","name":"d3b35751-4ec0-441c-a399-4c56a38ea9d3:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:99f3c946-0494-42aa-a14f-cac5dce6757d:dashboardId","type":"dashboard"},{"id":"072ae530-6d6c-11ec-864c-8b5450f97635","name":"77406005-0714-4d8f-a535-79c693437dfe:panel_77406005-0714-4d8f-a535-79c693437dfe","type":"lens"},{"id":"676296e0-6d6d-11ec-864c-8b5450f97635","name":"79b433c6-e740-40be-8b5e-02155ee11955:panel_79b433c6-e740-40be-8b5e-02155ee11955","type":"lens"},{"id":"676296e0-6d6d-11ec-864c-8b5450f97635","name":"79b433c6-e740-40be-8b5e-02155ee11955:panel_79b433c6-e740-40be-8b5e-02155ee11955","type":"lens"},{"id":"676296e0-6d6d-11ec-864c-8b5450f97635","name":"79b433c6-e740-40be-8b5e-02155ee11955:panel_79b433c6-e740-40be-8b5e-02155ee11955","type":"lens"},{"id":"676296e0-6d6d-11ec-864c-8b5450f97635","name":"79b433c6-e740-40be-8b5e-02155ee11955:panel_79b433c6-e740-40be-8b5e-02155ee11955","type":"lens"},{"id":"676296e0-6d6d-11ec-864c-8b5450f97635","name":"79b433c6-e740-40be-8b5e-02155ee11955:panel_79b433c6-e740-40be-8b5e-02155ee11955","type":"lens"},{"id":"676296e0-6d6d-11ec-864c-8b5450f97635","name":"79b433c6-e740-40be-8b5e-02155ee11955:panel_79b433c6-e740-40be-8b5e-02155ee11955","type":"lens"},{"id":"676296e0-6d6d-11ec-864c-8b5450f97635","name":"79b433c6-e740-40be-8b5e-02155ee11955:panel_79b433c6-e740-40be-8b5e-02155ee11955","type":"lens"},{"id":"676296e0-6d6d-11ec-864c-8b5450f97635","name":"79b433c6-e740-40be-8b5e-02155ee11955:panel_79b433c6-e740-40be-8b5e-02155ee11955","type":"lens"},{"id":"676296e0-6d6d-11ec-864c-8b5450f97635","name":"79b433c6-e740-40be-8b5e-02155ee11955:panel_79b433c6-e740-40be-8b5e-02155ee11955","type":"lens"},{"id":"676296e0-6d6d-11ec-864c-8b5450f97635","name":"79b433c6-e740-40be-8b5e-02155ee11955:panel_79b433c6-e740-40be-8b5e-02155ee11955","type":"lens"},{"id":"676296e0-6d6d-11ec-864c-8b5450f97635","name":"79b433c6-e740-40be-8b5e-02155ee11955:panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2","type":"lens"},{"id":"676296e0-6d6d-11ec-864c-8b5450f97635","name":"79b433c6-e740-40be-8b5e-02155ee11955:panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2","type":"lens"},{"id":"endgame-*","name":"79b433c6-e740-40be-8b5e-02155ee11955:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"79b433c6-e740-40be-8b5e-02155ee11955:indexpattern-datasource-layer-e5f77e35-1bc5-4487-9602-e2962cafa87b","type":"index-pattern"},{"id":"endgame-*","name":"79b433c6-e740-40be-8b5e-02155ee11955:filter-index-pattern-0","type":"index-pattern"},{"id":"e1e12ab0-6cc5-11ec-864c-8b5450f97635","name":"812191d7-0fc5-4dba-8cb6-600b9e3ee15c:panel_812191d7-0fc5-4dba-8cb6-600b9e3ee15c","type":"lens"},{"id":"20c85b70-53aa-11ec-b3ef-6bcc33056a36","name":"b4898ca9-c99e-4ea2-a269-4e60616f2a4f:panel_b4898ca9-c99e-4ea2-a269-4e60616f2a4f","type":"search"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1688996741503,5107],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyNTUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Data Types","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Data Types\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"type\":\"table\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event_type.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Data Type\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"60925490-34bf-11e7-9b32-bb903919ead9","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"aa05e920-3433-11e7-8867-29a39c0f86b2","name":"search_0","type":"search"}],"sort":[1688996741503,5109],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyNTYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSL - Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SSL - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"6139edd0-3641-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5111],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyNTcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Intel - Source","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Intel - Source\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sources.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"613de590-399b-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5113],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyNTgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.category.keyword : \\\"registry\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Endgame - Event.Cat:Registry Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Endgame - Event.Cat:Registry Log Count Over Time\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-24h\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"used_interval\":\"30m\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"}],\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{},\"style\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"},\"style\":{}}],\"seriesParams\":[{\"show\":true,\"type\":\"area\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true,\"circlesRadius\":3}],\"addTooltip\":true,\"detailedTooltip\":true,\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"addLegend\":true,\"legendPosition\":\"right\",\"fittingFunction\":\"linear\",\"times\":[],\"addTimeMarker\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"labels\":{},\"radiusRatio\":9,\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"legendSize\":\"auto\"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"61f72150-6406-11ec-864c-8b5450f97635","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1688996741503,5116],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyNTksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NIDS Alerts - Source Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NIDS Alerts - Source Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"620283e0-3af5-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5118],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyNjAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Modbus - Function","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Modbus - Function\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"modbus.function.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"modbus.function.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Function\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"62449800-75be-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5120],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyNjEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - MySQL - Success","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - MySQL - Success\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mysql.success\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Success\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"62969db0-75c0-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5122],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyNjIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Connections - Top Destination IPs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Connections - Top Destination IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"62ac4060-6ea0-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1688996741503,5124],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyNjMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Intel - Indicator","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Intel - Indicator\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"indicator.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Indicator\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"6380b430-399c-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5126],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyNjQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Desktop Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RFB - Desktop Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"desktop_name.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Desktop Name\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"63c072c0-371f-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5128],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyNjUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NIDS - Drilldown - Rule Signature","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NIDS - Drilldown - Rule Signature\",\"type\":\"table\",\"params\":{\"perPage\":1,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"top_hits\",\"schema\":\"metric\",\"params\":{\"field\":\"rule_signature.keyword\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"NIDS Signature\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"6533dd40-e064-11e9-8f0c-2ddbf5ed9290","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5130],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyNjYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Files - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Files - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"6571ee10-3584-11e7-a588-05992195c551","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"e929e8a0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5132],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyNjcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Syslog - Facility","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Syslog - Facility\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"syslog.facility_label: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"syslog.facility_label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Facility\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"e017cb80-777b-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5134],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyNjgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Syslog - Severity","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"syslog.severity_label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Severity\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"Security Onion - Syslog - Severity\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"9e1a4240-c77a-11ea-bebb-37c5ab5894ea","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5136],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyNjksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:syslog\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"9c4d23d9-2dd5-4a9f-aa67-edc6b73f3086\"},\"panelIndex\":\"9c4d23d9-2dd5-4a9f-aa67-edc6b73f3086\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9c4d23d9-2dd5-4a9f-aa67-edc6b73f3086\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":13,\"y\":0,\"w\":16,\"h\":8,\"i\":\"a3e3afae-dd54-4024-9d09-608a6baecd42\"},\"panelIndex\":\"a3e3afae-dd54-4024-9d09-608a6baecd42\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a3e3afae-dd54-4024-9d09-608a6baecd42\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":8,\"i\":\"e7dbc7be-d1ef-499a-bbb6-2963bfdaabfb\"},\"panelIndex\":\"e7dbc7be-d1ef-499a-bbb6-2963bfdaabfb\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e7dbc7be-d1ef-499a-bbb6-2963bfdaabfb\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":8,\"w\":8,\"h\":18,\"i\":\"e1ea8adf-acd8-4577-9c81-1acb711d20ce\"},\"panelIndex\":\"e1ea8adf-acd8-4577-9c81-1acb711d20ce\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e1ea8adf-acd8-4577-9c81-1acb711d20ce\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":8,\"y\":8,\"w\":8,\"h\":18,\"i\":\"16f2046a-4417-4e78-9699-65d253db78cb\"},\"panelIndex\":\"16f2046a-4417-4e78-9699-65d253db78cb\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_16f2046a-4417-4e78-9699-65d253db78cb\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":16,\"y\":8,\"w\":11,\"h\":18,\"i\":\"226810af-b55b-4fba-99c8-0c28ca99aa37\"},\"panelIndex\":\"226810af-b55b-4fba-99c8-0c28ca99aa37\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_226810af-b55b-4fba-99c8-0c28ca99aa37\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":27,\"y\":8,\"w\":9,\"h\":18,\"i\":\"9cc5fffe-3834-4550-84e3-33d1246f68f6\"},\"panelIndex\":\"9cc5fffe-3834-4550-84e3-33d1246f68f6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9cc5fffe-3834-4550-84e3-33d1246f68f6\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":8,\"w\":12,\"h\":18,\"i\":\"cdad19b0-4f35-4143-8677-0a64a64dbca6\"},\"panelIndex\":\"cdad19b0-4f35-4143-8677-0a64a64dbca6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_cdad19b0-4f35-4143-8677-0a64a64dbca6\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":26,\"w\":48,\"h\":29,\"i\":\"b06c2c59-18a2-4e4c-bfc8-b4d496a89d30\"},\"panelIndex\":\"b06c2c59-18a2-4e4c-bfc8-b4d496a89d30\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b06c2c59-18a2-4e4c-bfc8-b4d496a89d30\"}]","timeRestore":false,"title":"Security Onion - Syslog","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"66499a20-75ed-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"9c4d23d9-2dd5-4a9f-aa67-edc6b73f3086:panel_9c4d23d9-2dd5-4a9f-aa67-edc6b73f3086","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"a3e3afae-dd54-4024-9d09-608a6baecd42:panel_a3e3afae-dd54-4024-9d09-608a6baecd42","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"e7dbc7be-d1ef-499a-bbb6-2963bfdaabfb:panel_e7dbc7be-d1ef-499a-bbb6-2963bfdaabfb","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"e1ea8adf-acd8-4577-9c81-1acb711d20ce:panel_e1ea8adf-acd8-4577-9c81-1acb711d20ce","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"16f2046a-4417-4e78-9699-65d253db78cb:panel_16f2046a-4417-4e78-9699-65d253db78cb","type":"visualization"},{"id":"f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b","name":"226810af-b55b-4fba-99c8-0c28ca99aa37:panel_226810af-b55b-4fba-99c8-0c28ca99aa37","type":"visualization"},{"id":"e017cb80-777b-11ea-bee5-af7f7c7b8e05","name":"9cc5fffe-3834-4550-84e3-33d1246f68f6:panel_9cc5fffe-3834-4550-84e3-33d1246f68f6","type":"visualization"},{"id":"9e1a4240-c77a-11ea-bebb-37c5ab5894ea","name":"cdad19b0-4f35-4143-8677-0a64a64dbca6:panel_cdad19b0-4f35-4143-8677-0a64a64dbca6","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"b06c2c59-18a2-4e4c-bfc8-b4d496a89d30:panel_b06c2c59-18a2-4e4c-bfc8-b4d496a89d30","type":"search"}],"sort":[1688996741503,5146],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyNzAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Notices - Source IP Addresses","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Notices - Source IP Addresses\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"66e26ad0-3580-11e7-98ef-19df58fe538b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5148],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyNzEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"HTTP  - Status and Method","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"HTTP  - Status and Method\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"status_message.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Status Message\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"method.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Method\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"66faa650-4c99-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5150],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyNzIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FIles - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"FIles - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file_ip.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"67ab33d0-3656-11e7-baa7-b7de4ee40605","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"e929e8a0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5152],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyNzMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Network Data - Count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Network Data - Count\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":false},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":40}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"689991b0-6ea7-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"387f44c0-6ea7-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1688996741503,5154],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyNzQsMV0="}
+{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.3.0\",\"gridData\":{\"w\":8,\"h\":44,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.3.0\",\"gridData\":{\"w\":40,\"h\":40,\"x\":8,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[25.16517336866393,0.17578125],\"mapZoom\":2,\"enhancements\":{}},\"panelRefName\":\"panel_1\"}]","timeRestore":false,"title":"Connections - Source - Originator Bytes","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"68f738e0-46ca-11e7-946f-1bfb1be7c36b","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"05809df0-46cb-11e7-946f-1bfb1be7c36b","name":"panel_1","type":"visualization"}],"sort":[1688996741503,5157],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyNzUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SNMP - Version","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - SNMP - Version\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"snmp.version.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Version\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"690ef880-75e9-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5159],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyNzYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Weird - Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Weird - Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Name\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"691ade50-4c85-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"e32d0d50-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5161],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyNzcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"OSSEC Alerts - Alert Level (Pie Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"OSSEC Alerts - Alert Level (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"alert_level.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Alert Level\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"69d98570-398b-11e7-84f8-a1f7cef50fcb","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d9096bb0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5163],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyNzgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:intel\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Intel - Indicator Type (Pie)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Intel - Indicator Type (Pie)\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"intel.indicator_type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":24,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Indicator Type\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"6b109430-0e60-11eb-a255-e1e8e85e3571","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5165],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyNzksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Sysmon - Destination Port","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Sysmon - Destination Port\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Port\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"6b70b840-6d75-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688996741503,5167],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyODAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DCE/RPC - Named Pipe","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DCE/RPC - Named Pipe\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"named_pipe.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Named Pipe\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"6b7122d0-3af3-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688996741503,5169],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyODEsMV0="}
+{"attributes":{"columns":["host.hostname","user.name","host.ip"],"description":"","grid":{},"hideChart":false,"hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.category\",\"params\":{\"query\":\"authentication\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"event.category\":\"authentication\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Endgame - Authentication Search","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"7a1fc780-6f07-11ec-864c-8b5450f97635","migrationVersion":{"search":"8.0.0"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1688996741503,5172],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyODIsMV0="}
+{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":10,\"h\":10,\"i\":\"16f743b7-687e-43ce-86a5-3ad5c607c1fe\"},\"panelIndex\":\"16f743b7-687e-43ce-86a5-3ad5c607c1fe\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"Endgame - Navigation\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Admin](/kibana/app/dashboards#/view/6063a9e0-61b2-11ec-864c-8b5450f97635)     \\n \\n**Event Category**    \\n[Alert](https://PLACEHOLDER/kibana/app/dashboards#/view/0c8e61c0-67fc-11ec-864c-8b5450f97635) | \\n[File](/kibana/app/dashboards#/view/4923ad00-6349-11ec-864c-8b5450f97635) | [Network](/kibana/app/dashboards#/view/49d34770-53b2-11ec-b3ef-6bcc33056a36) | [Process](/kibana/app/dashboards#/view/790991a0-6287-11ec-864c-8b5450f97635) | [Authentication](/kibana/app/dashboards#/view/6c5aaff0-63f6-11ec-864c-8b5450f97635) | [Registry](/kibana/app/dashboards#/view/a6c6c880-63f7-11ec-864c-8b5450f97635)\\n\\n**Endgame**  \\n[Endgame Alerts](https:///alerts/dashboard)\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{},\"type\":\"visualization\"},\"panelRefName\":\"panel_16f743b7-687e-43ce-86a5-3ad5c607c1fe\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":10,\"y\":0,\"w\":14,\"h\":10,\"i\":\"b9a19eb1-8a99-4ba7-89e5-7176371c1365\"},\"panelIndex\":\"b9a19eb1-8a99-4ba7-89e5-7176371c1365\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - Auth Count\",\"panelRefName\":\"panel_b9a19eb1-8a99-4ba7-89e5-7176371c1365\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":10,\"i\":\"f16a41be-56eb-4852-b44c-7303c89b3332\"},\"panelIndex\":\"f16a41be-56eb-4852-b44c-7303c89b3332\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - Auth Username\",\"panelRefName\":\"panel_f16a41be-56eb-4852-b44c-7303c89b3332\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":10,\"w\":24,\"h\":15,\"i\":\"dc68201b-bd8a-4fe9-9009-68fe91013c9f\"},\"panelIndex\":\"dc68201b-bd8a-4fe9-9009-68fe91013c9f\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - Auth Logs Over Time\",\"panelRefName\":\"panel_dc68201b-bd8a-4fe9-9009-68fe91013c9f\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":10,\"w\":24,\"h\":10,\"i\":\"c394186d-2848-42bf-a521-7ba497a3b3b6\"},\"panelIndex\":\"c394186d-2848-42bf-a521-7ba497a3b3b6\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - Auth Hostname\",\"panelRefName\":\"panel_c394186d-2848-42bf-a521-7ba497a3b3b6\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":20,\"w\":24,\"h\":15,\"i\":\"c08e4616-5f26-4b6a-aa37-9c6a5e27d739\"},\"panelIndex\":\"c08e4616-5f26-4b6a-aa37-9c6a5e27d739\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{\"dynamicActions\":{\"events\":[]}}},\"title\":\"Endgame - Auth Event Action (Donut)\",\"panelRefName\":\"panel_c08e4616-5f26-4b6a-aa37-9c6a5e27d739\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":25,\"w\":24,\"h\":10,\"i\":\"d7b3a140-a1a5-48d4-82a5-a84dc3a0285a\"},\"panelIndex\":\"d7b3a140-a1a5-48d4-82a5-a84dc3a0285a\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - Auth Event Action\",\"panelRefName\":\"panel_d7b3a140-a1a5-48d4-82a5-a84dc3a0285a\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":35,\"w\":48,\"h\":15,\"i\":\"aa35ad44-a937-4fa6-9444-7bcb1922a167\"},\"panelIndex\":\"aa35ad44-a937-4fa6-9444-7bcb1922a167\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Endgame - Auth Event Outcome\",\"panelRefName\":\"panel_aa35ad44-a937-4fa6-9444-7bcb1922a167\"},{\"version\":\"7.15.2\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":50,\"w\":48,\"h\":18,\"i\":\"ffffbd7a-71f4-4977-bdf2-cad011e281c4\"},\"panelIndex\":\"ffffbd7a-71f4-4977-bdf2-cad011e281c4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_ffffbd7a-71f4-4977-bdf2-cad011e281c4\"}]","timeRestore":false,"title":"Endgame - Authentication","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"6c5aaff0-63f6-11ec-864c-8b5450f97635","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"754f7380-6d82-11ec-864c-8b5450f97635","name":"16f743b7-687e-43ce-86a5-3ad5c607c1fe:panel_16f743b7-687e-43ce-86a5-3ad5c607c1fe","type":"visualization"},{"id":"63569670-6d6b-11ec-864c-8b5450f97635","name":"b9a19eb1-8a99-4ba7-89e5-7176371c1365:panel_b9a19eb1-8a99-4ba7-89e5-7176371c1365","type":"lens"},{"id":"6b3841e0-6d6b-11ec-864c-8b5450f97635","name":"f16a41be-56eb-4852-b44c-7303c89b3332:panel_f16a41be-56eb-4852-b44c-7303c89b3332","type":"lens"},{"id":"6f648670-6d6b-11ec-864c-8b5450f97635","name":"dc68201b-bd8a-4fe9-9009-68fe91013c9f:panel_dc68201b-bd8a-4fe9-9009-68fe91013c9f","type":"lens"},{"id":"b6bd72c0-6d6b-11ec-864c-8b5450f97635","name":"c394186d-2848-42bf-a521-7ba497a3b3b6:panel_c394186d-2848-42bf-a521-7ba497a3b3b6","type":"lens"},{"id":"d3e6cf90-6d6b-11ec-864c-8b5450f97635","name":"c08e4616-5f26-4b6a-aa37-9c6a5e27d739:panel_c08e4616-5f26-4b6a-aa37-9c6a5e27d739","type":"lens"},{"id":"c9b17020-6d6b-11ec-864c-8b5450f97635","name":"d7b3a140-a1a5-48d4-82a5-a84dc3a0285a:panel_d7b3a140-a1a5-48d4-82a5-a84dc3a0285a","type":"lens"},{"id":"072ae530-6d6c-11ec-864c-8b5450f97635","name":"aa35ad44-a937-4fa6-9444-7bcb1922a167:panel_aa35ad44-a937-4fa6-9444-7bcb1922a167","type":"lens"},{"id":"7a1fc780-6f07-11ec-864c-8b5450f97635","name":"ffffbd7a-71f4-4977-bdf2-cad011e281c4:panel_ffffbd7a-71f4-4977-bdf2-cad011e281c4","type":"search"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1688996741503,5183],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyODMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Bro - Syslog - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Bro - Syslog - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"6c60a280-76b5-11e7-94e1-3d2ec4e57ed9","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"269ca380-76b4-11e7-8c3e-cfcdd8c95d87","name":"search_0","type":"search"}],"sort":[1688996741503,5185],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyODQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Autoruns - Signer","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Autoruns - Signer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"signer.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Signer\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"6cf187b0-6d7c-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"dd700830-6d69-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688996741503,5187],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyODUsMV0="}
+{"attributes":{"fieldAttrs":"{}","fieldFormatMap":"{}","fields":"[]","name":"logs-osquery_manager.result*","runtimeFieldMap":"{}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"logs-osquery_manager.result*","typeMeta":"{}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"6db0d12f-ede1-4445-8ce7-3d51a80c76c9","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"sort":[1688996741503,5188],"type":"index-pattern","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyODYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNS - Server","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNS - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"type\":\"table\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"6ef90c30-34c0-11e7-9b32-bb903919ead9","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5190],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyODcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SMB - Action (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SMB - Action (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"action.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"6f883480-3aad-11e7-8b17-0d8709b02c80","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688996741503,5192],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyODgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SSL - Subject","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SSL - Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ssl.certificate.subject.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ssl.certificate.subject.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Subject\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"6fccb600-75ec-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5194],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyODksMV0="}
+{"attributes":{"buildNum":39457,"defaultIndex":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","defaultRoute":"/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize":100,"securitySolution:defaultIndex":["apm-*-transaction*","traces-apm*","auditbeat-*","endgame-*","filebeat-*","logs-*","packetbeat-*","winlogbeat-*","*:so-*"],"theme:darkMode":true,"timepicker:timeDefaults":"{\n  \"from\": \"now-24h\",\n  \"to\": \"now\"\n}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"7.16.2","migrationVersion":{"config":"8.7.0"},"references":[],"sort":[1688996741503,5195],"type":"config","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyOTAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Strelka - File - MIME Flavors","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Strelka - File - MIME Flavors\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"file.mime_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"70243970-772c-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5197],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyOTEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Kerberos - Client","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Kerberos - Client\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"710ccbf0-35bb-11e7-b9ee-834112670159","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5199],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyOTIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"osquery -  Chrome Extensions - Change Stats","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"osquery -  ChromeExt - Change Stats\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":70}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Changes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"osquery.hostIdentifier.keyword\",\"customLabel\":\"Endpoints\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"71538370-18d5-11e9-932c-d12d2cf4ee95","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0eee4360-18d4-11e9-932c-d12d2cf4ee95","name":"search_0","type":"search"}],"sort":[1688996741503,5201],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyOTMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query_string\":{\"query\":\"\\\"application/x-dosexec\\\"\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"HTTP - Sites Hosting EXEs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"HTTP - Sites Hosting EXEs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"virtual_host.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Site\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"7153e7f0-34c7-11e7-8360-0b86c90983fd","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5203],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyOTQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Connections - Total Bytes Per Source/Destination IP Pair","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Total Bytes\",\"field\":\"total_bytes\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_term\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Source IP\",\"field\":\"source_ip\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderAgg\":{\"enabled\":true,\"id\":\"2-orderAgg\",\"params\":{\"field\":\"total_bytes\"},\"schema\":\"orderAgg\",\"type\":\"cardinality\"},\"orderBy\":\"custom\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Destination IP\",\"field\":\"destination_ip\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderAgg\":{\"enabled\":true,\"id\":\"3-orderAgg\",\"params\":{\"field\":\"total_bytes\"},\"schema\":\"orderAgg\",\"type\":\"cardinality\"},\"orderBy\":\"custom\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"}],\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"title\":\"Connections - Total Bytes Per Source/Destination IP Pair\",\"type\":\"table\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"726cc040-48cf-11e8-9576-313be7c6b44b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5205],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyOTUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMB - File Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMB - File Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"name.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File Name\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"72f0f010-3aaf-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688996741503,5207],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyOTYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Log Type Per Sensor/Device","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Log Type Per Sensor/Device\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"syslog-host_from.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Sensor/Device\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event_type.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Log Type\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"733ce440-494d-11e8-9576-313be7c6b44b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5209],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyOTcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Top 50 - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Top 50 - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"73806f30-4948-11e8-9576-313be7c6b44b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5211],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyOTgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"X.509 - Certificate Signing Algorithm","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"X.509 - Certificate Signing Algorithm\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"certificate_signing_algorithm.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Algorithm\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"738127f0-37d7-11e7-9efb-91e89505091f","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"f5038cc0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5213],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQyOTksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - FTP - Command","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - FTP - Command\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ftp.command.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"d3435690-755f-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5215],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzMDAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - FTP - User","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"User\",\"field\":\"ftp.user.keyword\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"}],\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\",\"parsedUrl\":{\"basePath\":\"/kibana\",\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\"}}},\"label\":\"ftp.user.keyword: Descending\",\"params\":{}}],\"metrics\":[{\"accessor\":1,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"label\":\"Count\",\"params\":{}}]},\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"title\":\"Security Onion - FTP - User\",\"type\":\"table\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"8346bc70-7561-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5217],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzMDEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - FTP - Password","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - FTP - Password\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ftp.password.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ftp.password.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Password\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"bc3e2bd0-7561-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5219],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzMDIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:ftp\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"728d0151-5dc6-429d-9b14-b457ab73d3fd\"},\"panelIndex\":\"728d0151-5dc6-429d-9b14-b457ab73d3fd\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_728d0151-5dc6-429d-9b14-b457ab73d3fd\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":13,\"y\":0,\"w\":15,\"h\":8,\"i\":\"1b99097d-a957-4163-9810-263a0e653c18\"},\"panelIndex\":\"1b99097d-a957-4163-9810-263a0e653c18\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1b99097d-a957-4163-9810-263a0e653c18\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":20,\"h\":8,\"i\":\"43bb3cf4-ee4a-4eba-8eea-8e133957fd48\"},\"panelIndex\":\"43bb3cf4-ee4a-4eba-8eea-8e133957fd48\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_43bb3cf4-ee4a-4eba-8eea-8e133957fd48\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":8,\"w\":9,\"h\":19,\"i\":\"87f23747-38c9-4d15-a85b-8beff66abaf4\"},\"panelIndex\":\"87f23747-38c9-4d15-a85b-8beff66abaf4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_87f23747-38c9-4d15-a85b-8beff66abaf4\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":8,\"w\":9,\"h\":19,\"i\":\"d10ae5ac-6400-4a2c-a376-e6e74ed529ad\"},\"panelIndex\":\"d10ae5ac-6400-4a2c-a376-e6e74ed529ad\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_d10ae5ac-6400-4a2c-a376-e6e74ed529ad\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":18,\"y\":8,\"w\":13,\"h\":19,\"i\":\"1bf79bc6-8595-41e0-8a7e-2b21bd2bd928\"},\"panelIndex\":\"1bf79bc6-8595-41e0-8a7e-2b21bd2bd928\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1bf79bc6-8595-41e0-8a7e-2b21bd2bd928\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":31,\"y\":8,\"w\":17,\"h\":19,\"i\":\"e244437a-17a5-4e00-9176-f4e88ac54938\"},\"panelIndex\":\"e244437a-17a5-4e00-9176-f4e88ac54938\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e244437a-17a5-4e00-9176-f4e88ac54938\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":27,\"w\":22,\"h\":16,\"i\":\"9196bb67-30ad-4a8e-b75f-22a9cced6f35\"},\"panelIndex\":\"9196bb67-30ad-4a8e-b75f-22a9cced6f35\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9196bb67-30ad-4a8e-b75f-22a9cced6f35\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":22,\"y\":27,\"w\":26,\"h\":16,\"i\":\"9da1ff1b-aebe-45fb-9e48-420eafb1b655\"},\"panelIndex\":\"9da1ff1b-aebe-45fb-9e48-420eafb1b655\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9da1ff1b-aebe-45fb-9e48-420eafb1b655\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":43,\"w\":48,\"h\":28,\"i\":\"c57349cc-4699-4d52-b386-14e1d1260c87\"},\"panelIndex\":\"c57349cc-4699-4d52-b386-14e1d1260c87\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_c57349cc-4699-4d52-b386-14e1d1260c87\"}]","timeRestore":false,"title":"Security Onion - FTP","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"739bfad0-755a-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"728d0151-5dc6-429d-9b14-b457ab73d3fd:panel_728d0151-5dc6-429d-9b14-b457ab73d3fd","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"1b99097d-a957-4163-9810-263a0e653c18:panel_1b99097d-a957-4163-9810-263a0e653c18","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"43bb3cf4-ee4a-4eba-8eea-8e133957fd48:panel_43bb3cf4-ee4a-4eba-8eea-8e133957fd48","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"87f23747-38c9-4d15-a85b-8beff66abaf4:panel_87f23747-38c9-4d15-a85b-8beff66abaf4","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"d10ae5ac-6400-4a2c-a376-e6e74ed529ad:panel_d10ae5ac-6400-4a2c-a376-e6e74ed529ad","type":"visualization"},{"id":"d3435690-755f-11ea-9565-7315f4ee5cac","name":"1bf79bc6-8595-41e0-8a7e-2b21bd2bd928:panel_1bf79bc6-8595-41e0-8a7e-2b21bd2bd928","type":"visualization"},{"id":"5fcdb0c0-755f-11ea-9565-7315f4ee5cac","name":"e244437a-17a5-4e00-9176-f4e88ac54938:panel_e244437a-17a5-4e00-9176-f4e88ac54938","type":"visualization"},{"id":"8346bc70-7561-11ea-9565-7315f4ee5cac","name":"9196bb67-30ad-4a8e-b75f-22a9cced6f35:panel_9196bb67-30ad-4a8e-b75f-22a9cced6f35","type":"visualization"},{"id":"bc3e2bd0-7561-11ea-9565-7315f4ee5cac","name":"9da1ff1b-aebe-45fb-9e48-420eafb1b655:panel_9da1ff1b-aebe-45fb-9e48-420eafb1b655","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"c57349cc-4699-4d52-b386-14e1d1260c87:panel_c57349cc-4699-4d52-b386-14e1d1260c87","type":"search"}],"sort":[1688996741503,5230],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzMDMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - \"From\" Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMTP - \\\"From\\\" Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mail_from.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"\\\"From\\\" Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"73b1b240-39a2-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5232],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzMDQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SIP - User Agent","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SIP - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user_agent.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"User Agent\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"73f663f0-3753-11e7-b74a-f5057991ccd2","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5234],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzMDUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_dns AND highest_registered_domain:securityonion.net~ -securityonion.net\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"DNS - Phishing Attempts Against Organizational Domain(s)","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 0\":\"rgb(0,104,55)\",\"1 - 999999\":\"rgb(165,0,38)\"}}}","version":1,"visState":"{\"title\":\"DNS - Phishing Attempts Against Organizational Domain(s)\",\"type\":\"gauge\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"gauge\":{\"extendRange\":true,\"percentageMode\":false,\"gaugeType\":\"Arc\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"Labels\",\"colorsRange\":[{\"from\":0,\"to\":0},{\"from\":1,\"to\":999999}],\"invertColors\":false,\"labels\":{\"show\":true,\"color\":\"black\"},\"scale\":{\"show\":true,\"labels\":false,\"color\":\"#333\"},\"type\":\"meter\",\"style\":{\"bgWidth\":0.9,\"width\":0.9,\"mask\":false,\"bgMask\":false,\"maskBars\":50,\"bgFill\":\"#eee\",\"bgColor\":false,\"subText\":\"Edit this to reflect your domain(s)\",\"fontSize\":60,\"labelColor\":true},\"alignment\":\"horizontal\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Phishing attempts against your domain(s)\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"74861280-6f06-11e7-b253-211f64f37eda","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5236],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzMDYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RDP - Cookie","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RDP - Cookie\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"cookie.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Cookie\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"75597b60-371c-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5238],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzMDcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"NTLM - Hostname to Username","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NTLM - Hostname to Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"hostname.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Hostname\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"domain_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Domain\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"75ab1050-4a59-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688996741503,5240],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzMDgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Tunnels - Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Tunnels - Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"tunnel.type.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"tunnel.type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Type\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"781447d0-75ef-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5242],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzMDksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset:intel\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Intel - Indicator Type (Donut)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Intel - Indicator Type (Donut)\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"intel.indicator_type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":24,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Indicator Type\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"78185810-0e61-11eb-a255-e1e8e85e3571","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5244],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzMTAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"osquery - Chrome Extensions - Sensitive Permissions","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"osquery - Chrome Extensions - Sensitive Permissions\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"osquery.columns.name.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Extension Name\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"osquery.columns.permissions.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Permissions\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"78cf8bf0-1a59-11e9-ac0b-cb0ba10141ab","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"040dda10-18d8-11e9-932c-d12d2cf4ee95","name":"search_0","type":"search"}],"sort":[1688996741503,5246],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzMTEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Notices - File Description","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Notices - File Description\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file_description.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Description\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"793c2640-39ad-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5248],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzMTIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Syslog - Log Count Over Time","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Syslog - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 10 minutes\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"79a2a4e0-76e5-11e7-ab14-e1a4c1bc11e0","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"5a86ffe0-76e3-11e7-ab14-e1a4c1bc11e0","name":"search_0","type":"search"}],"sort":[1688996741503,5250],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzMTMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - FIle - Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - FIle - Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"File Name\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"7a88adc0-75f0-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5252],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzMTQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"IRC - Command","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"IRC - Command\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"irc_command.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Command\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"7bc09930-4a57-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"344c6010-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5254],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzMTUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Sysmon - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Sysmon - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_hostname.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Hostname\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"7bc74b40-6d71-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688996741503,5256],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzMTYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Client Version","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RFB - Client Version\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client_major_version.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Major Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client_minor_version.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Minor Version\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"7c1e3f70-6e22-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5258],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzMTcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Notices - Destination IP Addresses","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Notices - Destination IP Addresses\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"7c47b650-3580-11e7-98ef-19df58fe538b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5260],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzMTgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SMTP - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"7c922990-3640-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5262],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzMTksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_http AND _exists_:virtual_host_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"HTTP - Virtual Host Frequency Analysis","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"HTTP - Virtual Host Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"virtual_host_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"virtual_host.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Virtual Host\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"7d1ede50-6f19-11e7-86c8-a1b6db3b051a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5264],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzMjAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SSH - Authentication Sucess","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - SSH - Authentication Sucess\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"boolean\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ssh.authentication.success: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ssh.authentication.success\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Success\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"7d61f430-75ea-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5266],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzMjEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SNMP - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SNMP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"7dc62970-6e2a-11e7-8b76-75eee0095daa","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"b12150a0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5268],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzMjIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"PE - Machine","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"PE - Machine\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"machine.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Machine\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"7de76e10-6e1f-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"66288140-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5270],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzMjMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_dns AND _exists_:highest_registered_domain_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"DNS - Highest Registered Domain Frequency Analysis","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNS - Highest Registered Domain Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"highest_registered_domain_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"highest_registered_domain.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Domain\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"7f1f00a0-6f04-11e7-b253-211f64f37eda","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5272],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzMjQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Destination - Top Connection Duration  (Tile Map)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Connections - Destination - Top Connection Duration  (Tile Map)\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":0,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"duration\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.location\",\"autoPrecision\":true,\"useGeocentroid\":true,\"precision\":2}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"7f7492d0-46c4-11e7-a82e-d97152153689","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5274],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzMjUsMV0="}
+{"attributes":{"buildNum":39457,"defaultIndex":"logs-*","defaultRoute":"/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize":100,"securitySolution:defaultIndex":["apm-*-transaction*","traces-apm*","auditbeat-*","endgame-*","filebeat-*","logs-*","packetbeat-*","winlogbeat-*","*:so-*"],"theme:darkMode":true,"timepicker:timeDefaults":"{\n  \"from\": \"now-24h\",\n  \"to\": \"now\"\n}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"8.7.1","migrationVersion":{"config":"8.7.0"},"references":[],"sort":[1688996741503,5275],"type":"config","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzMjYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Host - MAC","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Host - MAC\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.mac.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MAC\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"eaa31ba0-7374-11ea-a3da-cbdb4f8a90c0","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5277],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzMjcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DHCP - Requested Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DHCP - Requested Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dhcp.requested_address.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Requested Address\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"9a693c50-7374-11ea-a3da-cbdb4f8a90c0","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5279],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzMjgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DHCP - Assigned Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DHCP - Assigned Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dhcp.assigned_ip.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Assigned Address\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"cc3aaf20-7374-11ea-a3da-cbdb4f8a90c0","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5281],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzMjksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:dhcp\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":9,\"i\":\"7e10f47b-2096-452d-9b40-be150226504f\"},\"panelIndex\":\"7e10f47b-2096-452d-9b40-be150226504f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7e10f47b-2096-452d-9b40-be150226504f\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":13,\"y\":0,\"w\":10,\"h\":9,\"i\":\"a795e5b9-2afd-43ef-91db-cd9c23a996f9\"},\"panelIndex\":\"a795e5b9-2afd-43ef-91db-cd9c23a996f9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a795e5b9-2afd-43ef-91db-cd9c23a996f9\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":23,\"y\":0,\"w\":25,\"h\":9,\"i\":\"d0f65b83-17cd-4a8c-950d-06e5e88bf80b\"},\"panelIndex\":\"d0f65b83-17cd-4a8c-950d-06e5e88bf80b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_d0f65b83-17cd-4a8c-950d-06e5e88bf80b\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":8,\"h\":20,\"i\":\"c5565d1e-719c-4401-b886-1ad84638b855\"},\"panelIndex\":\"c5565d1e-719c-4401-b886-1ad84638b855\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_c5565d1e-719c-4401-b886-1ad84638b855\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":8,\"y\":9,\"w\":8,\"h\":20,\"i\":\"ada9481a-335b-4091-ac4e-5f94c96e4cea\"},\"panelIndex\":\"ada9481a-335b-4091-ac4e-5f94c96e4cea\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_ada9481a-335b-4091-ac4e-5f94c96e4cea\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":16,\"y\":9,\"w\":8,\"h\":20,\"i\":\"bcba795f-8008-4f91-887d-35b5aff11022\"},\"panelIndex\":\"bcba795f-8008-4f91-887d-35b5aff11022\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_bcba795f-8008-4f91-887d-35b5aff11022\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":9,\"w\":7,\"h\":20,\"i\":\"a9615bc2-7e50-4a88-be1c-53eb7096e093\"},\"panelIndex\":\"a9615bc2-7e50-4a88-be1c-53eb7096e093\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a9615bc2-7e50-4a88-be1c-53eb7096e093\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":31,\"y\":9,\"w\":17,\"h\":20,\"i\":\"87dce718-7595-4bb0-b1be-b2f51518f026\"},\"panelIndex\":\"87dce718-7595-4bb0-b1be-b2f51518f026\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_87dce718-7595-4bb0-b1be-b2f51518f026\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":29,\"w\":48,\"h\":29,\"i\":\"4f1bdb3c-15b5-4d72-bc4f-96a266423272\"},\"panelIndex\":\"4f1bdb3c-15b5-4d72-bc4f-96a266423272\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4f1bdb3c-15b5-4d72-bc4f-96a266423272\"}]","timeRestore":false,"title":"Security Onion - DHCP","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"80625c10-96dd-11ea-814e-bb515e873c2c","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"7e10f47b-2096-452d-9b40-be150226504f:panel_7e10f47b-2096-452d-9b40-be150226504f","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"a795e5b9-2afd-43ef-91db-cd9c23a996f9:panel_a795e5b9-2afd-43ef-91db-cd9c23a996f9","type":"visualization"},{"id":"c879ad60-72a1-11ea-8dd2-9d8795a1200b","name":"d0f65b83-17cd-4a8c-950d-06e5e88bf80b:panel_d0f65b83-17cd-4a8c-950d-06e5e88bf80b","type":"visualization"},{"id":"eaa31ba0-7374-11ea-a3da-cbdb4f8a90c0","name":"c5565d1e-719c-4401-b886-1ad84638b855:panel_c5565d1e-719c-4401-b886-1ad84638b855","type":"visualization"},{"id":"9a693c50-7374-11ea-a3da-cbdb4f8a90c0","name":"ada9481a-335b-4091-ac4e-5f94c96e4cea:panel_ada9481a-335b-4091-ac4e-5f94c96e4cea","type":"visualization"},{"id":"cc3aaf20-7374-11ea-a3da-cbdb4f8a90c0","name":"bcba795f-8008-4f91-887d-35b5aff11022:panel_bcba795f-8008-4f91-887d-35b5aff11022","type":"visualization"},{"id":"2af5f980-96e2-11ea-814e-bb515e873c2c","name":"a9615bc2-7e50-4a88-be1c-53eb7096e093:panel_a9615bc2-7e50-4a88-be1c-53eb7096e093","type":"visualization"},{"id":"36200e40-c76b-11ea-bebb-37c5ab5894ea","name":"87dce718-7595-4bb0-b1be-b2f51518f026:panel_87dce718-7595-4bb0-b1be-b2f51518f026","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"4f1bdb3c-15b5-4d72-bc4f-96a266423272:panel_4f1bdb3c-15b5-4d72-bc4f-96a266423272","type":"search"}],"sort":[1688996741503,5291],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzMzAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"PE - Subsystem (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"PE - Subsystem (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"subsystem.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"807da390-380c-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"66288140-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5293],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzMzEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - PE - Subsytem","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.subsystem.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Subsystem\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"Security Onion - PE - Subsytem\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"80a39cb0-c762-11ea-bebb-37c5ab5894ea","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5295],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzMzIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - MySQL - Success","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - MySQL - Success\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"boolean\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"mysql.success: Descending\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"mysql.success\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Success\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"80aa0c60-75c0-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5297],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzMzMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Rule - SID","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Rule - SID\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.uuid\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Rule ID\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"a47ffc70-96f0-11ea-814e-bb515e873c2c","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5299],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzMzQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:alert AND event.module:suricata\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":7,\"h\":8,\"i\":\"afb23064-13dc-4b97-b1be-cf672a6cfb56\"},\"panelIndex\":\"afb23064-13dc-4b97-b1be-cf672a6cfb56\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_afb23064-13dc-4b97-b1be-cf672a6cfb56\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":7,\"y\":0,\"w\":17,\"h\":8,\"i\":\"67961875-85aa-443b-9cac-130c8783cd8d\"},\"panelIndex\":\"67961875-85aa-443b-9cac-130c8783cd8d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_67961875-85aa-443b-9cac-130c8783cd8d\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":8,\"i\":\"44bf55fb-18d8-4ae6-a15a-902042d3623c\"},\"panelIndex\":\"44bf55fb-18d8-4ae6-a15a-902042d3623c\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_44bf55fb-18d8-4ae6-a15a-902042d3623c\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":8,\"w\":19,\"h\":20,\"i\":\"cedf23aa-c331-496a-bf27-7c9c8f587d80\"},\"panelIndex\":\"cedf23aa-c331-496a-bf27-7c9c8f587d80\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_cedf23aa-c331-496a-bf27-7c9c8f587d80\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":19,\"y\":8,\"w\":9,\"h\":20,\"i\":\"a2e54d3b-ee05-4d67-82d2-4ac917d9ec4b\"},\"panelIndex\":\"a2e54d3b-ee05-4d67-82d2-4ac917d9ec4b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a2e54d3b-ee05-4d67-82d2-4ac917d9ec4b\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":8,\"w\":10,\"h\":20,\"i\":\"ab088b32-c40e-4a1c-9dcd-758c1ad97edc\"},\"panelIndex\":\"ab088b32-c40e-4a1c-9dcd-758c1ad97edc\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_ab088b32-c40e-4a1c-9dcd-758c1ad97edc\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":38,\"y\":8,\"w\":10,\"h\":20,\"i\":\"2faea405-e4d3-488b-adfa-373b135d2122\"},\"panelIndex\":\"2faea405-e4d3-488b-adfa-373b135d2122\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2faea405-e4d3-488b-adfa-373b135d2122\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":28,\"w\":19,\"h\":18,\"i\":\"728a4c22-9a7e-4152-a4d6-eed2d728abb8\"},\"panelIndex\":\"728a4c22-9a7e-4152-a4d6-eed2d728abb8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_728a4c22-9a7e-4152-a4d6-eed2d728abb8\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":19,\"y\":28,\"w\":19,\"h\":18,\"i\":\"32459b34-f7be-4ac0-a672-7a9697ce3bca\"},\"panelIndex\":\"32459b34-f7be-4ac0-a672-7a9697ce3bca\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_32459b34-f7be-4ac0-a672-7a9697ce3bca\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":38,\"y\":28,\"w\":10,\"h\":18,\"i\":\"0681c2c1-531d-4f5e-a73f-8382789cbd14\"},\"panelIndex\":\"0681c2c1-531d-4f5e-a73f-8382789cbd14\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0681c2c1-531d-4f5e-a73f-8382789cbd14\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":46,\"w\":48,\"h\":20,\"i\":\"b7ad7fb7-60d2-4a1c-b71a-c438626507af\"},\"panelIndex\":\"b7ad7fb7-60d2-4a1c-b71a-c438626507af\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b7ad7fb7-60d2-4a1c-b71a-c438626507af\"}]","timeRestore":false,"title":"Security Onion - Alerts - Suricata","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"81057f40-7733-11ea-bee5-af7f7c7b8e05","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"30df00e0-7733-11ea-bee5-af7f7c7b8e05","name":"afb23064-13dc-4b97-b1be-cf672a6cfb56:panel_afb23064-13dc-4b97-b1be-cf672a6cfb56","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"67961875-85aa-443b-9cac-130c8783cd8d:panel_67961875-85aa-443b-9cac-130c8783cd8d","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"44bf55fb-18d8-4ae6-a15a-902042d3623c:panel_44bf55fb-18d8-4ae6-a15a-902042d3623c","type":"visualization"},{"id":"508fb520-72af-11ea-8dd2-9d8795a1200b","name":"cedf23aa-c331-496a-bf27-7c9c8f587d80:panel_cedf23aa-c331-496a-bf27-7c9c8f587d80","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"a2e54d3b-ee05-4d67-82d2-4ac917d9ec4b:panel_a2e54d3b-ee05-4d67-82d2-4ac917d9ec4b","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"ab088b32-c40e-4a1c-9dcd-758c1ad97edc:panel_ab088b32-c40e-4a1c-9dcd-758c1ad97edc","type":"visualization"},{"id":"f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b","name":"2faea405-e4d3-488b-adfa-373b135d2122:panel_2faea405-e4d3-488b-adfa-373b135d2122","type":"visualization"},{"id":"a37b9fa0-72b0-11ea-8dd2-9d8795a1200b","name":"728a4c22-9a7e-4152-a4d6-eed2d728abb8:panel_728a4c22-9a7e-4152-a4d6-eed2d728abb8","type":"visualization"},{"id":"f7e1d570-72ae-11ea-8dd2-9d8795a1200b","name":"32459b34-f7be-4ac0-a672-7a9697ce3bca:panel_32459b34-f7be-4ac0-a672-7a9697ce3bca","type":"visualization"},{"id":"a47ffc70-96f0-11ea-814e-bb515e873c2c","name":"0681c2c1-531d-4f5e-a73f-8382789cbd14:panel_0681c2c1-531d-4f5e-a73f-8382789cbd14","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"b7ad7fb7-60d2-4a1c-b71a-c438626507af:panel_b7ad7fb7-60d2-4a1c-b71a-c438626507af","type":"search"}],"sort":[1688996741503,5311],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzMzUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SIP - Response From","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SIP - Response From\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"sip.response.from.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sip.response.from.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Response From\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"81a1a740-75ca-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5313],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzMzYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NIDS - Alerts By Country (Vertical Bar Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"NIDS - Alerts By Country (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":75},\"title\":{\"text\":\"Country\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"81de16f0-6e0f-11e7-8624-1fb07dd76c6a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5315],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzMzcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Connections - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"8261cf00-366e-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5317],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzMzgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SNMP - Community String","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SNMP - Community String\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"community.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Community String\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"83a91450-4c79-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"b12150a0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5319],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzMzksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Network Data Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Network Data Over Time\",\"type\":\"line\",\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":true},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":true,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm\"}},\"params\":{\"date\":true,\"interval\":\"PT30M\",\"intervalESValue\":30,\"intervalESUnit\":\"m\",\"format\":\"HH:mm\",\"bounds\":{\"min\":\"2020-03-24T15:15:25.819Z\",\"max\":\"2020-03-25T15:15:25.819Z\"}},\"label\":\"@timestamp per 30 minutes\",\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"linear\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-24h\",\"to\":\"now\",\"mode\":\"quick\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"8491c4b0-6eab-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"387f44c0-6ea7-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1688996741503,5321],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzNDAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Kerberos - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Kerberos - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"84f28670-3636-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5323],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzNDEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DNP3 - Function Request","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNP3 - Function Request\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"fc_request.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Request\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"857c6760-4a4d-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c2587840-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5325],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzNDIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"IRC - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"IRC - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"85b1f890-35b7-11e7-a994-c528746bc6e8","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"344c6010-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5327],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzNDMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"tags:intel\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Intel - Indicator","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Indicator\",\"excludeIsRegex\":true,\"field\":\"intel.indicator.keyword\",\"includeIsRegex\":true,\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"params\":{\"autoFitRowToContent\":false,\"perPage\":10,\"percentageCol\":\"\",\"row\":true,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Security Onion - Intel - Indicator\",\"type\":\"table\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"db8c57c0-0e5c-11eb-a255-e1e8e85e3571","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5329],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzNDQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:intel\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Intel - Source","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Intel - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"intel.sources.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Source\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"b4222d00-0e60-11eb-a255-e1e8e85e3571","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5331],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzNDUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:intel\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Intel - Seen Where","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Intel - Seen Where\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"intel.seen_where.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Seen Where\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"ec57d300-0e60-11eb-a255-e1e8e85e3571","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5333],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzNDYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:intel\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":9,\"i\":\"a9613b03-8b84-4149-9dfa-5b059c1e0e70\"},\"panelIndex\":\"a9613b03-8b84-4149-9dfa-5b059c1e0e70\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a9613b03-8b84-4149-9dfa-5b059c1e0e70\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":14,\"y\":0,\"w\":10,\"h\":9,\"i\":\"77e957c4-13ac-480c-b799-0bd39559781b\"},\"panelIndex\":\"77e957c4-13ac-480c-b799-0bd39559781b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_77e957c4-13ac-480c-b799-0bd39559781b\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":9,\"i\":\"722a0294-a47b-4cd1-85c0-37f9933552c5\"},\"panelIndex\":\"722a0294-a47b-4cd1-85c0-37f9933552c5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_722a0294-a47b-4cd1-85c0-37f9933552c5\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":10,\"h\":21,\"i\":\"a008c6c0-0e76-4dc6-802b-72d68ad0c10d\"},\"panelIndex\":\"a008c6c0-0e76-4dc6-802b-72d68ad0c10d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a008c6c0-0e76-4dc6-802b-72d68ad0c10d\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":10,\"y\":9,\"w\":10,\"h\":21,\"i\":\"0adce98b-c9e8-469b-8cac-fb4ceb35b68a\"},\"panelIndex\":\"0adce98b-c9e8-469b-8cac-fb4ceb35b68a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0adce98b-c9e8-469b-8cac-fb4ceb35b68a\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":20,\"y\":9,\"w\":13,\"h\":21,\"i\":\"2b95ef19-525e-4659-8ab3-67cb0e9dc41a\"},\"panelIndex\":\"2b95ef19-525e-4659-8ab3-67cb0e9dc41a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2b95ef19-525e-4659-8ab3-67cb0e9dc41a\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":33,\"y\":9,\"w\":15,\"h\":21,\"i\":\"bde38fe7-9aec-4e19-b9fe-035ee6a66ef7\"},\"panelIndex\":\"bde38fe7-9aec-4e19-b9fe-035ee6a66ef7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_bde38fe7-9aec-4e19-b9fe-035ee6a66ef7\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":30,\"w\":24,\"h\":15,\"i\":\"2fa3b43b-f3b3-4eeb-8f32-1a3f2ccfc6c0\"},\"panelIndex\":\"2fa3b43b-f3b3-4eeb-8f32-1a3f2ccfc6c0\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2fa3b43b-f3b3-4eeb-8f32-1a3f2ccfc6c0\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":30,\"w\":24,\"h\":15,\"i\":\"79c4ec17-8411-49d8-82af-6921a321dd3b\"},\"panelIndex\":\"79c4ec17-8411-49d8-82af-6921a321dd3b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_79c4ec17-8411-49d8-82af-6921a321dd3b\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":45,\"w\":48,\"h\":34,\"i\":\"779d2461-4d8a-4254-b380-26650a52a026\"},\"panelIndex\":\"779d2461-4d8a-4254-b380-26650a52a026\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_779d2461-4d8a-4254-b380-26650a52a026\"}]","timeRestore":false,"title":"Security Onion - Intel","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"85b529a0-0e5a-11eb-a255-e1e8e85e3571","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"a9613b03-8b84-4149-9dfa-5b059c1e0e70:panel_a9613b03-8b84-4149-9dfa-5b059c1e0e70","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"77e957c4-13ac-480c-b799-0bd39559781b:panel_77e957c4-13ac-480c-b799-0bd39559781b","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"722a0294-a47b-4cd1-85c0-37f9933552c5:panel_722a0294-a47b-4cd1-85c0-37f9933552c5","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"a008c6c0-0e76-4dc6-802b-72d68ad0c10d:panel_a008c6c0-0e76-4dc6-802b-72d68ad0c10d","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"0adce98b-c9e8-469b-8cac-fb4ceb35b68a:panel_0adce98b-c9e8-469b-8cac-fb4ceb35b68a","type":"visualization"},{"id":"db8c57c0-0e5c-11eb-a255-e1e8e85e3571","name":"2b95ef19-525e-4659-8ab3-67cb0e9dc41a:panel_2b95ef19-525e-4659-8ab3-67cb0e9dc41a","type":"visualization"},{"id":"b4222d00-0e60-11eb-a255-e1e8e85e3571","name":"bde38fe7-9aec-4e19-b9fe-035ee6a66ef7:panel_bde38fe7-9aec-4e19-b9fe-035ee6a66ef7","type":"visualization"},{"id":"6b109430-0e60-11eb-a255-e1e8e85e3571","name":"2fa3b43b-f3b3-4eeb-8f32-1a3f2ccfc6c0:panel_2fa3b43b-f3b3-4eeb-8f32-1a3f2ccfc6c0","type":"visualization"},{"id":"ec57d300-0e60-11eb-a255-e1e8e85e3571","name":"79c4ec17-8411-49d8-82af-6921a321dd3b:panel_79c4ec17-8411-49d8-82af-6921a321dd3b","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"779d2461-4d8a-4254-b380-26650a52a026:panel_779d2461-4d8a-4254-b380-26650a52a026","type":"search"}],"sort":[1688996741503,5344],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzNDcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMB - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SMB - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per minute\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"85e40a70-3aac-11e7-8b17-0d8709b02c80","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688996741503,5346],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzNDgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DCE/RPC - Operation","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DCE/RPC - Operation\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"operation.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Operation\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"86107960-3af3-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688996741503,5348],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzNDksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Authentication Status (Donut Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"RFB - Authentication Status (Donut Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"auth.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Authentication Status\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"869e3030-371e-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5350],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzNTAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Modbus - Exception","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Modbus - Exception\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"modbus.exception.keyword: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"modbus.exception.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Exception\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"93cdb730-75be-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5352],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzNTEsMV0="}
+{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"tags:modbus*\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"dcdc1d0b-bec1-402d-a34b-39464e9a2749\"},\"panelIndex\":\"dcdc1d0b-bec1-402d-a34b-39464e9a2749\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":13,\"y\":0,\"w\":17,\"h\":8,\"i\":\"ccbb40c9-d2e4-4592-a91f-b1f6912a35f9\"},\"panelIndex\":\"ccbb40c9-d2e4-4592-a91f-b1f6912a35f9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":8,\"i\":\"32fd8cfa-64ad-41d7-b4f7-2c71f351916a\"},\"panelIndex\":\"32fd8cfa-64ad-41d7-b4f7-2c71f351916a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":8,\"w\":8,\"h\":19,\"i\":\"b15f438a-6f24-4099-90e6-d66f950029bc\"},\"panelIndex\":\"b15f438a-6f24-4099-90e6-d66f950029bc\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":8,\"h\":19,\"i\":\"089f29d5-cf23-4b6a-8b80-27911ffd6b1a\"},\"panelIndex\":\"089f29d5-cf23-4b6a-8b80-27911ffd6b1a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":16,\"y\":8,\"w\":14,\"h\":19,\"i\":\"4154e8b1-e314-4623-aaf4-0404a108551a\"},\"panelIndex\":\"4154e8b1-e314-4623-aaf4-0404a108551a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":30,\"y\":8,\"w\":18,\"h\":19,\"i\":\"8acbc44d-4fe2-42b0-a6e9-4a3bc4e4aeb6\"},\"panelIndex\":\"8acbc44d-4fe2-42b0-a6e9-4a3bc4e4aeb6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":29,\"i\":\"c4d3c93a-746f-4edc-835c-66f1380fc5d4\"},\"panelIndex\":\"c4d3c93a-746f-4edc-835c-66f1380fc5d4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"Security Onion - Modbus","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"886a7b90-75bd-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"c879ad60-72a1-11ea-8dd2-9d8795a1200b","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"62449800-75be-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"93cdb730-75be-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_7","type":"search"}],"sort":[1688996741503,5361],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzNTIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSH - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSH - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"8a60eb50-365f-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c33e7600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5363],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzNTMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SSH - HASSH","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SSH - HASSH\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"hash.hassh.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"8afa5f50-75eb-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5365],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzNTQsMV0="}
+{"attributes":{"description":"based on the Endgame - Categories with Full Event Type viz, modded by rlp 20211220","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Endgame - Event Categories","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"}}}}","version":1,"visState":"{\"title\":\"Endgame - Event Categories\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"event.category\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"showToolbar\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"row\":true}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"8b3bb5c0-61af-11ec-864c-8b5450f97635","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1688996741503,5368],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzNTUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HTTP - Sites","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"HTTP - Sites\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"virtual_host.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Site\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"8ba31820-34c6-11e7-8360-0b86c90983fd","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5370],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzNTYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Files - MIME Type (Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Files - MIME Type (Bar Chart)\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"rotate\":75,\"show\":true,\"truncate\":100,\"filter\":true},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"MIME Type\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\",\"circlesRadius\":1}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"mimetype.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MIME Type\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"8c57f3d0-3674-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"e929e8a0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5372],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzNTcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Sysmon - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Sysmon - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 seconds\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"8cfdeff0-6d6b-11e7-ad64-15aa071374a6","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688996741503,5374],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzNTgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Weird - Notice Generated (Donut Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Weird - Notice Generated (Donut Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"notice.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"8dbbbed0-364e-11e7-9dc3-d35061cb642d","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"e32d0d50-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5376],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzNTksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"RDP - Client Build","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"RDP - Client Build\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"client_build.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client Build\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"8e18ee60-371c-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5378],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzNjAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastAlert - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastAlert - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"match_body.source.ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"8ec77cb0-7dcf-11e7-a1a2-3be6827d22ce","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:elastalert_status*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5380],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzNjEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_ssl AND _exists_:certificate_common_name_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"SSL - Certificate Common Name Frequency Analysis","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSL - Certificate Common Name Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"certificate_common_name_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"certificate_common_name.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Common Name\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"8fa702e0-6f0b-11e7-9d31-23c0596994a7","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5382],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzNjIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Files - MIME Type","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Files - MIME Type\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"file.mimetype.keyword: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"file.mimetype.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MIMEType\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"8fb3c480-75f2-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5384],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzNjMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"All Sensors - Log Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"All Sensors - Log Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event_type.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Log Type(s)\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"901bda80-a83f-11e7-893a-1b88920b2837","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"aa05e920-3433-11e7-8867-29a39c0f86b2","name":"search_0","type":"search"}],"sort":[1688996741503,5386],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzNjQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SIP - Destination Country (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SIP - Destination Country (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"90bf0a80-3750-11e7-b74a-f5057991ccd2","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5388],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzNjUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\n  \"indexRefName\": \"kibanaSavedObjectMeta.searchSourceJSON.index\"\n}"},"title":"Security Onion - Rule - ID","uiStateJSON":"{\n  \"vis\": {\n    \"params\": {\n      \"sort\": {\n        \"columnIndex\": null,\n        \"direction\": null\n      }\n    }\n  }\n}","version":1,"visState":"{\"title\":\"Security Onion - Rule - ID\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.uuid\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"ID\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"91bd9990-7737-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5390],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzNjYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Bro - Syslog - Log Count Over Time","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Bro - Syslog - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 seconds\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"92b202e0-76b4-11e7-94e1-3d2ec4e57ed9","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"269ca380-76b4-11e7-8c3e-cfcdd8c95d87","name":"search_0","type":"search"}],"sort":[1688996741503,5392],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzNjcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Host - Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Host - Name\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"agent.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Agent Name\",\"aggType\":\"terms\"}]},\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"f03402e0-72bc-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5394],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzNjgsMV0="}
+{"attributes":{"columns":["host.name","event.module","event.dataset","process.command_line","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.category:host \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[],"title":"Security Onion - Host Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"a866be10-0e45-11eb-a255-e1e8e85e3571","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,4592],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQxNDAsMV0="}
+{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.category:host\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":8,\"i\":\"c743998d-d4c5-429f-87ce-67bac2649e72\"},\"panelIndex\":\"c743998d-d4c5-429f-87ce-67bac2649e72\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":15,\"h\":8,\"i\":\"8acc6336-35b7-4c1a-b0ef-3b3ec6870b1f\"},\"panelIndex\":\"8acc6336-35b7-4c1a-b0ef-3b3ec6870b1f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":23,\"y\":0,\"w\":25,\"h\":8,\"i\":\"8485e0bf-8342-42ff-82b4-eb2611191060\"},\"panelIndex\":\"8485e0bf-8342-42ff-82b4-eb2611191060\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":8,\"w\":8,\"h\":18,\"i\":\"ba08df96-10b9-4b30-803f-f40387867ccc\"},\"panelIndex\":\"ba08df96-10b9-4b30-803f-f40387867ccc\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":8,\"y\":8,\"w\":7,\"h\":18,\"i\":\"254bcae3-60d3-4193-b258-6f9f3eba0af3\"},\"panelIndex\":\"254bcae3-60d3-4193-b258-6f9f3eba0af3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":15,\"y\":8,\"w\":8,\"h\":18,\"i\":\"89d115c0-ee70-4250-9742-fb3c554e69a7\"},\"panelIndex\":\"89d115c0-ee70-4250-9742-fb3c554e69a7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":23,\"y\":8,\"w\":25,\"h\":18,\"i\":\"0c1675bb-01ef-4020-95f1-3f35e0c6fad8\"},\"panelIndex\":\"0c1675bb-01ef-4020-95f1-3f35e0c6fad8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":26,\"w\":48,\"h\":20,\"i\":\"38bc9e98-7934-4d1b-89fa-1b57765086c3\"},\"panelIndex\":\"38bc9e98-7934-4d1b-89fa-1b57765086c3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"Security Onion - Host","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"92e63cc0-6ec0-11ea-9266-1fd14ca6af34","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"df50eba0-6ec0-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"c879ad60-72a1-11ea-8dd2-9d8795a1200b","name":"panel_2","type":"visualization"},{"id":"8b065a80-6eca-11ea-9266-1fd14ca6af34","name":"panel_3","type":"visualization"},{"id":"ad398b70-6e9a-11ea-9266-1fd14ca6af34","name":"panel_4","type":"visualization"},{"id":"f03402e0-72bc-11ea-8dd2-9d8795a1200b","name":"panel_5","type":"visualization"},{"id":"758187b0-72bd-11ea-8dd2-9d8795a1200b","name":"panel_6","type":"visualization"},{"id":"a866be10-0e45-11eb-a255-e1e8e85e3571","name":"panel_7","type":"search"}],"sort":[1688996741503,5403],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzNjksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SIP - Content Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SIP - Content Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"content_type.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Content Type\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"930b1600-3753-11e7-b74a-f5057991ccd2","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5405],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzNzAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HTTP - MIME Type (Tag Cloud)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"HTTP - MIME Type (Tag Cloud)\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":14,\"maxFontSize\":40,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"resp_mime_types.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MIME Type\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"934fe550-6e08-11e7-9370-174c4785d3e1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5407],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzNzEsMV0="}
+{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.module:ossec AND event.dataset:alert\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":8,\"i\":\"c2172038-7740-458c-977a-98d139c438c2\"},\"panelIndex\":\"c2172038-7740-458c-977a-98d139c438c2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":18,\"h\":8,\"i\":\"b18f1671-c1a0-44c8-946b-71bc21e62482\"},\"panelIndex\":\"b18f1671-c1a0-44c8-946b-71bc21e62482\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":26,\"y\":0,\"w\":22,\"h\":8,\"i\":\"b26faccc-11d5-4cc3-8fd2-484b5e3659bc\"},\"panelIndex\":\"b26faccc-11d5-4cc3-8fd2-484b5e3659bc\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":8,\"w\":12,\"h\":19,\"i\":\"1f88747a-06f5-4450-8d08-150d0cd37667\"},\"panelIndex\":\"1f88747a-06f5-4450-8d08-150d0cd37667\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":12,\"y\":8,\"w\":11,\"h\":19,\"i\":\"0b5a83d1-8f56-4616-b0aa-af25a1995379\"},\"panelIndex\":\"0b5a83d1-8f56-4616-b0aa-af25a1995379\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":23,\"y\":8,\"w\":7,\"h\":19,\"i\":\"a4bd8139-6fdd-476e-b6ff-8dd036e0f747\"},\"panelIndex\":\"a4bd8139-6fdd-476e-b6ff-8dd036e0f747\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":30,\"y\":8,\"w\":8,\"h\":19,\"i\":\"df2cccc2-5ac2-4522-9756-76a16ba2b0ce\"},\"panelIndex\":\"df2cccc2-5ac2-4522-9756-76a16ba2b0ce\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":38,\"y\":8,\"w\":10,\"h\":19,\"i\":\"8b5674df-aad2-4af7-aa91-90a9d3e3980c\"},\"panelIndex\":\"8b5674df-aad2-4af7-aa91-90a9d3e3980c\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":21,\"i\":\"365259e4-659e-4950-8e82-b8d8fc7fadca\"},\"panelIndex\":\"365259e4-659e-4950-8e82-b8d8fc7fadca\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"}]","timeRestore":false,"title":"Security Onion - Wazuh","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"9480f190-7732-11ea-bee5-af7f7c7b8e05","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"30df00e0-7733-11ea-bee5-af7f7c7b8e05","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"508fb520-72af-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"f7e1d570-72ae-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"91bd9990-7737-11ea-bee5-af7f7c7b8e05","name":"panel_5","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_6","type":"visualization"},{"id":"407784f0-7738-11ea-bee5-af7f7c7b8e05","name":"panel_7","type":"visualization"},{"id":"a866be10-0e45-11eb-a255-e1e8e85e3571","name":"panel_8","type":"search"}],"sort":[1688996741503,5417],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzNzIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - PE - OS","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.os.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"OS\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"Security Onion - PE - OS\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"b449a870-c762-11ea-bebb-37c5ab5894ea","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5419],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzNzMsMV0="}
+{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"tags:pe\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":9,\"i\":\"858c0209-49ab-4c0c-9b9c-bc71e363be32\"},\"panelIndex\":\"858c0209-49ab-4c0c-9b9c-bc71e363be32\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":13,\"y\":0,\"w\":12,\"h\":9,\"i\":\"94db978d-70ba-4ade-a680-1297961aa832\"},\"panelIndex\":\"94db978d-70ba-4ade-a680-1297961aa832\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":25,\"y\":0,\"w\":23,\"h\":9,\"i\":\"8973a749-ddc9-4476-8946-280e748da61e\"},\"panelIndex\":\"8973a749-ddc9-4476-8946-280e748da61e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":10,\"h\":18,\"i\":\"8797e1d3-84b0-4840-9ba3-6e74f15a5f08\"},\"panelIndex\":\"8797e1d3-84b0-4840-9ba3-6e74f15a5f08\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":10,\"y\":9,\"w\":15,\"h\":18,\"i\":\"b9da8481-6781-4431-83de-c51834199de7\"},\"panelIndex\":\"b9da8481-6781-4431-83de-c51834199de7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":25,\"y\":9,\"w\":10,\"h\":18,\"i\":\"ceba5670-4f26-411e-a19a-e130cf715228\"},\"panelIndex\":\"ceba5670-4f26-411e-a19a-e130cf715228\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":35,\"y\":9,\"w\":13,\"h\":18,\"i\":\"5f1b3a55-7919-448d-897c-fc7166b283d0\"},\"panelIndex\":\"5f1b3a55-7919-448d-897c-fc7166b283d0\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":29,\"i\":\"767dc27a-2b54-4360-bb34-c1a41528ad25\"},\"panelIndex\":\"767dc27a-2b54-4360-bb34-c1a41528ad25\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"Security Onion - PE","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"94b55b90-c761-11ea-bebb-37c5ab5894ea","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"c879ad60-72a1-11ea-8dd2-9d8795a1200b","name":"panel_2","type":"visualization"},{"id":"80a39cb0-c762-11ea-bebb-37c5ab5894ea","name":"panel_3","type":"visualization"},{"id":"b449a870-c762-11ea-bebb-37c5ab5894ea","name":"panel_4","type":"visualization"},{"id":"07419650-c763-11ea-bebb-37c5ab5894ea","name":"panel_5","type":"visualization"},{"id":"282bf2c0-c763-11ea-bebb-37c5ab5894ea","name":"panel_6","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_7","type":"search"}],"sort":[1688996741503,5428],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzNzQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Autoruns - Company","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Autoruns - Company\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":14,\"maxFontSize\":36,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"company.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"96105ff0-6d7b-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"dd700830-6d69-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688996741503,5430],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzNzUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:snmp\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"752f2974-3abc-482c-afdc-c85cf5643cc6\"},\"panelIndex\":\"752f2974-3abc-482c-afdc-c85cf5643cc6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_752f2974-3abc-482c-afdc-c85cf5643cc6\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":13,\"y\":0,\"w\":17,\"h\":8,\"i\":\"dfa3b3da-b86b-4d11-add3-c7e18c40654b\"},\"panelIndex\":\"dfa3b3da-b86b-4d11-add3-c7e18c40654b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_dfa3b3da-b86b-4d11-add3-c7e18c40654b\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":8,\"i\":\"4c444c07-93f9-43d2-966e-1a0db864c011\"},\"panelIndex\":\"4c444c07-93f9-43d2-966e-1a0db864c011\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4c444c07-93f9-43d2-966e-1a0db864c011\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":8,\"w\":9,\"h\":19,\"i\":\"3f20fbbb-d47b-4b9e-94a0-f5f144ce0dd2\"},\"panelIndex\":\"3f20fbbb-d47b-4b9e-94a0-f5f144ce0dd2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3f20fbbb-d47b-4b9e-94a0-f5f144ce0dd2\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":8,\"w\":10,\"h\":19,\"i\":\"5c5850b6-1e17-4d4a-9122-8d6a6b275fb0\"},\"panelIndex\":\"5c5850b6-1e17-4d4a-9122-8d6a6b275fb0\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5c5850b6-1e17-4d4a-9122-8d6a6b275fb0\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":19,\"y\":8,\"w\":11,\"h\":19,\"i\":\"2df47b07-dcfd-46a9-a908-cd03bb3ae82e\"},\"panelIndex\":\"2df47b07-dcfd-46a9-a908-cd03bb3ae82e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2df47b07-dcfd-46a9-a908-cd03bb3ae82e\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":30,\"y\":8,\"w\":18,\"h\":19,\"i\":\"7fec36da-2c28-4eef-9d15-bd5d64628d1d\"},\"panelIndex\":\"7fec36da-2c28-4eef-9d15-bd5d64628d1d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7fec36da-2c28-4eef-9d15-bd5d64628d1d\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":29,\"i\":\"db2dff22-e4c1-41ea-a07d-8c0b0080cb04\"},\"panelIndex\":\"db2dff22-e4c1-41ea-a07d-8c0b0080cb04\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_db2dff22-e4c1-41ea-a07d-8c0b0080cb04\"}]","timeRestore":false,"title":"Security Onion - SNMP","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"96522610-75e8-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"752f2974-3abc-482c-afdc-c85cf5643cc6:panel_752f2974-3abc-482c-afdc-c85cf5643cc6","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"dfa3b3da-b86b-4d11-add3-c7e18c40654b:panel_dfa3b3da-b86b-4d11-add3-c7e18c40654b","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"4c444c07-93f9-43d2-966e-1a0db864c011:panel_4c444c07-93f9-43d2-966e-1a0db864c011","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"3f20fbbb-d47b-4b9e-94a0-f5f144ce0dd2:panel_3f20fbbb-d47b-4b9e-94a0-f5f144ce0dd2","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"5c5850b6-1e17-4d4a-9122-8d6a6b275fb0:panel_5c5850b6-1e17-4d4a-9122-8d6a6b275fb0","type":"visualization"},{"id":"424ace90-75e9-11ea-9565-7315f4ee5cac","name":"2df47b07-dcfd-46a9-a908-cd03bb3ae82e:panel_2df47b07-dcfd-46a9-a908-cd03bb3ae82e","type":"visualization"},{"id":"690ef880-75e9-11ea-9565-7315f4ee5cac","name":"7fec36da-2c28-4eef-9d15-bd5d64628d1d:panel_7fec36da-2c28-4eef-9d15-bd5d64628d1d","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"db2dff22-e4c1-41ea-a07d-8c0b0080cb04:panel_db2dff22-e4c1-41ea-a07d-8c0b0080cb04","type":"search"}],"sort":[1688996741503,5439],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzNzYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - \"To\" Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMTP - \\\"To\\\" Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"recipient_to.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"\\\"To\\\" Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"96767400-39a2-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5441],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzNzcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastAlert - Log Count Over Time","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"ElastAlert - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 seconds\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"969e4820-7dce-11e7-a1a2-3be6827d22ce","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:elastalert_status*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5443],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzNzgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"NIDS - Alert Summary","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NIDS - Alert Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"alert.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Alert\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"96c2cf10-4a3d-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5445],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzNzksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSH - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSH - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"9a33f9a0-365f-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c33e7600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5447],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzODAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Connections - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"9a54f150-366e-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5449],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzODEsMV0="}
+{"attributes":{"columns":["source_ip","name","software_type"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_software\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Software - Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"ba3d77e0-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5451],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzODIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Software - Summary","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Software - Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Name\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"version_major.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Major Version\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"version_minor.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Minor Version\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"software_type.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"9b0f6a80-4c7a-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"ba3d77e0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5453],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzODMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"MySQL - Response","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"MySQL - Response\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"response.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Response\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"9c411ad0-4a58-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"5d624230-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5455],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzODQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Zeek - Notice","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Zeek - Notice\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"notice.note.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Notice\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"9c6ccff0-7a84-11ea-9d13-57f5db13d1ed","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5457],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzODUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Sensors - Sensor and Services (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Sensors - Sensor and Services (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"sensor_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Sensor\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"service.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"9c979ea0-345b-11e7-8867-29a39c0f86b2","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"aa05e920-3433-11e7-8867-29a39c0f86b2","name":"search_0","type":"search"}],"sort":[1688996741503,5459],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzODYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"PE - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"PE - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"9cffd160-363f-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"66288140-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5461],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzODcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Connections - Top Source Ports","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Connections - Top Source Ports\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source Port\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"9d3413c0-6ea0-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1688996741503,5463],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzODgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:ssh\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"b816ee0e-45c6-438d-a4ed-799d9e80a9f0\"},\"panelIndex\":\"b816ee0e-45c6-438d-a4ed-799d9e80a9f0\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b816ee0e-45c6-438d-a4ed-799d9e80a9f0\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":13,\"y\":0,\"w\":17,\"h\":8,\"i\":\"cbfd7081-d82b-4e29-b21c-6e9584d67328\"},\"panelIndex\":\"cbfd7081-d82b-4e29-b21c-6e9584d67328\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_cbfd7081-d82b-4e29-b21c-6e9584d67328\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":8,\"i\":\"d9b0c92a-8625-4e72-8a7c-333381e17244\"},\"panelIndex\":\"d9b0c92a-8625-4e72-8a7c-333381e17244\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_d9b0c92a-8625-4e72-8a7c-333381e17244\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":8,\"w\":10,\"h\":19,\"i\":\"766c95ce-e20f-4e88-935f-2211b7be6b65\"},\"panelIndex\":\"766c95ce-e20f-4e88-935f-2211b7be6b65\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_766c95ce-e20f-4e88-935f-2211b7be6b65\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":10,\"y\":8,\"w\":10,\"h\":19,\"i\":\"e9ec8c9e-8a76-4501-abcb-2c9c08adfc44\"},\"panelIndex\":\"e9ec8c9e-8a76-4501-abcb-2c9c08adfc44\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e9ec8c9e-8a76-4501-abcb-2c9c08adfc44\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":20,\"y\":8,\"w\":13,\"h\":19,\"i\":\"c2747e56-14c2-4a70-a1a7-e31affae20f8\"},\"panelIndex\":\"c2747e56-14c2-4a70-a1a7-e31affae20f8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_c2747e56-14c2-4a70-a1a7-e31affae20f8\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":33,\"y\":8,\"w\":15,\"h\":19,\"i\":\"ff324073-699d-4b26-b4fd-28190fa3803b\"},\"panelIndex\":\"ff324073-699d-4b26-b4fd-28190fa3803b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_ff324073-699d-4b26-b4fd-28190fa3803b\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":27,\"w\":17,\"h\":18,\"i\":\"248c6442-b868-4e06-bfaa-e6da2d2d7463\"},\"panelIndex\":\"248c6442-b868-4e06-bfaa-e6da2d2d7463\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_248c6442-b868-4e06-bfaa-e6da2d2d7463\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":17,\"y\":27,\"w\":16,\"h\":18,\"i\":\"d24e4833-8b52-45ac-ac3f-bb31379e8380\"},\"panelIndex\":\"d24e4833-8b52-45ac-ac3f-bb31379e8380\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_d24e4833-8b52-45ac-ac3f-bb31379e8380\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":33,\"y\":27,\"w\":15,\"h\":18,\"i\":\"6711f807-284e-4025-99bb-cee25c0e970d\"},\"panelIndex\":\"6711f807-284e-4025-99bb-cee25c0e970d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6711f807-284e-4025-99bb-cee25c0e970d\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":45,\"w\":48,\"h\":29,\"i\":\"3d4c3a76-579f-494d-b87c-d594fea44d83\"},\"panelIndex\":\"3d4c3a76-579f-494d-b87c-d594fea44d83\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3d4c3a76-579f-494d-b87c-d594fea44d83\"}]","timeRestore":false,"title":"Security Onion - SSH","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"9dfd77e0-75eb-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"b816ee0e-45c6-438d-a4ed-799d9e80a9f0:panel_b816ee0e-45c6-438d-a4ed-799d9e80a9f0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"cbfd7081-d82b-4e29-b21c-6e9584d67328:panel_cbfd7081-d82b-4e29-b21c-6e9584d67328","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"d9b0c92a-8625-4e72-8a7c-333381e17244:panel_d9b0c92a-8625-4e72-8a7c-333381e17244","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"766c95ce-e20f-4e88-935f-2211b7be6b65:panel_766c95ce-e20f-4e88-935f-2211b7be6b65","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"e9ec8c9e-8a76-4501-abcb-2c9c08adfc44:panel_e9ec8c9e-8a76-4501-abcb-2c9c08adfc44","type":"visualization"},{"id":"292b1db0-75ea-11ea-9565-7315f4ee5cac","name":"c2747e56-14c2-4a70-a1a7-e31affae20f8:panel_c2747e56-14c2-4a70-a1a7-e31affae20f8","type":"visualization"},{"id":"46221fe0-75ea-11ea-9565-7315f4ee5cac","name":"ff324073-699d-4b26-b4fd-28190fa3803b:panel_ff324073-699d-4b26-b4fd-28190fa3803b","type":"visualization"},{"id":"7d61f430-75ea-11ea-9565-7315f4ee5cac","name":"248c6442-b868-4e06-bfaa-e6da2d2d7463:panel_248c6442-b868-4e06-bfaa-e6da2d2d7463","type":"visualization"},{"id":"104a4a90-75eb-11ea-9565-7315f4ee5cac","name":"d24e4833-8b52-45ac-ac3f-bb31379e8380:panel_d24e4833-8b52-45ac-ac3f-bb31379e8380","type":"visualization"},{"id":"8afa5f50-75eb-11ea-9565-7315f4ee5cac","name":"6711f807-284e-4025-99bb-cee25c0e970d:panel_6711f807-284e-4025-99bb-cee25c0e970d","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"3d4c3a76-579f-494d-b87c-d594fea44d83:panel_3d4c3a76-579f-494d-b87c-d594fea44d83","type":"search"}],"sort":[1688996741503,5475],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzODksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DCE/RPC - Endpoint","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DCE/RPC - Endpoint\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dce_rpc.endpoint.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Endpoint\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"a427d6e0-96db-11ea-814e-bb515e873c2c","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5477],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzOTAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DCE/RPC - Named Pipe","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DCE/RPC - Named Pipe\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dce_rpc.named_pipe.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Named Pipe\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"c2f21270-96db-11ea-814e-bb515e873c2c","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5479],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzOTEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DCE/RPC - Operation","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DCE/RPC - Operation\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dce_rpc.operation.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Operation\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"df7989f0-96db-11ea-814e-bb515e873c2c","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5481],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzOTIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:dce_rpc\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":9,\"i\":\"95dc50d5-926a-4ab3-a746-0e53f475d658\"},\"panelIndex\":\"95dc50d5-926a-4ab3-a746-0e53f475d658\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_95dc50d5-926a-4ab3-a746-0e53f475d658\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":14,\"y\":0,\"w\":14,\"h\":9,\"i\":\"5b559994-ed67-43c8-8eed-ab30fd8b3d26\"},\"panelIndex\":\"5b559994-ed67-43c8-8eed-ab30fd8b3d26\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5b559994-ed67-43c8-8eed-ab30fd8b3d26\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":20,\"h\":9,\"i\":\"4251a61c-1dcd-47b3-9866-f7ed939c73d4\"},\"panelIndex\":\"4251a61c-1dcd-47b3-9866-f7ed939c73d4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4251a61c-1dcd-47b3-9866-f7ed939c73d4\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":8,\"h\":21,\"i\":\"e74255f5-4dc6-4df0-ab24-032dd7d4bc02\"},\"panelIndex\":\"e74255f5-4dc6-4df0-ab24-032dd7d4bc02\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e74255f5-4dc6-4df0-ab24-032dd7d4bc02\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":8,\"y\":9,\"w\":8,\"h\":21,\"i\":\"55f5c9e0-264b-44d1-9b49-0bb7890ef4bd\"},\"panelIndex\":\"55f5c9e0-264b-44d1-9b49-0bb7890ef4bd\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_55f5c9e0-264b-44d1-9b49-0bb7890ef4bd\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":16,\"y\":9,\"w\":9,\"h\":21,\"i\":\"2a33a3df-4690-4ea4-a71a-9c98cb612213\"},\"panelIndex\":\"2a33a3df-4690-4ea4-a71a-9c98cb612213\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2a33a3df-4690-4ea4-a71a-9c98cb612213\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":25,\"y\":9,\"w\":8,\"h\":21,\"i\":\"ee61c32f-e801-494f-a819-b5788bed856f\"},\"panelIndex\":\"ee61c32f-e801-494f-a819-b5788bed856f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_ee61c32f-e801-494f-a819-b5788bed856f\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":33,\"y\":9,\"w\":15,\"h\":21,\"i\":\"f7c23591-431c-4a4c-a69b-a349c37697da\"},\"panelIndex\":\"f7c23591-431c-4a4c-a69b-a349c37697da\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f7c23591-431c-4a4c-a69b-a349c37697da\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":30,\"w\":48,\"h\":29,\"i\":\"f360db9a-9572-4b67-8be4-6f53084940a3\"},\"panelIndex\":\"f360db9a-9572-4b67-8be4-6f53084940a3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f360db9a-9572-4b67-8be4-6f53084940a3\"}]","timeRestore":false,"title":"Security Onion - DCE/RPC","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"9e882df0-72c5-11ea-8dd2-9d8795a1200b","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"95dc50d5-926a-4ab3-a746-0e53f475d658:panel_95dc50d5-926a-4ab3-a746-0e53f475d658","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"5b559994-ed67-43c8-8eed-ab30fd8b3d26:panel_5b559994-ed67-43c8-8eed-ab30fd8b3d26","type":"visualization"},{"id":"c879ad60-72a1-11ea-8dd2-9d8795a1200b","name":"4251a61c-1dcd-47b3-9866-f7ed939c73d4:panel_4251a61c-1dcd-47b3-9866-f7ed939c73d4","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"e74255f5-4dc6-4df0-ab24-032dd7d4bc02:panel_e74255f5-4dc6-4df0-ab24-032dd7d4bc02","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"55f5c9e0-264b-44d1-9b49-0bb7890ef4bd:panel_55f5c9e0-264b-44d1-9b49-0bb7890ef4bd","type":"visualization"},{"id":"a427d6e0-96db-11ea-814e-bb515e873c2c","name":"2a33a3df-4690-4ea4-a71a-9c98cb612213:panel_2a33a3df-4690-4ea4-a71a-9c98cb612213","type":"visualization"},{"id":"c2f21270-96db-11ea-814e-bb515e873c2c","name":"ee61c32f-e801-494f-a819-b5788bed856f:panel_ee61c32f-e801-494f-a819-b5788bed856f","type":"visualization"},{"id":"df7989f0-96db-11ea-814e-bb515e873c2c","name":"f7c23591-431c-4a4c-a69b-a349c37697da:panel_f7c23591-431c-4a4c-a69b-a349c37697da","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"f360db9a-9572-4b67-8be4-6f53084940a3:panel_f360db9a-9572-4b67-8be4-6f53084940a3","type":"search"}],"sort":[1688996741503,5491],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzOTMsMV0="}
+{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.module:osquery\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Security Onion - Osquery","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"9eed5fc0-afcb-11ea-b262-353d451b125b","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5493],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzOTQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SIP - Content Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SIP - Content Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"sip.content_type.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sip.content_type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Type\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"9ff24600-75ca-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5495],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzOTUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"OSSEC Alerts - Command (Data Table)","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"OSSEC Alerts - Command (Data Table)\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"command.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Command\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"9ff34f60-4a42-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d9096bb0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5497],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzOTYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":{\"match_all\":{}},\"language\":\"lucene\"},\"filter\":[]}"},"title":"Help","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Help\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"markdown\":\"## Introduction\\nWelcome to the Security Onion Elastic Stack!  This is our implementation of the Elastic Stack on Security Onion.  The Elastic Stack consists of three primary components:\\n- `Elasticsearch` - stores logs\\n- `Logstash` - collects and enriches logs before storing them in Elasticsearch\\n- `Kibana` - web interface for visualizing logs\\n\\n## Sidebar\\nStarting on the far left side of the page, you see the Sidebar.  This contains links such as:\\n- `Discover` - search data\\n- `Visualize` - create visualizations based on searches\\n- `Dashboard` - view or create dashboards based on visualizations\\n- `Timelion` - timeline analysis\\n- `Dev Tools` - query Elasticsearch directly\\n- `Management` - view or modify Kibana settings\\n- `Squert` - separate web interface for viewing NIDS and HIDS alerts\\n- `Logout` - log out of your session\\n\\nThe first six of those links are within Kibana itself.  If you click one of those and then want to get back to the Dashboards area where you started, simply click the `Dashboard` link.\\n\\nClicking the `Squert` link will take you out of Kibana and into Squert.  You will not be required to authenticate to Squert since you already have an active Single Sign On (SSO) session.\\n\\nClicking the `Logout` link in either Squert or Kibana will log you out of your SSO session and take you back to the logon screen.\\n\\n## Navigation Panel\\nWhen you are in the Kibana Dashboard area, the panel to the immediate right of the sidebar is the Navigation Panel and it includes links to our dashboards such as Home, Help (this page), Bro Notices, ElastAlert, HIDS, NIDS, etc.  Clicking one of the links in the Navigation Panel will take you to a dashboard dedicated to that particular log type.  \\n\\n## Dashboards\\nAll dashboards are designed to work at 1024x768 screen resolution in order to maximize compatibility.\\n\\n### Dashboard Hyperlinks\\n\\nThe `source_ip` and `destination_ip` fields are hyperlinked.  These hyperlinks will take you to the Indicator dashboard which will help you analyze the traffic relating to that particular IP address.\\n\\n`UID` fields are also hyperlinked.  This hyperlink will start a new Kibana search for that particular UID.  In the case of Bro UIDs this will show you all Bro logs related to that particular connection.\\n\\nEach log entry also has an `_id` field that is hyperlinked.  This hyperlink will take you to CapMe, allowing you to request full packet capture for any arbitrary log type.  This assumes that the log is for tcp or udp traffic that was seen by Bro and Bro recorded it correctly in its conn.log.  \\n\\n### Overview Dashboard\\nWhen you first go to the Kibana Dashboard area, you are automatically placed into the Overview dashboard, where you will see overview information, such as total number of logs and sensors.  Use the information on the Overview dashboard to determine which of the other dashboards on the Navigation Panel you might want to visit next.\\n\\n### Dashboard Categories\\nOur remaining dashboards are grouped into a few categories:\\n- `Alert Data` - dashboards that display alerts created by rules or signatures\\n- `Bro Hunting` - dashboards that allow you to slice and dice network metadata for hunting\\n- `Host Hunting` - dashboards that allow you to hunt via host telemetry\\n- `Other` - dashboards that don't fit into the categories above\\n\\n### Bro Notices\\nBro sniffs network traffic and generates notices such as `SSL::Invalid Server Cert` and `TeamCymruMalwareHashRegistry::Match`.\\n\\n### ElastAlert\\nElastAlert queries Elasticsearch on a regular basis and then generates alerts based on your desired criteria.  Security Onion includes two example rules that alert on new IDS events and new connection logs.  You can add your own ElastAlert rules in `/etc/elastalert/rules/`.\\n\\n### HIDS\\nOSSEC analyzes log files and generates Host Intrusion Detection System alerts based on its ruleset at `/var/ossec/rules/`.  You can add your own rules in `/var/ossec/rules/local_rules.xml`.\\n\\n### NIDS\\nSecurity Onion can use either Snort or Suricata to sniff network traffic and generate Network Intrusion Detection System alerts.  \\n\\n### Connections\\nBro sniffs network traffic and logs connection metadata including source IP/port, destination IP/port, protocol, and number of bytes.\\n\\n### DCE/RPC\\nBro sniffs network traffic and logs DCE/RPC metadata including source IP/port, destination IP/port, operation, endpoint, and named pipe.\\n\\n### DHCP\\nBro sniffs network traffic and logs DHCP requests and responses including source IP/port, destination IP/port, and MAC addresses.\\n\\n### DNP3\\nBro sniffs network traffic and logs DNP3 metadata including source IP/port, destination IP/port, function request, function reply.\\n\\n### DNS\\nBro sniffs network traffic and logs DNS queries and answers.  Bro also includes other name lookups such as Windows NetBIOS name service requests and Bonjour.\\n\\n### Files\\nBro sniffs network traffic and logs metadata related to files being transferred over the network including IP addresses, MIME type, source, and checksums.\\n\\n### FTP\\nBro sniffs network traffic and logs FTP metadata including source IP/port, destination IP/port, command, reply code, argument, and username.\\n\\n### HTTP\\nBro sniffs network traffic and logs HTTP metadata including source IP/port, destination IP/port, method, status message, MIME type, site name, referer, and user agent.\\n\\n### Intel\\nBro sniffs network traffic and watches for indicators using the Intel framework.  You can add your own indicators to `/opt/bro/share/bro/intel/intel.dat`.\\n\\n### IRC\\nBro sniffs network traffic and logs IRC metadata including source IP/port, destination IP/port, command, and username.\\n\\n### Kerberos\\nBro sniffs network traffic and logs Kerberos metadata including source IP/port, destination IP/port, cipher, client, server, service, request type, and success status.\\n\\n### Modbus\\nBro sniffs network traffic and logs Modbus metadata including source IP/port, destination IP/port, and function.\\n\\n### MySQL\\nBro sniffs network traffic and logs MySQL metadata including source IP/port, destination IP/port, command/argument, status, and response.\\n\\n### NTLM\\nBro sniffs network traffic and logs NTLM metadata including source IP/port, destination IP/port, hostname, username, and status.\\n\\n### PE\\nBro sniffs network traffic and logs PE metadata including OS, subsystem, machine, and section name.\\n\\n### RADIUS\\nBro sniffs network traffic and logs RADIUS metadata including source IP/port, destination IP/port, username, and result.\\n\\n### RDP\\nBro sniffs network traffic and logs RDP metadata including source IP/port, destination IP/port, client build, keyboard layout, encryption level, and result.\\n\\n### RFB\\nBro sniffs network traffic and logs RFB metadata including source IP/port, destination IP/port, authentication method, authentication status, client version, server version, and desktop name.\\n\\n### SIP\\nBro sniffs network traffic and logs SIP metadata including source IP/port, destination IP/port, method, content type, status, uri, and user agent.\\n\\n### SMB\\nBro sniffs network traffic and logs SMB metadata including source IP/port, destination IP/port, file name, and action.\\n\\n### SMTP\\nBro sniffs network traffic and logs SMTP metadata including source IP/port, destination IP/port, from, to, subject, and user agent.\\n\\n### SNMP\\nBro sniffs network traffic and logs SNMP metadata including source IP/port, destination IP/port, version, community, and duration.\\n\\n### Software\\nBro sniffs network traffic and logs metadata relating to the kinds of software that generated that traffic including name, type, and version.\\n\\n### SSH\\nBro sniffs network traffic and logs SSH metadata including source IP/port, destination IP/port, client version, server version, and success.\\n\\n### SSL\\nBro sniffs network traffic and logs SSL metadata including source IP/port, destination IP/port, server name, certificate subject, cipher, and validation status.\\n\\n### Syslog\\nBro sniffs network traffic and logs Syslog metadata including source IP/port, destination IP/port, severity, and protocol.\\n\\n### Tunnels\\nBro sniffs network traffic and detects IP, GRE, SOCKS, TEREDO, and AVAYA tunnels.  It logs metadata including source IP/port, destination IP/port, type, and action.\\n\\n### Weird\\nBro sniffs network traffic and logs protocol anomalies metadata including source IP/port, destination IP/port, and the type of anomaly.\\n\\n### X.509\\nBro sniffs network traffic and logs X.509 metadata including certificate subject, issuer, key algorithm, key length, and signing algorithm.\\n\\n### Autoruns\\nSysinternals Autoruns can identify the processes which Windows is configured to automatically run.  Autoruns data can then be ingested via [Autoruns To WinEventLog](https://github.com/palantir/windows-event-forwarding/tree/master/AutorunsToWinEventLog).\\n\\n### Beats\\nElastic Beats can be deployed on endpoints to collect host telemetry and send to Logstash for storage in Elasticsearch.\\n\\n### OSSEC\\nOSSEC agents can be deployed on endpoints to collect host telemetry and send to the OSSEC Server included in Security Onion.  OSSEC Alerts can be found in the Alert Data category at the top of the Navigation Panel.  This OSSEC hunting dashboard will allow you to hunt through all OSSEC logs, not just alerts.\\n\\n### Sysmon\\nSysinternal Sysmon provides comprehensive telemetry for Windows hosts.  Its logs can be consumed using Beats, OSSEC, or other transport mechanism.\\n\\n### Domain Stats\\nSecurity Onion includes a tool called domain_stats which will do a whois lookup on a domain name to determine the age of the domain.  If enabled, this dashboard looks for baby domains that have been recently registered.  Please note that domain_stats is only enabled when running in Evaluation Mode.\\n\\n### Firewall\\nFirewall logs can be consumed via syslog or other transport mechanism.  Once consumed, this dashboard allows you to slice and dice those firewall logs based on source IP/port, destination IP/port, protocol, and action.\\n\\n### Frequency\\nSecurity Onion includes a tool called freq_server which can perform frequency analysis of hostnames.  If enabled, this dashboard will show hostnames with a frequency analysis score that indicates that they could have been randomly generated.  Please note that freq_server is only enabled when running in Evaluation Mode.\\n\\n### Stats\\nThis dashboard shows statistics for Logstash including processing times for different log types and any errors that may have occurred.\\n\\n## More Information\\nFor additional information, please refer to our documentation at:\\n\\nhttps://securityonion.net/docs/Elastic\",\"type\":\"markdown\"},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AV6-PHKnDwoBUzALqJ_c","migrationVersion":{"visualization":"8.5.0"},"references":[],"sort":[1688996741503,5498],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzOTcsMV0="}
+{"attributes":{"fieldFormatMap":"{\"process_id\":{\"id\":\"number\",\"params\":{\"pattern\":\"0\"}},\"event_id\":{\"id\":\"number\",\"params\":{\"pattern\":\"0\"}}}","fields":"[{\"name\":\"@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"@version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"aa\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"aa.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"action.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"activity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"additional_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"additional_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"age\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"age.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"alert.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_level\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_level.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"analyzer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"analyzer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"answers\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"answers.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"apache2.access.body_sent.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.geoip.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.geoip.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.geoip.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.geoip.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.geoip.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.http_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.referrer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.remote_ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.response_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.url\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.device\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.major\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.minor\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.os\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.os_major\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.os_minor\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.os_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.patch\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.error.client\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.error.code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.error.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.error.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"apache2.error.module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.error.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.error.tid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.error.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"assigned_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"assigned_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.a0\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.acct\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.geoip.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.geoip.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.geoip.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.geoip.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.geoip.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.item\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.items\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.new_auid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.new_ses\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.old_auid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.old_ses\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.pid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.ppid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.record_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.res\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.sequence\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auth\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"auth.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"authentication_attempts\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"authentication_method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"authentication_method.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"authentication_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"authentication_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"basic_constraints_ca\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"basic_constraints_ca.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"basic_constraints_path_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"bound_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"call_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"call_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"category\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"category.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cc\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cc.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_chain_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_chain_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_common_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_common_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_common_name_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_common_name_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_curve\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_curve.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_exponent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_exponent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_issuer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_issuer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_key_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_key_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_key_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_key_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_key_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_locality\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_locality.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_not_valid_after\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_not_valid_before\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_number_days_valid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_organization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_organization.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_organization_unit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_organization_unit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_permanent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_permanent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_serial\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_serial.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_serial_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_serial_number.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_signing_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_signing_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"checksum\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"checksum.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cipher\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cipher.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cipher_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cipher_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"class\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"class.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"classification\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"classification.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_build\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_build.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_certificate_chain_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_certificate_chain_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_certificate_fuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_certificate_fuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_certificate_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_certificate_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_digital_product_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_digital_product_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_issuer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_issuer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_major_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_major_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_minor_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_minor_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"community\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"community.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"company.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"compile_ts\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"compile_ts.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"compression_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"compression_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"computer_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"computer_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connect_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connect_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection_state_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection_state_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"content_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"content_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cookie\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cookie.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"creation_date\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"creation_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"current_directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"current_directory.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"curve\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"curve.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_destination_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_destination_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_passive\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data_channel_passive.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_source_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"date\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dcc_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dcc_file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dcc_file_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dcc_mime_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dcc_mime_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"depth\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"desktop_height\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"desktop_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"desktop_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"desktop_width\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dest_is_ipv6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dest_is_ipv6.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_city\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_city.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.city_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.continent_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.country_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.dma_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.longitude.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.postal_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.region_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.region_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.region_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.timezone.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_latitude\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_latitude.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_longitude\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_longitude.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_port_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_port_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_region\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_region.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"details\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"details.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dir\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dir.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"direction\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"direction.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"display_string\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"display_string.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"docker.container.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"docker.container.image\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"docker.container.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"domain_age\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"domain_age.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"domain_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"domain_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dropped\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dropped.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"duration\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"enabled\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"enabled.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"encryption_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"encryption_level.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"encryption_method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"encryption_method.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"endpoint\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"endpoint.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"entry\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"entry.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"entry_location\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"entry_location.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"error.code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"error.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"error.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"error_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"error_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"escalated_user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"escalated_user.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"established\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"established.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.AccountName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.AlgorithmName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.AuthenticationPackageName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Binary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.CommandLine\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Configuration\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ConfigurationFileHash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.CreationUtcTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.CurrentDirectory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DestinationIp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DestinationIsIpv6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DestinationPort\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Details\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DeviceName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DeviceNameLength\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DeviceTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DeviceVersionMajor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DeviceVersionMinor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DirtyPages\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ElevatedToken\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.EventType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ExtraInfoLength\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ExtraInfoString\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.FilterID\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.FinalStatus\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Hashes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.HiveName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.HiveNameLength\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Image\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ImagePath\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ImpersonationLevel\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Initiated\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.IntegrityLevel\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.IpAddress\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.IpPort\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.KeyFilePath\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.KeyLength\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.KeyName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.KeyType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.KeysUpdated\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.LmPackageName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.LogonGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.LogonId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.LogonProcessName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.LogonType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.NewSize\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.NewTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.OldTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Operation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.OriginalSize\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ParentCommandLine\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ParentImage\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ParentProcessGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ParentProcessId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.PreviousCreationUtcTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.PreviousTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.PrivilegeList\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ProcessGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ProcessId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ProcessName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ProviderName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Reason\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.RestrictedAdminMode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ReturnCode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SchemaVersion\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ServiceName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ServiceType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SourceHostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SourceIp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SourceIsIpv6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SourcePort\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.StartType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.State\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SubjectDomainName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SubjectLogonId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SubjectUserName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SubjectUserSid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetDomainName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetFilename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetLinkedLogonId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetLogonId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetObject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetOutboundDomainName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetOutboundUserName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetUserName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetUserSid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TerminalSessionId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TransmittedServices\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.User\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.UtcTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.VirtualAccount\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Workstation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.WorkstationName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param10\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param11\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param12\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param13\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param14\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param15\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param16\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param17\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param19\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param20\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param21\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param22\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param4\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param7\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param8\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param9\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.serviceGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.updateGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.updateRevisionNumber\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.updateTitle\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"exception\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"exception.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"extracted\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"extracted.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"facility.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fc_reply\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fc_reply.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fc_request\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fc_request.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_mime_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file_mime_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fileset.module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fileset.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"first_received\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"first_received.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow_label\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"flow_label.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"forwardable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"forwardable.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"freq_virtual_host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"freq_virtual_host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"frequency_scores\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"frequency_scores.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp_argument\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp_argument.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp_command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp_command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"function\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"function.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"get_bulk_requests\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"get_bulk_requests.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"get_requests\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"get_requests.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"gid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_cert_table\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_cert_table.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_debug_data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_debug_data.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_export_table\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_export_table.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_import_table\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_import_table.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"height\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"helo\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"helo.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"highest_registered_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"highest_registered_domain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"highest_registered_domain_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"history\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"history.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hop_limit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hop_limit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host_key\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host_key.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host_key_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host_key_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"icinga.debug.facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"icinga.debug.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"icinga.debug.severity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"icinga.main.facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"icinga.main.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"icinga.main.severity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"icinga.startup.facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"icinga.startup.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"icinga.startup.severity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"iin\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"iin.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"image_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"image_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"in_reply_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"in_reply_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"indicator\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"indicator.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"indicator_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"indicator_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"info_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"info_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"info_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"initiated\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"initiated.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"integrity_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"integrity_level.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"interface\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"interface.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ip_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_flags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_flags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_offset.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_protocol_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_protocol_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_protocol_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_tos\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_tos.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_ttl\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"irc_command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc_command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_64bit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_64bit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_exe\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_exe.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_orig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_orig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_source_ipv6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_source_ipv6.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_webmail\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_webmail.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_common_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_common_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_common_name_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_common_name_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_distinguished_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_distinguished_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_locality\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_locality.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_organization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_organization.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_organization_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_organization_unit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_organization_unit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_serial_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_serial_number.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kafka.log.class\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kafka.log.component\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kafka.log.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kafka.log.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kafka.log.timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kafka.log.trace.class\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kafka.log.trace.full\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kafka.log.trace.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kex_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kex_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"keyboard_layout\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"keyboard_layout.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"keywords\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.container.image\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.container.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.namespace\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.pod.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"last_alert\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"last_alert.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"last_reply\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"last_reply.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"launch_string\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"launch_string.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"lease_time\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"lease_time.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"length\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"length.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"local_orig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"local_orig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"local_respond\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"local_respond.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"location\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"location.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logged\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logged.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logon_guid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logon_guid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logon_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logon_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash.log.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash.log.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logstash.log.module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash.log.thread\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logstash.slowlog.event\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logstash.slowlog.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash.slowlog.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logstash.slowlog.module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash.slowlog.plugin_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash.slowlog.plugin_params\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logstash.slowlog.plugin_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash.slowlog.thread\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logstash.slowlog.took_in_millis\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash.slowlog.took_in_nanos\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash_time\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mac\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mac.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mac_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mac_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"machine\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"machine.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mail_date\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mail_date.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mail_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mail_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"matched\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"matched.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"md5.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message_error\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"meta.cloud.availability_zone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"meta.cloud.instance_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"meta.cloud.instance_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"meta.cloud.machine_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"meta.cloud.project_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"meta.cloud.provider\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"meta.cloud.region\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"method.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mimetype\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mimetype.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"missed_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"missing_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"msg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"msg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.error.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.error.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql.error.thread_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.error.timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.lock_time.sec\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.query\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.query_time.sec\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.rows_examined\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.rows_sent\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.timestamp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql_argument\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql_argument.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql_command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql_command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"n\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"named_pipe\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"named_pipe.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"native_file_system\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"native_file_system.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"next_protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"next_protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"nginx.access.body_sent.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.geoip.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.geoip.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.geoip.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.geoip.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.geoip.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.http_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.referrer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.remote_ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.response_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.url\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.device\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.major\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.minor\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.os\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.os_major\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.os_minor\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.os_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.patch\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.error.connection_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.error.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.error.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"nginx.error.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.error.tid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nick\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"nick.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"note\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"note.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"notice\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ntlm_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ntlm_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"num_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"object_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"offset\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"opcode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"operation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"operation.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"orig_filenames\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"orig_filenames.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"orig_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"orig_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"orig_mime_types\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"orig_mime_types.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"original_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_ip_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"os\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"os.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ossec_agent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ossec_agent_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ossec_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ossec_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"overflow_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"p\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_domain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_domain_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_domain_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_image_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_image_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_process_guid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_process_guid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_process_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_process_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_process_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_process_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"password\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"password.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"peer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"peer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"peer_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"peer_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pesha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"pesha1.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pesha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"pesha256.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"postgresql.log.database\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"postgresql.log.duration\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"postgresql.log.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"postgresql.log.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"postgresql.log.query\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"postgresql.log.thread_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"postgresql.log.timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"postgresql.log.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"postgresql.log.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"prev_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"prev_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_arguments\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process_arguments.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_guid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"profile\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"profile.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"program\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"program.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"prospector.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"protocol_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"protocol_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"protocol_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"protocol_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"provider_guid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"proxied\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"proxied.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"query.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_class\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_class_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"query_class_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_type\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_type_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"query_type_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ra\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ra.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rcode\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rcode_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rcode_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rd.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"read_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reason\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reason.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"recipient_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"recipient_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"record_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"redis.log.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"redis.log.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"redis.log.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"redis.log.role\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"redis.slowlog.args\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"redis.slowlog.cmd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"redis.slowlog.duration.us\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"redis.slowlog.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"redis.slowlog.key\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"referrer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"referrer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rejected\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rejected.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"related_activity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"remote_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"renewable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"renewable.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reply_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reply_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reply_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reply_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reply_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reply_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_body_len\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_body_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requested_color_depth\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"requested_color_depth.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requested_resource\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"requested_resource.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resp_filenames\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resp_filenames.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resp_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resp_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resp_mime_types\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resp_mime_types.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_ip_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_body_len\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_body_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"result\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"result.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resumed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resumed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rev\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rev.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rows\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rows.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rtt\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rtt.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule_number\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"san_dns\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"san_dns.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"second_received\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"second_received.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"section_names\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"section_names.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"security_protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"security_protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seen_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seen_node\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"seen_node.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seen_where\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"seen_where.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sensor_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sensor_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seq\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"seq.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_certificate_fuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_certificate_fuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_certificate_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_certificate_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_major_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_major_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_minor_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_minor_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_name_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_name_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"service\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"service.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"set_requests\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"set_requests.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"severity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"severity.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sha1.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sha256.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"share_flag\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"share_flag.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"share_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"share_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"signature_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"signer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"signer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"site\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"site.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"software_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"software_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.city_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.continent_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.dma_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.postal_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.region_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.region_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.region_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.timezone.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_port_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_port_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sources\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sources.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"status_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status_msg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"status_msg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stream\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sub_msg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sub_msg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sub_rule_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sub_rule_number.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subdomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"subdomain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subdomain_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subdomain_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subsystem\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"subsystem.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"suppress_for\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-facility.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-host_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-host_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-legacy_msghdr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-legacy_msghdr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-pid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-pid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-sourceip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-tags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sysmon_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sysmon_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.groupadd.gid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.groupadd.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.program\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.dropped_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.event\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.geoip.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.geoip.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.geoip.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.geoip.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.geoip.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.sudo.command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.sudo.error\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.sudo.pwd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.sudo.tty\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.sudo.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.useradd.gid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.useradd.home\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.useradd.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.useradd.shell\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.useradd.uid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.syslog.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.syslog.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.syslog.pid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.syslog.program\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.syslog.timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"target_filename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"target_filename.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"task\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tc\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tc.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"terminal_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"terminal_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"thread_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"timed_out\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"timed_out.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_accessed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_accessed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_changed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_changed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_created\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_created.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_modified\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_modified.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tld.subdomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tld.subdomain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tls\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tls.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"top_level_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"top_level_domain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"total_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tracker_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tracker_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"traefik.access.backend_url\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"traefik.access.body_sent.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.frontend_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"traefik.access.geoip.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.geoip.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.geoip.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.geoip.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.geoip.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.http_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.referrer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.remote_ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.request_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.response_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.url\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.device\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.major\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.minor\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.os\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.os_major\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.os_minor\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.os_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.patch\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"trans_depth\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"transaction_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ttls\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tty\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tty.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tunnel_parents\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tunnel_parents.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tunnel_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tunnel_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"unparsed_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"unparsed_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"up_since\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"up_since.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uri\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uri.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uri_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user_agent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_data.binaryData\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_data.binaryDataSize\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_data.param1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_data.param2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_data.xml_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"useragent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"useragent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"useragent_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"username\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"username.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_aslr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_aslr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_code_integrity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_code_integrity.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_dep\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_dep.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_seh\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_seh.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"valid_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"valid_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"valid_till\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"valid_till.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"validation_status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"validation_status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"value\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"value.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_additional_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_additional_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_major\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_major.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_minor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_minor.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_minor2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_minor2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_minor3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_minor3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"virtual_host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"virtual_host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"virtual_host_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"virtual_host_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"warning\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"warning.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"width\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"width.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"x_originating_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"xml\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"year\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"z\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"z.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","notExpandable":true,"timeFieldName":"@timestamp","title":"*:logstash-beats-*"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AWBLHZaBRuBloj96jvrD","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"sort":[1688996741503,5499],"type":"index-pattern","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzOTgsMV0="}
+{"attributes":{"columns":["computer_name","process_id","user.name","event_id","event_data.Image"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"All Beats Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AWBLMr9vRuBloj96jxp1","migrationVersion":{"search":"8.0.0"},"references":[{"id":"AWBLHZaBRuBloj96jvrD","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5501],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQzOTksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Beats - Process IDs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Beats - Process IDs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"type\":\"table\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"process_id\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AWBLN7X2RuBloj96jxxY","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"AWBLHZaBRuBloj96jvrD","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5503],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0MDAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Beats - Computer Names","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Beats - Computer Names\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"type\":\"table\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"computer_name.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AWBLNriuRuBloj96jxv3","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"AWBLHZaBRuBloj96jvrD","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5505],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0MDEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Beats - Usernames","uiStateJSON":"{\n  \"vis\": {\n    \"params\": {\n      \"sort\": {\n        \"columnIndex\": null,\n        \"direction\": null\n      }\n    }\n  }\n}","version":1,"visState":"{\"title\":\"Beats - Usernames\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"type\":\"table\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user.name\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AWBLONJCRuBloj96jxzY","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"AWBLHZaBRuBloj96jvrD","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5507],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0MDIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Beats - Event IDs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Beats - Event IDs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"type\":\"table\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event_id\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AWBLOT8MRuBloj96jx0N","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"AWBLHZaBRuBloj96jvrD","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5509],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0MDMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Beats - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Beats - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"filter\":true},\"title\":{\"text\":\"@timestamp per 30 minutes\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"line\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"linear\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AWBLQ2__RuBloj96jyDn","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"AWBLHZaBRuBloj96jvrD","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5511],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0MDQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Intel - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Intel - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AWDG-Qf8xQT5EBNmq4G5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5513],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0MDUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Devices - Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Devices - Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"syslog-host_from.keyword\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AWDG0UDvxQT5EBNmq3WD","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5515],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0MDYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Notices - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Notices - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AWDG1uC-xQT5EBNmq3dP","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5517],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0MDcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NIDS - Alert Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"NIDS - Alert Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AWDG3ym0xQT5EBNmq3mG","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5519],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0MDgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"OSSEC Alerts - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"OSSEC Alerts - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AWDG4pcDxQT5EBNmq3pi","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d9096bb0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5521],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0MDksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Connections - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AWDG71xFxQT5EBNmq336","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5523],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0MTAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Elastalert - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Elastalert - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AWDG7DVRxQT5EBNmq3zM","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:elastalert_status*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5525],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0MTEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DHCP - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"DHCP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AWDG80RwxQT5EBNmq38x","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"ac1799d0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5527],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0MTIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DCE/RPC - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"DCE/RPC - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AWDG8k4OxQT5EBNmq37a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688996741503,5529],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0MTMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HTTP - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"HTTP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AWDG97t7xQT5EBNmq4E1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5531],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0MTQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNP3 - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"DNP3 - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AWDG9DWvxQT5EBNmq3-m","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c2587840-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5533],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0MTUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNS - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"DNS - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AWDG9Qx0xQT5EBNmq3_2","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5535],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0MTYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Files - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Files - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AWDG9goqxQT5EBNmq4BP","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"e929e8a0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5537],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0MTcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FTP - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"FTP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AWDG9sT_xQT5EBNmq4DI","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5539],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0MTgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Modbus - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Modbus - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AWDG_9KpxQT5EBNmq4Oo","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"52dc9fe0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5541],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0MTksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"IRC - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"IRC - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AWDG_HoKxQT5EBNmq4KN","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"344c6010-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5543],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0MjAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Kerberos - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Kerberos - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AWDG_UbkxQT5EBNmq4Lg","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5545],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0MjEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Total Number of Logs","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Total Number of Logs\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Total Number of Logs\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AWDGyaGxxQT5EBNmq3K9","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5547],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0MjIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Sensors - Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Sensors - Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"sensor_name.keyword\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AWDGzmzcxQT5EBNmq3Sj","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5549],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0MjMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"MySQL - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"MySQL - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AWDHBRrrxQT5EBNmq4TI","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"5d624230-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5551],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0MjQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"RFB - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AWDHC8iGxQT5EBNmq4bs","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5553],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0MjUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NTLM - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"NTLM - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AWDHCEx7xQT5EBNmq4Vf","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688996741503,5555],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0MjYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"PE - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"PE - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AWDHCUeZxQT5EBNmq4Xy","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"66288140-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5557],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0MjcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RADIUS - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"RADIUS - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AWDHCgWzxQT5EBNmq4Y5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"75545310-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5559],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0MjgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RDP - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"RDP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AWDHCvBexQT5EBNmq4aK","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5561],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0MjksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SNMP - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"SNMP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AWDHD-LfxQT5EBNmq4iB","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"b12150a0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5563],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0MzAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SIP - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"SIP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AWDHDNS4xQT5EBNmq4dF","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5565],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0MzEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMB - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"SMB - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AWDHDfDkxQT5EBNmq4fQ","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688996741503,5567],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0MzIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"SMTP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AWDHDsr0xQT5EBNmq4gw","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5569],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0MzMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Bro - Syslog - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Bro - Syslog - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AWDHE-_wxQT5EBNmq4n3","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"269ca380-76b4-11e7-8c3e-cfcdd8c95d87","name":"search_0","type":"search"}],"sort":[1688996741503,5571],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0MzQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Software - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Software - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AWDHEKJUxQT5EBNmq4jW","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"ba3d77e0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5573],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0MzUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSH - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"SSH - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AWDHEYk4xQT5EBNmq4k5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c33e7600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5575],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0MzYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSL - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"SSL - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AWDHElRWxQT5EBNmq4lz","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5577],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0MzcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Tunnels - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Tunnels - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AWDHFYrqxQT5EBNmq4qT","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d26d5510-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5579],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0MzgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Autoruns - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Autoruns - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AWDHG1IaxQT5EBNmq4yR","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"dd700830-6d69-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688996741503,5581],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0MzksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Weird - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Weird - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AWDHGXk-xQT5EBNmq4uf","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"e32d0d50-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5583],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0NDAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"X.509 - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"X.509 - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AWDHGklsxQT5EBNmq4wG","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"f5038cc0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5585],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0NDEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Firewall - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Firewall - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AWDHH3kBxQT5EBNmq459","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"37c16940-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688996741503,5587],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0NDIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Beats - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Beats - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AWDHHHR8xQT5EBNmq4z7","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"AWBLHZaBRuBloj96jvrD","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5589],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0NDMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"OSSEC - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"OSSEC - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AWDHHXl3xQT5EBNmq42U","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"efba60c0-3642-11e7-a6f7-4f44d7bf1c33","name":"search_0","type":"search"}],"sort":[1688996741503,5591],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0NDQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Sysmon - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Sysmon - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AWDHHk1sxQT5EBNmq43Y","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688996741503,5593],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0NDUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Logstash - Avg Processing Time","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Logstash - Avg Processing Time\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":true,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"logstash_time\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AWDHIynExQT5EBNmq49q","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5595],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0NDYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Logstash - Median Processing TIme","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Logstash - Median Processing TIme\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":true,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"median\",\"schema\":\"metric\",\"params\":{\"field\":\"logstash_time\",\"percents\":[50]}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AWDHJY1BxQT5EBNmq5Ay","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5597],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0NDcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Logstash - Max Processing Time","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Logstash - Max Processing Time\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":true,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"logstash_time\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AWDHJpuBxQT5EBNmq5Cr","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5599],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0NDgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"tags:_grokparsefailure OR tags:_csvparsefailure OR tags:_rubyexception\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Logstash - Error Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Logstash - Error Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AWDHKEF2xQT5EBNmq5FA","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5601],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0NDksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Syslog - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Syslog - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"AWDHKVLMxQT5EBNmq5HX","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"5a86ffe0-76e3-11e7-ab14-e1a4c1bc11e0","name":"search_0","type":"search"}],"sort":[1688996741503,5603],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0NTAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"FTP - Reply Code","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"FTP - Reply Code\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"reply_code.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"a0cb0860-367a-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5605],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0NTEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.category.keyword : \\\"registry\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Endgame - All Event.Cat:Registry Logs","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Endgame - All Event.Cat:Registry Logs\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":42}}}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"a0d30200-6405-11ec-864c-8b5450f97635","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1688996741503,5608],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0NTIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastAlert - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastAlert - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"match_body.destination.ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"a26faee0-7dcf-11e7-a1a2-3be6827d22ce","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:elastalert_status*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5610],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0NTMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Top 10 - Total Bytes By Connection","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Connections - Top 10 - Total Bytes By Connection\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Connection ID\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"left\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"total_bytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"uid.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Connection ID\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"uid.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Connection ID\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"f1325230-3b0d-11e7-a0fe-29878c6f414a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5612],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0NTQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Top 10 - Total Bytes By Destination Port","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Connections - Top 10 - Total Bytes By Destination Port\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination Port\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Max total_bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"total_bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"destination_port\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_port\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"acd65230-3b0d-11e7-a0fe-29878c6f414a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5614],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0NTUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Top 10 - Total Bytes By Destination IP","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Total Bytes\",\"field\":\"total_bytes\"},\"schema\":\"metric\",\"type\":\"max\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Destination IP Address\",\"field\":\"destination_ip\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":10},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"5\",\"params\":{\"customLabel\":\"Destination IP Address\",\"field\":\"destination_ip\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"group\",\"type\":\"terms\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination IP Address\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"legendSize\":\"auto\"},\"title\":\"Connections - Top 10 - Total Bytes By Destination IP\",\"type\":\"histogram\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"eeafbb70-3b0c-11e7-a6f9-5d3fe735ec2b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5616],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0NTYsMV0="}
+{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.3.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":71,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.3.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":20,\"h\":18,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.3.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":20,\"h\":18,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.3.0\",\"gridData\":{\"x\":8,\"y\":18,\"w\":20,\"h\":20,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.3.0\",\"gridData\":{\"x\":8,\"y\":38,\"w\":40,\"h\":33,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.3.0\",\"gridData\":{\"x\":0,\"y\":71,\"w\":48,\"h\":35,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.3.0\",\"gridData\":{\"x\":28,\"y\":18,\"w\":20,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"}]","timeRestore":false,"title":"Connections - Total Bytes","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"a2ab0c40-3b0a-11e7-a6f9-5d3fe735ec2b","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"f1325230-3b0d-11e7-a0fe-29878c6f414a","name":"panel_1","type":"visualization"},{"id":"acd65230-3b0d-11e7-a0fe-29878c6f414a","name":"panel_2","type":"visualization"},{"id":"41a33c80-3b0d-11e7-a6f9-5d3fe735ec2b","name":"panel_3","type":"visualization"},{"id":"726cc040-48cf-11e8-9576-313be7c6b44b","name":"panel_4","type":"visualization"},{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"panel_5","type":"search"},{"id":"eeafbb70-3b0c-11e7-a6f9-5d3fe735ec2b","name":"panel_6","type":"visualization"}],"sort":[1688996741503,5624],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0NTcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMTP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"a5045e20-3bd1-11e7-a3ae-1754b87179c0","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5626],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0NTgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Intel - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Intel - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"a5571030-399b-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5628],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0NTksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Intel - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Intel - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"a5bcec80-6e15-11e7-8624-1fb07dd76c6a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5630],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0NjAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SMB - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMB - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"a663e070-4c78-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688996741503,5632],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0NjEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SNMP - Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SNMP - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"a67546c0-3640-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"b12150a0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5634],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0NjIsMV0="}
+{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":11,\"i\":\"066310d0-63f3-4cc8-9daa-8c0be5ad5b5f\"},\"panelIndex\":\"066310d0-63f3-4cc8-9daa-8c0be5ad5b5f\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"Endgame - Navigation\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Admin](/kibana/app/dashboards#/view/6063a9e0-61b2-11ec-864c-8b5450f97635)     \\n \\n**Event Category**    \\n[Alert](https://PLACEHOLDER/kibana/app/dashboards#/view/0c8e61c0-67fc-11ec-864c-8b5450f97635) | \\n[File](/kibana/app/dashboards#/view/4923ad00-6349-11ec-864c-8b5450f97635) | [Network](/kibana/app/dashboards#/view/49d34770-53b2-11ec-b3ef-6bcc33056a36) | [Process](/kibana/app/dashboards#/view/790991a0-6287-11ec-864c-8b5450f97635) | [Authentication](/kibana/app/dashboards#/view/6c5aaff0-63f6-11ec-864c-8b5450f97635) | [Registry](/kibana/app/dashboards#/view/a6c6c880-63f7-11ec-864c-8b5450f97635)\\n\\n**Endgame**  \\n[Endgame Alerts](https:///alerts/dashboard)\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{},\"type\":\"visualization\"},\"panelRefName\":\"panel_066310d0-63f3-4cc8-9daa-8c0be5ad5b5f\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":8,\"y\":0,\"w\":10,\"h\":11,\"i\":\"06494306-08f9-440f-a361-d63cbd6176be\"},\"panelIndex\":\"06494306-08f9-440f-a361-d63cbd6176be\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - Registry All Logs \",\"panelRefName\":\"panel_06494306-08f9-440f-a361-d63cbd6176be\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":18,\"y\":0,\"w\":30,\"h\":11,\"i\":\"9461ee7e-d1fd-448b-9094-eff9e2ebdd58\"},\"panelIndex\":\"9461ee7e-d1fd-448b-9094-eff9e2ebdd58\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - Registry Logs Over Time\",\"panelRefName\":\"panel_9461ee7e-d1fd-448b-9094-eff9e2ebdd58\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":11,\"w\":33,\"h\":17,\"i\":\"3265c94f-df4b-4a1d-bc7c-64c2e99e72a7\"},\"panelIndex\":\"3265c94f-df4b-4a1d-bc7c-64c2e99e72a7\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - Registry Event Process\",\"panelRefName\":\"panel_3265c94f-df4b-4a1d-bc7c-64c2e99e72a7\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":33,\"y\":11,\"w\":15,\"h\":17,\"i\":\"ca05c1e6-7d21-4c69-b6be-ab95031f30f9\"},\"panelIndex\":\"ca05c1e6-7d21-4c69-b6be-ab95031f30f9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_ca05c1e6-7d21-4c69-b6be-ab95031f30f9\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":28,\"w\":30,\"h\":17,\"i\":\"5b3b7aed-80c9-4e18-a55a-7ca2841913a1\"},\"panelIndex\":\"5b3b7aed-80c9-4e18-a55a-7ca2841913a1\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Endgame - Registry Events\",\"panelRefName\":\"panel_5b3b7aed-80c9-4e18-a55a-7ca2841913a1\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":30,\"y\":28,\"w\":18,\"h\":17,\"i\":\"83bb52e5-74b3-459b-8767-78bc47d1ff8d\"},\"panelIndex\":\"83bb52e5-74b3-459b-8767-78bc47d1ff8d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_83bb52e5-74b3-459b-8767-78bc47d1ff8d\"},{\"version\":\"7.15.2\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":45,\"w\":48,\"h\":34,\"i\":\"aa14e2db-4c3d-4a44-ad58-aae071e6ed3f\"},\"panelIndex\":\"aa14e2db-4c3d-4a44-ad58-aae071e6ed3f\",\"embeddableConfig\":{\"enhancements\":{},\"columns\":[\"host.name\",\"registry.path\",\"related.user\",\"registry.key\",\"registry.value\"]},\"panelRefName\":\"panel_aa14e2db-4c3d-4a44-ad58-aae071e6ed3f\"}]","timeRestore":false,"title":"Endgame - Registry","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"a6c6c880-63f7-11ec-864c-8b5450f97635","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"754f7380-6d82-11ec-864c-8b5450f97635","name":"066310d0-63f3-4cc8-9daa-8c0be5ad5b5f:panel_066310d0-63f3-4cc8-9daa-8c0be5ad5b5f","type":"visualization"},{"id":"10af1a20-6cc9-11ec-864c-8b5450f97635","name":"06494306-08f9-440f-a361-d63cbd6176be:panel_06494306-08f9-440f-a361-d63cbd6176be","type":"lens"},{"id":"e09d6340-6cc9-11ec-864c-8b5450f97635","name":"9461ee7e-d1fd-448b-9094-eff9e2ebdd58:panel_9461ee7e-d1fd-448b-9094-eff9e2ebdd58","type":"lens"},{"id":"e9afc350-6cc5-11ec-864c-8b5450f97635","name":"3265c94f-df4b-4a1d-bc7c-64c2e99e72a7:panel_3265c94f-df4b-4a1d-bc7c-64c2e99e72a7","type":"lens"},{"id":"c86a8ba0-6e44-11ec-864c-8b5450f97635","name":"ca05c1e6-7d21-4c69-b6be-ab95031f30f9:panel_ca05c1e6-7d21-4c69-b6be-ab95031f30f9","type":"lens"},{"id":"e1e12ab0-6cc5-11ec-864c-8b5450f97635","name":"5b3b7aed-80c9-4e18-a55a-7ca2841913a1:panel_5b3b7aed-80c9-4e18-a55a-7ca2841913a1","type":"lens"},{"id":"8d1f99e0-6e45-11ec-864c-8b5450f97635","name":"83bb52e5-74b3-459b-8767-78bc47d1ff8d:panel_83bb52e5-74b3-459b-8767-78bc47d1ff8d","type":"lens"},{"id":"0359b740-64cc-11ec-864c-8b5450f97635","name":"aa14e2db-4c3d-4a44-ad58-aae071e6ed3f:panel_aa14e2db-4c3d-4a44-ad58-aae071e6ed3f","type":"search"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1688996741503,5644],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0NjMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NIDS Alerts - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NIDS Alerts - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"a6df8820-399f-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5646],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0NjQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Strelka - Request - Client","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Strelka - Request - Client\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"request.client.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"request.client.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"a7ebb450-772c-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5648],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0NjUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_ssl AND _exists_:issuer_common_name_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"SSL - Certificate Issuer Common Name Frequency Analysis","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSL - Certificate Issuer Common Name Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"issuer_common_name_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"issuer_common_name.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Issuer Common Name\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"a83f17c0-6f0b-11e7-9d31-23c0596994a7","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5650],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0NjYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Data Overview","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Data Overview\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.category.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":false,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":false,\"last_level\":false,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Category\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"url\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:event.module.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(event.module.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now%2Fw,to:now%2Fw))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"params\":{},\"label\":\"event.module.keyword: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"ac6b1720-7559-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5652],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0NjcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"observer.name:* OR agent.name:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Log Count By Node ","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Log Count By Node \",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"observer.name.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"observer.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Node\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"a9fae5c0-6e9b-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5654],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0NjgsMV0="}
+{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":9,\"h\":8,\"i\":\"e243c0f0-f7cf-453e-8f5c-dc93e4651d69\"},\"panelIndex\":\"e243c0f0-f7cf-453e-8f5c-dc93e4651d69\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":9,\"y\":0,\"w\":17,\"h\":8,\"i\":\"5fdac8ff-799a-4d54-8dcb-ee1728d9623d\"},\"panelIndex\":\"5fdac8ff-799a-4d54-8dcb-ee1728d9623d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":26,\"y\":0,\"w\":22,\"h\":8,\"i\":\"126f5365-8829-469d-8349-a08874975584\"},\"panelIndex\":\"126f5365-8829-469d-8349-a08874975584\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":8,\"w\":22,\"h\":26,\"i\":\"9c61759c-0b14-433b-bca7-fd22f9a20630\"},\"panelIndex\":\"9c61759c-0b14-433b-bca7-fd22f9a20630\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":22,\"y\":8,\"w\":9,\"h\":26,\"i\":\"504e0ba1-08f7-4601-833d-6615d84e8fba\"},\"panelIndex\":\"504e0ba1-08f7-4601-833d-6615d84e8fba\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":31,\"y\":8,\"w\":8,\"h\":26,\"i\":\"e3425787-250b-4dad-8244-4c7ba65df3d9\"},\"panelIndex\":\"e3425787-250b-4dad-8244-4c7ba65df3d9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":39,\"y\":8,\"w\":9,\"h\":26,\"i\":\"9c133f8f-ca11-4a4b-ac5a-3dfe3b87f20e\"},\"panelIndex\":\"9c133f8f-ca11-4a4b-ac5a-3dfe3b87f20e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":34,\"w\":48,\"h\":30,\"i\":\"3c89322f-4209-40ba-bbe7-5c5fb45420ac\"},\"panelIndex\":\"3c89322f-4209-40ba-bbe7-5c5fb45420ac\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"Security Onion - Home","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"a8411b30-6d03-11ea-b301-3d6c35840645","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"8cfec8c0-6ec2-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"ac6b1720-7559-11ea-9565-7315f4ee5cac","name":"panel_3","type":"visualization"},{"id":"ad398b70-6e9a-11ea-9266-1fd14ca6af34","name":"panel_4","type":"visualization"},{"id":"8b065a80-6eca-11ea-9266-1fd14ca6af34","name":"panel_5","type":"visualization"},{"id":"a9fae5c0-6e9b-11ea-9266-1fd14ca6af34","name":"panel_6","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_7","type":"search"}],"sort":[1688996741503,5663],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0NjksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DHCP - Message Types","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DHCP - Message Types\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"message_types.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Message Types\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"a88e1020-0edb-11e9-9846-59f545e7293f","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"ac1799d0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5665],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0NzAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DNS - Response Code Name (Donut)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dns.response.code_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"}}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"dns.response.code_name.keyword: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Security Onion - DNS - Response Code Name (Donut)\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"a9bd4090-72b9-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5667],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0NzEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FIles - MIME Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"FIles - MIME Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mimetype.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MIME Type\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"aa021c90-3678-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"e929e8a0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5669],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0NzIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HTTP - URIs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"HTTP - URIs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"uri.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"URI\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"aa7abb00-34e3-11e7-9669-7f1d3242b798","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5671],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0NzMsMV0="}
+{"attributes":{"columns":["host.name","event.module","event.dataset","process.command_line","_id"],"description":"","grid":{},"hideChart":false,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.dataset:osquery*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Security Onion - Osquery Logs","usesAdHocDataView":false},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T15:30:15.565Z","id":"ab2d93d0-1f36-11ee-8fae-052318508911","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1689003015565,8626],"type":"search","updated_at":"2023-07-10T15:30:15.565Z","version":"WzUzMjcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security Onion - Osquery - Query Results Count","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Osquery - Query Results Count\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"result.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Query Results\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"result.hostname.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Endpoint\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"result.live_query.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Live Query Pivot\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"result.endpoint_ip1.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Endpoint Primary IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T15:29:26.018Z","id":"ab47a590-afcc-11ea-b262-353d451b125b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9eed5fc0-afcb-11ea-b262-353d451b125b","name":"search_0","type":"search"}],"sort":[1689002966018,8624],"type":"visualization","updated_at":"2023-07-10T15:29:26.018Z","version":"WzUyODAsMV0="}
+{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"h\":8,\"i\":\"3919aa4b-bef6-4545-a780-484bae2df9ee\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"3919aa4b-bef6-4545-a780-484bae2df9ee\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"}]","timeRestore":false,"title":"Security Onion - Users","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"abbe1140-72c7-11ea-8dd2-9d8795a1200b","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"8cfec8c0-6ec2-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"}],"sort":[1688996741503,5675],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0NzUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Dataset By Node","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Dataset By Node\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Dataset\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"event.dataset.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Count\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.dataset.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dataset\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"abffa080-6ec9-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5677],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0NzYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_x509 AND _exists_:issuer_common_name_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"X.509 - Certificate Issuer Frequency Analysis","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"X.509 - Certificate Issuer Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"issuer_common_name_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"issuer_common_name.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Issuer\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"acd38970-6f0a-11e7-83d2-adea2f314dc5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5679],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0NzcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.module:zeek AND event.dataset:*file*\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":7,\"i\":\"257c130f-3673-410c-9f60-d67deb13b580\"},\"panelIndex\":\"257c130f-3673-410c-9f60-d67deb13b580\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_257c130f-3673-410c-9f60-d67deb13b580\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":8,\"y\":0,\"w\":17,\"h\":7,\"i\":\"de6206b4-7adb-44a0-ae00-2d28274478c8\"},\"panelIndex\":\"de6206b4-7adb-44a0-ae00-2d28274478c8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_de6206b4-7adb-44a0-ae00-2d28274478c8\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":25,\"y\":0,\"w\":23,\"h\":7,\"i\":\"93532ba0-f446-4a97-8783-a04dd4347485\"},\"panelIndex\":\"93532ba0-f446-4a97-8783-a04dd4347485\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_93532ba0-f446-4a97-8783-a04dd4347485\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":7,\"w\":8,\"h\":19,\"i\":\"a2af856c-7069-46b2-974c-e8b9054af929\"},\"panelIndex\":\"a2af856c-7069-46b2-974c-e8b9054af929\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a2af856c-7069-46b2-974c-e8b9054af929\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":8,\"y\":7,\"w\":9,\"h\":19,\"i\":\"4a3de026-5001-46a6-af20-78db885bd4bb\"},\"panelIndex\":\"4a3de026-5001-46a6-af20-78db885bd4bb\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4a3de026-5001-46a6-af20-78db885bd4bb\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":17,\"y\":7,\"w\":17,\"h\":19,\"i\":\"74071657-abfc-49e7-a0c3-e318b72a9d4c\"},\"panelIndex\":\"74071657-abfc-49e7-a0c3-e318b72a9d4c\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_74071657-abfc-49e7-a0c3-e318b72a9d4c\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":34,\"y\":7,\"w\":14,\"h\":19,\"i\":\"2379029c-c749-4804-91df-3d9be3fc4f8a\"},\"panelIndex\":\"2379029c-c749-4804-91df-3d9be3fc4f8a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2379029c-c749-4804-91df-3d9be3fc4f8a\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":26,\"w\":21,\"h\":19,\"i\":\"0e36a0b5-5905-43c6-8ae1-f3eb348571a0\"},\"panelIndex\":\"0e36a0b5-5905-43c6-8ae1-f3eb348571a0\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0e36a0b5-5905-43c6-8ae1-f3eb348571a0\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":21,\"y\":26,\"w\":8,\"h\":19,\"i\":\"99813eab-a19b-47d2-a8ee-8bcb667eedbf\"},\"panelIndex\":\"99813eab-a19b-47d2-a8ee-8bcb667eedbf\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_99813eab-a19b-47d2-a8ee-8bcb667eedbf\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":29,\"y\":26,\"w\":10,\"h\":19,\"i\":\"18a734f4-78a1-4d84-9f7f-7c5aa6d3b1c2\"},\"panelIndex\":\"18a734f4-78a1-4d84-9f7f-7c5aa6d3b1c2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_18a734f4-78a1-4d84-9f7f-7c5aa6d3b1c2\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":39,\"y\":26,\"w\":9,\"h\":19,\"i\":\"c51df9f8-9010-4cae-9c7c-76ca7af98f13\"},\"panelIndex\":\"c51df9f8-9010-4cae-9c7c-76ca7af98f13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_c51df9f8-9010-4cae-9c7c-76ca7af98f13\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":45,\"w\":48,\"h\":24,\"i\":\"226350dd-3afe-4135-a8da-71db63287a95\"},\"panelIndex\":\"226350dd-3afe-4135-a8da-71db63287a95\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_226350dd-3afe-4135-a8da-71db63287a95\"}]","timeRestore":false,"title":"Security Onion - Zeek Files","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"ad4d5d60-75f4-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"8cfec8c0-6ec2-11ea-9266-1fd14ca6af34","name":"257c130f-3673-410c-9f60-d67deb13b580:panel_257c130f-3673-410c-9f60-d67deb13b580","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"de6206b4-7adb-44a0-ae00-2d28274478c8:panel_de6206b4-7adb-44a0-ae00-2d28274478c8","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"93532ba0-f446-4a97-8783-a04dd4347485:panel_93532ba0-f446-4a97-8783-a04dd4347485","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"a2af856c-7069-46b2-974c-e8b9054af929:panel_a2af856c-7069-46b2-974c-e8b9054af929","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"4a3de026-5001-46a6-af20-78db885bd4bb:panel_4a3de026-5001-46a6-af20-78db885bd4bb","type":"visualization"},{"id":"bcf25e30-75f1-11ea-9565-7315f4ee5cac","name":"74071657-abfc-49e7-a0c3-e318b72a9d4c:panel_74071657-abfc-49e7-a0c3-e318b72a9d4c","type":"visualization"},{"id":"e8d35c50-75f3-11ea-9565-7315f4ee5cac","name":"2379029c-c749-4804-91df-3d9be3fc4f8a:panel_2379029c-c749-4804-91df-3d9be3fc4f8a","type":"visualization"},{"id":"09fc6ef0-7732-11ea-bee5-af7f7c7b8e05","name":"0e36a0b5-5905-43c6-8ae1-f3eb348571a0:panel_0e36a0b5-5905-43c6-8ae1-f3eb348571a0","type":"visualization"},{"id":"2fc4bea0-7730-11ea-bee5-af7f7c7b8e05","name":"99813eab-a19b-47d2-a8ee-8bcb667eedbf:panel_99813eab-a19b-47d2-a8ee-8bcb667eedbf","type":"visualization"},{"id":"49cfe850-772c-11ea-bee5-af7f7c7b8e05","name":"18a734f4-78a1-4d84-9f7f-7c5aa6d3b1c2:panel_18a734f4-78a1-4d84-9f7f-7c5aa6d3b1c2","type":"visualization"},{"id":"efc25540-75f1-11ea-9565-7315f4ee5cac","name":"c51df9f8-9010-4cae-9c7c-76ca7af98f13:panel_c51df9f8-9010-4cae-9c7c-76ca7af98f13","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"226350dd-3afe-4135-a8da-71db63287a95:panel_226350dd-3afe-4135-a8da-71db63287a95","type":"search"}],"sort":[1688996741503,5692],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0NzgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FTP - Reply Message","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"FTP - Reply Message\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"reply_message.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Reply Message\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"adcd38e0-3679-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5694],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0NzksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HTTP - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"HTTP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"ae1f1fb0-3648-11e7-bf60-314364dd1cde","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5696],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0ODAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Bro - Syslog - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Bro - Syslog - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"ae4e88b0-76b5-11e7-94e1-3d2ec4e57ed9","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"269ca380-76b4-11e7-8c3e-cfcdd8c95d87","name":"search_0","type":"search"}],"sort":[1688996741503,5698],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0ODEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HTTP - User Agent","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"HTTP - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"useragent.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"User Agent\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"ae591c20-4164-11e7-9850-b78558d0ac17","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5700],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0ODIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SSL - Destination Country (Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SSL - Destination Country (Bar Chart)\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100,\"filter\":true},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"destination_geo.country_name.keyword: Descending\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\",\"circlesRadius\":1}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"ae959820-365c-11e7-8bd0-1db2c55fb7a1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5702],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0ODMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - TLS - True/False (Vertical Bar Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"SMTP - TLS - True/False (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"TLS\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tls.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"TLS\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"aeb71cc0-6e29-11e7-8b76-75eee0095daa","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5704],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0ODQsMV0="}
+{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"Initial Systems/Queries\",\"disabled\":true,\"key\":\"osquery.counter\",\"negate\":true,\"params\":{\"query\":0,\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"0\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"osquery.counter\":{\"query\":0,\"type\":\"phrase\"}}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"Servers Only\",\"disabled\":true,\"key\":\"osquery.codename\",\"negate\":false,\"params\":{\"query\":\"server\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"server\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match\":{\"osquery.codename\":{\"query\":\"server\",\"type\":\"phrase\"}}}}],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.3.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":64,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.3.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":17,\"h\":11,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.3.0\",\"gridData\":{\"x\":8,\"y\":29,\"w\":40,\"h\":20,\"i\":\"18\"},\"panelIndex\":\"18\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Chrome Extensions - Logs\",\"panelRefName\":\"panel_2\"},{\"version\":\"7.3.0\",\"gridData\":{\"x\":8,\"y\":11,\"w\":40,\"h\":18,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Chrome Extensions - Sensitive Permissions\",\"panelRefName\":\"panel_3\"},{\"version\":\"7.3.0\",\"gridData\":{\"x\":25,\"y\":0,\"w\":23,\"h\":11,\"i\":\"20\"},\"panelIndex\":\"20\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Chrome Extensions - Changes by Hostname\",\"panelRefName\":\"panel_4\"}]","timeRestore":false,"title":"osquery - Chrome Extensions","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"af0ea750-18d3-11e9-932c-d12d2cf4ee95","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"71538370-18d5-11e9-932c-d12d2cf4ee95","name":"panel_1","type":"visualization"},{"id":"0eee4360-18d4-11e9-932c-d12d2cf4ee95","name":"panel_2","type":"search"},{"id":"78cf8bf0-1a59-11e9-ac0b-cb0ba10141ab","name":"panel_3","type":"visualization"},{"id":"04f86530-1a59-11e9-ac0b-cb0ba10141ab","name":"panel_4","type":"visualization"}],"sort":[1688996741503,5712],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0ODUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security Onion - Osquery - Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rule.name.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"title\":\"Security Onion - Osquery - Name\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"af139720-afcb-11ea-b262-353d451b125b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"5c3effd0-72ae-11ea-8dd2-9d8795a1200b","name":"search_0","type":"search"}],"sort":[1688996741503,5714],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0ODYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DHCP - Message Type (Donut)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dhcp.message_types.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Message Type\"}}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Security Onion - DHCP - Message Type (Donut)\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"af26c6e0-96e6-11ea-814e-bb515e873c2c","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,5716],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0ODcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Intel - MIME Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Intel - MIME Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mimetype.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MIME Type\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"af614b80-399c-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,5718],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0ODgsMV0="}
+{"attributes":{"allowNoIndex":true,"fieldFormatMap":"{\"system.process.memory.size\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.mem.usage.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.mem.usage.max.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.mem.limit.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.memsw.usage.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.memsw.usage.max.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.memsw.limit.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.kmem.usage.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.kmem.usage.max.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.kmem.limit.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.kmem_tcp.usage.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.kmem_tcp.usage.max.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.kmem_tcp.limit.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.stats.active_anon.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.stats.active_file.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.stats.cache.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.stats.hierarchical_memory_limit.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.stats.hierarchical_memsw_limit.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.stats.inactive_anon.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.stats.inactive_file.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.stats.mapped_file.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.stats.rss.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.stats.rss_huge.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.stats.swap.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.stats.unevictable.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.blkio.total.bytes\":{\"id\":\"bytes\"},\"system.core.user.pct\":{\"id\":\"percent\"},\"system.core.system.pct\":{\"id\":\"percent\"},\"system.core.nice.pct\":{\"id\":\"percent\"},\"system.core.idle.pct\":{\"id\":\"percent\"},\"system.core.iowait.pct\":{\"id\":\"percent\"},\"system.core.irq.pct\":{\"id\":\"percent\"},\"system.core.softirq.pct\":{\"id\":\"percent\"},\"system.core.steal.pct\":{\"id\":\"percent\"},\"host.disk.read.bytes\":{\"id\":\"bytes\"},\"host.disk.write.bytes\":{\"id\":\"bytes\"},\"system.diskio.read.bytes\":{\"id\":\"bytes\"},\"system.diskio.write.bytes\":{\"id\":\"bytes\"},\"system.diskio.iostat.read.per_sec.bytes\":{\"id\":\"bytes\"},\"system.diskio.iostat.write.per_sec.bytes\":{\"id\":\"bytes\"},\"system.diskio.iostat.request.avg_size\":{\"id\":\"bytes\"},\"host.cpu.pct\":{\"id\":\"percent\"},\"system.cpu.user.pct\":{\"id\":\"percent\"},\"system.cpu.system.pct\":{\"id\":\"percent\"},\"system.cpu.nice.pct\":{\"id\":\"percent\"},\"system.cpu.idle.pct\":{\"id\":\"percent\"},\"system.cpu.iowait.pct\":{\"id\":\"percent\"},\"system.cpu.irq.pct\":{\"id\":\"percent\"},\"system.cpu.softirq.pct\":{\"id\":\"percent\"},\"system.cpu.steal.pct\":{\"id\":\"percent\"},\"system.cpu.total.pct\":{\"id\":\"percent\"},\"system.cpu.user.norm.pct\":{\"id\":\"percent\"},\"system.cpu.system.norm.pct\":{\"id\":\"percent\"},\"system.cpu.nice.norm.pct\":{\"id\":\"percent\"},\"system.cpu.idle.norm.pct\":{\"id\":\"percent\"},\"system.cpu.iowait.norm.pct\":{\"id\":\"percent\"},\"system.cpu.irq.norm.pct\":{\"id\":\"percent\"},\"system.cpu.softirq.norm.pct\":{\"id\":\"percent\"},\"system.cpu.steal.norm.pct\":{\"id\":\"percent\"},\"system.cpu.total.norm.pct\":{\"id\":\"percent\"},\"system.filesystem.available\":{\"id\":\"bytes\"},\"system.filesystem.free\":{\"id\":\"bytes\"},\"system.filesystem.total\":{\"id\":\"bytes\"},\"system.filesystem.used.bytes\":{\"id\":\"bytes\"},\"system.filesystem.used.pct\":{\"id\":\"percent\"},\"process.cpu.pct\":{\"id\":\"percent\"},\"process.memory.pct\":{\"id\":\"percent\"},\"system.process.cpu.total.pct\":{\"id\":\"percent\"},\"system.process.cpu.total.norm.pct\":{\"id\":\"percent\"},\"system.process.memory.rss.bytes\":{\"id\":\"bytes\"},\"system.process.memory.rss.pct\":{\"id\":\"percent\"},\"system.process.memory.share\":{\"id\":\"bytes\"},\"system.process.cgroup.cpu.pressure.some.10.pct\":{\"id\":\"percent\"},\"system.process.cgroup.cpu.pressure.some.60.pct\":{\"id\":\"percent\"},\"system.process.cgroup.cpu.pressure.some.300.pct\":{\"id\":\"percent\"},\"system.process.cgroup.cpu.pressure.some.total\":{\"id\":\"percent\"},\"system.process.cgroup.cpu.pressure.full.10.pct\":{\"id\":\"percent\"},\"system.process.cgroup.cpu.pressure.full.60.pct\":{\"id\":\"percent\"},\"system.process.cgroup.cpu.pressure.full.300.pct\":{\"id\":\"percent\"},\"system.process.cgroup.memory.mem.low.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.mem.high.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.mem.max.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.memsw.low.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.memsw.high.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.memsw.max.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.io.pressure.full.10.pct\":{\"id\":\"percent\"},\"system.process.cgroup.io.pressure.full.60.pct\":{\"id\":\"percent\"},\"system.process.cgroup.io.pressure.full.300.pct\":{\"id\":\"percent\"},\"system.process.cgroup.io.pressure.some.10.pct\":{\"id\":\"percent\"},\"system.process.cgroup.io.pressure.some.60.pct\":{\"id\":\"percent\"},\"system.socket.summary.tcp.memory\":{\"id\":\"bytes\"},\"system.socket.summary.udp.memory\":{\"id\":\"bytes\"},\"system.fsstat.total_size.free\":{\"id\":\"bytes\"},\"system.fsstat.total_size.used\":{\"id\":\"bytes\"},\"system.fsstat.total_size.total\":{\"id\":\"bytes\"},\"system.memory.total\":{\"id\":\"bytes\"},\"system.memory.used.bytes\":{\"id\":\"bytes\"},\"system.memory.free\":{\"id\":\"bytes\"},\"system.memory.used.pct\":{\"id\":\"percent\"},\"system.memory.actual.used.bytes\":{\"id\":\"bytes\"},\"system.memory.actual.free\":{\"id\":\"bytes\"},\"system.memory.actual.used.pct\":{\"id\":\"percent\"},\"system.memory.swap.total\":{\"id\":\"bytes\"},\"system.memory.swap.used.bytes\":{\"id\":\"bytes\"},\"system.memory.swap.free\":{\"id\":\"bytes\"},\"system.memory.swap.used.pct\":{\"id\":\"percent\"},\"system.memory.page_stats.pgscan_kswapd.pages\":{\"id\":\"number\"},\"system.memory.page_stats.pgscan_direct.pages\":{\"id\":\"number\"},\"system.memory.page_stats.pgfree.pages\":{\"id\":\"number\"},\"system.memory.page_stats.pgsteal_kswapd.pages\":{\"id\":\"number\"},\"system.memory.page_stats.pgsteal_direct.pages\":{\"id\":\"number\"},\"system.memory.page_stats.direct_efficiency.pct\":{\"id\":\"percent\"},\"system.memory.page_stats.kswapd_efficiency.pct\":{\"id\":\"percent\"},\"system.memory.hugepages.total\":{\"id\":\"number\"},\"system.memory.hugepages.used.bytes\":{\"id\":\"bytes\"},\"system.memory.hugepages.used.pct\":{\"id\":\"percent\"},\"system.memory.hugepages.free\":{\"id\":\"number\"},\"system.memory.hugepages.reserved\":{\"id\":\"number\"},\"system.memory.hugepages.surplus\":{\"id\":\"number\"},\"system.memory.hugepages.default_size\":{\"id\":\"bytes\"},\"host.network.in.bytes\":{\"id\":\"bytes\"},\"host.network.out.bytes\":{\"id\":\"bytes\"},\"system.network.out.bytes\":{\"id\":\"bytes\"},\"system.network.in.bytes\":{\"id\":\"bytes\"},\"system.uptime.duration.ms\":{\"id\":\"duration\"},\"event.sequence\":{\"id\":\"string\"},\"event.severity\":{\"id\":\"string\"}}","fields":"[{\"name\":\"cloud.account.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.availability_zone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.instance.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.instance.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.machine.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.provider\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.region\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.project.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.image.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"container.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"container.image.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"container.labels\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"container.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.mac\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.family\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.kernel\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"host.os.platform\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.containerized\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.build\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.codename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_stream.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_stream.dataset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_stream.namespace\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.output.events.acked\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.output.events.active\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.output.events.batches\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.output.events.dropped\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.output.events.duplicates\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.output.events.failed\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.output.events.toomany\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.output.events.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.output.write.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.output.write.errors\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic_agent.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic_agent.process\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic_agent.snapshot\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic_agent.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cpu.user.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cpu.total.value\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cpu.system.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cpu.total.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cpu.total.time.ms\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cpu.user.time.ms\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cpu.system.time.ms\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.memory.size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.fd.open\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.fd.limit.soft\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.fd.limit.hard\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.cfs.period.us\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.cfs.quota.us\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.cfs.shares\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.rt.period.us\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.rt.runtime.us\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.stats.periods\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.stats.throttled.periods\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.stats.throttled.ns\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpuacct.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpuacct.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpuacct.total.ns\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpuacct.stats.user.ns\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpuacct.stats.system.ns\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpuacct.percpu\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.mem.usage.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.mem.usage.max.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.mem.limit.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.mem.failures\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.memsw.usage.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.memsw.usage.max.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.memsw.limit.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.memsw.failures\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.kmem.usage.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.kmem.usage.max.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.kmem.limit.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.kmem.failures\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.kmem_tcp.usage.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.kmem_tcp.usage.max.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.kmem_tcp.limit.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.kmem_tcp.failures\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.active_anon.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.active_file.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.cache.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.hierarchical_memory_limit.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.hierarchical_memsw_limit.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.inactive_anon.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.inactive_file.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.mapped_file.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.page_faults\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.major_page_faults\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.pages_in\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.pages_out\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.rss.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.rss_huge.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.swap.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.unevictable.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.blkio.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.blkio.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.blkio.total.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.blkio.total.ios\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.beat.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.beat.host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.beat.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.beat.uuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.beat.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.system.cpu.cores\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.system.load.1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.system.load.15\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.system.load.5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.system.load.norm.1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.system.load.norm.15\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.system.load.norm.5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cpu.system.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cpu.system.time.ms\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cpu.total.value\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cpu.total.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cpu.total.time.ms\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cpu.user.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cpu.user.time.ms\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.info.ephemeral_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.info.uptime.ms\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cgroup.cpu.cfs.period.us\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cgroup.cpu.cfs.quota.us\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cgroup.cpu.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cgroup.cpu.stats.periods\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cgroup.cpu.stats.throttled.periods\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cgroup.cpu.stats.throttled.ns\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cgroup.cpuacct.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cgroup.cpuacct.total.ns\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cgroup.memory.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cgroup.memory.mem.limit.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cgroup.memory.mem.usage.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.memstats.gc_next\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.memstats.memory.alloc\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.memstats.memory.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.memstats.rss\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.handles.open\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.handles.limit.hard\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.handles.limit.soft\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.uptime.ms\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.runtime.goroutines\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.pipeline.clients\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.pipeline.queue.acked\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.pipeline.events.active\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.pipeline.events.dropped\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.pipeline.events.failed\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.pipeline.events.filtered\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.pipeline.events.published\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.pipeline.events.retry\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.pipeline.events.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.config.running\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.config.starts\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.config.stops\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.output.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.output.read.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.output.read.errors\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.dataset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.cpu.usage\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.disk.read.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.disk.write.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.region_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.network.egress.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.network.egress.packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.network.ingress.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.network.ingress.packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.full\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.email\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.full_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.roles\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.user.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.user.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.system.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.system.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.nice.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.nice.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.idle.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.idle.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.iowait.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.iowait.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.irq.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.irq.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.softirq.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.softirq.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.steal.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.steal.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.serial_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.read.count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.write.count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.read.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.write.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.read.time\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.write.time\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.io.time\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.iostat.read.request.merges_per_sec\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.iostat.write.request.merges_per_sec\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.iostat.read.request.per_sec\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.iostat.write.request.per_sec\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.iostat.read.per_sec.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.iostat.read.await\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.iostat.write.per_sec.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.iostat.write.await\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.iostat.request.avg_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.iostat.queue.avg_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.iostat.await\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.iostat.service_time\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.iostat.busy\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.cpu.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.cores\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.user.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.system.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.nice.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.idle.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.iowait.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.irq.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.softirq.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.steal.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.total.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.user.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.system.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.nice.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.idle.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.iowait.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.irq.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.softirq.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.steal.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.total.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.user.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.system.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.nice.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.idle.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.iowait.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.irq.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.softirq.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.steal.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.filesystem.available\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.filesystem.device_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.filesystem.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.filesystem.mount_point\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.filesystem.files\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.filesystem.free\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.filesystem.free_files\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.filesystem.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.filesystem.used.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.filesystem.used.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.cpu.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.cpu.start_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.memory.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.args\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.args_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.digest_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.signing_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.team_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.command_line\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.byte_order\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.cpu_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.creation_date\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.exports\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.header.abi_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.header.class\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.header.data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.header.entrypoint\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.header.object_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.header.os_abi\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.header.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.header.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.imports\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.sections\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.sections.chi2\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.sections.entropy\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.sections.flags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.sections.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.sections.physical_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.sections.physical_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.sections.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.sections.virtual_address\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.sections.virtual_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.segments\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.segments.sections\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.segments.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.shared_libraries\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.telfhash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.end\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.entity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.executable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.exit_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.hash.ssdeep\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.args\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.args_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.digest_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.signing_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.team_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.command_line\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.byte_order\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.cpu_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.creation_date\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.exports\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.header.abi_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.header.class\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.header.data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.header.entrypoint\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.header.object_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.header.os_abi\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.header.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.header.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.imports\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.sections\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.sections.chi2\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.sections.entropy\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.sections.flags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.sections.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.sections.physical_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.sections.physical_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.sections.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.sections.virtual_address\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.sections.virtual_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.segments\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.segments.sections\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.segments.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.shared_libraries\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.telfhash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.end\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.entity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.executable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.exit_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.hash.ssdeep\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pgid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.ppid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.thread.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.thread.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.title\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.working_directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pgid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.ppid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.title\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.working_directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.changes.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.changes.email\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.changes.full_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.changes.group.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.changes.group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.changes.group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.changes.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.changes.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.changes.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.changes.roles\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.effective.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.effective.email\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.effective.full_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.effective.group.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.effective.group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.effective.group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.effective.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.effective.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.effective.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.effective.roles\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.email\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.full_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.roles\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.email\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.full_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.group.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.roles\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cmdline\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.env\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cpu.total.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cpu.total.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cpu.start_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.memory.rss.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.memory.rss.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.memory.share\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cgroups_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.stats.usage.ns\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.stats.usage.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.stats.usage.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.stats.user.ns\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.stats.user.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.stats.user.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.stats.system.ns\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.stats.system.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.stats.system.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.stats.throttled.us\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.pressure.some.10.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.pressure.some.60.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.pressure.some.300.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.pressure.some.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.pressure.full.10.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.pressure.full.60.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.pressure.full.300.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.pressure.full.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpuacct.total.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpuacct.total.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpuacct.stats.user.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpuacct.stats.user.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpuacct.stats.system.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpuacct.stats.system.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.mem.low.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.mem.high.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.mem.max.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.mem.events.low\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.mem.events.high\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.mem.events.max\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.mem.events.oom\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.mem.events.oom_kill\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.mem.events.fail\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.memsw.low.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.memsw.high.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.memsw.max.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.memsw.events.low\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.memsw.events.high\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.memsw.events.max\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.memsw.events.oom\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.memsw.events.oom_kill\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.memsw.events.fail\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.*\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.*.bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.stats.*\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.stats.*.*\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.stats.*.*.bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.stats.*.*.ios\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.pressure.full.10.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.pressure.full.60.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.pressure.full.300.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.pressure.full.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.pressure.some.10.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.pressure.some.60.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.pressure.some.300.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.pressure.some.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.as.number\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.as.organization.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.region_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.mac\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.nat.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.nat.port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.registered_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.subdomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.top_level_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.user.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.user.email\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.user.full_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.user.group.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.user.group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.user.group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.user.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.user.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.user.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.user.roles\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.all.count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.all.listening\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.tcp.memory\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.tcp.all.orphan\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.tcp.all.count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.tcp.all.listening\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.tcp.all.established\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.tcp.all.close_wait\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.tcp.all.time_wait\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.tcp.all.syn_sent\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.tcp.all.syn_recv\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.tcp.all.fin_wait1\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.tcp.all.fin_wait2\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.tcp.all.last_ack\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.tcp.all.closing\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.udp.memory\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.udp.all.count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.fsstat.count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.fsstat.total_files\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.fsstat.total_size.free\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.fsstat.total_size.used\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.fsstat.total_size.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.used.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.free\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.used.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.actual.used.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.actual.free\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.actual.used.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.swap.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.swap.used.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.swap.free\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.swap.out.pages\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.swap.in.pages\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.swap.readahead.pages\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.swap.readahead.cached\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.swap.used.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.page_stats.pgscan_kswapd.pages\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.page_stats.pgscan_direct.pages\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.page_stats.pgfree.pages\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.page_stats.pgsteal_kswapd.pages\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.page_stats.pgsteal_direct.pages\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.page_stats.direct_efficiency.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.page_stats.kswapd_efficiency.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.hugepages.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.hugepages.used.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.hugepages.used.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.hugepages.free\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.hugepages.reserved\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.hugepages.surplus\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.hugepages.default_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.hugepages.swap.out.pages\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.hugepages.swap.out.fallback\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.summary.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.summary.running\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.summary.idle\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.summary.sleeping\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.summary.stopped\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.summary.zombie\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.summary.dead\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.summary.unknown\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.network.in.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.network.in.packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.network.out.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.network.out.packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.network.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.network.out.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.network.in.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.network.out.packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.network.in.packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.network.in.errors\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.network.out.errors\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.network.in.dropped\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.network.out.dropped\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.uptime.duration.ms\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.load.1\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.load.5\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.load.15\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.load.norm.1\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.load.norm.5\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.load.norm.15\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.load.cores\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.capabilities\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"Endpoint.configuration\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.configuration.isolation\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.state.isolation\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ecs.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic.agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic.agent.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.category\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.created\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.ingested\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.kind\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.outcome\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.provider\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.sequence\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.severity\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.Ext.variant\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.full.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.full.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"host.os.name.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.cpu\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.cpu.endpoint\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.cpu.endpoint.histogram\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.cpu.endpoint.latest\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.cpu.endpoint.mean\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.disks\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Endpoint.metrics.disks.device\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.disks.endpoint_drive\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.disks.free\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.disks.fstype\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.disks.mount\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.disks.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.file_events.sent_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.file_events.sent_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.file_events.suppressed_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.file_events.suppressed_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.library_events.sent_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.library_events.sent_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.library_events.suppressed_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.library_events.suppressed_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.network_events.sent_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.network_events.sent_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.network_events.suppressed_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.network_events.suppressed_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.overall.sent_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.overall.sent_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.overall.suppressed_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.overall.suppressed_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.process_events.sent_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.process_events.sent_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.process_events.suppressed_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.process_events.suppressed_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.registry_events.sent_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.registry_events.sent_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.registry_events.suppressed_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.registry_events.suppressed_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.memory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.memory.endpoint\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.memory.endpoint.private\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.memory.endpoint.private.latest\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.memory.endpoint.private.mean\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.system_impact\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Endpoint.metrics.threads\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Endpoint.metrics.uptime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.uptime.endpoint\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.uptime.system\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.end\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.actions.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.actions.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.actions.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Endpoint.policy.applied.artifacts.global\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.identifiers\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.identifiers.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.identifiers.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.identifiers\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.identifiers.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.identifiers.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.endpoint_policy_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Endpoint.policy.applied.response.configurations\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Endpoint.policy.applied.response.configurations.antivirus_registration\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Endpoint.policy.applied.response.configurations.antivirus_registration.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.antivirus_registration.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.behavior_protection.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.behavior_protection.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.events\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.events.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.events.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.host_isolation.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.host_isolation.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.logging\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.logging.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.logging.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.malware\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.malware.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.malware.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.memory_protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.memory_protection.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.memory_protection.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.ransomware.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.ransomware.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.streaming\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.streaming.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.streaming.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.diagnostic\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Endpoint.policy.applied.response.diagnostic.behavior_protection.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.diagnostic.behavior_protection.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.diagnostic.credential_protection.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.diagnostic.credential_protection.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.diagnostic.malware.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.diagnostic.malware.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.diagnostic.memory_protection.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.diagnostic.memory_protection.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.diagnostic.memory_scan.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.diagnostic.memory_scan.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.diagnostic.ransomware.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.diagnostic.ransomware.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.build.original\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","timeFieldName":"@timestamp","title":"metrics-*"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"metrics-*","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"sort":[1688996741503,5719],"type":"index-pattern","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0ODksMV0="}
+{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{\"55d94407-b21c-49ae-a16e-72640d21a881\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"cloud.region\",\"title\":\"Regions\",\"id\":\"55d94407-b21c-49ae-a16e-72640d21a881\",\"enhancements\":{}}},\"4240efc9-bf68-427c-8fe3-be4f47247d98\":{\"order\":3,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"aws.dimensions.StreamName\",\"title\":\"Stream Names\",\"id\":\"4240efc9-bf68-427c-8fe3-be4f47247d98\",\"enhancements\":{}}},\"7fcde1e0-44fd-48bf-b0b3-13c82f49adf3\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"cloud.availability_zone\",\"title\":\"Availability Zones\",\"id\":\"7fcde1e0-44fd-48bf-b0b3-13c82f49adf3\",\"enhancements\":{}}},\"dd664f97-eec2-4a38-b4a3-a807a5a6e8d5\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"cloud.account.name\",\"title\":\"Account Names\",\"id\":\"dd664f97-eec2-4a38-b4a3-a807a5a6e8d5\",\"enhancements\":{}}}}"},"description":"Overview of Amazon Kinesis Metrics","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.kinesis\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.kinesis\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":6,\"i\":\"84bfd8e4-fcfe-4985-8e80-f840c190787c\",\"w\":12,\"x\":0,\"y\":0},\"panelIndex\":\"84bfd8e4-fcfe-4985-8e80-f840c190787c\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-e90bdb01-c733-4cf6-b3ca-7f727eec5d0e\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"e90bdb01-c733-4cf6-b3ca-7f727eec5d0e\":{\"columnOrder\":[\"d4bfc6f7-1652-44a3-8ebc-614ce412a7bd\"],\"columns\":{\"d4bfc6f7-1652-44a3-8ebc-614ce412a7bd\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Stream Count\",\"operationType\":\"unique_count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.dimensions.StreamName\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"d4bfc6f7-1652-44a3-8ebc-614ce412a7bd\",\"layerId\":\"e90bdb01-c733-4cf6-b3ca-7f727eec5d0e\",\"layerType\":\"data\",\"size\":\"l\",\"textAlign\":\"center\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":true,\"type\":\"lens\"},\"title\":\"Stream Count\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":6,\"i\":\"d2561e5f-82df-4c7e-940d-e443263a5761\",\"w\":19,\"x\":12,\"y\":0},\"panelIndex\":\"d2561e5f-82df-4c7e-940d-e443263a5761\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-85000cbe-652e-4337-81c6-6abb10541e21\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"c2983c5b-02c3-4f54-9c89-9bfa1ca0efe8\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"85000cbe-652e-4337-81c6-6abb10541e21\":{\"columnOrder\":[\"6902038d-7bb1-4339-9b9f-07ea69d05480\"],\"columns\":{\"6902038d-7bb1-4339-9b9f-07ea69d05480\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average Incoming Bytes (in selected time range)\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}},\"scale\":\"ratio\",\"sourceField\":\"aws.kinesis.metrics.IncomingBytes.avg\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"c2983c5b-02c3-4f54-9c89-9bfa1ca0efe8\",\"key\":\"aws.kinesis.metrics.IncomingBytes.avg\",\"negate\":false,\"type\":\"exists\",\"value\":\"exists\"},\"query\":{\"exists\":{\"field\":\"aws.kinesis.metrics.IncomingBytes.avg\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"6902038d-7bb1-4339-9b9f-07ea69d05480\",\"layerId\":\"85000cbe-652e-4337-81c6-6abb10541e21\",\"layerType\":\"data\",\"size\":\"l\",\"textAlign\":\"center\",\"titlePosition\":\"top\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":true,\"type\":\"lens\"},\"title\":\"Incoming Bytes\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":6,\"i\":\"fe687607-118e-4b28-87d2-770bacc39c16\",\"w\":17,\"x\":31,\"y\":0},\"panelIndex\":\"fe687607-118e-4b28-87d2-770bacc39c16\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-fea14ee9-35c1-47b8-b245-010f56ed252e\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"fea14ee9-35c1-47b8-b245-010f56ed252e\":{\"columnOrder\":[\"f198a9d8-490f-4385-98c1-455a7a0ee030\"],\"columns\":{\"f198a9d8-490f-4385-98c1-455a7a0ee030\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average Get Records Bytes (in selected time range)\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}},\"scale\":\"ratio\",\"sourceField\":\"aws.kinesis.metrics.GetRecords_Bytes.avg\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"f198a9d8-490f-4385-98c1-455a7a0ee030\",\"layerId\":\"fea14ee9-35c1-47b8-b245-010f56ed252e\",\"layerType\":\"data\",\"size\":\"l\",\"textAlign\":\"center\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":true,\"type\":\"lens\"},\"title\":\"Average Get Records Bytes\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"bcb7cf5d-0f3e-42e4-a85b-fcf8aaf0272f\",\"w\":4,\"x\":0,\"y\":6},\"panelIndex\":\"bcb7cf5d-0f3e-42e4-a85b-fcf8aaf0272f\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":24,\"markdown\":\"Incoming Data\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Incoming Data Label\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"35950b92-e435-4d8e-939f-729865b86d05\",\"w\":22,\"x\":4,\"y\":6},\"panelIndex\":\"35950b92-e435-4d8e-939f-729865b86d05\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-f364a471-26d4-4349-a977-0852b7c54b72\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"f364a471-26d4-4349-a977-0852b7c54b72\":{\"columnOrder\":[\"b0fcf617-1944-40a7-b423-63f3ba179e96\",\"4a9105bb-d594-489c-a999-828c551d2397\",\"772f4177-1cca-494f-9b95-d7d885c458ca\"],\"columns\":{\"4a9105bb-d594-489c-a999-828c551d2397\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 values of aws.dimensions.StreamName\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"772f4177-1cca-494f-9b95-d7d885c458ca\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.dimensions.StreamName\"},\"772f4177-1cca-494f-9b95-d7d885c458ca\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Incoming Bytes per Stream\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}},\"scale\":\"ratio\",\"sourceField\":\"aws.kinesis.metrics.IncomingBytes.avg\"},\"b0fcf617-1944-40a7-b423-63f3ba179e96\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"curveType\":\"LINEAR\",\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"hideEndzones\":false,\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"772f4177-1cca-494f-9b95-d7d885c458ca\"],\"layerId\":\"f364a471-26d4-4349-a977-0852b7c54b72\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"4a9105bb-d594-489c-a999-828c551d2397\",\"xAccessor\":\"b0fcf617-1944-40a7-b423-63f3ba179e96\"}],\"legend\":{\"isInside\":true,\"isVisible\":true,\"position\":\"right\",\"showSingleSeries\":false},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"valuesInLegend\":false,\"xTitle\":\"timestamp\",\"yLeftExtent\":{\"mode\":\"dataBounds\"},\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Incoming Bytes per Stream\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"ef1f9b18-05dd-4dad-aaf4-f0c93363b82a\",\"w\":22,\"x\":26,\"y\":6},\"panelIndex\":\"ef1f9b18-05dd-4dad-aaf4-f0c93363b82a\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-ef45f5b2-6ee6-4630-83df-ac21859098ac\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"ef45f5b2-6ee6-4630-83df-ac21859098ac\":{\"columnOrder\":[\"56dce76d-00b6-42ca-95c3-df6510c9b577\",\"d477a257-1ca8-4d0f-a5ae-c5ea28415aed\",\"6c6de2f7-4864-46c6-916d-5bf11169f90a\"],\"columns\":{\"56dce76d-00b6-42ca-95c3-df6510c9b577\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"6c6de2f7-4864-46c6-916d-5bf11169f90a\":{\"customLabel\":false,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average of aws.kinesis.metrics.IncomingRecords.avg\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.kinesis.metrics.IncomingRecords.avg\"},\"d477a257-1ca8-4d0f-a5ae-c5ea28415aed\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 values of aws.dimensions.StreamName\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"6c6de2f7-4864-46c6-916d-5bf11169f90a\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.dimensions.StreamName\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"6c6de2f7-4864-46c6-916d-5bf11169f90a\"],\"layerId\":\"ef45f5b2-6ee6-4630-83df-ac21859098ac\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"d477a257-1ca8-4d0f-a5ae-c5ea28415aed\",\"xAccessor\":\"56dce76d-00b6-42ca-95c3-df6510c9b577\"}],\"legend\":{\"isInside\":true,\"isVisible\":true,\"position\":\"right\",\"showSingleSeries\":false},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"xTitle\":\"timestamp\",\"yLeftExtent\":{\"mode\":\"dataBounds\"},\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Incoming Records per Stream\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"ca087394-b593-4315-96fc-91d001763436\",\"w\":4,\"x\":0,\"y\":17},\"panelIndex\":\"ca087394-b593-4315-96fc-91d001763436\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":24,\"markdown\":\"Outgoing Data\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Outgoing Data Label\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"cebc0c74-fbe5-4dd3-ab4e-a3957bc27b57\",\"w\":22,\"x\":4,\"y\":17},\"panelIndex\":\"cebc0c74-fbe5-4dd3-ab4e-a3957bc27b57\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-66e326a0-aea7-465a-898e-cf06def52d2f\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"66e326a0-aea7-465a-898e-cf06def52d2f\":{\"columnOrder\":[\"bb8e30f7-7af5-4579-bd1e-df9c334c0ea3\",\"009e02e1-a8eb-483e-90ff-2ad2c265de5e\",\"0c97ef8c-3b1d-48c6-8a99-3dcc7edf0775\"],\"columns\":{\"009e02e1-a8eb-483e-90ff-2ad2c265de5e\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 values of aws.dimensions.StreamName\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0c97ef8c-3b1d-48c6-8a99-3dcc7edf0775\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.dimensions.StreamName\"},\"0c97ef8c-3b1d-48c6-8a99-3dcc7edf0775\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Get Records Bytes per Stream\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}},\"scale\":\"ratio\",\"sourceField\":\"aws.kinesis.metrics.GetRecords_Bytes.avg\"},\"bb8e30f7-7af5-4579-bd1e-df9c334c0ea3\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"0c97ef8c-3b1d-48c6-8a99-3dcc7edf0775\"],\"layerId\":\"66e326a0-aea7-465a-898e-cf06def52d2f\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"009e02e1-a8eb-483e-90ff-2ad2c265de5e\",\"xAccessor\":\"bb8e30f7-7af5-4579-bd1e-df9c334c0ea3\"}],\"legend\":{\"isInside\":true,\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"xTitle\":\"timestamp\",\"yLeftExtent\":{\"mode\":\"dataBounds\"},\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Get Records Bytes per Stream\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"0de4ba03-7578-4e58-a11a-c9a3f189c737\",\"w\":22,\"x\":26,\"y\":17},\"panelIndex\":\"0de4ba03-7578-4e58-a11a-c9a3f189c737\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-a980f50c-c9ba-4fef-a19e-5480d4cabb8e\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a980f50c-c9ba-4fef-a19e-5480d4cabb8e\":{\"columnOrder\":[\"617e16f4-065a-400f-90d9-41e8b23742b3\",\"acbcda73-e162-421c-8189-50dd770b75f2\",\"57f5ba6b-2325-4f5c-bfea-7c03d45f1bf0\"],\"columns\":{\"57f5ba6b-2325-4f5c-bfea-7c03d45f1bf0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Get Records per Stream\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.kinesis.metrics.GetRecords_Records.avg\"},\"617e16f4-065a-400f-90d9-41e8b23742b3\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"acbcda73-e162-421c-8189-50dd770b75f2\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 values of aws.dimensions.StreamName\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"57f5ba6b-2325-4f5c-bfea-7c03d45f1bf0\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.dimensions.StreamName\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"57f5ba6b-2325-4f5c-bfea-7c03d45f1bf0\"],\"layerId\":\"a980f50c-c9ba-4fef-a19e-5480d4cabb8e\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"acbcda73-e162-421c-8189-50dd770b75f2\",\"xAccessor\":\"617e16f4-065a-400f-90d9-41e8b23742b3\"}],\"legend\":{\"isInside\":true,\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"xTitle\":\"timestamp\",\"yLeftExtent\":{\"mode\":\"dataBounds\"},\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Get Records per Stream\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":17,\"i\":\"31b1f250-ed1f-4f0f-a6c1-2b0c3b89f44e\",\"w\":4,\"x\":0,\"y\":28},\"panelIndex\":\"31b1f250-ed1f-4f0f-a6c1-2b0c3b89f44e\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":24,\"markdown\":\"Latency\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"latency label\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":6,\"i\":\"8b7a3327-5e7b-497e-81ad-44c4a79404c1\",\"w\":22,\"x\":4,\"y\":28},\"panelIndex\":\"8b7a3327-5e7b-497e-81ad-44c4a79404c1\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-9b4f8256-163e-4ab3-8a3a-9537e7f6bf6f\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"9b4f8256-163e-4ab3-8a3a-9537e7f6bf6f\":{\"columnOrder\":[\"db6866f3-2c0a-412b-bfda-daabae270aad\"],\"columns\":{\"db6866f3-2c0a-412b-bfda-daabae270aad\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Put Records Latency (ms)\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.kinesis.metrics.PutRecords_Latency.avg\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"db6866f3-2c0a-412b-bfda-daabae270aad\",\"layerId\":\"9b4f8256-163e-4ab3-8a3a-9537e7f6bf6f\",\"layerType\":\"data\",\"size\":\"l\",\"textAlign\":\"center\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":true,\"type\":\"lens\"},\"title\":\"Put Records Latency\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":6,\"i\":\"ba88b57d-1f5f-40f0-8c41-2c0f28840ba3\",\"w\":22,\"x\":26,\"y\":28},\"panelIndex\":\"ba88b57d-1f5f-40f0-8c41-2c0f28840ba3\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-2f27b831-82a8-41b7-a5f7-78e55e47c621\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"2f27b831-82a8-41b7-a5f7-78e55e47c621\":{\"columnOrder\":[\"60129565-3cbe-4dae-8e0c-2dcd8cf28cbb\"],\"columns\":{\"60129565-3cbe-4dae-8e0c-2dcd8cf28cbb\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Get Records Latency (ms)\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.kinesis.metrics.GetRecords_Latency.avg\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"60129565-3cbe-4dae-8e0c-2dcd8cf28cbb\",\"layerId\":\"2f27b831-82a8-41b7-a5f7-78e55e47c621\",\"layerType\":\"data\",\"size\":\"l\",\"textAlign\":\"center\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":true,\"type\":\"lens\"},\"title\":\"Get Records Latency\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"0bc876e8-94df-413b-8297-a6059a876e2c\",\"w\":22,\"x\":4,\"y\":34},\"panelIndex\":\"0bc876e8-94df-413b-8297-a6059a876e2c\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-cc948472-c0b6-4462-85e5-ba342900911c\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"cc948472-c0b6-4462-85e5-ba342900911c\":{\"columnOrder\":[\"3aeb8dc5-7e81-4852-94f8-4a9f8d1edd51\",\"bb117738-24ca-4e6a-aafc-1544b82237f8\",\"405da135-3981-4d0e-9c6e-267b7c942374\"],\"columns\":{\"3aeb8dc5-7e81-4852-94f8-4a9f8d1edd51\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"405da135-3981-4d0e-9c6e-267b7c942374\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"PutRecords Latency\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.kinesis.metrics.PutRecords_Latency.avg\"},\"bb117738-24ca-4e6a-aafc-1544b82237f8\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 3 values of aws.dimensions.StreamName\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"405da135-3981-4d0e-9c6e-267b7c942374\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":3},\"scale\":\"ordinal\",\"sourceField\":\"aws.dimensions.StreamName\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"405da135-3981-4d0e-9c6e-267b7c942374\"],\"layerId\":\"cc948472-c0b6-4462-85e5-ba342900911c\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"bb117738-24ca-4e6a-aafc-1544b82237f8\",\"xAccessor\":\"3aeb8dc5-7e81-4852-94f8-4a9f8d1edd51\"}],\"legend\":{\"isInside\":true,\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"xTitle\":\"timestamp\",\"yLeftExtent\":{\"mode\":\"dataBounds\"},\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Put Records Latency\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"45c140bc-8782-476c-8f2e-8713a1e39dfe\",\"w\":22,\"x\":26,\"y\":34},\"panelIndex\":\"45c140bc-8782-476c-8f2e-8713a1e39dfe\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-3d34bc69-5211-4972-bd41-0a18e9612600\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"3d34bc69-5211-4972-bd41-0a18e9612600\":{\"columnOrder\":[\"979e1cb7-86fc-4d5a-abc0-d96523e80509\",\"d8cd7f5c-a793-4b4e-ac36-c71567f8f86e\",\"d8554dbd-ab0a-477c-969e-b1739d2bd362\"],\"columns\":{\"979e1cb7-86fc-4d5a-abc0-d96523e80509\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"d8554dbd-ab0a-477c-969e-b1739d2bd362\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Get Records Latency\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.kinesis.metrics.GetRecords_Latency.avg\"},\"d8cd7f5c-a793-4b4e-ac36-c71567f8f86e\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 values of aws.dimensions.StreamName\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"d8554dbd-ab0a-477c-969e-b1739d2bd362\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.dimensions.StreamName\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"d8554dbd-ab0a-477c-969e-b1739d2bd362\"],\"layerId\":\"3d34bc69-5211-4972-bd41-0a18e9612600\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"d8cd7f5c-a793-4b4e-ac36-c71567f8f86e\",\"xAccessor\":\"979e1cb7-86fc-4d5a-abc0-d96523e80509\"}],\"legend\":{\"isInside\":true,\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"xTitle\":\"timestamp\",\"yLeftExtent\":{\"mode\":\"dataBounds\"},\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Get Records Latency\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"e4a85e33-bbc8-4476-a845-27b2ac3347ac\",\"w\":44,\"x\":4,\"y\":45},\"panelIndex\":\"e4a85e33-bbc8-4476-a845-27b2ac3347ac\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-44c2780b-de65-4156-91a7-04c4cd5999f4\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"44c2780b-de65-4156-91a7-04c4cd5999f4\":{\"columnOrder\":[\"ee968136-8f62-414e-ac48-1169ca061295\",\"ba2fedb6-b237-4ebe-aafc-49d034ba7270\",\"eb814fb0-7e21-46de-b35c-aaf20617a7cf\"],\"columns\":{\"ba2fedb6-b237-4ebe-aafc-49d034ba7270\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 values of aws.dimensions.StreamName\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"eb814fb0-7e21-46de-b35c-aaf20617a7cf\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.dimensions.StreamName\"},\"eb814fb0-7e21-46de-b35c-aaf20617a7cf\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Get Records Iterator Age (ms)\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.kinesis.metrics.GetRecords_IteratorAgeMilliseconds.avg\"},\"ee968136-8f62-414e-ac48-1169ca061295\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"eb814fb0-7e21-46de-b35c-aaf20617a7cf\"],\"layerId\":\"44c2780b-de65-4156-91a7-04c4cd5999f4\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"ba2fedb6-b237-4ebe-aafc-49d034ba7270\",\"xAccessor\":\"ee968136-8f62-414e-ac48-1169ca061295\"}],\"legend\":{\"isInside\":true,\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"xTitle\":\"timestamp\",\"yLeftExtent\":{\"mode\":\"dataBounds\"},\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Get Records Iterator Age (ms)\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"360ef36d-2399-41e7-8f5a-b3c1406dedc7\",\"w\":4,\"x\":0,\"y\":45},\"panelIndex\":\"360ef36d-2399-41e7-8f5a-b3c1406dedc7\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":24,\"markdown\":\"Iterator Age\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"iterator age label\"}]","timeRestore":false,"title":"[Metrics AWS] Kinesis Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"aws-07d67a60-d872-11eb-8220-c9141cc1b15c","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"84bfd8e4-fcfe-4985-8e80-f840c190787c:indexpattern-datasource-layer-e90bdb01-c733-4cf6-b3ca-7f727eec5d0e","type":"index-pattern"},{"id":"metrics-*","name":"d2561e5f-82df-4c7e-940d-e443263a5761:indexpattern-datasource-layer-85000cbe-652e-4337-81c6-6abb10541e21","type":"index-pattern"},{"id":"metrics-*","name":"d2561e5f-82df-4c7e-940d-e443263a5761:c2983c5b-02c3-4f54-9c89-9bfa1ca0efe8","type":"index-pattern"},{"id":"metrics-*","name":"fe687607-118e-4b28-87d2-770bacc39c16:indexpattern-datasource-layer-fea14ee9-35c1-47b8-b245-010f56ed252e","type":"index-pattern"},{"id":"metrics-*","name":"35950b92-e435-4d8e-939f-729865b86d05:indexpattern-datasource-layer-f364a471-26d4-4349-a977-0852b7c54b72","type":"index-pattern"},{"id":"metrics-*","name":"ef1f9b18-05dd-4dad-aaf4-f0c93363b82a:indexpattern-datasource-layer-ef45f5b2-6ee6-4630-83df-ac21859098ac","type":"index-pattern"},{"id":"metrics-*","name":"cebc0c74-fbe5-4dd3-ab4e-a3957bc27b57:indexpattern-datasource-layer-66e326a0-aea7-465a-898e-cf06def52d2f","type":"index-pattern"},{"id":"metrics-*","name":"0de4ba03-7578-4e58-a11a-c9a3f189c737:indexpattern-datasource-layer-a980f50c-c9ba-4fef-a19e-5480d4cabb8e","type":"index-pattern"},{"id":"metrics-*","name":"8b7a3327-5e7b-497e-81ad-44c4a79404c1:indexpattern-datasource-layer-9b4f8256-163e-4ab3-8a3a-9537e7f6bf6f","type":"index-pattern"},{"id":"metrics-*","name":"ba88b57d-1f5f-40f0-8c41-2c0f28840ba3:indexpattern-datasource-layer-2f27b831-82a8-41b7-a5f7-78e55e47c621","type":"index-pattern"},{"id":"metrics-*","name":"0bc876e8-94df-413b-8297-a6059a876e2c:indexpattern-datasource-layer-cc948472-c0b6-4462-85e5-ba342900911c","type":"index-pattern"},{"id":"metrics-*","name":"45c140bc-8782-476c-8f2e-8713a1e39dfe:indexpattern-datasource-layer-3d34bc69-5211-4972-bd41-0a18e9612600","type":"index-pattern"},{"id":"metrics-*","name":"e4a85e33-bbc8-4476-a845-27b2ac3347ac:indexpattern-datasource-layer-44c2780b-de65-4156-91a7-04c4cd5999f4","type":"index-pattern"},{"id":"metrics-*","name":"controlGroup_55d94407-b21c-49ae-a16e-72640d21a881:optionsListDataView","type":"index-pattern"},{"id":"metrics-*","name":"controlGroup_4240efc9-bf68-427c-8fe3-be4f47247d98:optionsListDataView","type":"index-pattern"},{"id":"metrics-*","name":"controlGroup_7fcde1e0-44fd-48bf-b0b3-13c82f49adf3:optionsListDataView","type":"index-pattern"},{"id":"metrics-*","name":"controlGroup_dd664f97-eec2-4a38-b4a3-a807a5a6e8d5:optionsListDataView","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688996741503,5740],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0OTAsMV0="}
+{"attributes":{"description":"Overview of AWS Transit Gateway Metrics","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.transitgateway\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.transitgateway\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"af1453d8-04d3-4b44-a3b0-138111255a23\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"af1453d8-04d3-4b44-a3b0-138111255a23\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloud.account.name\",\"id\":\"1565034367477\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"account name\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloud.region\",\"id\":\"1584478324642\",\"indexPatternRefName\":\"control_1_index_pattern\",\"label\":\"region\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"aws.dimensions.TransitGateway\",\"id\":\"1584479118709\",\"indexPatternRefName\":\"control_2_index_pattern\",\"label\":\"transit gateway\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":true,\"useTimeFilter\":true},\"title\":\"TransitGateway Filters [Metrics AWS]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"filters\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"14555108-559d-4c07-b240-6e6b14254f16\",\"w\":24,\"x\":0,\"y\":5},\"panelIndex\":\"14555108-559d-4c07-b240-6e6b14254f16\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":0,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.transitgateway.metrics.BytesIn.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"3\",\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.TransitGateway\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"Transit Gateway Bytes In [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Bytes In\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"9c605367-60e3-4e9c-8036-a6191dbafe4a\",\"w\":24,\"x\":24,\"y\":5},\"panelIndex\":\"9c605367-60e3-4e9c-8036-a6191dbafe4a\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":0,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.transitgateway.metrics.PacketsIn.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"3\",\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.TransitGateway\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"Transit Gateway Packets In [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Packets In\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"271558e6-b208-4e2c-abfb-0a6b2dbb0c66\",\"w\":24,\"x\":0,\"y\":17},\"panelIndex\":\"271558e6-b208-4e2c-abfb-0a6b2dbb0c66\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":0,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.transitgateway.metrics.BytesOut.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"3\",\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.TransitGateway\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"Transit Gateway Bytes Out [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Bytes Out\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"41002ab1-845b-469e-9283-8a46a90e4662\",\"w\":24,\"x\":24,\"y\":17},\"panelIndex\":\"41002ab1-845b-469e-9283-8a46a90e4662\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":0,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.transitgateway.metrics.PacketsOut.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"3\",\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.TransitGateway\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"Transit Gateway Packets Out [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Packets Out\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"b141f90b-739e-46f3-83c9-9c4661183837\",\"w\":24,\"x\":0,\"y\":29},\"panelIndex\":\"b141f90b-739e-46f3-83c9-9c4661183837\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":0,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.transitgateway.metrics.BytesDropCountNoRoute.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"3\",\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.TransitGateway\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"Transit Gateway Bytes Drop Count No Route [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Bytes Dropped - no route\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"c6a76f92-248b-4cae-a03f-7d34d58098ae\",\"w\":24,\"x\":24,\"y\":29},\"panelIndex\":\"c6a76f92-248b-4cae-a03f-7d34d58098ae\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":0,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.transitgateway.metrics.PacketDropCountNoRoute.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"3\",\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.TransitGateway\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"Transit Gateway Packets Drop Count No Route [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Packets Dropped - no route\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"1d08d3b8-3bd7-4f90-854d-be08cb119273\",\"w\":24,\"x\":0,\"y\":41},\"panelIndex\":\"1d08d3b8-3bd7-4f90-854d-be08cb119273\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":0,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.transitgateway.metrics.BytesDropCountBlackhole.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"3\",\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.TransitGateway\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"Transit Gateway Bytes Drop Count Blackhole [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Bytes Dropped - black hole\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"40e82e50-b30c-40eb-bbee-9bbfc3d3311f\",\"w\":24,\"x\":24,\"y\":41},\"panelIndex\":\"40e82e50-b30c-40eb-bbee-9bbfc3d3311f\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":0,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.transitgateway.metrics.PacketDropCountBlackhole.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"3\",\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.TransitGateway\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"Transit Gateway Packets Drop Count Blackhole [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Packets Dropped - black hole\"}]","timeRestore":false,"title":"[Metrics AWS] TransitGateway Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"aws-0eb5a6a0-694f-11ea-b0ac-95d4ecb1fecd","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"af1453d8-04d3-4b44-a3b0-138111255a23:control_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"af1453d8-04d3-4b44-a3b0-138111255a23:control_1_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"af1453d8-04d3-4b44-a3b0-138111255a23:control_2_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688996741503,5747],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0OTEsMV0="}
+{"attributes":{"columns":["aws.inspector.title","aws.inspector.finding_arn","aws.inspector.type","aws.inspector.status"],"description":"","grid":{},"hideChart":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.inspector\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.inspector\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"sort":[["@timestamp","desc"]],"title":"Findings Essential Details [Logs Inspector]"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"aws-395fef40-5a52-11ed-a807-bd2da8f2e79b","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688996741503,5752],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0OTIsMV0="}
+{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{\"5de52701-f68f-43d6-b708-9ee6215f945a\":{\"order\":0,\"width\":\"large\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"aws.inspector.severity\",\"parentFieldName\":\"aws.inspector.severity\",\"title\":\"AWS Inspector Findings Severity\",\"id\":\"5de52701-f68f-43d6-b708-9ee6215f945a\",\"selectedOptions\":[],\"enhancements\":{}}}}"},"description":"Overview of AWS Inspector Findings logs.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.inspector\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.inspector\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"2c9f6be4-d000-4aae-a20e-3276e296a95a\",\"w\":24,\"x\":24,\"y\":4},\"panelIndex\":\"2c9f6be4-d000-4aae-a20e-3276e296a95a\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-6b39ae60-44af-44ec-89ce-9d0e344b839b\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"6b39ae60-44af-44ec-89ce-9d0e344b839b\":{\"columnOrder\":[\"c57df882-ee88-4a45-bad1-a6e37fd66f0b\",\"8aa1dbfa-dfa6-42c3-af56-1f9540982d76\"],\"columns\":{\"8aa1dbfa-dfa6-42c3-af56-1f9540982d76\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"c57df882-ee88-4a45-bad1-a6e37fd66f0b\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Status\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"8aa1dbfa-dfa6-42c3-af56-1f9540982d76\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.inspector.status\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"6b39ae60-44af-44ec-89ce-9d0e344b839b\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":false,\"primaryGroups\":[\"c57df882-ee88-4a45-bad1-a6e37fd66f0b\"],\"metrics\":[\"8aa1dbfa-dfa6-42c3-af56-1f9540982d76\"]}],\"shape\":\"pie\"}},\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Findings by Status [Logs Inspector]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"e0d79f79-7160-4106-980b-9bfbbd384a48\",\"w\":24,\"x\":0,\"y\":4},\"panelIndex\":\"e0d79f79-7160-4106-980b-9bfbbd384a48\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-1dae6ff8-1a46-42dc-8e3c-7c6f597f71d2\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"1dae6ff8-1a46-42dc-8e3c-7c6f597f71d2\":{\"columnOrder\":[\"80bca2a5-1b67-4964-a5c0-235ce80fb55f\"],\"columns\":{\"80bca2a5-1b67-4964-a5c0-235ce80fb55f\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Total Findings\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"80bca2a5-1b67-4964-a5c0-235ce80fb55f\",\"layerId\":\"1dae6ff8-1a46-42dc-8e3c-7c6f597f71d2\",\"layerType\":\"data\"}},\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Findings Count [Logs Inspector]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"736a3ccc-8ced-4619-a703-b646564b3849\",\"w\":24,\"x\":24,\"y\":19},\"panelIndex\":\"736a3ccc-8ced-4619-a703-b646564b3849\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-6b39ae60-44af-44ec-89ce-9d0e344b839b\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"6b39ae60-44af-44ec-89ce-9d0e344b839b\":{\"columnOrder\":[\"c57df882-ee88-4a45-bad1-a6e37fd66f0b\",\"8aa1dbfa-dfa6-42c3-af56-1f9540982d76\"],\"columns\":{\"8aa1dbfa-dfa6-42c3-af56-1f9540982d76\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"c57df882-ee88-4a45-bad1-a6e37fd66f0b\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"8aa1dbfa-dfa6-42c3-af56-1f9540982d76\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.inspector.type\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"6b39ae60-44af-44ec-89ce-9d0e344b839b\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"legendSize\":\"xlarge\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":false,\"primaryGroups\":[\"c57df882-ee88-4a45-bad1-a6e37fd66f0b\"],\"metrics\":[\"8aa1dbfa-dfa6-42c3-af56-1f9540982d76\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Findings by Type [Logs Inspector]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"6c7ebad2-7916-4969-b4fe-8f26dc3655d9\",\"w\":24,\"x\":0,\"y\":19},\"panelIndex\":\"6c7ebad2-7916-4969-b4fe-8f26dc3655d9\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-330d4bd7-3d50-4661-aaeb-6239e9afbd85\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"330d4bd7-3d50-4661-aaeb-6239e9afbd85\":{\"columnOrder\":[\"7fd0f4ce-5c8b-4f17-aff7-1c68f6e05525\",\"dfba9e56-fb69-439c-841f-84cf8d6b3ea6\"],\"columns\":{\"7fd0f4ce-5c8b-4f17-aff7-1c68f6e05525\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Network Protocol\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"dfba9e56-fb69-439c-841f-84cf8d6b3ea6\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"network.transport\"},\"dfba9e56-fb69-439c-841f-84cf8d6b3ea6\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"330d4bd7-3d50-4661-aaeb-6239e9afbd85\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":false,\"primaryGroups\":[\"7fd0f4ce-5c8b-4f17-aff7-1c68f6e05525\"],\"metrics\":[\"dfba9e56-fb69-439c-841f-84cf8d6b3ea6\"]}],\"shape\":\"pie\"}},\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Findings by Network Protocol [Logs Inspector]\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":15,\"i\":\"a3dbcb3a-e56a-43bb-bf34-e05a3e61e4c0\",\"w\":24,\"x\":24,\"y\":34},\"panelIndex\":\"a3dbcb3a-e56a-43bb-bf34-e05a3e61e4c0\",\"panelRefName\":\"panel_a3dbcb3a-e56a-43bb-bf34-e05a3e61e4c0\",\"type\":\"search\",\"version\":\"8.4.0\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"b7c5bf1e-b774-455f-8fbc-07e2e31f092e\",\"w\":24,\"x\":0,\"y\":34},\"panelIndex\":\"b7c5bf1e-b774-455f-8fbc-07e2e31f092e\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b2cd46b9-b4fd-4940-9d35-567844a01b5f\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b2cd46b9-b4fd-4940-9d35-567844a01b5f\":{\"columnOrder\":[\"8e3a1fa1-a832-4796-beee-c2f6003979aa\",\"e9633195-636f-4935-8348-fac4365bfa5e\"],\"columns\":{\"8e3a1fa1-a832-4796-beee-c2f6003979aa\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Title\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e9633195-636f-4935-8348-fac4365bfa5e\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.inspector.title\"},\"e9633195-636f-4935-8348-fac4365bfa5e\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Inspector Score\",\"operationType\":\"max\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.inspector.inspector_score\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"8e3a1fa1-a832-4796-beee-c2f6003979aa\",\"isTransposed\":false},{\"alignment\":\"left\",\"columnId\":\"e9633195-636f-4935-8348-fac4365bfa5e\",\"isTransposed\":false}],\"layerId\":\"b2cd46b9-b4fd-4940-9d35-567844a01b5f\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top 10 Findings Title with Highest Inspector Score [Logs Inspector]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"76a6efa7-5420-473d-b856-cf972834b31b\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"76a6efa7-5420-473d-b856-cf972834b31b\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":13,\"markdown\":\"[Inspector Inspector Findings Overview Dashboard](#/dashboard/aws-131a1550-5a0b-11ed-a807-bd2da8f2e79b) | [Inspector Severity Dashboard](#/dashboard/aws-60881ab0-63e0-11ed-be08-4b4db5223139) | [Inspector Vulnerabilities Dashboard](#/dashboard/aws-383d4630-63df-11ed-be08-4b4db5223139) | [Inspector Inspector EC2 and ECR Overview Dashboard](#/dashboard/aws-63984b70-63e1-11ed-be08-4b4db5223139)  \",\"openLinksInNewTab\":true},\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Dashboards [Logs Inspector]\"}]","timeRestore":false,"title":"[Logs AWS] Inspector Findings Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"aws-131a1550-5a0b-11ed-a807-bd2da8f2e79b","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"2c9f6be4-d000-4aae-a20e-3276e296a95a:indexpattern-datasource-layer-6b39ae60-44af-44ec-89ce-9d0e344b839b","type":"index-pattern"},{"id":"logs-*","name":"e0d79f79-7160-4106-980b-9bfbbd384a48:indexpattern-datasource-layer-1dae6ff8-1a46-42dc-8e3c-7c6f597f71d2","type":"index-pattern"},{"id":"logs-*","name":"736a3ccc-8ced-4619-a703-b646564b3849:indexpattern-datasource-layer-6b39ae60-44af-44ec-89ce-9d0e344b839b","type":"index-pattern"},{"id":"logs-*","name":"6c7ebad2-7916-4969-b4fe-8f26dc3655d9:indexpattern-datasource-layer-330d4bd7-3d50-4661-aaeb-6239e9afbd85","type":"index-pattern"},{"id":"aws-395fef40-5a52-11ed-a807-bd2da8f2e79b","name":"a3dbcb3a-e56a-43bb-bf34-e05a3e61e4c0:panel_a3dbcb3a-e56a-43bb-bf34-e05a3e61e4c0","type":"search"},{"id":"logs-*","name":"b7c5bf1e-b774-455f-8fbc-07e2e31f092e:indexpattern-datasource-layer-b2cd46b9-b4fd-4940-9d35-567844a01b5f","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_5de52701-f68f-43d6-b708-9ee6215f945a:optionsListDataView","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688996741503,5763],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0OTMsMV0="}
+{"attributes":{"columns":["source.ip","source.port","event.original"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.vpcflow\"},\"type\":\"phrase\",\"value\":\"vpcflow\"},\"query\":{\"match\":{\"data_stream.dataset\":{\"query\":\"aws.vpcflow\",\"type\":\"phrase\"}}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"aws.vpcflow.action\",\"negate\":false,\"params\":{\"query\":\"REJECT\"},\"type\":\"phrase\",\"value\":\"REJECT\"},\"query\":{\"match\":{\"aws.vpcflow.action\":{\"query\":\"REJECT\",\"type\":\"phrase\"}}}}],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"version\":true}"},"sort":[["@timestamp","desc"]],"title":"VPC Flow Reject Logs [Logs AWS]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"aws-c1aee600-4487-11ea-ad63-791a5dc86f10","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688996741503,5769],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0OTQsMV0="}
+{"attributes":{"description":"Logs AWS VPC Flow Log Overview Dashboard","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"c802177f-038c-4a35-a82d-0fa42c857d02\",\"w\":18,\"x\":0,\"y\":0},\"panelIndex\":\"c802177f-038c-4a35-a82d-0fa42c857d02\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"aws.s3.bucket.name\",\"id\":\"1565034367477\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"S3 Bucket Names\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":true,\"useTimeFilter\":true},\"title\":\"S3 Bucket Name Filter [Logs AWS]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"S3 Bucket Filter\"},{\"version\":\"8.7.0\",\"type\":\"map\",\"gridData\":{\"h\":17,\"i\":\"380eed85-225b-4d5d-88bc-1c70a3643ddb\",\"w\":30,\"x\":18,\"y\":0},\"panelIndex\":\"380eed85-225b-4d5d-88bc-1c70a3643ddb\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"layerListJSON\":\"[{\\\"alpha\\\":1,\\\"id\\\":\\\"842c201e-96d7-413d-8688-de5ee4f8a1e0\\\",\\\"label\\\":null,\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"sourceDescriptor\\\":{\\\"isAutoSelect\\\":true,\\\"type\\\":\\\"EMS_TMS\\\",\\\"lightModeDefault\\\":\\\"road_map\\\"},\\\"style\\\":{},\\\"type\\\":\\\"EMS_VECTOR_TILE\\\",\\\"visible\\\":true},{\\\"alpha\\\":0.75,\\\"id\\\":\\\"401944dd-a371-4698-be17-bc4542e9a5d4\\\",\\\"label\\\":\\\"vpc flow action accept\\\",\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"query\\\":{\\\"language\\\":\\\"kuery\\\",\\\"query\\\":\\\"aws.vpcflow.action : \\\\\\\"ACCEPT\\\\\\\" \\\"},\\\"sourceDescriptor\\\":{\\\"applyGlobalQuery\\\":true,\\\"filterByMapBounds\\\":true,\\\"geoField\\\":\\\"destination.geo.location\\\",\\\"id\\\":\\\"97903038-e08d-4451-bbd2-eb92c894bdf5\\\",\\\"indexPatternRefName\\\":\\\"layer_1_source_index_pattern\\\",\\\"scalingType\\\":\\\"LIMIT\\\",\\\"sortField\\\":\\\"@timestamp\\\",\\\"sortOrder\\\":\\\"desc\\\",\\\"tooltipProperties\\\":[],\\\"topHitsSize\\\":1,\\\"type\\\":\\\"ES_SEARCH\\\"},\\\"style\\\":{\\\"properties\\\":{\\\"fillColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#1EA593\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"icon\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"value\\\":\\\"marker\\\"}},\\\"iconOrientation\\\":{\\\"options\\\":{\\\"orientation\\\":0},\\\"type\\\":\\\"STATIC\\\"},\\\"iconSize\\\":{\\\"options\\\":{\\\"size\\\":5},\\\"type\\\":\\\"STATIC\\\"},\\\"lineColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#167a6d\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"lineWidth\\\":{\\\"options\\\":{\\\"size\\\":1},\\\"type\\\":\\\"STATIC\\\"},\\\"symbolizeAs\\\":{\\\"options\\\":{\\\"value\\\":\\\"circle\\\"}}},\\\"type\\\":\\\"VECTOR\\\"},\\\"type\\\":\\\"GEOJSON_VECTOR\\\",\\\"visible\\\":true},{\\\"alpha\\\":0.75,\\\"id\\\":\\\"b1d44a5c-3a04-4c80-8080-57585b02fd48\\\",\\\"label\\\":\\\"vpc flow action reject\\\",\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"query\\\":{\\\"language\\\":\\\"kuery\\\",\\\"query\\\":\\\"aws.vpcflow.action : \\\\\\\"REJECT\\\\\\\" \\\"},\\\"sourceDescriptor\\\":{\\\"applyGlobalQuery\\\":true,\\\"filterByMapBounds\\\":true,\\\"geoField\\\":\\\"source.geo.location\\\",\\\"id\\\":\\\"9c0e7cce-4f21-4bcd-bb50-ae36c0fffffb\\\",\\\"indexPatternRefName\\\":\\\"layer_2_source_index_pattern\\\",\\\"scalingType\\\":\\\"LIMIT\\\",\\\"sortField\\\":\\\"@timestamp\\\",\\\"sortOrder\\\":\\\"desc\\\",\\\"tooltipProperties\\\":[],\\\"topHitsSize\\\":1,\\\"type\\\":\\\"ES_SEARCH\\\"},\\\"style\\\":{\\\"properties\\\":{\\\"fillColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#f00f0b\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"icon\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"value\\\":\\\"marker\\\"}},\\\"iconOrientation\\\":{\\\"options\\\":{\\\"orientation\\\":0},\\\"type\\\":\\\"STATIC\\\"},\\\"iconSize\\\":{\\\"options\\\":{\\\"size\\\":5},\\\"type\\\":\\\"STATIC\\\"},\\\"lineColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#7a1a18\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"lineWidth\\\":{\\\"options\\\":{\\\"size\\\":1},\\\"type\\\":\\\"STATIC\\\"},\\\"symbolizeAs\\\":{\\\"options\\\":{\\\"value\\\":\\\"circle\\\"}}},\\\"type\\\":\\\"VECTOR\\\"},\\\"type\\\":\\\"GEOJSON_VECTOR\\\",\\\"visible\\\":true}]\",\"mapStateJSON\":\"{\\\"center\\\":{\\\"lat\\\":0,\\\"lon\\\":-108.92402},\\\"filters\\\":[],\\\"query\\\":{\\\"language\\\":\\\"kuery\\\",\\\"query\\\":\\\"\\\"},\\\"refreshConfig\\\":{\\\"interval\\\":0,\\\"isPaused\\\":false},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-15d\\\",\\\"to\\\":\\\"now\\\"},\\\"zoom\\\":0.47,\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false}}\",\"title\":\"VPC Flow Action Geo Location[Logs AWS]\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":false,\\\"openTOCDetails\\\":[]}\"},\"isLayerTOCOpen\":true,\"mapCenter\":{\"lat\":12.09237,\"lon\":60.11722,\"zoom\":0.47},\"openTOCDetails\":[],\"type\":\"map\",\"enhancements\":{}},\"title\":\"VPC Flow Action Geo Location\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"3dde08df-2d7e-464e-825d-03179e43e175\",\"w\":18,\"x\":0,\"y\":5},\"panelIndex\":\"3dde08df-2d7e-464e-825d-03179e43e175\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"29527130-3e86-11ea-9067-cf383a4ea3b3\"}],\"bar_color_rules\":[{\"id\":\"cc6d5070-3e85-11ea-9067-cf383a4ea3b3\"}],\"drop_last_bucket\":1,\"gauge_color_rules\":[{\"id\":\"2b29c940-3e86-11ea-9067-cf383a4ea3b3\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"hide_last_value_indicator\":true,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"\",\"isModelInvalid\":false,\"legend_position\":\"bottom\",\"pivot_id\":\"user_agent.original\",\"pivot_type\":\"string\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(115,216,255,1)\",\"color_rules\":[{\"id\":\"42e14220-3e86-11ea-9067-cf383a4ea3b3\"}],\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.vpcflow\\\" \"},\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"IP address\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"},{\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"id\":\"40c52370-3e87-11ea-9067-cf383a4ea3b3\",\"type\":\"cumulative_sum\"}],\"override_index_pattern\":1,\"point_size\":1,\"separate_axis\":0,\"series_drop_last_bucket\":0,\"series_index_pattern\":\"logs-*\",\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"source.ip\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"top_n\",\"use_kibana_indexes\":false},\"title\":\"VPC Flow Top IP Addresses [Logs AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"VPC Flow Top IP Addresses\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"f7c6de04-c771-47ff-a32d-00a7940e414a\",\"w\":48,\"x\":0,\"y\":17},\"panelIndex\":\"f7c6de04-c771-47ff-a32d-00a7940e414a\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color\":\"rgba(255,255,255,1)\",\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"\",\"isModelInvalid\":false,\"legend_position\":\"right\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(211,49,21,1)\",\"fill\":\"0\",\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.vpcflow\\\" and aws.vpcflow.action : \\\"REJECT\\\" \"},\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"REJECT\",\"line_width\":\"2\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"override_index_pattern\":1,\"point_size\":\"3\",\"separate_axis\":0,\"series_drop_last_bucket\":0,\"series_index_pattern\":\"logs-*\",\"series_time_field\":\"@timestamp\",\"split_color_mode\":\"rainbow\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"terms_field\":\"aws.vpcflow.action\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(104,188,0,1)\",\"fill\":\"0\",\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.vpcflow\\\" and aws.vpcflow.action : \\\"ACCEPT\\\"  \"},\"formatter\":\"number\",\"id\":\"7ec99260-4485-11ea-9ee9-2d27e9149ae8\",\"label\":\"ACCEPT\",\"line_width\":\"2\",\"metrics\":[{\"id\":\"7ec99261-4485-11ea-9ee9-2d27e9149ae8\",\"type\":\"count\"}],\"override_index_pattern\":1,\"point_size\":\"3\",\"separate_axis\":0,\"series_drop_last_bucket\":0,\"series_index_pattern\":\"logs-*\",\"series_time_field\":\"@timestamp\",\"split_color_mode\":\"rainbow\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"terms_field\":\"aws.vpcflow.action\",\"terms_order_by\":\"7ec99261-4485-11ea-9ee9-2d27e9149ae8\",\"type\":\"timeseries\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(252,220,0,1)\",\"fill\":\"0\",\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.vpcflow\\\" and aws.vpcflow.action : \\\"-\\\" \"},\"formatter\":\"number\",\"id\":\"8d550580-4485-11ea-9ee9-2d27e9149ae8\",\"label\":\"-\",\"line_width\":\"2\",\"metrics\":[{\"id\":\"8d552c90-4485-11ea-9ee9-2d27e9149ae8\",\"type\":\"count\"}],\"override_index_pattern\":1,\"point_size\":\"3\",\"separate_axis\":0,\"series_drop_last_bucket\":0,\"series_index_pattern\":\"logs-*\",\"series_time_field\":\"@timestamp\",\"split_color_mode\":\"rainbow\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"terms_field\":\"aws.vpcflow.action\",\"terms_order_by\":\"8d552c90-4485-11ea-9ee9-2d27e9149ae8\",\"type\":\"timeseries\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(115,216,255,1)\",\"fill\":\"0.5\",\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.vpcflow\\\"\"},\"formatter\":\"number\",\"id\":\"c8c27df0-4485-11ea-9ee9-2d27e9149ae8\",\"label\":\"Total Requests\",\"line_width\":\"2\",\"metrics\":[{\"id\":\"c8c27df1-4485-11ea-9ee9-2d27e9149ae8\",\"type\":\"count\"}],\"override_index_pattern\":1,\"point_size\":\"3\",\"separate_axis\":0,\"series_drop_last_bucket\":0,\"series_index_pattern\":\"logs-*\",\"series_time_field\":\"@timestamp\",\"split_color_mode\":\"rainbow\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"terms_field\":\"aws.vpcflow.action\",\"terms_order_by\":\"c8c27df1-4485-11ea-9ee9-2d27e9149ae8\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"VPC Flow Total Requests [Logs AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"VPC Flow Total Requests\"},{\"embeddableConfig\":{\"title\":\"VPC Flow Reject Logs\"},\"gridData\":{\"h\":15,\"i\":\"b4dbbe72-0dc0-428b-b21e-91c6cc82745c\",\"w\":48,\"x\":0,\"y\":29},\"panelIndex\":\"b4dbbe72-0dc0-428b-b21e-91c6cc82745c\",\"panelRefName\":\"panel_4\",\"title\":\"VPC Flow Reject Logs\",\"version\":\"7.4.0\"}]","timeRestore":false,"title":"[Logs AWS] VPC Flow Log Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"aws-15503340-4488-11ea-ad63-791a5dc86f10","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"aws-c1aee600-4487-11ea-ad63-791a5dc86f10","name":"panel_4","type":"search"},{"id":"logs-*","name":"c802177f-038c-4a35-a82d-0fa42c857d02:control_0_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"380eed85-225b-4d5d-88bc-1c70a3643ddb:layer_1_source_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"380eed85-225b-4d5d-88bc-1c70a3643ddb:layer_2_source_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688996741503,5776],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0OTUsMV0="}
+{"attributes":{"description":"Overview of AWS SQS Metrics","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.sqs\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.sqs\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"1\",\"w\":12,\"x\":12,\"y\":0},\"panelIndex\":\"1\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"d5b83c70-41e8-11e9-9e94-11d4d21d3f4b\"}],\"bar_color_rules\":[{\"id\":\"d2d14920-41e8-11e9-9e94-11d4d21d3f4b\"}],\"drop_last_bucket\":0,\"gauge_color_rules\":[{\"id\":\"d2163680-41e8-11e9-9e94-11d4d21d3f4b\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"hide_last_value_indicator\":true,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"SQS Message Visible\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.sqs.messages.visible\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.sqs.queue.name\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"terms_size\":\"5\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"top_n\",\"use_kibana_indexes\":false},\"title\":\"SQS Messages Visible [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"SQS Messages Visible\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"2\",\"w\":12,\"x\":36,\"y\":0},\"panelIndex\":\"2\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"bar_color_rules\":[{\"id\":\"3e3d3610-437e-11e9-a35d-972620e4f790\"}],\"drop_last_bucket\":0,\"hide_last_value_indicator\":true,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"AWS SQS Oldest Message Age in Seconds\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.sqs.oldest_message_age.sec\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"max\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.sqs.queue.name\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"terms_size\":\"5\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"top_n\",\"use_kibana_indexes\":false},\"title\":\"SQS Oldest Message Age in Seconds [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"SQS Oldest Message Age in Seconds\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":24,\"x\":0,\"y\":8},\"panelIndex\":\"3\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"1ccb6710-43b3-11e9-8c70-d17a67455a84\"}],\"bar_color_rules\":[{\"id\":\"57cc0200-43b5-11e9-84e9-a97a63579915\"}],\"drop_last_bucket\":0,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.sqs.messages.received\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\"}],\"point_size\":1,\"separate_axis\":0,\"series_drop_last_bucket\":1,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.sqs.queue.name\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"terms_size\":\"5\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"SQS Messages Received [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"SQS Messages Received\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"4\",\"w\":24,\"x\":24,\"y\":8},\"panelIndex\":\"4\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":0,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.sqs.messages.deleted\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.sqs.queue.name\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"terms_size\":\"5\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"SQS Messages Deleted [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"SQS Messages Deleted\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"7\",\"w\":24,\"x\":0,\"y\":16},\"panelIndex\":\"7\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":0,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.sqs.messages.delayed\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.sqs.queue.name\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"terms_size\":\"5\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"SQS Messages Delayed [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"SQS Messages Delayed\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"8\",\"w\":24,\"x\":24,\"y\":16},\"panelIndex\":\"8\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"d95adba0-6b8a-11e9-98b0-9b2c3d14a4c1\"}],\"drop_last_bucket\":0,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.sqs.messages.sent\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.sqs.queue.name\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"terms_size\":\"5\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"SQS Messages Sent [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"SQS Messages Sent\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"9\",\"w\":12,\"x\":0,\"y\":0},\"panelIndex\":\"9\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloud.region\",\"id\":\"1549397251041\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"region\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"aws.sqs.queue.name\",\"id\":\"1549512142947\",\"indexPatternRefName\":\"control_1_index_pattern\",\"label\":\"queue name\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":true,\"useTimeFilter\":false},\"title\":\"SQS Filters [Metrics AWS]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"SQS Filters\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"10\",\"w\":12,\"x\":24,\"y\":0},\"panelIndex\":\"10\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"d95adba0-6b8a-11e9-98b0-9b2c3d14a4c1\"}],\"bar_color_rules\":[{\"id\":\"a7e8c370-6c25-11e9-9cd1-3bdb0c7db024\"}],\"drop_last_bucket\":0,\"gauge_color_rules\":[{\"id\":\"a778eaa0-6c25-11e9-9cd1-3bdb0c7db024\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"hide_last_value_indicator\":true,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.sqs.empty_receives\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"numerator\":\"\",\"percentiles\":[{\"id\":\"74323cf0-6c25-11e9-9cd1-3bdb0c7db024\",\"mode\":\"line\",\"shade\":0.2,\"value\":50}],\"type\":\"avg\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.sqs.queue.name\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"terms_size\":\"5\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"top_n\",\"use_kibana_indexes\":false},\"title\":\"SQS Empty Receives [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"SQS Empty Receives\"}]","timeRestore":false,"title":"[Metrics AWS] SQS Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"aws-234aeda0-43b7-11e9-8697-530f39afc6eb","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"9:control_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"9:control_1_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688996741503,5782],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0OTYsMV0="}
+{"attributes":{"columns":["observer.name","aws.firewall.flow.id","source.ip","source.port","destination.ip","destination.port","event.kind","event.type"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.firewall_logs\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.firewall_logs\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"sort":[["@timestamp","desc"]],"title":"Firewall Logs [Logs AWS]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"aws-f4856850-4d32-11ec-a678-057fce71e8cd","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688996741503,5787],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0OTcsMV0="}
+{"attributes":{"description":"Dashboard providing an overall view of the AWS Network Firewall integration.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.firewall_logs\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.firewall_logs\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"258f7245-5011-4f03-bcd3-cada0180dc7a\",\"w\":13,\"x\":0,\"y\":0},\"panelIndex\":\"258f7245-5011-4f03-bcd3-cada0180dc7a\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"**Navigation**\\n\\n**[Overview (This Page)](/app/dashboards#/view/aws-2ba11b50-4b9d-11ec-8282-5342b8988acc)**  \\n[Alerts](/app/dashboards#/view/aws-dfa76470-4ba1-11ec-8282-5342b8988acc)  \\n[Flows](/app/dashboards#/view/aws-562bdea0-4ba7-11ec-8282-5342b8988acc)  \\n[Metrics](/app/dashboards#/view/aws-3abffe60-4ba9-11ec-8282-5342b8988acc)  \\n\\n[Integrations Page](/app/integrations/detail/aws/overview?integration=firewall)  \\n\\n**Overview**\\n\\nThis dashboard provides an overall view of the AWS Network Firewall integration.\\n\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"2ece3b2b-326d-4856-b537-4de075cb5d5d\",\"w\":35,\"x\":13,\"y\":0},\"panelIndex\":\"2ece3b2b-326d-4856-b537-4de075cb5d5d\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloud.region\",\"id\":\"1637591016076\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"Region\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloud.availability_zone\",\"id\":\"1637591029629\",\"indexPatternRefName\":\"control_1_index_pattern\",\"label\":\"Availability Zone\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"observer.name\",\"id\":\"1637591118622\",\"indexPatternRefName\":\"control_2_index_pattern\",\"label\":\"Firewall\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":false,\"useTimeFilter\":false},\"title\":\"Firewall Filters [Logs AWS]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Firewall Filters\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64\",\"w\":5,\"x\":13,\"y\":7},\"panelIndex\":\"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"775a9e84-2203-42bf-a775-f60ad2cd84ae\"],\"columns\":{\"775a9e84-2203-42bf-a775-f60ad2cd84ae\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Total Alerts\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"filter-index-pattern-0\",\"key\":\"event.kind\",\"negate\":false,\"params\":{\"query\":\"alert\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.kind\":\"alert\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"775a9e84-2203-42bf-a775-f60ad2cd84ae\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Alerts\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"e8d2a7be-bc2a-4ca5-ae71-5273156084b3\",\"w\":5,\"x\":18,\"y\":7},\"panelIndex\":\"e8d2a7be-bc2a-4ca5-ae71-5273156084b3\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"775a9e84-2203-42bf-a775-f60ad2cd84ae\"],\"columns\":{\"775a9e84-2203-42bf-a775-f60ad2cd84ae\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Total Flows\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"filter-index-pattern-0\",\"key\":\"event.kind\",\"negate\":false,\"params\":{\"query\":\"event\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.kind\":\"event\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"775a9e84-2203-42bf-a775-f60ad2cd84ae\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Flows\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"b9d7f8b6-deb6-4d46-ad11-7793dd783012\",\"w\":5,\"x\":23,\"y\":7},\"panelIndex\":\"b9d7f8b6-deb6-4d46-ad11-7793dd783012\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"775a9e84-2203-42bf-a775-f60ad2cd84ae\"],\"columns\":{\"775a9e84-2203-42bf-a775-f60ad2cd84ae\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Destination IPs\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"destination.ip\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"filter-index-pattern-0\",\"key\":\"event.kind\",\"negate\":false,\"params\":{\"query\":\"alert\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.kind\":\"alert\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"775a9e84-2203-42bf-a775-f60ad2cd84ae\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Destination IPs\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"54c39a08-c881-4c64-af1a-8e48867947c3\",\"w\":5,\"x\":28,\"y\":7},\"panelIndex\":\"54c39a08-c881-4c64-af1a-8e48867947c3\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"775a9e84-2203-42bf-a775-f60ad2cd84ae\"],\"columns\":{\"775a9e84-2203-42bf-a775-f60ad2cd84ae\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Source IPs\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"source.ip\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"filter-index-pattern-0\",\"key\":\"event.kind\",\"negate\":false,\"params\":{\"query\":\"alert\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.kind\":\"alert\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"775a9e84-2203-42bf-a775-f60ad2cd84ae\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Source IPs\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"83dde1a0-0605-4c05-9bd2-1f2686cd7007\",\"w\":5,\"x\":33,\"y\":7},\"panelIndex\":\"83dde1a0-0605-4c05-9bd2-1f2686cd7007\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"b6504f22-c6eb-439d-bb4d-a3acc2b5de34\",\"775a9e84-2203-42bf-a775-f60ad2cd84ae\"],\"columns\":{\"775a9e84-2203-42bf-a775-f60ad2cd84ae\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Network Protocols\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"network.protocol\"},\"b6504f22-c6eb-439d-bb4d-a3acc2b5de34\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique count of network.protocol\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"network.protocol\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"filter-index-pattern-0\",\"key\":\"event.kind\",\"negate\":false,\"params\":{\"query\":\"event\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.kind\":\"event\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"775a9e84-2203-42bf-a775-f60ad2cd84ae\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Network Protocols\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"649add0f-9eb6-4cc8-be29-b0911e29827c\",\"w\":5,\"x\":38,\"y\":7},\"panelIndex\":\"649add0f-9eb6-4cc8-be29-b0911e29827c\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"b6504f22-c6eb-439d-bb4d-a3acc2b5de34\",\"775a9e84-2203-42bf-a775-f60ad2cd84ae\"],\"columns\":{\"775a9e84-2203-42bf-a775-f60ad2cd84ae\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Total Bytes\",\"operationType\":\"sum\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}},\"scale\":\"ratio\",\"sourceField\":\"aws.firewall.flow.bytes\"},\"b6504f22-c6eb-439d-bb4d-a3acc2b5de34\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique count of network.protocol\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"network.protocol\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"filter-index-pattern-0\",\"key\":\"event.kind\",\"negate\":false,\"params\":{\"query\":\"event\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.kind\":\"event\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"775a9e84-2203-42bf-a775-f60ad2cd84ae\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Bytes\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"c070e106-ce00-4096-be3d-b528119f0828\",\"w\":5,\"x\":43,\"y\":7},\"panelIndex\":\"c070e106-ce00-4096-be3d-b528119f0828\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"b6504f22-c6eb-439d-bb4d-a3acc2b5de34\",\"775a9e84-2203-42bf-a775-f60ad2cd84ae\"],\"columns\":{\"775a9e84-2203-42bf-a775-f60ad2cd84ae\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Firewalls\",\"operationType\":\"unique_count\",\"params\":{},\"scale\":\"ratio\",\"sourceField\":\"observer.name\"},\"b6504f22-c6eb-439d-bb4d-a3acc2b5de34\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique count of network.protocol\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"network.protocol\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"filter-index-pattern-0\",\"key\":\"event.kind\",\"negate\":false,\"params\":{\"query\":\"event\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.kind\":\"event\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"775a9e84-2203-42bf-a775-f60ad2cd84ae\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Bytes\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":16,\"i\":\"f933435c-1f7d-4cb0-87eb-6c23c6ad6dbb\",\"w\":28,\"x\":0,\"y\":15},\"panelIndex\":\"f933435c-1f7d-4cb0-87eb-6c23c6ad6dbb\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-8c1d8a18-0da5-431f-8faf-f72f028b10de\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"8c1d8a18-0da5-431f-8faf-f72f028b10de\":{\"columnOrder\":[\"995b44f7-a7f2-474a-b080-bc5e61834c85\",\"ac103bf9-1072-42f9-88e1-645355cfab7d\",\"d75176b0-fe18-4834-8be1-876ae441c8f9\"],\"columns\":{\"995b44f7-a7f2-474a-b080-bc5e61834c85\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of event.kind\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"d75176b0-fe18-4834-8be1-876ae441c8f9\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":3},\"scale\":\"ordinal\",\"sourceField\":\"event.kind\"},\"ac103bf9-1072-42f9-88e1-645355cfab7d\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"d75176b0-fe18-4834-8be1-876ae441c8f9\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"d75176b0-fe18-4834-8be1-876ae441c8f9\"],\"layerId\":\"8c1d8a18-0da5-431f-8faf-f72f028b10de\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"995b44f7-a7f2-474a-b080-bc5e61834c85\",\"xAccessor\":\"ac103bf9-1072-42f9-88e1-645355cfab7d\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Events\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":16,\"i\":\"bcfbc5f5-fd40-48e3-937d-965fcb8a5585\",\"w\":20,\"x\":28,\"y\":15},\"panelIndex\":\"bcfbc5f5-fd40-48e3-937d-965fcb8a5585\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b2bc813b-af38-4aac-bf1f-7d3b6f3aa51c\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b2bc813b-af38-4aac-bf1f-7d3b6f3aa51c\":{\"columnOrder\":[\"7ea404e0-e31f-4216-a626-ee830469e97b\",\"de9ad2be-a35d-4e4c-a6ac-4a1b2dcc2c0b\",\"6e93ea29-3bab-47ea-b978-c91480873532\"],\"columns\":{\"6e93ea29-3bab-47ea-b978-c91480873532\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"7ea404e0-e31f-4216-a626-ee830469e97b\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Firewalls\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"6e93ea29-3bab-47ea-b978-c91480873532\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"observer.name\"},\"de9ad2be-a35d-4e4c-a6ac-4a1b2dcc2c0b\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of event.kind\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"6e93ea29-3bab-47ea-b978-c91480873532\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":3},\"scale\":\"ordinal\",\"sourceField\":\"event.kind\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"6e93ea29-3bab-47ea-b978-c91480873532\"],\"layerId\":\"b2bc813b-af38-4aac-bf1f-7d3b6f3aa51c\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"splitAccessor\":\"de9ad2be-a35d-4e4c-a6ac-4a1b2dcc2c0b\",\"xAccessor\":\"7ea404e0-e31f-4216-a626-ee830469e97b\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"bar_horizontal\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Events by Firewall\"},{\"embeddableConfig\":{\"columns\":[\"observer.name\",\"source.ip\",\"source.port\",\"destination.ip\",\"destination.port\",\"network.transport\",\"network.protocol\"],\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":15,\"i\":\"fc5a3028-fdfc-4c3c-ab04-f43123af380b\",\"w\":48,\"x\":0,\"y\":31},\"panelIndex\":\"fc5a3028-fdfc-4c3c-ab04-f43123af380b\",\"panelRefName\":\"panel_fc5a3028-fdfc-4c3c-ab04-f43123af380b\",\"title\":\"Firewall Logs\",\"type\":\"search\",\"version\":\"7.15.1\"}]","timeRestore":false,"title":"[Logs AWS] Firewall Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"aws-2ba11b50-4b9d-11ec-8282-5342b8988acc","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:filter-index-pattern-0","type":"index-pattern"},{"id":"logs-*","name":"e8d2a7be-bc2a-4ca5-ae71-5273156084b3:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"e8d2a7be-bc2a-4ca5-ae71-5273156084b3:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"e8d2a7be-bc2a-4ca5-ae71-5273156084b3:filter-index-pattern-0","type":"index-pattern"},{"id":"logs-*","name":"b9d7f8b6-deb6-4d46-ad11-7793dd783012:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"b9d7f8b6-deb6-4d46-ad11-7793dd783012:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"b9d7f8b6-deb6-4d46-ad11-7793dd783012:filter-index-pattern-0","type":"index-pattern"},{"id":"logs-*","name":"54c39a08-c881-4c64-af1a-8e48867947c3:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"54c39a08-c881-4c64-af1a-8e48867947c3:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"54c39a08-c881-4c64-af1a-8e48867947c3:filter-index-pattern-0","type":"index-pattern"},{"id":"logs-*","name":"83dde1a0-0605-4c05-9bd2-1f2686cd7007:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"83dde1a0-0605-4c05-9bd2-1f2686cd7007:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"83dde1a0-0605-4c05-9bd2-1f2686cd7007:filter-index-pattern-0","type":"index-pattern"},{"id":"logs-*","name":"649add0f-9eb6-4cc8-be29-b0911e29827c:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"649add0f-9eb6-4cc8-be29-b0911e29827c:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"649add0f-9eb6-4cc8-be29-b0911e29827c:filter-index-pattern-0","type":"index-pattern"},{"id":"logs-*","name":"c070e106-ce00-4096-be3d-b528119f0828:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"c070e106-ce00-4096-be3d-b528119f0828:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"c070e106-ce00-4096-be3d-b528119f0828:filter-index-pattern-0","type":"index-pattern"},{"id":"logs-*","name":"f933435c-1f7d-4cb0-87eb-6c23c6ad6dbb:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"f933435c-1f7d-4cb0-87eb-6c23c6ad6dbb:indexpattern-datasource-layer-8c1d8a18-0da5-431f-8faf-f72f028b10de","type":"index-pattern"},{"id":"logs-*","name":"bcfbc5f5-fd40-48e3-937d-965fcb8a5585:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"bcfbc5f5-fd40-48e3-937d-965fcb8a5585:indexpattern-datasource-layer-b2bc813b-af38-4aac-bf1f-7d3b6f3aa51c","type":"index-pattern"},{"id":"aws-f4856850-4d32-11ec-a678-057fce71e8cd","name":"fc5a3028-fdfc-4c3c-ab04-f43123af380b:panel_fc5a3028-fdfc-4c3c-ab04-f43123af380b","type":"search"},{"id":"logs-*","name":"2ece3b2b-326d-4856-b537-4de075cb5d5d:control_0_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"2ece3b2b-326d-4856-b537-4de075cb5d5d:control_1_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"2ece3b2b-326d-4856-b537-4de075cb5d5d:control_2_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688996741503,5820],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0OTgsMV0="}
+{"attributes":{"columns":["user.id","event.provider","aws.cloudtrail.event_type","event.action","event.outcome","source.address","source.geo.region_name"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.cloudtrail\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.cloudtrail\"}}}],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"version\":true}"},"sort":[[]],"title":"CloudTrail Events [Logs AWS]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"aws-30ccde50-7397-11ea-a345-f985c61fe654","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688996741503,5825],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ0OTksMV0="}
+{"attributes":{"description":"Overview of AWS RDS Metrics","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.rds\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.rds\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"1\",\"w\":17,\"x\":7,\"y\":0},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"10bc2760-d978-11e9-aff2-99c15d8b7da1\"}],\"bar_color_rules\":[{\"id\":\"f8196690-921a-11e9-badf-4b42bd1ef543\"}],\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"bar\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"hide_in_legend\":0,\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Database Connections\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.rds.database_connections\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"terms_field\":\"aws.rds.db_instance.identifier\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"metric\",\"use_kibana_indexes\":false},\"title\":\"RDS Database Connections [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Database Connections\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"5\",\"w\":17,\"x\":7,\"y\":7},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"background_color\":\"rgba(164,221,0,1)\",\"id\":\"27aaf910-d978-11e9-aff2-99c15d8b7da1\",\"operator\":\"lte\",\"value\":0},{\"color\":\"rgba(244,78,59,1)\",\"id\":\"3526a9e0-d978-11e9-aff2-99c15d8b7da1\",\"operator\":\"gt\",\"value\":0},{\"background_color\":\"rgba(164,221,0,1)\",\"id\":\"50a46c15-ab5f-41d6-83de-b988ab7f4149\",\"operator\":\"empty\",\"value\":null},{\"background_color\":\"rgba(164,221,0,1)\",\"id\":\"a42d8157-775b-4e45-bf79-b3b572e2235b\",\"operator\":\"empty\",\"value\":null}],\"bar_color_rules\":[{\"bar_color\":\"rgba(211,49,21,1)\",\"id\":\"f8196690-921a-11e9-badf-4b42bd1ef543\",\"operator\":\"gt\",\"value\":0}],\"drilldown_url\":\"\",\"drop_last_bucket\":1,\"filter\":\"\",\"hide_last_value_indicator\":true,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"bar\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"hide_in_legend\":0,\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Transaction Blocked\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.rds.transactions.blocked\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"terms_field\":\"aws.rds.db_instance.identifier\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"metric\",\"use_kibana_indexes\":false},\"title\":\"RDS Transaction Blocked [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Transaction Blocked\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"6\",\"w\":7,\"x\":0,\"y\":0},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloud.region\",\"id\":\"1549397251041\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"region name\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":true,\"useTimeFilter\":false},\"title\":\"AWS Region Filter [Metrics AWS]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"AWS Region Filter\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"4d89e43f-299c-4f43-bde2-0ada0983ff23\",\"w\":24,\"x\":24,\"y\":0},\"panelIndex\":\"4d89e43f-299c-4f43-bde2-0ada0983ff23\",\"embeddableConfig\":{\"attributes\":{\"description\":null,\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-c6ed7acb-d119-41cc-99ce-cca114d1f1cb\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"c6ed7acb-d119-41cc-99ce-cca114d1f1cb\":{\"columnOrder\":[\"1bfe525f-e68d-4504-86bc-e80fb154192c\",\"08fe8b96-3fe0-410f-8ee3-3ca1379bea49\",\"08fe8b96-3fe0-410f-8ee3-3ca1379bea49X0\"],\"columns\":{\"08fe8b96-3fe0-410f-8ee3-3ca1379bea49\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Free Storage Bytes\",\"operationType\":\"formula\",\"params\":{\"formula\":\"average(aws.rds.free_storage.bytes)\",\"isFormulaBroken\":false},\"references\":[\"08fe8b96-3fe0-410f-8ee3-3ca1379bea49X0\"],\"scale\":\"ratio\"},\"08fe8b96-3fe0-410f-8ee3-3ca1379bea49X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of average(aws.rds.free_storage.bytes)\",\"operationType\":\"average\",\"scale\":\"ratio\",\"sourceField\":\"aws.rds.free_storage.bytes\"},\"1bfe525f-e68d-4504-86bc-e80fb154192c\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of aws.rds.db_instance.identifier\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"fallback\":true,\"type\":\"alphabetical\"},\"orderDirection\":\"asc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.rds.db_instance.identifier\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"08fe8b96-3fe0-410f-8ee3-3ca1379bea49\",\"isTransposed\":false},{\"columnId\":\"1bfe525f-e68d-4504-86bc-e80fb154192c\",\"isTransposed\":false}],\"layerId\":\"c6ed7acb-d119-41cc-99ce-cca114d1f1cb\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"RDS Free Storage Bytes [Metrics AWS]\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Free Storage\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"d409ab5d-84b5-4ecc-86ae-1f79a882b626\",\"w\":24,\"x\":0,\"y\":15},\"panelIndex\":\"d409ab5d-84b5-4ecc-86ae-1f79a882b626\",\"embeddableConfig\":{\"attributes\":{\"description\":null,\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-5a1e8135-28e5-4e15-a675-bf9f840fca1c\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"5a1e8135-28e5-4e15-a675-bf9f840fca1c\":{\"columnOrder\":[\"748501ab-c222-4695-9062-93c70e72a864\",\"191b027e-d3d1-41da-b3fb-29315f99f4ee\",\"98446733-f0c0-4666-8491-52b6eae923ed\",\"98446733-f0c0-4666-8491-52b6eae923edX0\"],\"columns\":{\"191b027e-d3d1-41da-b3fb-29315f99f4ee\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"748501ab-c222-4695-9062-93c70e72a864\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of aws.rds.db_instance.identifier\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"fallback\":true,\"type\":\"alphabetical\"},\"orderDirection\":\"asc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.rds.db_instance.identifier\"},\"98446733-f0c0-4666-8491-52b6eae923ed\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Read Latency (Milliseconds)\",\"operationType\":\"formula\",\"params\":{\"formula\":\"average(aws.rds.latency.read)\",\"isFormulaBroken\":false},\"references\":[\"98446733-f0c0-4666-8491-52b6eae923edX0\"],\"scale\":\"ratio\"},\"98446733-f0c0-4666-8491-52b6eae923edX0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of average(aws.rds.latency.read)\",\"operationType\":\"average\",\"scale\":\"ratio\",\"sourceField\":\"aws.rds.latency.read\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"layers\":[{\"accessors\":[\"98446733-f0c0-4666-8491-52b6eae923ed\"],\"layerId\":\"5a1e8135-28e5-4e15-a675-bf9f840fca1c\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"748501ab-c222-4695-9062-93c70e72a864\",\"xAccessor\":\"191b027e-d3d1-41da-b3fb-29315f99f4ee\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"title\":\"RDS Read Latency in Milliseconds [Metrics AWS]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Read Latency\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"1abf12dc-d009-4a02-acd4-463383d32a63\",\"w\":24,\"x\":24,\"y\":15},\"panelIndex\":\"1abf12dc-d009-4a02-acd4-463383d32a63\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-75b24975-5ca3-4da5-bc1a-92013a901a21\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"75b24975-5ca3-4da5-bc1a-92013a901a21\":{\"columnOrder\":[\"bfa06179-6b6f-43e5-a446-f856ff3e51bf\",\"af96ca6c-7ab9-47a3-ad8b-29e1578c0076\",\"6a87f496-b929-4d24-aede-325d54fedfa1\",\"6a87f496-b929-4d24-aede-325d54fedfa1X0\"],\"columns\":{\"6a87f496-b929-4d24-aede-325d54fedfa1\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Write Latency (Milliseconds)\",\"operationType\":\"formula\",\"params\":{\"formula\":\"average(aws.rds.latency.write)\",\"isFormulaBroken\":false},\"references\":[\"6a87f496-b929-4d24-aede-325d54fedfa1X0\"],\"scale\":\"ratio\"},\"6a87f496-b929-4d24-aede-325d54fedfa1X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of average(aws.rds.latency.write)\",\"operationType\":\"average\",\"scale\":\"ratio\",\"sourceField\":\"aws.rds.latency.write\"},\"af96ca6c-7ab9-47a3-ad8b-29e1578c0076\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"bfa06179-6b6f-43e5-a446-f856ff3e51bf\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of aws.rds.db_instance.identifier\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"fallback\":true,\"type\":\"alphabetical\"},\"orderDirection\":\"asc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.rds.db_instance.identifier\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"layers\":[{\"accessors\":[\"6a87f496-b929-4d24-aede-325d54fedfa1\"],\"layerId\":\"75b24975-5ca3-4da5-bc1a-92013a901a21\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"bfa06179-6b6f-43e5-a446-f856ff3e51bf\",\"xAccessor\":\"af96ca6c-7ab9-47a3-ad8b-29e1578c0076\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"title\":\"RDS Write Latency in Milliseconds [Metrics AWS]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Write Latency\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"c5476b0e-6a44-43e5-8bb4-0795c4d097c1\",\"w\":24,\"x\":0,\"y\":30},\"panelIndex\":\"c5476b0e-6a44-43e5-8bb4-0795c4d097c1\",\"embeddableConfig\":{\"attributes\":{\"description\":null,\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-b8d09be0-e20a-4f42-b08e-1da4c3cc8efd\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b8d09be0-e20a-4f42-b08e-1da4c3cc8efd\":{\"columnOrder\":[\"e676afd3-ebd5-434a-85d7-a1a708b9a32f\",\"545fe110-3ab4-4a3d-99d9-9eae69d6ff07\",\"8293fc99-aed6-44a3-83ee-a498d2200a46\"],\"columns\":{\"545fe110-3ab4-4a3d-99d9-9eae69d6ff07\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of aws.rds.db_instance.identifier\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"8293fc99-aed6-44a3-83ee-a498d2200a46\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.rds.db_instance.identifier\"},\"8293fc99-aed6-44a3-83ee-a498d2200a46\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Insert Throughput Count/Second\",\"operationType\":\"average\",\"scale\":\"ratio\",\"sourceField\":\"aws.rds.throughput.insert\"},\"e676afd3-ebd5-434a-85d7-a1a708b9a32f\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"layers\":[{\"accessors\":[\"8293fc99-aed6-44a3-83ee-a498d2200a46\"],\"layerId\":\"b8d09be0-e20a-4f42-b08e-1da4c3cc8efd\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"545fe110-3ab4-4a3d-99d9-9eae69d6ff07\",\"xAccessor\":\"e676afd3-ebd5-434a-85d7-a1a708b9a32f\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"title\":\"RDS Insert Throughput [Metrics AWS]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Insert Throughput\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"bf74bb77-3503-4682-9f0e-6df0994dce5d\",\"w\":24,\"x\":24,\"y\":30},\"panelIndex\":\"bf74bb77-3503-4682-9f0e-6df0994dce5d\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-8682174a-4cff-4d95-b719-1fc306f5b33a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"8682174a-4cff-4d95-b719-1fc306f5b33a\":{\"columnOrder\":[\"bc08fa3e-ce15-4acd-a0fd-c5c5c5452441\",\"f45a0753-4e23-43c4-80f7-4a9aa9548a6e\",\"85980678-0e26-4f77-b735-7ec5ebbc472e\",\"85980678-0e26-4f77-b735-7ec5ebbc472eX0\"],\"columns\":{\"85980678-0e26-4f77-b735-7ec5ebbc472e\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Select Throughput Count/Second\",\"operationType\":\"formula\",\"params\":{\"formula\":\"average(aws.rds.throughput.select)\",\"isFormulaBroken\":false},\"references\":[\"85980678-0e26-4f77-b735-7ec5ebbc472eX0\"],\"scale\":\"ratio\"},\"85980678-0e26-4f77-b735-7ec5ebbc472eX0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Select Throughput Count/Second\",\"operationType\":\"average\",\"scale\":\"ratio\",\"sourceField\":\"aws.rds.throughput.select\"},\"bc08fa3e-ce15-4acd-a0fd-c5c5c5452441\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of aws.rds.db_instance.identifier\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"fallback\":true,\"type\":\"alphabetical\"},\"orderDirection\":\"asc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.rds.db_instance.identifier\"},\"f45a0753-4e23-43c4-80f7-4a9aa9548a6e\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"layers\":[{\"accessors\":[\"85980678-0e26-4f77-b735-7ec5ebbc472e\"],\"layerId\":\"8682174a-4cff-4d95-b719-1fc306f5b33a\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"bc08fa3e-ce15-4acd-a0fd-c5c5c5452441\",\"xAccessor\":\"f45a0753-4e23-43c4-80f7-4a9aa9548a6e\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"title\":\"RDS Select Throughput[Metrics AWS]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Select Throughput\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"249ff0a6-3fd3-4935-85c3-0c3222d3c498\",\"w\":24,\"x\":0,\"y\":45},\"panelIndex\":\"249ff0a6-3fd3-4935-85c3-0c3222d3c498\",\"embeddableConfig\":{\"attributes\":{\"description\":null,\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-dd0a4706-5286-4976-9bc4-f5e7a4964bf6\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"dd0a4706-5286-4976-9bc4-f5e7a4964bf6\":{\"columnOrder\":[\"a2bb9c7a-0ddc-4bf7-ae24-98a535a916cc\",\"103900c0-dcfa-416f-a272-6efa09c84fce\",\"18e6079e-e955-41d0-8196-d2b932cf1fa6\",\"18e6079e-e955-41d0-8196-d2b932cf1fa6X0\"],\"columns\":{\"103900c0-dcfa-416f-a272-6efa09c84fce\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"18e6079e-e955-41d0-8196-d2b932cf1fa6\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\" average(aws.rds.cpu.total.pct)\",\"operationType\":\"formula\",\"params\":{\"formula\":\"average(aws.rds.cpu.total.pct)\",\"isFormulaBroken\":false},\"references\":[\"18e6079e-e955-41d0-8196-d2b932cf1fa6X0\"],\"scale\":\"ratio\"},\"18e6079e-e955-41d0-8196-d2b932cf1fa6X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of  \",\"operationType\":\"average\",\"scale\":\"ratio\",\"sourceField\":\"aws.rds.cpu.total.pct\"},\"a2bb9c7a-0ddc-4bf7-ae24-98a535a916cc\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of aws.rds.db_instance.identifier\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"fallback\":true,\"type\":\"alphabetical\"},\"orderDirection\":\"asc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.rds.db_instance.identifier\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"layers\":[{\"accessors\":[\"18e6079e-e955-41d0-8196-d2b932cf1fa6\"],\"layerId\":\"dd0a4706-5286-4976-9bc4-f5e7a4964bf6\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"a2bb9c7a-0ddc-4bf7-ae24-98a535a916cc\",\"xAccessor\":\"103900c0-dcfa-416f-a272-6efa09c84fce\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"title\":\"RDS CPU Total Pct [Metrics AWS]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"CPU Total Pct\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"c28488ce-a20e-447f-9a68-ba49b542ab0a\",\"w\":24,\"x\":24,\"y\":45},\"panelIndex\":\"c28488ce-a20e-447f-9a68-ba49b542ab0a\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-14d4ba6b-f4e1-4d40-818a-6aa829d90422\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"14d4ba6b-f4e1-4d40-818a-6aa829d90422\":{\"columnOrder\":[\"8954842c-4056-46ef-adfc-29dfc3b0cbd3\",\"40493df1-c805-49eb-8dfa-9ff81f7acd4b\",\"c7c3ebb2-d611-40a5-aab3-491fa36fe729\",\"c7c3ebb2-d611-40a5-aab3-491fa36fe729X0\"],\"columns\":{\"40493df1-c805-49eb-8dfa-9ff81f7acd4b\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"8954842c-4056-46ef-adfc-29dfc3b0cbd3\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of aws.rds.db_instance.identifier\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"fallback\":true,\"type\":\"alphabetical\"},\"orderDirection\":\"asc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.rds.db_instance.identifier\"},\"c7c3ebb2-d611-40a5-aab3-491fa36fe729\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Queue Depth (Count)\",\"operationType\":\"formula\",\"params\":{\"formula\":\"average(aws.rds.disk_queue_depth)\",\"isFormulaBroken\":false},\"references\":[\"c7c3ebb2-d611-40a5-aab3-491fa36fe729X0\"],\"scale\":\"ratio\"},\"c7c3ebb2-d611-40a5-aab3-491fa36fe729X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Queue Depth (Count)\",\"operationType\":\"average\",\"scale\":\"ratio\",\"sourceField\":\"aws.rds.disk_queue_depth\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"layers\":[{\"accessors\":[\"c7c3ebb2-d611-40a5-aab3-491fa36fe729\"],\"layerId\":\"14d4ba6b-f4e1-4d40-818a-6aa829d90422\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"8954842c-4056-46ef-adfc-29dfc3b0cbd3\",\"xAccessor\":\"40493df1-c805-49eb-8dfa-9ff81f7acd4b\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"title\":\"RDS Disk Queue Depth [Metrics AWS]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Disk Queue Depth\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"29549114-6ebf-4047-aa56-bc035f66d3b4\",\"w\":24,\"x\":0,\"y\":60},\"panelIndex\":\"29549114-6ebf-4047-aa56-bc035f66d3b4\",\"embeddableConfig\":{\"attributes\":{\"description\":null,\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-94e6f698-4af3-4acd-a018-867330b4e0de\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"94e6f698-4af3-4acd-a018-867330b4e0de\":{\"columnOrder\":[\"ba1bdf55-b2f8-4bb4-b78c-caab170367e0\",\"98b1c682-acf5-4331-8129-62177616a221\",\"c7534b00-fa2b-4633-84da-83d71de297f8\",\"c7534b00-fa2b-4633-84da-83d71de297f8X0\"],\"columns\":{\"98b1c682-acf5-4331-8129-62177616a221\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of aws.rds.db_instance.identifier\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"fallback\":true,\"type\":\"alphabetical\"},\"orderDirection\":\"asc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.rds.db_instance.identifier\"},\"ba1bdf55-b2f8-4bb4-b78c-caab170367e0\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"c7534b00-fa2b-4633-84da-83d71de297f8\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Write IOPS (Count/Second)\",\"operationType\":\"formula\",\"params\":{\"formula\":\"average(aws.rds.write_io.ops_per_sec)\",\"isFormulaBroken\":false},\"references\":[\"c7534b00-fa2b-4633-84da-83d71de297f8X0\"],\"scale\":\"ratio\"},\"c7534b00-fa2b-4633-84da-83d71de297f8X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Write IOPS (Count/Second)\",\"operationType\":\"average\",\"scale\":\"ratio\",\"sourceField\":\"aws.rds.write_io.ops_per_sec\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"layers\":[{\"accessors\":[\"c7534b00-fa2b-4633-84da-83d71de297f8\"],\"layerId\":\"94e6f698-4af3-4acd-a018-867330b4e0de\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"98b1c682-acf5-4331-8129-62177616a221\",\"xAccessor\":\"ba1bdf55-b2f8-4bb4-b78c-caab170367e0\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"title\":\"RDS Write IOPS [Metrics AWS]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Write IOPS\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"addd441f-fa2b-4725-8015-619ee176ed0a\",\"w\":24,\"x\":24,\"y\":60},\"panelIndex\":\"addd441f-fa2b-4725-8015-619ee176ed0a\",\"embeddableConfig\":{\"attributes\":{\"description\":null,\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-e2611df6-ca73-4d53-b0b5-afd8b718c369\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"e2611df6-ca73-4d53-b0b5-afd8b718c369\":{\"columnOrder\":[\"53a07fa4-b348-44c7-b644-83f3617e5b5c\",\"b9e82720-e098-4dd7-ac5b-f3becccd344a\",\"85528f23-48f2-462f-8075-eaddd94b21f2\"],\"columns\":{\"53a07fa4-b348-44c7-b644-83f3617e5b5c\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Read IOPS (Count/Second)\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"85528f23-48f2-462f-8075-eaddd94b21f2\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.rds.db_instance.identifier\"},\"85528f23-48f2-462f-8075-eaddd94b21f2\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average of aws.rds.read_io.ops_per_sec\",\"operationType\":\"average\",\"scale\":\"ratio\",\"sourceField\":\"aws.rds.read_io.ops_per_sec\"},\"b9e82720-e098-4dd7-ac5b-f3becccd344a\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"layers\":[{\"accessors\":[\"85528f23-48f2-462f-8075-eaddd94b21f2\"],\"layerId\":\"e2611df6-ca73-4d53-b0b5-afd8b718c369\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"53a07fa4-b348-44c7-b644-83f3617e5b5c\",\"xAccessor\":\"b9e82720-e098-4dd7-ac5b-f3becccd344a\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"title\":\"RDS Read IOPS [Metrics AWS]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Read IOPS\"}]","timeRestore":false,"title":"[Metrics AWS] RDS Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"aws-3367c170-921f-11e9-aa19-159bf182e06f","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"1abf12dc-d009-4a02-acd4-463383d32a63:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"1abf12dc-d009-4a02-acd4-463383d32a63:indexpattern-datasource-layer-75b24975-5ca3-4da5-bc1a-92013a901a21","type":"index-pattern"},{"id":"metrics-*","name":"249ff0a6-3fd3-4935-85c3-0c3222d3c498:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"249ff0a6-3fd3-4935-85c3-0c3222d3c498:indexpattern-datasource-layer-dd0a4706-5286-4976-9bc4-f5e7a4964bf6","type":"index-pattern"},{"id":"metrics-*","name":"c28488ce-a20e-447f-9a68-ba49b542ab0a:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"c28488ce-a20e-447f-9a68-ba49b542ab0a:indexpattern-datasource-layer-14d4ba6b-f4e1-4d40-818a-6aa829d90422","type":"index-pattern"},{"id":"metrics-*","name":"addd441f-fa2b-4725-8015-619ee176ed0a:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"addd441f-fa2b-4725-8015-619ee176ed0a:indexpattern-datasource-layer-e2611df6-ca73-4d53-b0b5-afd8b718c369","type":"index-pattern"},{"id":"metrics-*","name":"6:control_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"4d89e43f-299c-4f43-bde2-0ada0983ff23:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"4d89e43f-299c-4f43-bde2-0ada0983ff23:indexpattern-datasource-layer-c6ed7acb-d119-41cc-99ce-cca114d1f1cb","type":"index-pattern"},{"id":"metrics-*","name":"d409ab5d-84b5-4ecc-86ae-1f79a882b626:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"d409ab5d-84b5-4ecc-86ae-1f79a882b626:indexpattern-datasource-layer-5a1e8135-28e5-4e15-a675-bf9f840fca1c","type":"index-pattern"},{"id":"metrics-*","name":"1abf12dc-d009-4a02-acd4-463383d32a63:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"1abf12dc-d009-4a02-acd4-463383d32a63:indexpattern-datasource-layer-75b24975-5ca3-4da5-bc1a-92013a901a21","type":"index-pattern"},{"id":"metrics-*","name":"c5476b0e-6a44-43e5-8bb4-0795c4d097c1:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"c5476b0e-6a44-43e5-8bb4-0795c4d097c1:indexpattern-datasource-layer-b8d09be0-e20a-4f42-b08e-1da4c3cc8efd","type":"index-pattern"},{"id":"metrics-*","name":"bf74bb77-3503-4682-9f0e-6df0994dce5d:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"bf74bb77-3503-4682-9f0e-6df0994dce5d:indexpattern-datasource-layer-8682174a-4cff-4d95-b719-1fc306f5b33a","type":"index-pattern"},{"id":"metrics-*","name":"249ff0a6-3fd3-4935-85c3-0c3222d3c498:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"249ff0a6-3fd3-4935-85c3-0c3222d3c498:indexpattern-datasource-layer-dd0a4706-5286-4976-9bc4-f5e7a4964bf6","type":"index-pattern"},{"id":"metrics-*","name":"c28488ce-a20e-447f-9a68-ba49b542ab0a:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"c28488ce-a20e-447f-9a68-ba49b542ab0a:indexpattern-datasource-layer-14d4ba6b-f4e1-4d40-818a-6aa829d90422","type":"index-pattern"},{"id":"metrics-*","name":"29549114-6ebf-4047-aa56-bc035f66d3b4:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"29549114-6ebf-4047-aa56-bc035f66d3b4:indexpattern-datasource-layer-94e6f698-4af3-4acd-a018-867330b4e0de","type":"index-pattern"},{"id":"metrics-*","name":"addd441f-fa2b-4725-8015-619ee176ed0a:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"addd441f-fa2b-4725-8015-619ee176ed0a:indexpattern-datasource-layer-e2611df6-ca73-4d53-b0b5-afd8b718c369","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688996741503,5856],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1MDAsMV0="}
+{"attributes":{"columns":["vulnerability.id","vulnerability.score.base","aws.inspector.package_vulnerability_details.cvss.source","vulnerability.score.version","aws.inspector.package_vulnerability_details.related_vulnerabilities"],"description":"","grid":{},"hideChart":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.inspector\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.inspector\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"sort":[["@timestamp","desc"]],"title":"Findings Package Vulnerability Essential Details [Logs Inspector]"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"aws-dffd2200-5a52-11ed-a807-bd2da8f2e79b","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688996741503,5861],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1MDEsMV0="}
+{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{\"8c8c8996-6862-4a4d-9726-f4500f1ea571\":{\"order\":0,\"width\":\"large\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"title\":\"AWS Inspector Findings Severity\",\"fieldName\":\"aws.inspector.severity\",\"id\":\"8c8c8996-6862-4a4d-9726-f4500f1ea571\",\"enhancements\":{}}}}"},"description":"Overview of AWS Inspector Vulnerabilities.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.inspector\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.inspector\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"dd29b1be-2713-4758-bef1-9c310b4a8e1a\",\"w\":24,\"x\":0,\"y\":4},\"panelIndex\":\"dd29b1be-2713-4758-bef1-9c310b4a8e1a\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b2cd46b9-b4fd-4940-9d35-567844a01b5f\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b2cd46b9-b4fd-4940-9d35-567844a01b5f\":{\"columnOrder\":[\"8e3a1fa1-a832-4796-beee-c2f6003979aa\",\"e9633195-636f-4935-8348-fac4365bfa5e\"],\"columns\":{\"8e3a1fa1-a832-4796-beee-c2f6003979aa\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"CVSS Source\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e9633195-636f-4935-8348-fac4365bfa5e\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.inspector.package_vulnerability_details.cvss.source\"},\"e9633195-636f-4935-8348-fac4365bfa5e\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"CVSS Score\",\"operationType\":\"max\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"vulnerability.score.base\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"8e3a1fa1-a832-4796-beee-c2f6003979aa\",\"isTransposed\":false},{\"alignment\":\"left\",\"columnId\":\"e9633195-636f-4935-8348-fac4365bfa5e\",\"isTransposed\":false}],\"layerId\":\"b2cd46b9-b4fd-4940-9d35-567844a01b5f\",\"layerType\":\"data\"}},\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Top 10 Vulnerability CVSS Source with Highest CVSS Score [Logs Inspector]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"896a3082-c44b-456c-a144-0ce096c0a213\",\"w\":24,\"x\":24,\"y\":4},\"panelIndex\":\"896a3082-c44b-456c-a144-0ce096c0a213\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-fe831232-3ace-47b6-98d3-668b72da68cf\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"70dabf72-dffc-47df-b5d3-c77b70cf123c\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"fe831232-3ace-47b6-98d3-668b72da68cf\":{\"columnOrder\":[\"e5860e27-801d-4201-bea0-9d6ecf0cc705\",\"4ad63dd7-4578-46a9-aabf-906dbaa93271\",\"6e934db7-c943-41c7-9c68-d52606e5e734\"],\"columns\":{\"4ad63dd7-4578-46a9-aabf-906dbaa93271\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Account ID\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"6e934db7-c943-41c7-9c68-d52606e5e734\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"cloud.account.id\"},\"6e934db7-c943-41c7-9c68-d52606e5e734\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Critical Severity\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.inspector.severity\"},\"e5860e27-801d-4201-bea0-9d6ecf0cc705\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Package Name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"6e934db7-c943-41c7-9c68-d52606e5e734\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.inspector.package_vulnerability_details.vulnerable_packages.name\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"70dabf72-dffc-47df-b5d3-c77b70cf123c\",\"key\":\"aws.inspector.severity\",\"negate\":false,\"params\":{\"query\":\"CRITICAL\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"aws.inspector.severity\":\"CRITICAL\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"e5860e27-801d-4201-bea0-9d6ecf0cc705\",\"isTransposed\":false},{\"columnId\":\"4ad63dd7-4578-46a9-aabf-906dbaa93271\",\"isTransposed\":false},{\"alignment\":\"left\",\"columnId\":\"6e934db7-c943-41c7-9c68-d52606e5e734\",\"isTransposed\":false}],\"layerId\":\"fe831232-3ace-47b6-98d3-668b72da68cf\",\"layerType\":\"data\"}},\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Vulnerabilities Package Name with Most Critical Findings [Logs Inspector]\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":15,\"i\":\"1bd92e14-3902-4a5b-bc32-86952f9fdfb0\",\"w\":48,\"x\":0,\"y\":19},\"panelIndex\":\"1bd92e14-3902-4a5b-bc32-86952f9fdfb0\",\"panelRefName\":\"panel_1bd92e14-3902-4a5b-bc32-86952f9fdfb0\",\"type\":\"search\",\"version\":\"8.4.0\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"858f6288-7c54-4d7a-be33-374a9d79d1e4\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"858f6288-7c54-4d7a-be33-374a9d79d1e4\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":13,\"markdown\":\"[Inspector Inspector Findings Overview Dashboard](#/dashboard/aws-131a1550-5a0b-11ed-a807-bd2da8f2e79b) | [Inspector Severity Dashboard](#/dashboard/aws-60881ab0-63e0-11ed-be08-4b4db5223139) | [Inspector Vulnerabilities Dashboard](#/dashboard/aws-383d4630-63df-11ed-be08-4b4db5223139) | [Inspector Inspector EC2 and ECR Overview Dashboard](#/dashboard/aws-63984b70-63e1-11ed-be08-4b4db5223139)  \",\"openLinksInNewTab\":true},\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Dashboards [Logs Inspector]\"}]","timeRestore":false,"title":"[Logs AWS] Inspector Vulnerabilities","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"aws-383d4630-63df-11ed-be08-4b4db5223139","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"dd29b1be-2713-4758-bef1-9c310b4a8e1a:indexpattern-datasource-layer-b2cd46b9-b4fd-4940-9d35-567844a01b5f","type":"index-pattern"},{"id":"logs-*","name":"896a3082-c44b-456c-a144-0ce096c0a213:indexpattern-datasource-layer-fe831232-3ace-47b6-98d3-668b72da68cf","type":"index-pattern"},{"id":"logs-*","name":"896a3082-c44b-456c-a144-0ce096c0a213:70dabf72-dffc-47df-b5d3-c77b70cf123c","type":"index-pattern"},{"id":"aws-dffd2200-5a52-11ed-a807-bd2da8f2e79b","name":"1bd92e14-3902-4a5b-bc32-86952f9fdfb0:panel_1bd92e14-3902-4a5b-bc32-86952f9fdfb0","type":"search"},{"id":"logs-*","name":"controlGroup_8c8c8996-6862-4a4d-9726-f4500f1ea571:optionsListDataView","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688996741503,5870],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1MDIsMV0="}
+{"attributes":{"description":"Dashboard providing statistics about metrics ingested from the AWS Network Firewall integration.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.firewall_metrics\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.firewall_metrics\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"258f7245-5011-4f03-bcd3-cada0180dc7a\",\"w\":12,\"x\":0,\"y\":0},\"panelIndex\":\"258f7245-5011-4f03-bcd3-cada0180dc7a\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"**Navigation**\\n\\n[Overview](/app/dashboards#/view/aws-2ba11b50-4b9d-11ec-8282-5342b8988acc)  \\n[Alerts](/app/dashboards#/view/aws-dfa76470-4ba1-11ec-8282-5342b8988acc)  \\n[Flows](/app/dashboards#/view/aws-562bdea0-4ba7-11ec-8282-5342b8988acc)  \\n**[Metrics (This Page)](/app/dashboards#/view/aws-3abffe60-4ba9-11ec-8282-5342b8988acc)**  \\n\\n[Integrations Page](/app/integrations/detail/aws/overview?integration=firewall)  \\n\\n**Overview**\\n\\nThis dashboard provides an overall view of AWS Network Firewall metrics.\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"e5c4efbd-603f-419d-a749-aad051e80f87\",\"w\":36,\"x\":12,\"y\":0},\"panelIndex\":\"e5c4efbd-603f-419d-a749-aad051e80f87\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloud.region\",\"id\":\"1637770000708\",\"indexPatternRefName\":\"control_e5c4efbd-603f-419d-a749-aad051e80f87_0_index_pattern\",\"label\":\"Region\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"aws.dimensions.AvailabilityZone\",\"id\":\"1637770011830\",\"indexPatternRefName\":\"control_e5c4efbd-603f-419d-a749-aad051e80f87_1_index_pattern\",\"label\":\"Availability Zone\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"aws.dimensions.FirewallName\",\"id\":\"1637770022274\",\"indexPatternRefName\":\"control_e5c4efbd-603f-419d-a749-aad051e80f87_2_index_pattern\",\"label\":\"Firewall\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":false,\"useTimeFilter\":false},\"title\":\"\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Firewall Filters\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"09caeba8-1f98-4937-b1b8-60debe3e3728\",\"w\":6,\"x\":12,\"y\":7},\"panelIndex\":\"09caeba8-1f98-4937-b1b8-60debe3e3728\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-32700201-1770-46bd-9ee6-64cad8904bdc\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"32700201-1770-46bd-9ee6-64cad8904bdc\":{\"columnOrder\":[\"120709bf-e5a1-4646-9ee7-ae2d5d5f144d\"],\"columns\":{\"120709bf-e5a1-4646-9ee7-ae2d5d5f144d\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Received Packets\",\"operationType\":\"sum\",\"scale\":\"ratio\",\"sourceField\":\"aws.networkfirewall.metrics.ReceivedPackets.sum\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"120709bf-e5a1-4646-9ee7-ae2d5d5f144d\",\"layerId\":\"32700201-1770-46bd-9ee6-64cad8904bdc\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Received Packets\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"77e21d6a-f90b-4bbf-83bc-e226fdf9320c\",\"w\":6,\"x\":18,\"y\":7},\"panelIndex\":\"77e21d6a-f90b-4bbf-83bc-e226fdf9320c\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-32700201-1770-46bd-9ee6-64cad8904bdc\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"32700201-1770-46bd-9ee6-64cad8904bdc\":{\"columnOrder\":[\"120709bf-e5a1-4646-9ee7-ae2d5d5f144d\"],\"columns\":{\"120709bf-e5a1-4646-9ee7-ae2d5d5f144d\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Dropped Packets\",\"operationType\":\"sum\",\"scale\":\"ratio\",\"sourceField\":\"aws.networkfirewall.metrics.DroppedPackets.sum\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"120709bf-e5a1-4646-9ee7-ae2d5d5f144d\",\"layerId\":\"32700201-1770-46bd-9ee6-64cad8904bdc\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Dropped Packets\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"9b88c7db-b335-4517-811d-dfbfbae6efae\",\"w\":6,\"x\":24,\"y\":7},\"panelIndex\":\"9b88c7db-b335-4517-811d-dfbfbae6efae\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-32700201-1770-46bd-9ee6-64cad8904bdc\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"32700201-1770-46bd-9ee6-64cad8904bdc\":{\"columnOrder\":[\"120709bf-e5a1-4646-9ee7-ae2d5d5f144d\"],\"columns\":{\"120709bf-e5a1-4646-9ee7-ae2d5d5f144d\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Passed Packets\",\"operationType\":\"sum\",\"scale\":\"ratio\",\"sourceField\":\"aws.networkfirewall.metrics.PassedPackets.sum\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"120709bf-e5a1-4646-9ee7-ae2d5d5f144d\",\"layerId\":\"32700201-1770-46bd-9ee6-64cad8904bdc\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Passed Packets\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"6d617b1a-a973-4136-8d93-15e5c72c43f2\",\"w\":6,\"x\":30,\"y\":7},\"panelIndex\":\"6d617b1a-a973-4136-8d93-15e5c72c43f2\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"9f99f66f-4762-4030-9704-d215568cce9c\"],\"columns\":{\"9f99f66f-4762-4030-9704-d215568cce9c\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Custom Actions\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"aws.dimensions.CustomAction\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"9f99f66f-4762-4030-9704-d215568cce9c\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Custom Actions\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"7d32001b-b08f-4d1b-9a98-a5aeea986769\",\"w\":6,\"x\":36,\"y\":7},\"panelIndex\":\"7d32001b-b08f-4d1b-9a98-a5aeea986769\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"9fc78ba7-ca2c-41da-8723-8f7c14623b98\"],\"columns\":{\"9fc78ba7-ca2c-41da-8723-8f7c14623b98\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Custom Action Packets\",\"operationType\":\"sum\",\"scale\":\"ratio\",\"sourceField\":\"aws.networkfirewall.metrics.Packets.sum\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"9fc78ba7-ca2c-41da-8723-8f7c14623b98\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Custom Action Packets\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"f125ee00-634b-433e-969f-fd0c0d91bca7\",\"w\":6,\"x\":42,\"y\":7},\"panelIndex\":\"f125ee00-634b-433e-969f-fd0c0d91bca7\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"9fc78ba7-ca2c-41da-8723-8f7c14623b98\"],\"columns\":{\"9fc78ba7-ca2c-41da-8723-8f7c14623b98\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Firewalls\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"aws.dimensions.FirewallName\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"9fc78ba7-ca2c-41da-8723-8f7c14623b98\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Firewalls\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"857f2368-7f1b-40b3-a8a1-dd03e3934bb0\",\"w\":24,\"x\":0,\"y\":15},\"panelIndex\":\"857f2368-7f1b-40b3-a8a1-dd03e3934bb0\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-d4d7d95f-a6e2-43f4-a955-2c01f68a430b\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"d4d7d95f-a6e2-43f4-a955-2c01f68a430b\":{\"columnOrder\":[\"2f62d52a-d84a-4281-9024-b98669686137\",\"062398ba-6a41-4448-9a19-0e59282cc6c6\",\"4fdf8c62-e26b-4826-b375-dfac3f441e15\",\"5d832832-5fbe-4e46-a715-43e27b9c7569\"],\"columns\":{\"062398ba-6a41-4448-9a19-0e59282cc6c6\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Passed Packets\",\"operationType\":\"sum\",\"scale\":\"ratio\",\"sourceField\":\"aws.networkfirewall.metrics.PassedPackets.sum\"},\"2f62d52a-d84a-4281-9024-b98669686137\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"interval\":\"60s\",\"includeEmptyRows\":true},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"4fdf8c62-e26b-4826-b375-dfac3f441e15\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Received Packets\",\"operationType\":\"sum\",\"scale\":\"ratio\",\"sourceField\":\"aws.networkfirewall.metrics.ReceivedPackets.sum\"},\"5d832832-5fbe-4e46-a715-43e27b9c7569\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Dropped Packets\",\"operationType\":\"sum\",\"scale\":\"ratio\",\"sourceField\":\"aws.networkfirewall.metrics.DroppedPackets.sum\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"curveType\":\"LINEAR\",\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"062398ba-6a41-4448-9a19-0e59282cc6c6\",\"4fdf8c62-e26b-4826-b375-dfac3f441e15\",\"5d832832-5fbe-4e46-a715-43e27b9c7569\"],\"layerId\":\"d4d7d95f-a6e2-43f4-a955-2c01f68a430b\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"xAccessor\":\"2f62d52a-d84a-4281-9024-b98669686137\"}],\"legend\":{\"isInside\":false,\"isVisible\":true,\"maxLines\":1,\"position\":\"right\",\"showSingleSeries\":true,\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"valuesInLegend\":false,\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"yTitle\":\"Packets\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Packet Metrics\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"d564a504-e08a-4b14-baf4-d433b66982f9\",\"w\":24,\"x\":24,\"y\":15},\"panelIndex\":\"d564a504-e08a-4b14-baf4-d433b66982f9\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-d4d7d95f-a6e2-43f4-a955-2c01f68a430b\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"d4d7d95f-a6e2-43f4-a955-2c01f68a430b\":{\"columnOrder\":[\"98758a54-1b6c-44ea-8636-2f47da173b6c\",\"2f62d52a-d84a-4281-9024-b98669686137\",\"f3902f27-1f51-4d89-b43d-b17daeb79617\"],\"columns\":{\"2f62d52a-d84a-4281-9024-b98669686137\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"interval\":\"60s\",\"includeEmptyRows\":true},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"98758a54-1b6c-44ea-8636-2f47da173b6c\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of aws.dimensions.CustomAction\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"f3902f27-1f51-4d89-b43d-b17daeb79617\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":3},\"scale\":\"ordinal\",\"sourceField\":\"aws.dimensions.CustomAction\"},\"f3902f27-1f51-4d89-b43d-b17daeb79617\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Median of aws.networkfirewall.metrics.Packets.sum\",\"operationType\":\"median\",\"scale\":\"ratio\",\"sourceField\":\"aws.networkfirewall.metrics.Packets.sum\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"curveType\":\"LINEAR\",\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"f3902f27-1f51-4d89-b43d-b17daeb79617\"],\"layerId\":\"d4d7d95f-a6e2-43f4-a955-2c01f68a430b\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"98758a54-1b6c-44ea-8636-2f47da173b6c\",\"xAccessor\":\"2f62d52a-d84a-4281-9024-b98669686137\"}],\"legend\":{\"isInside\":false,\"isVisible\":true,\"maxLines\":1,\"position\":\"right\",\"showSingleSeries\":true,\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"valuesInLegend\":false,\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"yTitle\":\"Packets\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Custom Action Packet Metrics\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":13,\"i\":\"9609e04b-0043-4b3a-a31b-a2461c1e3dcb\",\"w\":24,\"x\":0,\"y\":30},\"panelIndex\":\"9609e04b-0043-4b3a-a31b-a2461c1e3dcb\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5c93c96-5038-49e1-acca-2e876257c059\":{\"columnOrder\":[\"8da03a08-b8bf-4a47-877f-c72de131de91\",\"615c79b2-fc91-49fd-a7e6-2909afde3d19\",\"a3d1b47c-18ca-4fbb-98f1-ee0b3539a4b8\",\"63e6ca80-a408-4f0d-b9c5-4f2603d95804\"],\"columns\":{\"615c79b2-fc91-49fd-a7e6-2909afde3d19\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Received Packets\",\"operationType\":\"sum\",\"scale\":\"ratio\",\"sourceField\":\"aws.networkfirewall.metrics.ReceivedPackets.sum\"},\"63e6ca80-a408-4f0d-b9c5-4f2603d95804\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Passed Packets\",\"operationType\":\"sum\",\"scale\":\"ratio\",\"sourceField\":\"aws.networkfirewall.metrics.PassedPackets.sum\"},\"8da03a08-b8bf-4a47-877f-c72de131de91\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Firewalls\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"63e6ca80-a408-4f0d-b9c5-4f2603d95804\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.dimensions.FirewallName\"},\"a3d1b47c-18ca-4fbb-98f1-ee0b3539a4b8\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Dropped Packets\",\"operationType\":\"sum\",\"scale\":\"ratio\",\"sourceField\":\"aws.networkfirewall.metrics.DroppedPackets.sum\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"8da03a08-b8bf-4a47-877f-c72de131de91\",\"isTransposed\":false},{\"columnId\":\"63e6ca80-a408-4f0d-b9c5-4f2603d95804\",\"isTransposed\":false},{\"columnId\":\"615c79b2-fc91-49fd-a7e6-2909afde3d19\",\"isTransposed\":false},{\"columnId\":\"a3d1b47c-18ca-4fbb-98f1-ee0b3539a4b8\",\"isTransposed\":false}],\"layerId\":\"a5c93c96-5038-49e1-acca-2e876257c059\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Metrics by Firewall\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":13,\"i\":\"ce8caf3c-c830-4500-a4bf-66a9f354cd49\",\"w\":24,\"x\":24,\"y\":30},\"panelIndex\":\"ce8caf3c-c830-4500-a4bf-66a9f354cd49\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5c93c96-5038-49e1-acca-2e876257c059\":{\"columnOrder\":[\"e1969790-1fa3-4d39-a2a4-a0015b724a3c\",\"d0aca0af-5be4-46f9-9280-13d939f9acf5\"],\"columns\":{\"d0aca0af-5be4-46f9-9280-13d939f9acf5\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Packets\",\"operationType\":\"sum\",\"scale\":\"ratio\",\"sourceField\":\"aws.networkfirewall.metrics.Packets.sum\"},\"e1969790-1fa3-4d39-a2a4-a0015b724a3c\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Custom Actions\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"d0aca0af-5be4-46f9-9280-13d939f9acf5\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.dimensions.CustomAction\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"e1969790-1fa3-4d39-a2a4-a0015b724a3c\",\"isTransposed\":false},{\"columnId\":\"d0aca0af-5be4-46f9-9280-13d939f9acf5\",\"isTransposed\":false}],\"layerId\":\"a5c93c96-5038-49e1-acca-2e876257c059\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Custom Actions\"}]","timeRestore":false,"title":"[Metrics AWS] Firewall Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"aws-3abffe60-4ba9-11ec-8282-5342b8988acc","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"e5c4efbd-603f-419d-a749-aad051e80f87:control_e5c4efbd-603f-419d-a749-aad051e80f87_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"e5c4efbd-603f-419d-a749-aad051e80f87:control_e5c4efbd-603f-419d-a749-aad051e80f87_1_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"e5c4efbd-603f-419d-a749-aad051e80f87:control_e5c4efbd-603f-419d-a749-aad051e80f87_2_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"09caeba8-1f98-4937-b1b8-60debe3e3728:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"09caeba8-1f98-4937-b1b8-60debe3e3728:indexpattern-datasource-layer-32700201-1770-46bd-9ee6-64cad8904bdc","type":"index-pattern"},{"id":"metrics-*","name":"77e21d6a-f90b-4bbf-83bc-e226fdf9320c:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"77e21d6a-f90b-4bbf-83bc-e226fdf9320c:indexpattern-datasource-layer-32700201-1770-46bd-9ee6-64cad8904bdc","type":"index-pattern"},{"id":"metrics-*","name":"9b88c7db-b335-4517-811d-dfbfbae6efae:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"9b88c7db-b335-4517-811d-dfbfbae6efae:indexpattern-datasource-layer-32700201-1770-46bd-9ee6-64cad8904bdc","type":"index-pattern"},{"id":"metrics-*","name":"6d617b1a-a973-4136-8d93-15e5c72c43f2:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"6d617b1a-a973-4136-8d93-15e5c72c43f2:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"metrics-*","name":"7d32001b-b08f-4d1b-9a98-a5aeea986769:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"7d32001b-b08f-4d1b-9a98-a5aeea986769:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"metrics-*","name":"f125ee00-634b-433e-969f-fd0c0d91bca7:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"f125ee00-634b-433e-969f-fd0c0d91bca7:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"metrics-*","name":"857f2368-7f1b-40b3-a8a1-dd03e3934bb0:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"857f2368-7f1b-40b3-a8a1-dd03e3934bb0:indexpattern-datasource-layer-d4d7d95f-a6e2-43f4-a955-2c01f68a430b","type":"index-pattern"},{"id":"metrics-*","name":"d564a504-e08a-4b14-baf4-d433b66982f9:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"d564a504-e08a-4b14-baf4-d433b66982f9:indexpattern-datasource-layer-d4d7d95f-a6e2-43f4-a955-2c01f68a430b","type":"index-pattern"},{"id":"metrics-*","name":"9609e04b-0043-4b3a-a31b-a2461c1e3dcb:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"9609e04b-0043-4b3a-a31b-a2461c1e3dcb:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059","type":"index-pattern"},{"id":"metrics-*","name":"ce8caf3c-c830-4500-a4bf-66a9f354cd49:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"ce8caf3c-c830-4500-a4bf-66a9f354cd49:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688996741503,5897],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1MDMsMV0="}
+{"attributes":{"description":"Logs AWS ELB Access Log Overview Dashboard","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"map\",\"gridData\":{\"h\":14,\"i\":\"2c97b32e-5548-429d-9ce0-1bbc3d2398ac\",\"w\":16,\"x\":0,\"y\":0},\"panelIndex\":\"2c97b32e-5548-429d-9ce0-1bbc3d2398ac\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"layerListJSON\":\"[{\\\"alpha\\\":1,\\\"id\\\":\\\"19047c4c-18d7-4aec-b0ce-98de2828244d\\\",\\\"label\\\":\\\"Hits\\\",\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"sourceDescriptor\\\":{\\\"isAutoSelect\\\":true,\\\"type\\\":\\\"EMS_TMS\\\",\\\"lightModeDefault\\\":\\\"road_map\\\"},\\\"style\\\":{},\\\"type\\\":\\\"EMS_VECTOR_TILE\\\",\\\"visible\\\":true},{\\\"alpha\\\":0.75,\\\"id\\\":\\\"1d457cd4-01be-4f96-95fd-af4ac535ebea\\\",\\\"label\\\":null,\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"sourceDescriptor\\\":{\\\"applyGlobalQuery\\\":true,\\\"geoField\\\":\\\"source.geo.location\\\",\\\"id\\\":\\\"1e82f50f-424a-4718-905b-ad45db14db62\\\",\\\"indexPatternRefName\\\":\\\"layer_1_source_index_pattern\\\",\\\"requestType\\\":\\\"point\\\",\\\"resolution\\\":\\\"COARSE\\\",\\\"type\\\":\\\"ES_GEO_GRID\\\"},\\\"style\\\":{\\\"properties\\\":{\\\"fillColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"Blues\\\",\\\"field\\\":{\\\"label\\\":\\\"count\\\",\\\"name\\\":\\\"doc_count\\\",\\\"origin\\\":\\\"source\\\"},\\\"fieldMetaOptions\\\":{\\\"isEnabled\\\":false,\\\"sigma\\\":3}},\\\"type\\\":\\\"DYNAMIC\\\"},\\\"icon\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"value\\\":\\\"marker\\\"}},\\\"iconOrientation\\\":{\\\"options\\\":{\\\"orientation\\\":0},\\\"type\\\":\\\"STATIC\\\"},\\\"iconSize\\\":{\\\"options\\\":{\\\"field\\\":{\\\"label\\\":\\\"count\\\",\\\"name\\\":\\\"doc_count\\\",\\\"origin\\\":\\\"source\\\"},\\\"fieldMetaOptions\\\":{\\\"isEnabled\\\":false,\\\"sigma\\\":3},\\\"maxSize\\\":32,\\\"minSize\\\":4},\\\"type\\\":\\\"DYNAMIC\\\"},\\\"lineColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#167a6d\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"lineWidth\\\":{\\\"options\\\":{\\\"size\\\":1},\\\"type\\\":\\\"STATIC\\\"},\\\"symbolizeAs\\\":{\\\"options\\\":{\\\"value\\\":\\\"circle\\\"}}},\\\"type\\\":\\\"VECTOR\\\"},\\\"type\\\":\\\"GEOJSON_VECTOR\\\",\\\"visible\\\":true}]\",\"mapStateJSON\":\"{\\\"center\\\":{\\\"lat\\\":50.97903,\\\"lon\\\":13.666},\\\"filters\\\":[{\\\"$state\\\":{\\\"store\\\":\\\"appState\\\"},\\\"meta\\\":{\\\"alias\\\":null,\\\"disabled\\\":false,\\\"index\\\":\\\"logs-*\\\",\\\"key\\\":\\\"data_stream.dataset\\\",\\\"negate\\\":false,\\\"params\\\":{\\\"query\\\":\\\"aws.elb_logs\\\"},\\\"type\\\":\\\"phrase\\\",\\\"value\\\":\\\"elb\\\"},\\\"query\\\":{\\\"match\\\":{\\\"data_stream.dataset\\\":{\\\"query\\\":\\\"aws.elb_logs\\\",\\\"type\\\":\\\"phrase\\\"}}}}],\\\"query\\\":{\\\"language\\\":\\\"kuery\\\",\\\"query\\\":\\\"\\\"},\\\"refreshConfig\\\":{\\\"interval\\\":0,\\\"isPaused\\\":false},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-15m\\\",\\\"to\\\":\\\"now\\\"},\\\"zoom\\\":3.9,\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false}}\",\"title\":\"ELB Requests Geolocation [Logs AWS]\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[]}\"},\"isLayerTOCOpen\":false,\"mapCenter\":{\"lat\":51.63808,\"lon\":17.07232,\"zoom\":3.47},\"openTOCDetails\":[],\"type\":\"map\",\"enhancements\":{}},\"title\":\"ELB Requests Geolocation\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":14,\"i\":\"26ebbde3-ee0c-4b4d-8ab9-404cbe5786a9\",\"w\":16,\"x\":16,\"y\":0},\"panelIndex\":\"26ebbde3-ee0c-4b4d-8ab9-404cbe5786a9\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"\",\"isModelInvalid\":false,\"legend_position\":\"bottom\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(104,204,202,1)\",\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.elb_logs\\\"\"},\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Inbound\",\"line_width\":1,\"metrics\":[{\"field\":\"source.bytes\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.elb.name\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"ELB Inbound Traffic [Logs AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"ELB Inbound Traffic\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":14,\"i\":\"48ecb39f-57a5-4805-a8a9-77385a996d75\",\"w\":16,\"x\":32,\"y\":14},\"panelIndex\":\"48ecb39f-57a5-4805-a8a9-77385a996d75\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"29527130-3e86-11ea-9067-cf383a4ea3b3\"}],\"bar_color_rules\":[{\"id\":\"cc6d5070-3e85-11ea-9067-cf383a4ea3b3\"}],\"drop_last_bucket\":1,\"gauge_color_rules\":[{\"id\":\"2b29c940-3e86-11ea-9067-cf383a4ea3b3\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"hide_last_value_indicator\":true,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"\",\"isModelInvalid\":false,\"legend_position\":\"bottom\",\"pivot_id\":\"user_agent.original\",\"pivot_type\":\"string\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(104,188,0,1)\",\"color_rules\":[{\"id\":\"42e14220-3e86-11ea-9067-cf383a4ea3b3\"}],\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.elb_logs\\\" \"},\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"User Agent\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"},{\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"id\":\"2010cb20-3e87-11ea-9067-cf383a4ea3b3\",\"type\":\"cumulative_sum\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"user_agent.original\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"top_n\",\"use_kibana_indexes\":false},\"title\":\"ELB Top User Agents [Logs AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"ELB Top User Agents\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":14,\"i\":\"9812996e-ba10-41bd-b134-c9705a0973b4\",\"w\":16,\"x\":0,\"y\":14},\"panelIndex\":\"9812996e-ba10-41bd-b134-c9705a0973b4\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"\",\"isModelInvalid\":false,\"legend_position\":\"bottom\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(115,216,255,1)\",\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.elb_logs\\\" \"},\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Total Requests\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.elb.name\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"ELB Total Requests [Logs AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"ELB Total Requests\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":14,\"i\":\"bb25b36e-0787-48fd-aa22-7ba8c08a9c36\",\"w\":16,\"x\":16,\"y\":14},\"panelIndex\":\"bb25b36e-0787-48fd-aa22-7ba8c08a9c36\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"29527130-3e86-11ea-9067-cf383a4ea3b3\"}],\"bar_color_rules\":[{\"id\":\"cc6d5070-3e85-11ea-9067-cf383a4ea3b3\"}],\"drop_last_bucket\":1,\"gauge_color_rules\":[{\"id\":\"2b29c940-3e86-11ea-9067-cf383a4ea3b3\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"hide_last_value_indicator\":true,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"\",\"isModelInvalid\":false,\"legend_position\":\"bottom\",\"pivot_id\":\"user_agent.original\",\"pivot_type\":\"string\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(115,216,255,1)\",\"color_rules\":[{\"id\":\"42e14220-3e86-11ea-9067-cf383a4ea3b3\"}],\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.elb_logs\\\" \"},\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"IP address\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"},{\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"id\":\"40c52370-3e87-11ea-9067-cf383a4ea3b3\",\"type\":\"cumulative_sum\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"source.ip\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"top_n\",\"use_kibana_indexes\":false},\"title\":\"ELB Top IP Addresses [Logs AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"ELB Top IP Addresses\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":14,\"i\":\"bf43580d-cc26-415b-ae36-d678a232b544\",\"w\":16,\"x\":32,\"y\":0},\"panelIndex\":\"bf43580d-cc26-415b-ae36-d678a232b544\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"\",\"isModelInvalid\":false,\"legend_position\":\"bottom\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(253,161,255,1)\",\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.elb_logs\\\"\"},\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Outbound\",\"line_width\":1,\"metrics\":[{\"field\":\"destination.bytes\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.elb.name\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"ELB Outbound Traffic [Logs AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"ELB Outbound Traffic\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":14,\"i\":\"466e825b-6ee2-43c3-b221-21abe27612dd\",\"w\":16,\"x\":0,\"y\":28},\"panelIndex\":\"466e825b-6ee2-43c3-b221-21abe27612dd\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"\",\"isModelInvalid\":false,\"legend_position\":\"bottom\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(164,221,0,1)\",\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.elb_logs\\\" and http.response.status_code >= 200 and http.response.status_code\\t< 300\"},\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"HTTP 2xx\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.elb.name\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"ELB HTTP 2xx [Logs AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"ELB HTTP 2xx\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":14,\"i\":\"d42994a6-922c-4f86-bf99-a46f87ff106d\",\"w\":16,\"x\":16,\"y\":28},\"panelIndex\":\"d42994a6-922c-4f86-bf99-a46f87ff106d\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"\",\"isModelInvalid\":false,\"legend_position\":\"bottom\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(174,161,255,1)\",\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.elb_logs\\\" and http.response.status_code >= 400 and http.response.status_code < 500\"},\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"HTTP 4xx\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.elb.name\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"ELB HTTP 4xx [Logs AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"ELB HTTP 4xx\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":14,\"i\":\"f45aaa2c-c244-4d1a-8ad4-4794130b9827\",\"w\":16,\"x\":32,\"y\":28},\"panelIndex\":\"f45aaa2c-c244-4d1a-8ad4-4794130b9827\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"\",\"isModelInvalid\":false,\"legend_position\":\"bottom\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(244,78,59,1)\",\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.elb_logs\\\" and http.response.status_code >= 500 and http.response.status_code < 600\"},\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"HTTP 5xx\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.elb.name\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"ELB HTTP 5xx [Logs AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"ELB HTTP 5xx\"}]","timeRestore":false,"title":"[Logs AWS] ELB Access Log Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"aws-3af47420-3e7b-11ea-bb0a-69c3ca1d410f","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"2c97b32e-5548-429d-9ce0-1bbc3d2398ac:layer_1_source_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688996741503,5901],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1MDQsMV0="}
+{"attributes":{"description":"Overview of AWS Security Hub Findings Action","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.securityhub_findings\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.securityhub_findings\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"c893ddac-d20f-4dd8-9223-ce8eebec350f\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"c893ddac-d20f-4dd8-9223-ce8eebec350f\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"[Findings and Insights Overview](#/dashboard/aws-cc571400-dc61-11ec-a6e3-1bc5ab0aa1b4) | [Findings Malware, Threat Intelligence Indicator and Network Path Overview](#/dashboard/aws-8fcf4c20-f7a3-11ec-aa7f-c173c0f9e267) | [Summary Dashboard](#/dashboard/aws-c9f103d0-5f63-11ed-bd69-473ce047ef30)\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Dashboards [Logs AWS]\"},{\"version\":\"8.7.0\",\"type\":\"map\",\"gridData\":{\"h\":20,\"i\":\"a170a10e-e4e0-4ea6-8562-336df9f46e2f\",\"w\":48,\"x\":0,\"y\":4},\"panelIndex\":\"a170a10e-e4e0-4ea6-8562-336df9f46e2f\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"layerListJSON\":\"[{\\\"sourceDescriptor\\\":{\\\"type\\\":\\\"EMS_TMS\\\",\\\"isAutoSelect\\\":true,\\\"lightModeDefault\\\":\\\"road_map\\\"},\\\"id\\\":\\\"01ebeac6-0c24-44c1-a59f-774292776002\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":1,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"TILE\\\"},\\\"includeInFitToBounds\\\":true,\\\"type\\\":\\\"EMS_VECTOR_TILE\\\"},{\\\"joins\\\":[{\\\"leftField\\\":\\\"iso2\\\",\\\"right\\\":{\\\"type\\\":\\\"ES_TERM_SOURCE\\\",\\\"id\\\":\\\"39ac4104-7e4f-47fa-a965-035f9ea2d076\\\",\\\"indexPatternTitle\\\":\\\"logs-*\\\",\\\"term\\\":\\\"aws.securityhub_findings.action.aws_api_call.remote_ip.country.code\\\",\\\"metrics\\\":[{\\\"type\\\":\\\"count\\\"}],\\\"applyGlobalQuery\\\":true,\\\"applyGlobalTime\\\":true,\\\"applyForceRefresh\\\":true,\\\"indexPatternRefName\\\":\\\"layer_1_join_0_index_pattern\\\"}}],\\\"sourceDescriptor\\\":{\\\"type\\\":\\\"EMS_FILE\\\",\\\"id\\\":\\\"world_countries\\\",\\\"tooltipProperties\\\":[\\\"iso2\\\"]},\\\"style\\\":{\\\"type\\\":\\\"VECTOR\\\",\\\"properties\\\":{\\\"icon\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"value\\\":\\\"marker\\\"}},\\\"fillColor\\\":{\\\"type\\\":\\\"DYNAMIC\\\",\\\"options\\\":{\\\"color\\\":\\\"Yellow to Red\\\",\\\"colorCategory\\\":\\\"palette_0\\\",\\\"field\\\":{\\\"name\\\":\\\"__kbnjoin__count__39ac4104-7e4f-47fa-a965-035f9ea2d076\\\",\\\"origin\\\":\\\"join\\\"},\\\"fieldMetaOptions\\\":{\\\"isEnabled\\\":true,\\\"sigma\\\":3},\\\"type\\\":\\\"ORDINAL\\\"}},\\\"lineColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#3d3d3d\\\"}},\\\"lineWidth\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":1}},\\\"iconSize\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":6}},\\\"iconOrientation\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"orientation\\\":0}},\\\"labelText\\\":{\\\"type\\\":\\\"DYNAMIC\\\",\\\"options\\\":{\\\"field\\\":{\\\"name\\\":\\\"__kbnjoin__count__39ac4104-7e4f-47fa-a965-035f9ea2d076\\\",\\\"origin\\\":\\\"join\\\"}}},\\\"labelColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#000000\\\"}},\\\"labelSize\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":14}},\\\"labelBorderColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#FFFFFF\\\"}},\\\"symbolizeAs\\\":{\\\"options\\\":{\\\"value\\\":\\\"circle\\\"}},\\\"labelBorderSize\\\":{\\\"options\\\":{\\\"size\\\":\\\"SMALL\\\"}}},\\\"isTimeAware\\\":true},\\\"id\\\":\\\"eaf2779b-e6e6-40d9-89d4-b3f04f536a25\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":0.75,\\\"visible\\\":true,\\\"includeInFitToBounds\\\":true,\\\"type\\\":\\\"GEOJSON_VECTOR\\\"}]\",\"mapStateJSON\":\"{\\\"zoom\\\":1.06,\\\"center\\\":{\\\"lon\\\":0,\\\"lat\\\":19.94277},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-7d/d\\\",\\\"to\\\":\\\"now\\\"},\\\"refreshConfig\\\":{\\\"isPaused\\\":true,\\\"interval\\\":0},\\\"query\\\":{\\\"query\\\":\\\"data_stream.dataset : \\\\\\\"aws.securityhub_findings\\\\\\\" \\\",\\\"language\\\":\\\"kuery\\\"},\\\"filters\\\":[],\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false,\\\"backgroundColor\\\":\\\"#ffffff\\\",\\\"disableInteractive\\\":false,\\\"disableTooltipControl\\\":false,\\\"hideToolbarOverlay\\\":false,\\\"hideLayerControl\\\":false,\\\"hideViewControl\\\":false,\\\"initialLocation\\\":\\\"LAST_SAVED_LOCATION\\\",\\\"fixedLocation\\\":{\\\"lat\\\":0,\\\"lon\\\":0,\\\"zoom\\\":2},\\\"browserLocation\\\":{\\\"zoom\\\":2},\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"showScaleControl\\\":false,\\\"showSpatialFilters\\\":true,\\\"showTimesliderToggleButton\\\":true,\\\"spatialFiltersAlpa\\\":0.3,\\\"spatialFiltersFillColor\\\":\\\"#DA8B45\\\",\\\"spatialFiltersLineColor\\\":\\\"#DA8B45\\\"}}\",\"references\":[{\"id\":\"logs-*\",\"name\":\"layer_1_join_0_index_pattern\",\"type\":\"index-pattern\"}],\"title\":\"AWS API Call by Countries [Logs AWS]\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":false,\\\"openTOCDetails\\\":[]}\"},\"enhancements\":{},\"hiddenLayers\":[],\"isLayerTOCOpen\":false,\"mapBuffer\":{\"maxLat\":66.51326,\"maxLon\":180,\"minLat\":-66.51326,\"minLon\":-180},\"mapCenter\":{\"lat\":19.94277,\"lon\":0,\"zoom\":1.06},\"openTOCDetails\":[],\"type\":\"map\"}},{\"version\":\"8.7.0\",\"type\":\"map\",\"gridData\":{\"h\":21,\"i\":\"d5eeb926-44de-424a-adff-b842fed487f1\",\"w\":48,\"x\":0,\"y\":24},\"panelIndex\":\"d5eeb926-44de-424a-adff-b842fed487f1\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"layerListJSON\":\"[{\\\"sourceDescriptor\\\":{\\\"type\\\":\\\"EMS_TMS\\\",\\\"isAutoSelect\\\":true,\\\"lightModeDefault\\\":\\\"road_map\\\"},\\\"id\\\":\\\"08cfbaf0-8c92-472f-9728-8bce4e663334\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":1,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"TILE\\\"},\\\"includeInFitToBounds\\\":true,\\\"type\\\":\\\"EMS_VECTOR_TILE\\\"},{\\\"joins\\\":[{\\\"leftField\\\":\\\"iso2\\\",\\\"right\\\":{\\\"type\\\":\\\"ES_TERM_SOURCE\\\",\\\"id\\\":\\\"8c509e4c-57b1-4bde-9617-b0159ece3c86\\\",\\\"indexPatternTitle\\\":\\\"logs-*\\\",\\\"term\\\":\\\"aws.securityhub_findings.action.network_connection.remote_ip.country.code\\\",\\\"metrics\\\":[{\\\"type\\\":\\\"count\\\"}],\\\"applyGlobalQuery\\\":true,\\\"applyGlobalTime\\\":true,\\\"applyForceRefresh\\\":true,\\\"indexPatternRefName\\\":\\\"layer_1_join_0_index_pattern\\\"}}],\\\"sourceDescriptor\\\":{\\\"type\\\":\\\"EMS_FILE\\\",\\\"id\\\":\\\"world_countries\\\",\\\"tooltipProperties\\\":[\\\"iso2\\\"]},\\\"style\\\":{\\\"type\\\":\\\"VECTOR\\\",\\\"properties\\\":{\\\"icon\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"value\\\":\\\"marker\\\"}},\\\"fillColor\\\":{\\\"type\\\":\\\"DYNAMIC\\\",\\\"options\\\":{\\\"color\\\":\\\"Yellow to Red\\\",\\\"colorCategory\\\":\\\"palette_0\\\",\\\"field\\\":{\\\"name\\\":\\\"__kbnjoin__count__8c509e4c-57b1-4bde-9617-b0159ece3c86\\\",\\\"origin\\\":\\\"join\\\"},\\\"fieldMetaOptions\\\":{\\\"isEnabled\\\":true,\\\"sigma\\\":3},\\\"type\\\":\\\"ORDINAL\\\"}},\\\"lineColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#3d3d3d\\\"}},\\\"lineWidth\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":1}},\\\"iconSize\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":6}},\\\"iconOrientation\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"orientation\\\":0}},\\\"labelText\\\":{\\\"type\\\":\\\"DYNAMIC\\\",\\\"options\\\":{\\\"field\\\":{\\\"name\\\":\\\"__kbnjoin__count__8c509e4c-57b1-4bde-9617-b0159ece3c86\\\",\\\"origin\\\":\\\"join\\\"}}},\\\"labelColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#000000\\\"}},\\\"labelSize\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":14}},\\\"labelBorderColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#FFFFFF\\\"}},\\\"symbolizeAs\\\":{\\\"options\\\":{\\\"value\\\":\\\"circle\\\"}},\\\"labelBorderSize\\\":{\\\"options\\\":{\\\"size\\\":\\\"SMALL\\\"}}},\\\"isTimeAware\\\":true},\\\"id\\\":\\\"f158a7b9-474b-4846-8b59-bbfea4728396\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":0.75,\\\"visible\\\":true,\\\"includeInFitToBounds\\\":true,\\\"type\\\":\\\"GEOJSON_VECTOR\\\"}]\",\"mapStateJSON\":\"{\\\"zoom\\\":1.33,\\\"center\\\":{\\\"lon\\\":13.80026,\\\"lat\\\":14.52408},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-7d/d\\\",\\\"to\\\":\\\"now\\\"},\\\"refreshConfig\\\":{\\\"isPaused\\\":true,\\\"interval\\\":0},\\\"query\\\":{\\\"query\\\":\\\"data_stream.dataset : \\\\\\\"aws.securityhub_findings\\\\\\\" \\\",\\\"language\\\":\\\"kuery\\\"},\\\"filters\\\":[],\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false,\\\"backgroundColor\\\":\\\"#ffffff\\\",\\\"disableInteractive\\\":false,\\\"disableTooltipControl\\\":false,\\\"hideToolbarOverlay\\\":false,\\\"hideLayerControl\\\":false,\\\"hideViewControl\\\":false,\\\"initialLocation\\\":\\\"LAST_SAVED_LOCATION\\\",\\\"fixedLocation\\\":{\\\"lat\\\":0,\\\"lon\\\":0,\\\"zoom\\\":2},\\\"browserLocation\\\":{\\\"zoom\\\":2},\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"showScaleControl\\\":false,\\\"showSpatialFilters\\\":true,\\\"showTimesliderToggleButton\\\":true,\\\"spatialFiltersAlpa\\\":0.3,\\\"spatialFiltersFillColor\\\":\\\"#DA8B45\\\",\\\"spatialFiltersLineColor\\\":\\\"#DA8B45\\\"}}\",\"references\":[{\"id\":\"logs-*\",\"name\":\"layer_1_join_0_index_pattern\",\"type\":\"index-pattern\"}],\"title\":\"Network Connection by Countries [Logs AWS]\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[]}\"},\"enhancements\":{},\"hiddenLayers\":[],\"isLayerTOCOpen\":true,\"mapBuffer\":{\"maxLat\":85.05113,\"maxLon\":360,\"minLat\":-66.51326,\"minLon\":-360},\"mapCenter\":{\"lat\":19.94277,\"lon\":0,\"zoom\":1.06},\"openTOCDetails\":[],\"type\":\"map\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"ea83392c-bf61-452b-a925-da53a605f15e\",\"w\":24,\"x\":0,\"y\":45},\"panelIndex\":\"ea83392c-bf61-452b-a925-da53a605f15e\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-1d4e4b9a-eafe-4c08-8a88-4ee56a5f196d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"1d4e4b9a-eafe-4c08-8a88-4ee56a5f196d\":{\"columnOrder\":[\"9d4fb7b1-f33f-4818-bed0-7e432f3f757b\",\"2c42f7b4-d1de-4da0-b480-7b84e51df812\"],\"columns\":{\"2c42f7b4-d1de-4da0-b480-7b84e51df812\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"9d4fb7b1-f33f-4818-bed0-7e432f3f757b\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Action Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"2c42f7b4-d1de-4da0-b480-7b84e51df812\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"event.action\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"1d4e4b9a-eafe-4c08-8a88-4ee56a5f196d\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"9d4fb7b1-f33f-4818-bed0-7e432f3f757b\"],\"metrics\":[\"2c42f7b4-d1de-4da0-b480-7b84e51df812\"]}],\"shape\":\"pie\"}},\"title\":\"Distribution of Events by Action Type [Logs AWS]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"058d0f04-1686-4516-80f2-1a83851ea96e\",\"w\":24,\"x\":24,\"y\":45},\"panelIndex\":\"058d0f04-1686-4516-80f2-1a83851ea96e\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a95d4f74-a7e0-4bc7-a9aa-b368816e2ce6\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a95d4f74-a7e0-4bc7-a9aa-b368816e2ce6\":{\"columnOrder\":[\"ac5884ec-c3fa-4b6e-a4af-e49794e71472\",\"5b765bda-f376-4403-8809-8896c3e6bd21\"],\"columns\":{\"5b765bda-f376-4403-8809-8896c3e6bd21\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"ac5884ec-c3fa-4b6e-a4af-e49794e71472\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Network Connection Direction\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"5b765bda-f376-4403-8809-8896c3e6bd21\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.action.network_connection.direction\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"a95d4f74-a7e0-4bc7-a9aa-b368816e2ce6\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"ac5884ec-c3fa-4b6e-a4af-e49794e71472\"],\"metrics\":[\"5b765bda-f376-4403-8809-8896c3e6bd21\"]}],\"shape\":\"pie\"}},\"title\":\"Distribution of Events by Network Connection Direction [Logs AWS]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"bd8c282c-17ad-4104-8fec-bb9581748919\",\"w\":24,\"x\":0,\"y\":60},\"panelIndex\":\"bd8c282c-17ad-4104-8fec-bb9581748919\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-edff9217-fdd3-400b-badf-89f37350f168\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"edff9217-fdd3-400b-badf-89f37350f168\":{\"columnOrder\":[\"b62a89ae-c74a-44aa-87d2-ee9e6606f9f5\",\"1728e561-e7a1-4b7f-a344-8ce508632ecf\"],\"columns\":{\"1728e561-e7a1-4b7f-a344-8ce508632ecf\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"b62a89ae-c74a-44aa-87d2-ee9e6606f9f5\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"AWS API Call Service Name \",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"1728e561-e7a1-4b7f-a344-8ce508632ecf\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.action.aws_api_call.service.name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"1728e561-e7a1-4b7f-a344-8ce508632ecf\"],\"layerId\":\"edff9217-fdd3-400b-badf-89f37350f168\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"b62a89ae-c74a-44aa-87d2-ee9e6606f9f5\"}],\"legend\":{\"isVisible\":true,\"legendSize\":\"auto\",\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"title\":\"Distribution of Events by AWS API Call Action Service Name [Logs AWS]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"54045abd-664a-46da-8e75-c1b52460eda3\",\"w\":24,\"x\":24,\"y\":60},\"panelIndex\":\"54045abd-664a-46da-8e75-c1b52460eda3\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-7bf878d9-be2e-4436-b1b0-14411b106a14\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"7bf878d9-be2e-4436-b1b0-14411b106a14\":{\"columnOrder\":[\"b67d6fee-3664-4292-95db-10d5f740c5d0\",\"ad38b778-54c1-4ec8-b50f-0467530d75ef\"],\"columns\":{\"ad38b778-54c1-4ec8-b50f-0467530d75ef\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"b67d6fee-3664-4292-95db-10d5f740c5d0\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"DNS Request Blocked\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"ad38b778-54c1-4ec8-b50f-0467530d75ef\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.action.dns_request.blocked\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"7bf878d9-be2e-4436-b1b0-14411b106a14\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"b67d6fee-3664-4292-95db-10d5f740c5d0\"],\"metrics\":[\"ad38b778-54c1-4ec8-b50f-0467530d75ef\"]}],\"shape\":\"pie\"}},\"title\":\"Distribution of Events by DNS Request Blocked [Logs AWS]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"1a7df8c6-6da8-451d-a2cf-36cadce30b36\",\"w\":24,\"x\":0,\"y\":75},\"panelIndex\":\"1a7df8c6-6da8-451d-a2cf-36cadce30b36\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-afe9f1d1-b684-48fb-9be7-d916f7c8ad82\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"afe9f1d1-b684-48fb-9be7-d916f7c8ad82\":{\"columnOrder\":[\"c9f9b29b-9d9d-4472-8fa9-6a18da0f13d5\",\"8806c732-d4db-45e0-a14b-c73f8efbc513\"],\"columns\":{\"8806c732-d4db-45e0-a14b-c73f8efbc513\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"c9f9b29b-9d9d-4472-8fa9-6a18da0f13d5\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Port Probe Blocked\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"8806c732-d4db-45e0-a14b-c73f8efbc513\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.action.port_probe.blocked\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"afe9f1d1-b684-48fb-9be7-d916f7c8ad82\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"c9f9b29b-9d9d-4472-8fa9-6a18da0f13d5\"],\"metrics\":[\"8806c732-d4db-45e0-a14b-c73f8efbc513\"]}],\"shape\":\"pie\"}},\"title\":\"Distribution of Events by Port Probe Blocked [Logs AWS]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"ec4c18fe-7102-4ce9-92ad-810a834e3e63\",\"w\":24,\"x\":24,\"y\":75},\"panelIndex\":\"ec4c18fe-7102-4ce9-92ad-810a834e3e63\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-bc5ed209-d33a-4368-8e12-f481b4ed358d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"bc5ed209-d33a-4368-8e12-f481b4ed358d\":{\"columnOrder\":[\"6bd9b2ee-81b5-4cb7-9022-298d885f1d98\",\"2c535e6a-760b-44d4-8060-0b742c9dd26e\"],\"columns\":{\"2c535e6a-760b-44d4-8060-0b742c9dd26e\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"6bd9b2ee-81b5-4cb7-9022-298d885f1d98\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Network Connection Action Blocked\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"2c535e6a-760b-44d4-8060-0b742c9dd26e\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.action.network_connection.blocked\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"bc5ed209-d33a-4368-8e12-f481b4ed358d\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"6bd9b2ee-81b5-4cb7-9022-298d885f1d98\"],\"metrics\":[\"2c535e6a-760b-44d4-8060-0b742c9dd26e\"]}],\"shape\":\"pie\"}},\"title\":\"Distribution of Events by Network Connection Action Blocked [Logs AWS]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"a0109b78-7c58-4956-8d61-12fa00bd53f7\",\"w\":24,\"x\":0,\"y\":90},\"panelIndex\":\"a0109b78-7c58-4956-8d61-12fa00bd53f7\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-cd1ff007-7eb1-4c71-a626-ea5ad9fcb0ba\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"cd1ff007-7eb1-4c71-a626-ea5ad9fcb0ba\":{\"columnOrder\":[\"73da44f6-de88-4c64-b0e6-bccf0117127a\",\"b1b4bb34-c135-4e33-8d0e-3db33c4eaaf4\"],\"columns\":{\"73da44f6-de88-4c64-b0e6-bccf0117127a\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"AWS API Call Caller Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"b1b4bb34-c135-4e33-8d0e-3db33c4eaaf4\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.action.aws_api_call.caller.type\"},\"b1b4bb34-c135-4e33-8d0e-3db33c4eaaf4\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"cd1ff007-7eb1-4c71-a626-ea5ad9fcb0ba\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"73da44f6-de88-4c64-b0e6-bccf0117127a\"],\"metrics\":[\"b1b4bb34-c135-4e33-8d0e-3db33c4eaaf4\"]}],\"shape\":\"pie\"}},\"title\":\"Distribution of Events by AWS API Call Caller Type [Logs AWS]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"46b72e3d-9471-4b3c-8509-bdd8fb4c989c\",\"w\":24,\"x\":24,\"y\":90},\"panelIndex\":\"46b72e3d-9471-4b3c-8509-bdd8fb4c989c\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-f61b43c4-a565-45fc-b2fc-48b276c32f13\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"f61b43c4-a565-45fc-b2fc-48b276c32f13\":{\"columnOrder\":[\"a70fafef-de6e-4e3c-85ad-86b8cb08e404\",\"817e5e5c-9063-497a-a509-ff213c3d8b51\"],\"columns\":{\"817e5e5c-9063-497a-a509-ff213c3d8b51\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"a70fafef-de6e-4e3c-85ad-86b8cb08e404\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Request Domain\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"817e5e5c-9063-497a-a509-ff213c3d8b51\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.action.dns_request.domain\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"a70fafef-de6e-4e3c-85ad-86b8cb08e404\"},{\"columnId\":\"817e5e5c-9063-497a-a509-ff213c3d8b51\"}],\"layerId\":\"f61b43c4-a565-45fc-b2fc-48b276c32f13\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"Top 10 DNS Request Domain [Logs AWS]\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"dc7a8f88-82e6-4fdd-a567-1feae710b3aa\",\"w\":24,\"x\":0,\"y\":105},\"panelIndex\":\"dc7a8f88-82e6-4fdd-a567-1feae710b3aa\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-78886a7e-623a-4494-9ea1-c5fe1bc95184\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"78886a7e-623a-4494-9ea1-c5fe1bc95184\":{\"columnOrder\":[\"5307171c-ada8-477c-b851-6a81b6df6843\",\"02b5ef7f-40e2-47ca-a312-90d247faf0f4\"],\"columns\":{\"02b5ef7f-40e2-47ca-a312-90d247faf0f4\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"5307171c-ada8-477c-b851-6a81b6df6843\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"DNS Request Protocol\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"02b5ef7f-40e2-47ca-a312-90d247faf0f4\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.action.dns_request.protocol\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"78886a7e-623a-4494-9ea1-c5fe1bc95184\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"5307171c-ada8-477c-b851-6a81b6df6843\"],\"metrics\":[\"02b5ef7f-40e2-47ca-a312-90d247faf0f4\"]}],\"shape\":\"pie\"}},\"title\":\"Distribution of Events by DNS Request Protocol [Logs AWS]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"type\":\"lens\"}}]","timeRestore":false,"title":"[Logs AWS] Security Hub Findings Action","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"aws-3d3dbe00-f79f-11ec-aa7f-c173c0f9e267","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"a170a10e-e4e0-4ea6-8562-336df9f46e2f:layer_1_join_0_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"d5eeb926-44de-424a-adff-b842fed487f1:layer_1_join_0_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"ea83392c-bf61-452b-a925-da53a605f15e:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"ea83392c-bf61-452b-a925-da53a605f15e:indexpattern-datasource-layer-1d4e4b9a-eafe-4c08-8a88-4ee56a5f196d","type":"index-pattern"},{"id":"logs-*","name":"058d0f04-1686-4516-80f2-1a83851ea96e:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"058d0f04-1686-4516-80f2-1a83851ea96e:indexpattern-datasource-layer-a95d4f74-a7e0-4bc7-a9aa-b368816e2ce6","type":"index-pattern"},{"id":"logs-*","name":"bd8c282c-17ad-4104-8fec-bb9581748919:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"bd8c282c-17ad-4104-8fec-bb9581748919:indexpattern-datasource-layer-edff9217-fdd3-400b-badf-89f37350f168","type":"index-pattern"},{"id":"logs-*","name":"54045abd-664a-46da-8e75-c1b52460eda3:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"54045abd-664a-46da-8e75-c1b52460eda3:indexpattern-datasource-layer-7bf878d9-be2e-4436-b1b0-14411b106a14","type":"index-pattern"},{"id":"logs-*","name":"1a7df8c6-6da8-451d-a2cf-36cadce30b36:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"1a7df8c6-6da8-451d-a2cf-36cadce30b36:indexpattern-datasource-layer-afe9f1d1-b684-48fb-9be7-d916f7c8ad82","type":"index-pattern"},{"id":"logs-*","name":"ec4c18fe-7102-4ce9-92ad-810a834e3e63:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"ec4c18fe-7102-4ce9-92ad-810a834e3e63:indexpattern-datasource-layer-bc5ed209-d33a-4368-8e12-f481b4ed358d","type":"index-pattern"},{"id":"logs-*","name":"a0109b78-7c58-4956-8d61-12fa00bd53f7:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"a0109b78-7c58-4956-8d61-12fa00bd53f7:indexpattern-datasource-layer-cd1ff007-7eb1-4c71-a626-ea5ad9fcb0ba","type":"index-pattern"},{"id":"logs-*","name":"46b72e3d-9471-4b3c-8509-bdd8fb4c989c:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"46b72e3d-9471-4b3c-8509-bdd8fb4c989c:indexpattern-datasource-layer-f61b43c4-a565-45fc-b2fc-48b276c32f13","type":"index-pattern"},{"id":"logs-*","name":"dc7a8f88-82e6-4fdd-a567-1feae710b3aa:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"dc7a8f88-82e6-4fdd-a567-1feae710b3aa:indexpattern-datasource-layer-78886a7e-623a-4494-9ea1-c5fe1bc95184","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688996741503,5925],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1MDUsMV0="}
+{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{\"dc3d0169-d74f-4562-a5fc-0a3aa3b88a66\":{\"order\":0,\"width\":\"large\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"aws.guardduty.severity.value\",\"parentFieldName\":\"aws.guardduty.severity.value\",\"title\":\"Findings Severity\",\"id\":\"dc3d0169-d74f-4562-a5fc-0a3aa3b88a66\",\"enhancements\":{}}},\"5c292aab-3ebf-4d28-8de8-409c4e8f3964\":{\"order\":1,\"width\":\"large\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"cloud.account.id\",\"title\":\"Cloud Account ID\",\"id\":\"5c292aab-3ebf-4d28-8de8-409c4e8f3964\",\"enhancements\":{}}},\"92f50669-315a-4090-bb9a-6aa4ccd23236\":{\"order\":2,\"width\":\"large\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"cloud.region\",\"title\":\"Cloud Region\",\"id\":\"92f50669-315a-4090-bb9a-6aa4ccd23236\",\"enhancements\":{}}},\"afdfd48f-9238-4bc0-824e-9c24cea54a0d\":{\"order\":3,\"width\":\"large\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"cloud.provider\",\"title\":\"Cloud Provider\",\"id\":\"afdfd48f-9238-4bc0-824e-9c24cea54a0d\",\"enhancements\":{}}}}"},"description":"Overview of Amazon Guardduty Severity.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.guardduty\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.guardduty\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"e5323905-bbca-4cba-9743-62f51e089c4e\",\"w\":24,\"x\":0,\"y\":0},\"panelIndex\":\"e5323905-bbca-4cba-9743-62f51e089c4e\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-e11cbb3d-97ae-40c9-9e40-f22edae179a8\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"12d46c5c-2f5c-4cc8-bbe8-99d02061ca2d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"e11cbb3d-97ae-40c9-9e40-f22edae179a8\":{\"columnOrder\":[\"576fd823-f299-403a-bf8e-50a8907aa24c\"],\"columns\":{\"576fd823-f299-403a-bf8e-50a8907aa24c\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Total Findings Severity\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"12d46c5c-2f5c-4cc8-bbe8-99d02061ca2d\",\"key\":\"aws.guardduty.severity.value\",\"negate\":false,\"type\":\"exists\",\"value\":\"exists\"},\"query\":{\"exists\":{\"field\":\"aws.guardduty.severity.value\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"576fd823-f299-403a-bf8e-50a8907aa24c\",\"layerId\":\"e11cbb3d-97ae-40c9-9e40-f22edae179a8\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Findings Severity [Logs Guardduty]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"9bf4750b-f97a-4cfe-8043-20c060ec0e6b\",\"w\":24,\"x\":24,\"y\":15},\"panelIndex\":\"9bf4750b-f97a-4cfe-8043-20c060ec0e6b\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-cd79dd95-938b-476c-b299-87e08b27babf\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"cd79dd95-938b-476c-b299-87e08b27babf\":{\"columnOrder\":[\"f422e4a2-19b6-43f5-84ab-04c0a1e93884\",\"c8d4b79c-7d41-4961-b026-c98aa675c6a2\"],\"columns\":{\"c8d4b79c-7d41-4961-b026-c98aa675c6a2\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"f422e4a2-19b6-43f5-84ab-04c0a1e93884\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Severity\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"c8d4b79c-7d41-4961-b026-c98aa675c6a2\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.guardduty.severity.value\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"cd79dd95-938b-476c-b299-87e08b27babf\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":false,\"primaryGroups\":[\"f422e4a2-19b6-43f5-84ab-04c0a1e93884\"],\"metrics\":[\"c8d4b79c-7d41-4961-b026-c98aa675c6a2\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Findings by Severity [Logs Guardduty]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"4e6dad73-8053-466e-988f-9d7402bc2296\",\"w\":24,\"x\":0,\"y\":15},\"panelIndex\":\"4e6dad73-8053-466e-988f-9d7402bc2296\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a4a2e3f4-5526-4a49-917d-c0da13a3c59b\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a4a2e3f4-5526-4a49-917d-c0da13a3c59b\":{\"columnOrder\":[\"5802de81-101d-4230-afd8-5cf9b46536b1\",\"e0af7986-42a7-41b4-9c99-8f3f27c91cef\",\"72d33bd8-ee6b-43ea-97e4-bfbc2a75403e\"],\"columns\":{\"5802de81-101d-4230-afd8-5cf9b46536b1\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Resource Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"72d33bd8-ee6b-43ea-97e4-bfbc2a75403e\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.guardduty.resource.type\"},\"72d33bd8-ee6b-43ea-97e4-bfbc2a75403e\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"e0af7986-42a7-41b4-9c99-8f3f27c91cef\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Severity\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"72d33bd8-ee6b-43ea-97e4-bfbc2a75403e\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.guardduty.severity.value\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"accessors\":[\"72d33bd8-ee6b-43ea-97e4-bfbc2a75403e\"],\"layerId\":\"a4a2e3f4-5526-4a49-917d-c0da13a3c59b\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"splitAccessor\":\"e0af7986-42a7-41b4-9c99-8f3f27c91cef\",\"xAccessor\":\"5802de81-101d-4230-afd8-5cf9b46536b1\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false,\"showSingleSeries\":true},\"preferredSeriesType\":\"bar_stacked\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Findings Resource Type by Severity [Logs Guardduty]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"620e666f-80a6-435d-8c05-451cc4638526\",\"w\":24,\"x\":24,\"y\":30},\"panelIndex\":\"620e666f-80a6-435d-8c05-451cc4638526\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-bf5155c0-44e9-4b25-bfcf-5b6519f5642b\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"bf5155c0-44e9-4b25-bfcf-5b6519f5642b\":{\"columnOrder\":[\"b9ce93d0-4d06-4609-b49f-722b3966d8bf\",\"c8bfcf2b-4b66-4c71-8da3-760785897184\",\"bc53461a-e612-48b2-a271-961db2a20a46\"],\"columns\":{\"b9ce93d0-4d06-4609-b49f-722b3966d8bf\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Region\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"bc53461a-e612-48b2-a271-961db2a20a46\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"cloud.region\"},\"bc53461a-e612-48b2-a271-961db2a20a46\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"c8bfcf2b-4b66-4c71-8da3-760785897184\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Severity\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"bc53461a-e612-48b2-a271-961db2a20a46\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.guardduty.severity.value\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"accessors\":[\"bc53461a-e612-48b2-a271-961db2a20a46\"],\"layerId\":\"bf5155c0-44e9-4b25-bfcf-5b6519f5642b\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"splitAccessor\":\"c8bfcf2b-4b66-4c71-8da3-760785897184\",\"xAccessor\":\"b9ce93d0-4d06-4609-b49f-722b3966d8bf\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false,\"showSingleSeries\":true},\"preferredSeriesType\":\"bar_stacked\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Findings Region by Severity [Logs Guardduty]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"8ef41930-65db-4dee-924c-4a05a891729d\",\"w\":24,\"x\":0,\"y\":30},\"panelIndex\":\"8ef41930-65db-4dee-924c-4a05a891729d\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-937499d4-2b05-43ca-9c9b-14cc04d12e59\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"937499d4-2b05-43ca-9c9b-14cc04d12e59\":{\"columnOrder\":[\"5229a27f-0738-40c5-9a85-019fc21dc0e8\",\"601fc88c-dc78-4b52-977e-007e8c241e86\",\"b9e13f4b-8371-4415-acc5-8dec7ae71b46\"],\"columns\":{\"5229a27f-0738-40c5-9a85-019fc21dc0e8\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Severity\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"b9e13f4b-8371-4415-acc5-8dec7ae71b46\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.guardduty.severity.value\"},\"601fc88c-dc78-4b52-977e-007e8c241e86\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"b9e13f4b-8371-4415-acc5-8dec7ae71b46\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique count\",\"operationType\":\"unique_count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"_id\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"accessors\":[\"b9e13f4b-8371-4415-acc5-8dec7ae71b46\"],\"layerId\":\"937499d4-2b05-43ca-9c9b-14cc04d12e59\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"5229a27f-0738-40c5-9a85-019fc21dc0e8\",\"xAccessor\":\"601fc88c-dc78-4b52-977e-007e8c241e86\",\"yConfig\":[{\"axisMode\":\"auto\",\"forAccessor\":\"b9e13f4b-8371-4415-acc5-8dec7ae71b46\"}]}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false,\"showSingleSeries\":true},\"preferredSeriesType\":\"line\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Severity Over Time [Logs Guardduty]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"154adc56-6d50-48ce-8363-fc1227c918c3\",\"w\":24,\"x\":24,\"y\":0},\"panelIndex\":\"154adc56-6d50-48ce-8363-fc1227c918c3\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-bfc64f98-e13e-4bed-9b00-3c73223c5964\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"c68bdca0-e526-4375-92b9-db2c02d55fd1\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"bfc64f98-e13e-4bed-9b00-3c73223c5964\":{\"columnOrder\":[\"72cee35b-e3d2-4b89-93f7-2ff2fc23034f\",\"dabd934c-7800-4ce3-89e6-4be852b387d1\"],\"columns\":{\"72cee35b-e3d2-4b89-93f7-2ff2fc23034f\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Filters\",\"operationType\":\"filters\",\"params\":{\"filters\":[{\"input\":{\"language\":\"kuery\",\"query\":\"aws.guardduty.severity.value : \\\"High\\\" \"},\"label\":\"High\"},{\"input\":{\"language\":\"kuery\",\"query\":\"aws.guardduty.severity.value : Medium\"},\"label\":\"Medium\"},{\"input\":{\"language\":\"kuery\",\"query\":\"aws.guardduty.severity.value : Low\"},\"label\":\"Low\"}]},\"scale\":\"ordinal\"},\"dabd934c-7800-4ce3-89e6-4be852b387d1\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Severity Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"c68bdca0-e526-4375-92b9-db2c02d55fd1\",\"key\":\"aws.guardduty.severity.value\",\"negate\":false,\"type\":\"exists\",\"value\":\"exists\"},\"query\":{\"exists\":{\"field\":\"aws.guardduty.severity.value\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"breakdownByAccessor\":\"72cee35b-e3d2-4b89-93f7-2ff2fc23034f\",\"layerId\":\"bfc64f98-e13e-4bed-9b00-3c73223c5964\",\"layerType\":\"data\",\"maxCols\":3,\"metricAccessor\":\"dabd934c-7800-4ce3-89e6-4be852b387d1\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Findings Count Based on Severity [Logs Guardduty]\"}]","timeRestore":false,"title":"[Logs AWS] Guardduty Findings Severity","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"aws-401261a0-6a39-11ed-b880-2f1b70138655","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"e5323905-bbca-4cba-9743-62f51e089c4e:indexpattern-datasource-layer-e11cbb3d-97ae-40c9-9e40-f22edae179a8","type":"index-pattern"},{"id":"logs-*","name":"e5323905-bbca-4cba-9743-62f51e089c4e:12d46c5c-2f5c-4cc8-bbe8-99d02061ca2d","type":"index-pattern"},{"id":"logs-*","name":"9bf4750b-f97a-4cfe-8043-20c060ec0e6b:indexpattern-datasource-layer-cd79dd95-938b-476c-b299-87e08b27babf","type":"index-pattern"},{"id":"logs-*","name":"4e6dad73-8053-466e-988f-9d7402bc2296:indexpattern-datasource-layer-a4a2e3f4-5526-4a49-917d-c0da13a3c59b","type":"index-pattern"},{"id":"logs-*","name":"620e666f-80a6-435d-8c05-451cc4638526:indexpattern-datasource-layer-bf5155c0-44e9-4b25-bfcf-5b6519f5642b","type":"index-pattern"},{"id":"logs-*","name":"8ef41930-65db-4dee-924c-4a05a891729d:indexpattern-datasource-layer-937499d4-2b05-43ca-9c9b-14cc04d12e59","type":"index-pattern"},{"id":"logs-*","name":"154adc56-6d50-48ce-8363-fc1227c918c3:indexpattern-datasource-layer-bfc64f98-e13e-4bed-9b00-3c73223c5964","type":"index-pattern"},{"id":"logs-*","name":"154adc56-6d50-48ce-8363-fc1227c918c3:c68bdca0-e526-4375-92b9-db2c02d55fd1","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_dc3d0169-d74f-4562-a5fc-0a3aa3b88a66:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_5c292aab-3ebf-4d28-8de8-409c4e8f3964:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_92f50669-315a-4090-bb9a-6aa4ccd23236:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_afdfd48f-9238-4bc0-824e-9c24cea54a0d:optionsListDataView","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688996741503,5941],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1MDYsMV0="}
+{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{\"00dceb34-5141-43da-b731-266e79f7c567\":{\"order\":0,\"width\":\"medium\",\"grow\":false,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"cloud.region\",\"title\":\"AWS Region\",\"id\":\"00dceb34-5141-43da-b731-266e79f7c567\",\"selectedOptions\":[],\"enhancements\":{}}},\"138553b0-cd96-4281-b659-5c181c87725f\":{\"order\":1,\"width\":\"medium\",\"grow\":false,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"aws.dimensions.VolumeId\",\"title\":\"AWS Volume ID\",\"id\":\"138553b0-cd96-4281-b659-5c181c87725f\",\"enhancements\":{}}}}"},"description":"[Metrics AWS] Overview of EBS Metrics","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.ebs\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.ebs\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":10,\"i\":\"81e6e1e4-9723-4ffd-9d87-bfb15043886c\",\"w\":24,\"x\":24,\"y\":10},\"panelIndex\":\"81e6e1e4-9723-4ffd-9d87-bfb15043886c\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-8da59358-bf1a-45d2-be0b-a2ef2a055b58\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"8da59358-bf1a-45d2-be0b-a2ef2a055b58\":{\"columnOrder\":[\"1ebc6615-1b50-4604-b074-5b5b729ed437\",\"267e2665-8afe-44e1-b892-4da143ec22a4\",\"5136662c-0695-4509-bb16-a8a7fc62a499\"],\"columns\":{\"1ebc6615-1b50-4604-b074-5b5b729ed437\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 values of aws.dimensions.VolumeId\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"5136662c-0695-4509-bb16-a8a7fc62a499\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.dimensions.VolumeId\"},\"267e2665-8afe-44e1-b892-4da143ec22a4\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":true,\"interval\":\"5m\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"5136662c-0695-4509-bb16-a8a7fc62a499\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average of aws.ebs.metrics.VolumeWriteOps.avg\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.ebs.metrics.VolumeWriteOps.avg\"}},\"incompleteColumns\":{},\"sampling\":1}}}},\"filters\":[],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"layers\":[{\"accessors\":[\"5136662c-0695-4509-bb16-a8a7fc62a499\"],\"layerId\":\"8da59358-bf1a-45d2-be0b-a2ef2a055b58\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"1ebc6615-1b50-4604-b074-5b5b729ed437\",\"xAccessor\":\"267e2665-8afe-44e1-b892-4da143ec22a4\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\",\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"type\":\"lens\",\"enhancements\":{}},\"title\":\"Volume Write Ops\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":10,\"i\":\"69439d36-0b02-4ba9-adad-2380e77ff8f5\",\"w\":24,\"x\":0,\"y\":10},\"panelIndex\":\"69439d36-0b02-4ba9-adad-2380e77ff8f5\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-e5e87077-5a8a-4fed-b994-2802ebc771ad\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"e5e87077-5a8a-4fed-b994-2802ebc771ad\":{\"columnOrder\":[\"7b5a8129-da0e-49b5-81aa-f14dafa36b82\",\"aa5a250f-ba0d-4fce-9ec0-872309d976ac\",\"a5a6ae4c-3d37-498c-b98f-441169f97136\"],\"columns\":{\"7b5a8129-da0e-49b5-81aa-f14dafa36b82\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 values of aws.dimensions.VolumeId\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"a5a6ae4c-3d37-498c-b98f-441169f97136\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.dimensions.VolumeId\"},\"a5a6ae4c-3d37-498c-b98f-441169f97136\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average of aws.ebs.metrics.VolumeReadOps.avg\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.ebs.metrics.VolumeReadOps.avg\"},\"aa5a250f-ba0d-4fce-9ec0-872309d976ac\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":false,\"interval\":\"5m\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{},\"sampling\":1}}}},\"filters\":[],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"layers\":[{\"accessors\":[\"a5a6ae4c-3d37-498c-b98f-441169f97136\"],\"layerId\":\"e5e87077-5a8a-4fed-b994-2802ebc771ad\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"7b5a8129-da0e-49b5-81aa-f14dafa36b82\",\"xAccessor\":\"aa5a250f-ba0d-4fce-9ec0-872309d976ac\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\",\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"type\":\"lens\",\"enhancements\":{}},\"title\":\"Volume Read Ops\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":10,\"i\":\"1357ca49-a128-460a-afac-f505f659bd32\",\"w\":24,\"x\":24,\"y\":20},\"panelIndex\":\"1357ca49-a128-460a-afac-f505f659bd32\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-cba8ad0a-ad79-41e0-bb71-90e68fdbb66c\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"cba8ad0a-ad79-41e0-bb71-90e68fdbb66c\":{\"columnOrder\":[\"0865498a-2b36-4dcf-8878-5ab4a893f1a7\",\"938cd7ee-c857-4e61-a632-537a0cd42a05\",\"01dac807-7d95-4256-99f9-ac76e46a36af\"],\"columns\":{\"01dac807-7d95-4256-99f9-ac76e46a36af\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average of aws.ebs.metrics.VolumeWriteBytes.avg\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.ebs.metrics.VolumeWriteBytes.avg\"},\"0865498a-2b36-4dcf-8878-5ab4a893f1a7\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 values of aws.dimensions.VolumeId\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"01dac807-7d95-4256-99f9-ac76e46a36af\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.dimensions.VolumeId\"},\"938cd7ee-c857-4e61-a632-537a0cd42a05\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":false,\"interval\":\"5m\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{},\"sampling\":1}}}},\"filters\":[],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"layers\":[{\"accessors\":[\"01dac807-7d95-4256-99f9-ac76e46a36af\"],\"layerId\":\"cba8ad0a-ad79-41e0-bb71-90e68fdbb66c\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"0865498a-2b36-4dcf-8878-5ab4a893f1a7\",\"xAccessor\":\"938cd7ee-c857-4e61-a632-537a0cd42a05\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\",\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"type\":\"lens\",\"enhancements\":{}},\"title\":\"Volume Write Bytes\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":10,\"i\":\"afbe92c6-fbc6-42fa-83fc-56cc2dc8bc65\",\"w\":24,\"x\":0,\"y\":20},\"panelIndex\":\"afbe92c6-fbc6-42fa-83fc-56cc2dc8bc65\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-55761a89-32d6-46f8-9df5-8ccf0bfb7d39\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"55761a89-32d6-46f8-9df5-8ccf0bfb7d39\":{\"columnOrder\":[\"24510e19-3ab5-4ff1-8742-1911a273cb9f\",\"621b6b76-2d17-4e22-9d54-96ade363c53d\",\"26862a19-bc82-4805-9502-837885281296\"],\"columns\":{\"24510e19-3ab5-4ff1-8742-1911a273cb9f\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 values of aws.dimensions.VolumeId\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"26862a19-bc82-4805-9502-837885281296\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.dimensions.VolumeId\"},\"26862a19-bc82-4805-9502-837885281296\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average of aws.ebs.metrics.VolumeReadBytes.avg\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.ebs.metrics.VolumeReadBytes.avg\"},\"621b6b76-2d17-4e22-9d54-96ade363c53d\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":false,\"interval\":\"5m\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{},\"sampling\":1}}}},\"filters\":[],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"layers\":[{\"accessors\":[\"26862a19-bc82-4805-9502-837885281296\"],\"layerId\":\"55761a89-32d6-46f8-9df5-8ccf0bfb7d39\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"24510e19-3ab5-4ff1-8742-1911a273cb9f\",\"xAccessor\":\"621b6b76-2d17-4e22-9d54-96ade363c53d\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\",\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"type\":\"lens\",\"enhancements\":{}},\"title\":\"Volume Read Bytes\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":10,\"i\":\"04d7b02f-79fd-4c2a-b7a8-b47857d8b76e\",\"w\":24,\"x\":0,\"y\":0},\"panelIndex\":\"04d7b02f-79fd-4c2a-b7a8-b47857d8b76e\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-2a4e13d6-c5c4-4fe2-a493-dd518ab17832\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"2a4e13d6-c5c4-4fe2-a493-dd518ab17832\":{\"columnOrder\":[\"bdbd408a-23d4-44cc-a003-381b118767ce\",\"42144647-3383-4f5c-95f0-fecfc3c2776d\",\"618e9ed2-caf9-4da1-9e2d-e7131299ce30\"],\"columns\":{\"42144647-3383-4f5c-95f0-fecfc3c2776d\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":true,\"interval\":\"5m\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"618e9ed2-caf9-4da1-9e2d-e7131299ce30\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average of aws.ebs.metrics.VolumeQueueLength.avg\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.ebs.metrics.VolumeQueueLength.avg\"},\"bdbd408a-23d4-44cc-a003-381b118767ce\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 values of aws.dimensions.VolumeId\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"618e9ed2-caf9-4da1-9e2d-e7131299ce30\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.dimensions.VolumeId\"}},\"incompleteColumns\":{},\"sampling\":1}}}},\"filters\":[],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"layers\":[{\"accessors\":[\"618e9ed2-caf9-4da1-9e2d-e7131299ce30\"],\"layerId\":\"2a4e13d6-c5c4-4fe2-a493-dd518ab17832\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"bdbd408a-23d4-44cc-a003-381b118767ce\",\"xAccessor\":\"42144647-3383-4f5c-95f0-fecfc3c2776d\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\",\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Volume Queue Length\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":10,\"i\":\"25ff071b-993c-4846-9fa5-94a46fcdc8e2\",\"w\":24,\"x\":24,\"y\":30},\"panelIndex\":\"25ff071b-993c-4846-9fa5-94a46fcdc8e2\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-6156362a-fc13-448b-82a4-e7f32ba7b2b3\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"6156362a-fc13-448b-82a4-e7f32ba7b2b3\":{\"columnOrder\":[\"a46bc6aa-b391-4838-9649-e504593256cd\",\"9e80a182-49b4-4cb4-ac2b-62a704718ade\",\"4de1d282-ed78-4717-af51-3dd6b33d0b02\"],\"columns\":{\"4de1d282-ed78-4717-af51-3dd6b33d0b02\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average of aws.ebs.metrics.VolumeTotalWriteTime.sum\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.ebs.metrics.VolumeTotalWriteTime.sum\"},\"9e80a182-49b4-4cb4-ac2b-62a704718ade\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":false,\"interval\":\"5m\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"a46bc6aa-b391-4838-9649-e504593256cd\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 values of aws.dimensions.VolumeId\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"4de1d282-ed78-4717-af51-3dd6b33d0b02\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.dimensions.VolumeId\"}},\"incompleteColumns\":{},\"sampling\":1}}}},\"filters\":[],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"layers\":[{\"accessors\":[\"4de1d282-ed78-4717-af51-3dd6b33d0b02\"],\"layerId\":\"6156362a-fc13-448b-82a4-e7f32ba7b2b3\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"a46bc6aa-b391-4838-9649-e504593256cd\",\"xAccessor\":\"9e80a182-49b4-4cb4-ac2b-62a704718ade\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\",\"yTitle\":\"\"}},\"title\":\"Volume Total Write Time\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"type\":\"lens\",\"enhancements\":{}},\"title\":\"Volume Total Write Time\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":10,\"i\":\"f654e59e-f814-4af0-80ac-28fbbaea26ee\",\"w\":24,\"x\":0,\"y\":30},\"panelIndex\":\"f654e59e-f814-4af0-80ac-28fbbaea26ee\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-ba7be616-8ef0-476a-9372-e29771f47c20\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"ba7be616-8ef0-476a-9372-e29771f47c20\":{\"columnOrder\":[\"537c12ea-0228-4230-bb83-4df9d1c4d42d\",\"12ed787d-8560-4b4a-8d31-391d8aea44fb\",\"1117748f-4bb7-4b7c-a0df-bf332a10a734\"],\"columns\":{\"1117748f-4bb7-4b7c-a0df-bf332a10a734\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average of aws.ebs.metrics.VolumeTotalReadTime.sum\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.ebs.metrics.VolumeTotalReadTime.sum\"},\"12ed787d-8560-4b4a-8d31-391d8aea44fb\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":false,\"interval\":\"5m\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"537c12ea-0228-4230-bb83-4df9d1c4d42d\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 values of aws.dimensions.VolumeId\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"1117748f-4bb7-4b7c-a0df-bf332a10a734\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.dimensions.VolumeId\"}},\"incompleteColumns\":{},\"sampling\":1}}}},\"filters\":[],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"layers\":[{\"accessors\":[\"1117748f-4bb7-4b7c-a0df-bf332a10a734\"],\"layerId\":\"ba7be616-8ef0-476a-9372-e29771f47c20\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"537c12ea-0228-4230-bb83-4df9d1c4d42d\",\"xAccessor\":\"12ed787d-8560-4b4a-8d31-391d8aea44fb\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\",\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"type\":\"lens\",\"enhancements\":{}},\"title\":\"Volume Total Read Time\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":10,\"i\":\"e4d793ca-e781-403c-a791-63b3bb66e7ab\",\"w\":24,\"x\":24,\"y\":0},\"panelIndex\":\"e4d793ca-e781-403c-a791-63b3bb66e7ab\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-bae8cf43-f049-469b-830a-8bf08b579318\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"bae8cf43-f049-469b-830a-8bf08b579318\":{\"columnOrder\":[\"83c71090-bc35-495b-9981-310bfe9fc3e5\",\"f12b6ba8-f90c-4caa-ae04-5b189b70d381\",\"2975ad52-5399-4410-91bf-15a25e56b4a1\"],\"columns\":{\"2975ad52-5399-4410-91bf-15a25e56b4a1\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average of aws.ebs.metrics.VolumeIdleTime.sum\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.ebs.metrics.VolumeIdleTime.sum\"},\"83c71090-bc35-495b-9981-310bfe9fc3e5\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 values of aws.dimensions.VolumeId\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"2975ad52-5399-4410-91bf-15a25e56b4a1\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.dimensions.VolumeId\"},\"f12b6ba8-f90c-4caa-ae04-5b189b70d381\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":true,\"interval\":\"5m\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{},\"sampling\":1}}}},\"filters\":[],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"layers\":[{\"accessors\":[\"2975ad52-5399-4410-91bf-15a25e56b4a1\"],\"layerId\":\"bae8cf43-f049-469b-830a-8bf08b579318\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"83c71090-bc35-495b-9981-310bfe9fc3e5\",\"xAccessor\":\"f12b6ba8-f90c-4caa-ae04-5b189b70d381\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\",\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Volume Idle Time\"}]","timeRestore":false,"title":"[Metrics AWS] EBS Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"aws-44ce4680-b7ba-11e9-8349-f15f850c5cd0","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"04d7b02f-79fd-4c2a-b7a8-b47857d8b76e:indexpattern-datasource-layer-2a4e13d6-c5c4-4fe2-a493-dd518ab17832","type":"index-pattern"},{"id":"metrics-*","name":"e4d793ca-e781-403c-a791-63b3bb66e7ab:indexpattern-datasource-layer-bae8cf43-f049-469b-830a-8bf08b579318","type":"index-pattern"},{"id":"metrics-*","name":"69439d36-0b02-4ba9-adad-2380e77ff8f5:indexpattern-datasource-layer-e5e87077-5a8a-4fed-b994-2802ebc771ad","type":"index-pattern"},{"id":"metrics-*","name":"81e6e1e4-9723-4ffd-9d87-bfb15043886c:indexpattern-datasource-layer-8da59358-bf1a-45d2-be0b-a2ef2a055b58","type":"index-pattern"},{"id":"metrics-*","name":"afbe92c6-fbc6-42fa-83fc-56cc2dc8bc65:indexpattern-datasource-layer-55761a89-32d6-46f8-9df5-8ccf0bfb7d39","type":"index-pattern"},{"id":"metrics-*","name":"1357ca49-a128-460a-afac-f505f659bd32:indexpattern-datasource-layer-cba8ad0a-ad79-41e0-bb71-90e68fdbb66c","type":"index-pattern"},{"id":"metrics-*","name":"f654e59e-f814-4af0-80ac-28fbbaea26ee:indexpattern-datasource-layer-ba7be616-8ef0-476a-9372-e29771f47c20","type":"index-pattern"},{"id":"metrics-*","name":"25ff071b-993c-4846-9fa5-94a46fcdc8e2:indexpattern-datasource-layer-6156362a-fc13-448b-82a4-e7f32ba7b2b3","type":"index-pattern"},{"id":"metrics-*","name":"controlGroup_00dceb34-5141-43da-b731-266e79f7c567:optionsListDataView","type":"index-pattern"},{"id":"metrics-*","name":"controlGroup_138553b0-cd96-4281-b659-5c181c87725f:optionsListDataView","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688996741503,5955],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1MDcsMV0="}
+{"attributes":{"columns":["aws.s3access.http_status","aws.s3access.error_code","aws.s3access.operation","aws.s3access.request_uri"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"aws.s3access.http_status\",\"negate\":true,\"params\":{\"query\":\"200\"},\"type\":\"phrase\",\"value\":\"200\"},\"query\":{\"match\":{\"aws.s3access.http_status\":{\"query\":\"200\",\"type\":\"phrase\"}}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.s3access\"},\"type\":\"phrase\",\"value\":\"s3access\"},\"query\":{\"match\":{\"data_stream.dataset\":{\"query\":\"aws.s3access\",\"type\":\"phrase\"}}}}],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"version\":true}"},"sort":[["@timestamp","desc"]],"title":"Error Logs [Logs AWS]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"aws-5e5a3c90-bac0-11e9-9f70-1f7bda85a5eb","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688996741503,5961],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1MDgsMV0="}
+{"attributes":{"description":"Logs AWS S3 Server Access Log Overview Dashboard","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"1\",\"w\":24,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Request Uri\",\"field\":\"aws.s3access.request_uri\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"split\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"HTTP Status\",\"field\":\"aws.s3access.http_status\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"dimensions\":{\"buckets\":[{\"accessor\":2,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metric\":{\"accessor\":3,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}},\"splitColumn\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}]},\"distinctColors\":true,\"isDonut\":false,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"row\":false,\"type\":\"pie\",\"legendSize\":\"auto\"},\"title\":\"Top URLs [Logs AWS]\",\"type\":\"pie\",\"uiState\":{\"vis\":{\"colors\":{\"404\":\"#EAB839\"}}}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Top URLs\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"2\",\"w\":24,\"x\":24,\"y\":0},\"panelIndex\":\"2\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"filter\":{\"language\":\"lucene\",\"query\":\"data_stream.dataset:aws.s3access\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"auto\",\"legend_position\":\"bottom\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"bar\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Http Status\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_filters\":[{\"color\":\"#68BC00\",\"filter\":{\"language\":\"kuery\",\"query\":\"aws.s3access.http_status < 300 and aws.s3access.http_status >= 200\"},\"id\":\"5acdc750-a29d-11e7-a062-a1c3587f4874\",\"label\":\"200s\"},{\"color\":\"rgba(252,196,0,1)\",\"filter\":{\"language\":\"kuery\",\"query\":\"aws.s3access.http_status < 400 and aws.s3access.http_status >= 300\"},\"id\":\"6efd2ae0-a29d-11e7-a062-a1c3587f4874\",\"label\":\"300s\"},{\"color\":\"rgba(211,49,21,1)\",\"filter\":{\"language\":\"kuery\",\"query\":\"aws.s3access.http_status < 500 and aws.s3access.http_status >= 400\"},\"id\":\"76089a90-a29d-11e7-a062-a1c3587f4874\",\"label\":\"400s\"},{\"color\":\"rgba(171,20,158,1)\",\"filter\":{\"language\":\"kuery\",\"query\":\"aws.s3access.http_status < 600 and aws.s3access.http_status >= 500\"},\"id\":\"7c7929d0-a29d-11e7-a062-a1c3587f4874\",\"label\":\"500s\"}],\"split_mode\":\"filters\",\"stacked\":\"stacked\",\"terms_field\":\"http.response.status_code\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"Http Status over time [Logs AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Http Status over time\"},{\"embeddableConfig\":{\"title\":\"Error Logs\"},\"gridData\":{\"h\":15,\"i\":\"3\",\"w\":48,\"x\":0,\"y\":15},\"panelIndex\":\"3\",\"panelRefName\":\"panel_2\",\"title\":\"Error Logs\",\"version\":\"7.4.0\"}]","timeRestore":false,"title":"[Logs AWS] S3 Server Access Log Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"aws-4746e000-bacd-11e9-9f70-1f7bda85a5eb","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"aws-5e5a3c90-bac0-11e9-9f70-1f7bda85a5eb","name":"panel_2","type":"search"},{"id":"logs-*","name":"1:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688996741503,5966],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1MDksMV0="}
+{"attributes":{"columns":["aws.inspector.resources.details.aws.ec2_instance.key_name","aws.inspector.resources.details.aws.ec2_instance.launched_at","aws.inspector.resources.details.aws.ec2_instance.platform","aws.inspector.resources.details.aws.ec2_instance.subnet_id","aws.inspector.resources.details.aws.ec2_instance.type","aws.inspector.resources.details.aws.ec2_instance.vpc_id"],"description":"","grid":{},"hideChart":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.inspector\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.inspector\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"sort":[["@timestamp","desc"]],"title":"Findings AWS EC2 Instance Essential Details [Logs Inspector]"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"aws-47d3ed50-5a53-11ed-a807-bd2da8f2e79b","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688996741503,5971],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1MTAsMV0="}
+{"attributes":{"description":"Dashboard providing statistics about flows ingested from the AWS Network Firewall integration.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.firewall_logs\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.firewall_logs\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"event.kind\",\"negate\":false,\"params\":{\"query\":\"event\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.kind\":\"event\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"258f7245-5011-4f03-bcd3-cada0180dc7a\",\"w\":12,\"x\":0,\"y\":0},\"panelIndex\":\"258f7245-5011-4f03-bcd3-cada0180dc7a\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"**Navigation**\\n\\n[Overview](/app/dashboards#/view/aws-2ba11b50-4b9d-11ec-8282-5342b8988acc)  \\n[Alerts](/app/dashboards#/view/aws-dfa76470-4ba1-11ec-8282-5342b8988acc)  \\n**[Flows (This Page)](/app/dashboards#/view/aws-562bdea0-4ba7-11ec-8282-5342b8988acc)**  \\n[Metrics](/app/dashboards#/view/aws-3abffe60-4ba9-11ec-8282-5342b8988acc)  \\n\\n[Integrations Page](/app/integrations/detail/aws/overview?integration=firewall)  \\n\\n**Overview**\\n\\nThis dashboard provides an overall view of AWS Network Firewall flow logs.\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"9acd5716-4bce-498a-9a4e-4d4fd81dfdc2\",\"w\":36,\"x\":12,\"y\":0},\"panelIndex\":\"9acd5716-4bce-498a-9a4e-4d4fd81dfdc2\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloud.region\",\"id\":\"1637591016076\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"Region\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloud.availability_zone\",\"id\":\"1637591029629\",\"indexPatternRefName\":\"control_1_index_pattern\",\"label\":\"Availability Zone\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"observer.name\",\"id\":\"1637591118622\",\"indexPatternRefName\":\"control_2_index_pattern\",\"label\":\"Firewall\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":false,\"useTimeFilter\":false},\"title\":\"Firewall Filters [Logs AWS]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Firewall Filters\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"09caeba8-1f98-4937-b1b8-60debe3e3728\",\"w\":6,\"x\":12,\"y\":7},\"panelIndex\":\"09caeba8-1f98-4937-b1b8-60debe3e3728\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Flows\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(aws.firewall.flow.id)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Unique Rules\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"aws.firewall.flow.id\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Flows\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"4c85d573-baea-49ca-bb9e-4013a0373da7\",\"w\":6,\"x\":18,\"y\":7},\"panelIndex\":\"4c85d573-baea-49ca-bb9e-4013a0373da7\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Destination IPs\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(destination.ip)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Unique Source IPs\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"destination.ip\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Destination IPs\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64\",\"w\":6,\"x\":24,\"y\":7},\"panelIndex\":\"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Source IPs\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(source.ip)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of unique_count(source.ip)\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"source.ip\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Source IPs\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"6d617b1a-a973-4136-8d93-15e5c72c43f2\",\"w\":6,\"x\":30,\"y\":7},\"panelIndex\":\"6d617b1a-a973-4136-8d93-15e5c72c43f2\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Transport Protocols\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(network.transport)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Unique Network Protocols\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"network.transport\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Network Protocols\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"673dd2b3-e271-4ad9-9b86-83e4e1070647\",\"w\":6,\"x\":36,\"y\":7},\"panelIndex\":\"673dd2b3-e271-4ad9-9b86-83e4e1070647\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Network Protocols\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(network.protocol)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Unique Rules\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"network.protocol\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Network Protocols\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"77a70f50-9523-45f0-bbf6-cd6628d2ef53\",\"w\":6,\"x\":42,\"y\":7},\"panelIndex\":\"77a70f50-9523-45f0-bbf6-cd6628d2ef53\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe2e527e-c274-42c2-8d95-0c5955356eb8\"],\"columns\":{\"fe2e527e-c274-42c2-8d95-0c5955356eb8\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Total Bytes\",\"operationType\":\"sum\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}},\"scale\":\"ratio\",\"sourceField\":\"aws.firewall.flow.bytes\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe2e527e-c274-42c2-8d95-0c5955356eb8\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Bytes\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"227abb53-ab6c-40f9-af63-6c6ac41d6855\",\"w\":12,\"x\":0,\"y\":15},\"panelIndex\":\"227abb53-ab6c-40f9-af63-6c6ac41d6855\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"77c8c7dc-b073-4d7c-8403-b25ee4647152\":{\"columnOrder\":[\"4c3d3741-afe6-403d-bc83-7f90196c291a\",\"1d64873d-37af-48f4-b6ec-911b6e0243cd\",\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"],\"columns\":{\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"1d64873d-37af-48f4-b6ec-911b6e0243cd\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of network.protocol\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":3},\"scale\":\"ordinal\",\"sourceField\":\"network.protocol\"},\"4c3d3741-afe6-403d-bc83-7f90196c291a\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of network.transport\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"network.transport\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"legendSize\":\"auto\",\"primaryGroups\":[\"4c3d3741-afe6-403d-bc83-7f90196c291a\",\"1d64873d-37af-48f4-b6ec-911b6e0243cd\"],\"metrics\":[\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"]}],\"shape\":\"donut\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Protocols\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"2148efa5-f130-4751-909d-6a79eed2e16b\",\"w\":12,\"x\":12,\"y\":15},\"panelIndex\":\"2148efa5-f130-4751-909d-6a79eed2e16b\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"77c8c7dc-b073-4d7c-8403-b25ee4647152\":{\"columnOrder\":[\"f49ff962-9e8a-4170-a0d8-54cee9438651\",\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"],\"columns\":{\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"f49ff962-9e8a-4170-a0d8-54cee9438651\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of source.geo.country_name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"source.geo.country_name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"legendSize\":\"auto\",\"primaryGroups\":[\"f49ff962-9e8a-4170-a0d8-54cee9438651\"],\"metrics\":[\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Source Countries\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"6790d45f-4fa9-4a70-b0e1-a3e10682c852\",\"w\":12,\"x\":24,\"y\":15},\"panelIndex\":\"6790d45f-4fa9-4a70-b0e1-a3e10682c852\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"77c8c7dc-b073-4d7c-8403-b25ee4647152\":{\"columnOrder\":[\"f49ff962-9e8a-4170-a0d8-54cee9438651\",\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"],\"columns\":{\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"f49ff962-9e8a-4170-a0d8-54cee9438651\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of destination.geo.country_name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"destination.geo.country_name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"legendSize\":\"auto\",\"primaryGroups\":[\"f49ff962-9e8a-4170-a0d8-54cee9438651\"],\"metrics\":[\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Destination Countries\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"cdab9d28-4b3b-4228-8e3a-6e3d29022815\",\"w\":12,\"x\":36,\"y\":15},\"panelIndex\":\"cdab9d28-4b3b-4228-8e3a-6e3d29022815\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"77c8c7dc-b073-4d7c-8403-b25ee4647152\":{\"columnOrder\":[\"b6083b5e-5207-4632-9f23-e76872d504e4\",\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"],\"columns\":{\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"b6083b5e-5207-4632-9f23-e76872d504e4\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of observer.name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"observer.name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"legendSize\":\"auto\",\"primaryGroups\":[\"b6083b5e-5207-4632-9f23-e76872d504e4\"],\"metrics\":[\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Firewalls\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"9609e04b-0043-4b3a-a31b-a2461c1e3dcb\",\"w\":12,\"x\":12,\"y\":30},\"panelIndex\":\"9609e04b-0043-4b3a-a31b-a2461c1e3dcb\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5c93c96-5038-49e1-acca-2e876257c059\":{\"columnOrder\":[\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"915adad5-4455-40d4-a9cd-0702da79189c\"],\"columns\":{\"63e483b4-0ce2-4f05-92a2-8e699650d64c\":{\"customLabel\":true,\"dataType\":\"ip\",\"isBucketed\":true,\"label\":\"Source IP\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"source.ip\"},\"915adad5-4455-40d4-a9cd-0702da79189c\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"isTransposed\":false},{\"columnId\":\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"isTransposed\":false}],\"layerId\":\"a5c93c96-5038-49e1-acca-2e876257c059\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Source IPs\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"dae8d2e7-7949-4023-9926-58af14895e11\",\"w\":12,\"x\":24,\"y\":30},\"panelIndex\":\"dae8d2e7-7949-4023-9926-58af14895e11\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5c93c96-5038-49e1-acca-2e876257c059\":{\"columnOrder\":[\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"915adad5-4455-40d4-a9cd-0702da79189c\"],\"columns\":{\"63e483b4-0ce2-4f05-92a2-8e699650d64c\":{\"customLabel\":true,\"dataType\":\"ip\",\"isBucketed\":true,\"label\":\"Destination IP\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"destination.ip\"},\"915adad5-4455-40d4-a9cd-0702da79189c\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"isTransposed\":false},{\"columnId\":\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"isTransposed\":false}],\"layerId\":\"a5c93c96-5038-49e1-acca-2e876257c059\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Destination IPs\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"ce8caf3c-c830-4500-a4bf-66a9f354cd49\",\"w\":12,\"x\":36,\"y\":30},\"panelIndex\":\"ce8caf3c-c830-4500-a4bf-66a9f354cd49\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5c93c96-5038-49e1-acca-2e876257c059\":{\"columnOrder\":[\"bcad6771-9620-48eb-b728-c5548423a150\",\"915adad5-4455-40d4-a9cd-0702da79189c\"],\"columns\":{\"915adad5-4455-40d4-a9cd-0702da79189c\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"bcad6771-9620-48eb-b728-c5548423a150\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Firewalls\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"observer.name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"bcad6771-9620-48eb-b728-c5548423a150\",\"isTransposed\":false},{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"isTransposed\":false}],\"layerId\":\"a5c93c96-5038-49e1-acca-2e876257c059\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Firewalls\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"29627829-7a4d-4fc3-9ee4-c9af667dd941\",\"w\":12,\"x\":0,\"y\":30},\"panelIndex\":\"29627829-7a4d-4fc3-9ee4-c9af667dd941\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5c93c96-5038-49e1-acca-2e876257c059\":{\"columnOrder\":[\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"915adad5-4455-40d4-a9cd-0702da79189c\"],\"columns\":{\"63e483b4-0ce2-4f05-92a2-8e699650d64c\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Source IP\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"network.protocol\"},\"915adad5-4455-40d4-a9cd-0702da79189c\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"isTransposed\":false},{\"columnId\":\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"isTransposed\":false}],\"layerId\":\"a5c93c96-5038-49e1-acca-2e876257c059\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Protocols\"},{\"embeddableConfig\":{\"columns\":[\"observer.name\",\"aws.firewall.flow.id\",\"source.ip\",\"source.port\",\"destination.ip\",\"destination.port\",\"network.transport\",\"network.protocol\"],\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":14,\"i\":\"0de2176d-e3ab-4911-933e-fb0f46ca6700\",\"w\":48,\"x\":0,\"y\":41},\"panelIndex\":\"0de2176d-e3ab-4911-933e-fb0f46ca6700\",\"panelRefName\":\"panel_0de2176d-e3ab-4911-933e-fb0f46ca6700\",\"title\":\"Firewall Logs\",\"type\":\"search\",\"version\":\"7.15.1\"}]","timeRestore":false,"title":"[Logs AWS] Firewall Flows","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"aws-562bdea0-4ba7-11ec-8282-5342b8988acc","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"logs-*","name":"09caeba8-1f98-4937-b1b8-60debe3e3728:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"09caeba8-1f98-4937-b1b8-60debe3e3728:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"4c85d573-baea-49ca-bb9e-4013a0373da7:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"4c85d573-baea-49ca-bb9e-4013a0373da7:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"6d617b1a-a973-4136-8d93-15e5c72c43f2:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"6d617b1a-a973-4136-8d93-15e5c72c43f2:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"673dd2b3-e271-4ad9-9b86-83e4e1070647:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"673dd2b3-e271-4ad9-9b86-83e4e1070647:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"77a70f50-9523-45f0-bbf6-cd6628d2ef53:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"77a70f50-9523-45f0-bbf6-cd6628d2ef53:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"227abb53-ab6c-40f9-af63-6c6ac41d6855:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"227abb53-ab6c-40f9-af63-6c6ac41d6855:indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152","type":"index-pattern"},{"id":"logs-*","name":"2148efa5-f130-4751-909d-6a79eed2e16b:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"2148efa5-f130-4751-909d-6a79eed2e16b:indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152","type":"index-pattern"},{"id":"logs-*","name":"6790d45f-4fa9-4a70-b0e1-a3e10682c852:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"6790d45f-4fa9-4a70-b0e1-a3e10682c852:indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152","type":"index-pattern"},{"id":"logs-*","name":"cdab9d28-4b3b-4228-8e3a-6e3d29022815:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"cdab9d28-4b3b-4228-8e3a-6e3d29022815:indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152","type":"index-pattern"},{"id":"logs-*","name":"9609e04b-0043-4b3a-a31b-a2461c1e3dcb:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"9609e04b-0043-4b3a-a31b-a2461c1e3dcb:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059","type":"index-pattern"},{"id":"logs-*","name":"dae8d2e7-7949-4023-9926-58af14895e11:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"dae8d2e7-7949-4023-9926-58af14895e11:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059","type":"index-pattern"},{"id":"logs-*","name":"ce8caf3c-c830-4500-a4bf-66a9f354cd49:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"ce8caf3c-c830-4500-a4bf-66a9f354cd49:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059","type":"index-pattern"},{"id":"logs-*","name":"29627829-7a4d-4fc3-9ee4-c9af667dd941:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"29627829-7a4d-4fc3-9ee4-c9af667dd941:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059","type":"index-pattern"},{"id":"aws-f4856850-4d32-11ec-a678-057fce71e8cd","name":"0de2176d-e3ab-4911-933e-fb0f46ca6700:panel_0de2176d-e3ab-4911-933e-fb0f46ca6700","type":"search"},{"id":"logs-*","name":"9acd5716-4bce-498a-9a4e-4d4fd81dfdc2:control_0_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"9acd5716-4bce-498a-9a4e-4d4fd81dfdc2:control_1_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"9acd5716-4bce-498a-9a4e-4d4fd81dfdc2:control_2_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688996741503,6008],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1MTEsMV0="}
+{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{\"971955cf-ae41-4e9f-b609-63362a1fc426\":{\"order\":0,\"width\":\"large\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"aws.inspector.severity\",\"title\":\"AWS Inspector Findings Severity\",\"id\":\"971955cf-ae41-4e9f-b609-63362a1fc426\",\"enhancements\":{}}}}"},"description":"Overview of AWS Inspector Severity.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.inspector\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.inspector\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"19eb0a1a-2960-4826-91ea-a8711065cb25\",\"w\":24,\"x\":0,\"y\":19},\"panelIndex\":\"19eb0a1a-2960-4826-91ea-a8711065cb25\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-4157dbfd-2795-4386-9327-b3b761a2017d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"4157dbfd-2795-4386-9327-b3b761a2017d\":{\"columnOrder\":[\"f750dc8d-8f68-4863-bc9a-d3ff5837fbf4\",\"447f2d3e-fb46-4fa2-842d-d42d953c84cb\"],\"columns\":{\"447f2d3e-fb46-4fa2-842d-d42d953c84cb\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"f750dc8d-8f68-4863-bc9a-d3ff5837fbf4\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Severity\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"447f2d3e-fb46-4fa2-842d-d42d953c84cb\",\"type\":\"column\"},\"orderDirection\":\"asc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.inspector.severity\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"accessors\":[\"447f2d3e-fb46-4fa2-842d-d42d953c84cb\"],\"layerId\":\"4157dbfd-2795-4386-9327-b3b761a2017d\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"f750dc8d-8f68-4863-bc9a-d3ff5837fbf4\",\"yConfig\":[{\"color\":\"#d36086\",\"forAccessor\":\"447f2d3e-fb46-4fa2-842d-d42d953c84cb\"}]}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false,\"showSingleSeries\":true},\"preferredSeriesType\":\"bar_stacked\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\"}},\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Distribution of Findings by Severity [Logs Inspector]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"f19fbe19-a0b6-4087-8a2f-2958445284db\",\"w\":24,\"x\":0,\"y\":4},\"panelIndex\":\"f19fbe19-a0b6-4087-8a2f-2958445284db\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-1dae6ff8-1a46-42dc-8e3c-7c6f597f71d2\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"1dae6ff8-1a46-42dc-8e3c-7c6f597f71d2\":{\"columnOrder\":[\"80bca2a5-1b67-4964-a5c0-235ce80fb55f\"],\"columns\":{\"80bca2a5-1b67-4964-a5c0-235ce80fb55f\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Total Findings\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"80bca2a5-1b67-4964-a5c0-235ce80fb55f\",\"layerId\":\"1dae6ff8-1a46-42dc-8e3c-7c6f597f71d2\",\"layerType\":\"data\"}},\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Total Findings Count [Logs Inspector]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"f2c0402b-207d-4224-b880-eef8a291794b\",\"w\":24,\"x\":24,\"y\":4},\"panelIndex\":\"f2c0402b-207d-4224-b880-eef8a291794b\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-88835441-4a5d-4649-9749-cd763eb4f724\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"88835441-4a5d-4649-9749-cd763eb4f724\":{\"columnOrder\":[\"e5624e5d-9781-429f-b38d-a3776efbd387\",\"85005515-84ae-44fc-85cc-e77cef81d715\"],\"columns\":{\"85005515-84ae-44fc-85cc-e77cef81d715\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Severity Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"e5624e5d-9781-429f-b38d-a3776efbd387\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Filters\",\"operationType\":\"filters\",\"params\":{\"filters\":[{\"input\":{\"language\":\"kuery\",\"query\":\"aws.inspector.severity : \\\"CRITICAL\\\" \"},\"label\":\"CRITICAL\"},{\"input\":{\"language\":\"kuery\",\"query\":\"aws.inspector.severity : \\\"HIGH\\\" \"},\"label\":\"HIGH\"},{\"input\":{\"language\":\"kuery\",\"query\":\"aws.inspector.severity : \\\"MEDIUM\\\" \"},\"label\":\"MEDIUM\"},{\"input\":{\"language\":\"kuery\",\"query\":\"aws.inspector.severity : \\\"LOW\\\" \"},\"label\":\"LOW\"},{\"input\":{\"language\":\"kuery\",\"query\":\"aws.inspector.severity : \\\"INFORMATIONAL\\\" \"},\"label\":\"INFORMATIONAL\"},{\"input\":{\"language\":\"kuery\",\"query\":\"aws.inspector.severity : \\\"UNTRIAGED\\\" \"},\"label\":\"UNTRIAGED\"}]},\"scale\":\"ordinal\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"breakdownByAccessor\":\"e5624e5d-9781-429f-b38d-a3776efbd387\",\"layerId\":\"88835441-4a5d-4649-9749-cd763eb4f724\",\"layerType\":\"data\",\"maxCols\":3,\"metricAccessor\":\"85005515-84ae-44fc-85cc-e77cef81d715\"}},\"visualizationType\":\"lnsMetric\"},\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Total Findings Count Based on Severity [Logs Inspector]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"a9c4fbfa-ee9c-42ee-8dcb-40e44e3207ea\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"a9c4fbfa-ee9c-42ee-8dcb-40e44e3207ea\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":13,\"markdown\":\"[Inspector Inspector Findings Overview Dashboard](#/dashboard/aws-131a1550-5a0b-11ed-a807-bd2da8f2e79b) | [Inspector Severity Dashboard](#/dashboard/aws-60881ab0-63e0-11ed-be08-4b4db5223139) | [Inspector Vulnerabilities Dashboard](#/dashboard/aws-383d4630-63df-11ed-be08-4b4db5223139) | [Inspector Inspector EC2 and ECR Overview Dashboard](#/dashboard/aws-63984b70-63e1-11ed-be08-4b4db5223139)  \",\"openLinksInNewTab\":true},\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Dashboards [Logs Inspector]\"}]","timeRestore":false,"title":"[Logs AWS] Inspector Severity","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"aws-60881ab0-63e0-11ed-be08-4b4db5223139","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"19eb0a1a-2960-4826-91ea-a8711065cb25:indexpattern-datasource-layer-4157dbfd-2795-4386-9327-b3b761a2017d","type":"index-pattern"},{"id":"logs-*","name":"f19fbe19-a0b6-4087-8a2f-2958445284db:indexpattern-datasource-layer-1dae6ff8-1a46-42dc-8e3c-7c6f597f71d2","type":"index-pattern"},{"id":"logs-*","name":"f2c0402b-207d-4224-b880-eef8a291794b:indexpattern-datasource-layer-88835441-4a5d-4649-9749-cd763eb4f724","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_971955cf-ae41-4e9f-b609-63362a1fc426:optionsListDataView","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688996741503,6016],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1MTIsMV0="}
+{"attributes":{"columns":["aws.inspector.resources.id","aws.inspector.resources.partition","cloud.region","aws.inspector.resources.type"],"description":"","grid":{},"hideChart":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.inspector\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.inspector\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : aws.inspector\"}}"},"sort":[["@timestamp","desc"]],"title":"Findings Resource Essential Details [Logs Inspector]"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"aws-839e3db0-5a51-11ed-a807-bd2da8f2e79b","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688996741503,6021],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1MTMsMV0="}
+{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{\"1aecf3ba-3e1b-44dd-b81c-7d8a0206a0a7\":{\"order\":0,\"width\":\"large\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"aws.inspector.severity\",\"title\":\"AWS Inspector Findings Severity\",\"id\":\"1aecf3ba-3e1b-44dd-b81c-7d8a0206a0a7\",\"enhancements\":{}}}}"},"description":"Overview of AWS Inspector EC2 and ECR logs.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.inspector\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.inspector\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"51d94661-24f5-47be-b7fc-dd3fdc9f08ef\",\"w\":24,\"x\":0,\"y\":4},\"panelIndex\":\"51d94661-24f5-47be-b7fc-dd3fdc9f08ef\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b2cd46b9-b4fd-4940-9d35-567844a01b5f\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b2cd46b9-b4fd-4940-9d35-567844a01b5f\":{\"columnOrder\":[\"8e3a1fa1-a832-4796-beee-c2f6003979aa\",\"e9633195-636f-4935-8348-fac4365bfa5e\"],\"columns\":{\"8e3a1fa1-a832-4796-beee-c2f6003979aa\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"EC2 Instance ARN\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e9633195-636f-4935-8348-fac4365bfa5e\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.inspector.resources.details.aws.ec2_instance.iam_instance_profile_arn\"},\"e9633195-636f-4935-8348-fac4365bfa5e\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Inspector Score\",\"operationType\":\"max\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.inspector.inspector_score\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"8e3a1fa1-a832-4796-beee-c2f6003979aa\",\"isTransposed\":false},{\"alignment\":\"left\",\"columnId\":\"e9633195-636f-4935-8348-fac4365bfa5e\",\"isTransposed\":false}],\"layerId\":\"b2cd46b9-b4fd-4940-9d35-567844a01b5f\",\"layerType\":\"data\"}},\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Top 10 EC2 Instances ARN with Highest Inspector Score [Logs Inspector]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"b05740f5-92dc-4b79-a77f-ded634bf1e95\",\"w\":24,\"x\":24,\"y\":4},\"panelIndex\":\"b05740f5-92dc-4b79-a77f-ded634bf1e95\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-1c04a2bf-b8c8-4e7f-a3c4-587a41a23ab5\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"2e42f416-b581-4b4e-9213-1f48bc549bd2\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"1c04a2bf-b8c8-4e7f-a3c4-587a41a23ab5\":{\"columnOrder\":[\"a883a4d2-c2a8-4759-a5bf-a17b4e64c17e\",\"d48c34d4-ed57-4677-b743-c33c9c8aa328\",\"8e192b04-395d-4fb5-a07a-3610e3c0cfad\"],\"columns\":{\"8e192b04-395d-4fb5-a07a-3610e3c0cfad\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Critical Severity\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.inspector.severity\"},\"a883a4d2-c2a8-4759-a5bf-a17b4e64c17e\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Repository Name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"8e192b04-395d-4fb5-a07a-3610e3c0cfad\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.inspector.resources.details.aws.ecr_container_image.repository_name\"},\"d48c34d4-ed57-4677-b743-c33c9c8aa328\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Account ID\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"8e192b04-395d-4fb5-a07a-3610e3c0cfad\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"cloud.account.id\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"2e42f416-b581-4b4e-9213-1f48bc549bd2\",\"key\":\"aws.inspector.severity\",\"negate\":false,\"params\":{\"query\":\"CRITICAL\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"aws.inspector.severity\":\"CRITICAL\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"a883a4d2-c2a8-4759-a5bf-a17b4e64c17e\",\"isTransposed\":false},{\"columnId\":\"d48c34d4-ed57-4677-b743-c33c9c8aa328\",\"isTransposed\":false},{\"alignment\":\"left\",\"columnId\":\"8e192b04-395d-4fb5-a07a-3610e3c0cfad\",\"hidden\":false,\"isTransposed\":false}],\"layerId\":\"1c04a2bf-b8c8-4e7f-a3c4-587a41a23ab5\",\"layerType\":\"data\"}},\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"type\":\"lens\"},\"title\":\"ECR Repositories with Most Critical Findings [Logs Inspector]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"53b2e8c1-11e8-482f-b0e6-3d1c77cfe83a\",\"w\":24,\"x\":0,\"y\":19},\"panelIndex\":\"53b2e8c1-11e8-482f-b0e6-3d1c77cfe83a\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b15502e7-1811-4354-bcb0-1ab7116c85dd\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"8b9e1ddc-c314-4ebf-a4fe-9f80280130a9\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b15502e7-1811-4354-bcb0-1ab7116c85dd\":{\"columnOrder\":[\"c4bf119f-6b3a-4809-87b2-6d0f68354c73\",\"a9d12d22-0399-462a-8f75-8d5bc0715788\",\"a51da86e-8105-437b-988f-62102fb01a00\",\"e19ddb1a-db67-42d5-8d58-cfc28c421e17\",\"ddb5a4e8-f8ae-47de-8fef-ddb7d0f99f83\"],\"columns\":{\"a51da86e-8105-437b-988f-62102fb01a00\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Repository Name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"ddb5a4e8-f8ae-47de-8fef-ddb7d0f99f83\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.inspector.resources.details.aws.ecr_container_image.repository_name\"},\"a9d12d22-0399-462a-8f75-8d5bc0715788\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Image Tag\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"ddb5a4e8-f8ae-47de-8fef-ddb7d0f99f83\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.inspector.resources.details.aws.ecr_container_image.image.tags\"},\"c4bf119f-6b3a-4809-87b2-6d0f68354c73\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Image ID\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"ddb5a4e8-f8ae-47de-8fef-ddb7d0f99f83\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.inspector.resources.details.aws.ec2_instance.image_id\"},\"ddb5a4e8-f8ae-47de-8fef-ddb7d0f99f83\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Critical Severity \",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.inspector.severity\"},\"e19ddb1a-db67-42d5-8d58-cfc28c421e17\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Account ID\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"ddb5a4e8-f8ae-47de-8fef-ddb7d0f99f83\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"cloud.account.id\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"8b9e1ddc-c314-4ebf-a4fe-9f80280130a9\",\"key\":\"aws.inspector.severity\",\"negate\":false,\"params\":{\"query\":\"CRITICAL\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"aws.inspector.severity\":\"CRITICAL\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"c4bf119f-6b3a-4809-87b2-6d0f68354c73\",\"isTransposed\":false},{\"columnId\":\"a9d12d22-0399-462a-8f75-8d5bc0715788\",\"isTransposed\":false},{\"columnId\":\"a51da86e-8105-437b-988f-62102fb01a00\",\"isTransposed\":false},{\"columnId\":\"e19ddb1a-db67-42d5-8d58-cfc28c421e17\",\"isTransposed\":false},{\"alignment\":\"left\",\"columnId\":\"ddb5a4e8-f8ae-47de-8fef-ddb7d0f99f83\",\"isTransposed\":false}],\"layerId\":\"b15502e7-1811-4354-bcb0-1ab7116c85dd\",\"layerType\":\"data\"}},\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"type\":\"lens\"},\"title\":\"ECR Container Images with Most Critical Findings [Logs Inspector]\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":15,\"i\":\"84425027-b170-4b3f-951d-3e7b11336b64\",\"w\":24,\"x\":24,\"y\":19},\"panelIndex\":\"84425027-b170-4b3f-951d-3e7b11336b64\",\"panelRefName\":\"panel_84425027-b170-4b3f-951d-3e7b11336b64\",\"type\":\"search\",\"version\":\"8.4.0\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":16,\"i\":\"a3d319b1-7214-43d9-a6a9-a61910734dc5\",\"w\":48,\"x\":0,\"y\":34},\"panelIndex\":\"a3d319b1-7214-43d9-a6a9-a61910734dc5\",\"panelRefName\":\"panel_a3d319b1-7214-43d9-a6a9-a61910734dc5\",\"type\":\"search\",\"version\":\"8.4.0\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"bee46158-c3a2-4295-9dbd-e008d057af6c\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"bee46158-c3a2-4295-9dbd-e008d057af6c\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":13,\"markdown\":\"[Inspector Inspector Findings Overview Dashboard](#/dashboard/aws-131a1550-5a0b-11ed-a807-bd2da8f2e79b) | [Inspector Severity Dashboard](#/dashboard/aws-60881ab0-63e0-11ed-be08-4b4db5223139) | [Inspector Vulnerabilities Dashboard](#/dashboard/aws-383d4630-63df-11ed-be08-4b4db5223139) | [Inspector Inspector EC2 and ECR Overview Dashboard](#/dashboard/aws-63984b70-63e1-11ed-be08-4b4db5223139)  \",\"openLinksInNewTab\":true},\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Dashboards [Logs Inspector]\"}]","timeRestore":false,"title":"[Logs AWS] Inspector EC2 and ECR Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"aws-63984b70-63e1-11ed-be08-4b4db5223139","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"51d94661-24f5-47be-b7fc-dd3fdc9f08ef:indexpattern-datasource-layer-b2cd46b9-b4fd-4940-9d35-567844a01b5f","type":"index-pattern"},{"id":"logs-*","name":"b05740f5-92dc-4b79-a77f-ded634bf1e95:indexpattern-datasource-layer-1c04a2bf-b8c8-4e7f-a3c4-587a41a23ab5","type":"index-pattern"},{"id":"logs-*","name":"b05740f5-92dc-4b79-a77f-ded634bf1e95:2e42f416-b581-4b4e-9213-1f48bc549bd2","type":"index-pattern"},{"id":"logs-*","name":"53b2e8c1-11e8-482f-b0e6-3d1c77cfe83a:indexpattern-datasource-layer-b15502e7-1811-4354-bcb0-1ab7116c85dd","type":"index-pattern"},{"id":"logs-*","name":"53b2e8c1-11e8-482f-b0e6-3d1c77cfe83a:8b9e1ddc-c314-4ebf-a4fe-9f80280130a9","type":"index-pattern"},{"id":"aws-839e3db0-5a51-11ed-a807-bd2da8f2e79b","name":"84425027-b170-4b3f-951d-3e7b11336b64:panel_84425027-b170-4b3f-951d-3e7b11336b64","type":"search"},{"id":"aws-47d3ed50-5a53-11ed-a807-bd2da8f2e79b","name":"a3d319b1-7214-43d9-a6a9-a61910734dc5:panel_a3d319b1-7214-43d9-a6a9-a61910734dc5","type":"search"},{"id":"logs-*","name":"controlGroup_1aecf3ba-3e1b-44dd-b81c-7d8a0206a0a7:optionsListDataView","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688996741503,6033],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1MTQsMV0="}
+{"attributes":{"description":"Overview of AWS VPN Metrics","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.vpn\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.vpn\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":14,\"i\":\"8ef52400-6eac-417b-936e-dce159dd5e89\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"8ef52400-6eac-417b-936e-dce159dd5e89\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloud.account.name\",\"id\":\"1565034367477\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"account name\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloud.region\",\"id\":\"1584478324642\",\"indexPatternRefName\":\"control_1_index_pattern\",\"label\":\"region\",\"options\":{\"dynamicOptions\":false,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"aws.dimensions.VpnId\",\"id\":\"1584552913938\",\"indexPatternRefName\":\"control_2_index_pattern\",\"label\":\"VPN ID\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"aws.dimensions.TunnelIpAddress\",\"id\":\"1584552958445\",\"indexPatternRefName\":\"control_3_index_pattern\",\"label\":\"Tunnel IP\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":true,\"useTimeFilter\":true},\"title\":\"VPN Filters [Metrics AWS]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Filters\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":14,\"i\":\"eb78041b-afc4-458e-af92-0951b1d0cadd\",\"w\":20,\"x\":8,\"y\":0},\"panelIndex\":\"eb78041b-afc4-458e-af92-0951b1d0cadd\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"05e19c00-693b-11ea-8bb6-25461aeac3d5\"}],\"bar_color_rules\":[{\"id\":\"fdd5ac40-693a-11ea-8bb6-25461aeac3d5\"}],\"drop_last_bucket\":0,\"hide_last_value_indicator\":true,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.vpn.metrics.TunnelState.avg\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"3\",\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.VpnId\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"top_n\",\"use_kibana_indexes\":false},\"title\":\"VPN Tunnel Data State [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Tunnel State Per VPN ID\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":14,\"i\":\"39a9be08-98c6-470c-b76b-312a57e11e2d\",\"w\":20,\"x\":28,\"y\":0},\"panelIndex\":\"39a9be08-98c6-470c-b76b-312a57e11e2d\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"05e19c00-693b-11ea-8bb6-25461aeac3d5\"}],\"bar_color_rules\":[{\"id\":\"fdd5ac40-693a-11ea-8bb6-25461aeac3d5\"}],\"drop_last_bucket\":0,\"hide_last_value_indicator\":true,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.vpn.metrics.TunnelState.avg\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"3\",\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.TunnelIpAddress\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"top_n\",\"use_kibana_indexes\":false},\"title\":\"VPN Tunnel Data State Per Tunnel IP [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Tunnel State Per Tunnel IP\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"5c8122a2-fbf0-4404-918e-249bf6fd7f07\",\"w\":24,\"x\":0,\"y\":14},\"panelIndex\":\"5c8122a2-fbf0-4404-918e-249bf6fd7f07\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":0,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.vpn.metrics.TunnelDataIn.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"3\",\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.VpnId\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"VPN Tunnel Data In Per VPN ID [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Tunnel Data In Per VPN ID\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"8ecd0f73-146f-4aed-bfd1-5c236c5dfe8c\",\"w\":24,\"x\":24,\"y\":14},\"panelIndex\":\"8ecd0f73-146f-4aed-bfd1-5c236c5dfe8c\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":0,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.vpn.metrics.TunnelDataIn.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"3\",\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.TunnelIpAddress\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"VPN Tunnel Data In [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Tunnel Data In Per Tunnel IP\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"eb10ea7d-ffc9-4c51-9386-6f63be6322aa\",\"w\":24,\"x\":0,\"y\":29},\"panelIndex\":\"eb10ea7d-ffc9-4c51-9386-6f63be6322aa\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":0,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.vpn.metrics.TunnelDataOut.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"3\",\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.VpnId\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"VPN Tunnel Data Out Per VPN ID [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Tunnel Data Out Per VPN ID\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"3b01a7e9-eb8b-43bb-977d-53d8bc9d21b7\",\"w\":24,\"x\":24,\"y\":29},\"panelIndex\":\"3b01a7e9-eb8b-43bb-977d-53d8bc9d21b7\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":0,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.vpn.metrics.TunnelDataOut.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"3\",\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.TunnelIpAddress\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"VPN Tunnel Data Out [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Tunnel Data Out Per Tunnel IP\"}]","timeRestore":false,"title":"[Metrics AWS] VPN Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"aws-67c9f900-693e-11ea-b0ac-95d4ecb1fecd","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"8ef52400-6eac-417b-936e-dce159dd5e89:control_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"8ef52400-6eac-417b-936e-dce159dd5e89:control_1_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"8ef52400-6eac-417b-936e-dce159dd5e89:control_2_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"8ef52400-6eac-417b-936e-dce159dd5e89:control_3_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688996741503,6041],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1MTUsMV0="}
+{"attributes":{"description":"Overview of DynamoDB AWS Cloudwatch metrics","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.dynamodb\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.dynamodb\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"9642fcd0-464b-46ea-815c-cd2d9efc056d\",\"w\":10,\"x\":0,\"y\":0},\"panelIndex\":\"9642fcd0-464b-46ea-815c-cd2d9efc056d\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloud.region\",\"id\":\"1549397251041\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"region\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloud.account.name\",\"id\":\"1549512126406\",\"indexPatternRefName\":\"control_1_index_pattern\",\"label\":\"account name\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":true,\"useTimeFilter\":false},\"title\":\"Region/Account Filters [Metrics AWS]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Region/Account Filters\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"bb4b0cfa-7d6f-48e3-913e-2713c5aa3fe0\",\"w\":14,\"x\":10,\"y\":0},\"panelIndex\":\"bb4b0cfa-7d6f-48e3-913e-2713c5aa3fe0\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"43e58670-7b05-11ea-8ef8-01625a2f68ac\"}],\"bar_color_rules\":[{\"id\":\"3c733ea0-7b05-11ea-8ef8-01625a2f68ac\"}],\"drop_last_bucket\":1,\"gauge_color_rules\":[{\"id\":\"499c62a0-7b05-11ea-8ef8-01625a2f68ac\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\">=1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0.1\",\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Consumed Read Capacity Units\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.dynamodb.metrics.ConsumedReadCapacityUnits.avg\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"offset_time\":\"\",\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"steps\":0,\"terms_field\":\"aws.dimensions.TableName\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"DynamoDB Consumed Read Capacity Units [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Consumed Read Capacity Units\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"09bdf20b-43b4-47a3-a113-d34ef3b2596c\",\"w\":14,\"x\":24,\"y\":0},\"panelIndex\":\"09bdf20b-43b4-47a3-a113-d34ef3b2596c\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"43e58670-7b05-11ea-8ef8-01625a2f68ac\"}],\"bar_color_rules\":[{\"id\":\"3c733ea0-7b05-11ea-8ef8-01625a2f68ac\"}],\"drop_last_bucket\":1,\"gauge_color_rules\":[{\"id\":\"499c62a0-7b05-11ea-8ef8-01625a2f68ac\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\">=1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0.1\",\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Consumed Write Capacity Units\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.dynamodb.metrics.ConsumedWriteCapacityUnits.avg\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"offset_time\":\"\",\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"steps\":0,\"terms_field\":\"aws.dimensions.TableName\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"DynamoDB Consumed Write Capacity Units [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Consumed Write Capacity Units\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"1bd7141d-b410-4ca0-8550-f8f645d97983\",\"w\":10,\"x\":38,\"y\":0},\"panelIndex\":\"1bd7141d-b410-4ca0-8550-f8f645d97983\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Reads\",\"field\":\"aws.dynamodb.metrics.AccountMaxReads.max\"},\"schema\":\"metric\",\"type\":\"max\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Table Reads\",\"field\":\"aws.dynamodb.metrics.AccountMaxTableLevelReads.max\"},\"schema\":\"metric\",\"type\":\"max\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Writes\",\"field\":\"aws.dynamodb.metrics.AccountMaxWrites.max\"},\"schema\":\"metric\",\"type\":\"max\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Table Writes\",\"field\":\"aws.dynamodb.metrics.AccountMaxTableLevelWrites.max\"},\"schema\":\"metric\",\"type\":\"max\"}],\"searchSource\":{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"detailedTooltip\":true,\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":0,\"aggType\":\"max\",\"format\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"basePath\":\"\",\"origin\":\"http://localhost:5601\",\"pathname\":\"/app/kibana\"}}},\"label\":\"Reads\",\"params\":{}},{\"accessor\":1,\"aggType\":\"max\",\"format\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"basePath\":\"\",\"origin\":\"http://localhost:5601\",\"pathname\":\"/app/kibana\"}}},\"label\":\"Table Reads\",\"params\":{}},{\"accessor\":2,\"aggType\":\"max\",\"format\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"basePath\":\"\",\"origin\":\"http://localhost:5601\",\"pathname\":\"/app/kibana\"}}},\"label\":\"Writes\",\"params\":{}}]},\"grid\":{\"categoryLines\":false},\"isVislibVis\":true,\"labels\":{\"show\":false},\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"seriesParams\":[{\"circlesRadius\":1,\"data\":{\"id\":\"1\",\"label\":\"Reads\"},\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"},{\"circlesRadius\":1,\"data\":{\"id\":\"2\",\"label\":\"Table Reads\"},\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"},{\"circlesRadius\":1,\"data\":{\"id\":\"3\",\"label\":\"Writes\"},\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"},{\"circlesRadius\":1,\"data\":{\"id\":\"4\",\"label\":\"Table Writes\"},\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Account Max Reads\"},\"type\":\"value\"}],\"legendSize\":\"auto\"},\"title\":\"DynamoDB Max Read/Write Account Limits [Metrics AWS]\",\"type\":\"histogram\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Max Read/Write Account Limits\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"073302ad-0e44-4cd1-b16d-58f017a71816\",\"w\":17,\"x\":0,\"y\":9},\"panelIndex\":\"073302ad-0e44-4cd1-b16d-58f017a71816\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"43e58670-7b05-11ea-8ef8-01625a2f68ac\"}],\"bar_color_rules\":[{\"id\":\"3c733ea0-7b05-11ea-8ef8-01625a2f68ac\"}],\"drop_last_bucket\":1,\"gauge_color_rules\":[{\"id\":\"499c62a0-7b05-11ea-8ef8-01625a2f68ac\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\">=1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0.1\",\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Successful Request Latency\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.dynamodb.metrics.SuccessfulRequestLatency.avg\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"offset_time\":\"\",\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"steps\":0,\"terms_field\":\"aws.dimensions.TableName\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"DynamoDB Successful Request Latency [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Successful Request Latency\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"ddcbc858-d2a0-42c3-8074-74f7d08ecb60\",\"w\":16,\"x\":17,\"y\":9},\"panelIndex\":\"ddcbc858-d2a0-42c3-8074-74f7d08ecb60\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\">=1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0.1\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Read Throttle Events\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.dynamodb.metrics.ReadThrottleEvents.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"max\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.TableName\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"DynamoDB Read Throttle Events [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Read Throttle Events\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"95ffd42d-b28d-4f40-b3cb-6a6ac52943e1\",\"w\":15,\"x\":33,\"y\":9},\"panelIndex\":\"95ffd42d-b28d-4f40-b3cb-6a6ac52943e1\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\">=1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0.1\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Throttled Requests\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.dynamodb.metrics.ThrottledRequests.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"max\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.TableName\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"DynamoDB Throttle Requests [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Throttle Requests\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"0a588a08-997a-422f-a5db-e56728bc6702\",\"w\":17,\"x\":0,\"y\":19},\"panelIndex\":\"0a588a08-997a-422f-a5db-e56728bc6702\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\">=1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0.1\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Max Request Latency Per Operation\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.dynamodb.metrics.SuccessfulRequestLatency.max\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"max\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.Operation\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"DynamoDB Max Request Latency Per Operation [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Max Request Latency Per Operation\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"897ae224-d367-4fe0-aa23-5bb13165cc67\",\"w\":16,\"x\":17,\"y\":19},\"panelIndex\":\"897ae224-d367-4fe0-aa23-5bb13165cc67\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\">=1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0.1\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Write Throttle Events\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.dynamodb.metrics.WriteThrottleEvents.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"max\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.TableName\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"DynamoDB Write Throttle Events [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Write Throttle Events\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"e81e9817-c971-454b-881a-09cec10da0e9\",\"w\":15,\"x\":33,\"y\":19},\"panelIndex\":\"e81e9817-c971-454b-881a-09cec10da0e9\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Write Utilization\",\"field\":\"aws.dynamodb.metrics.AccountProvisionedWriteCapacityUtilization.avg\"},\"schema\":\"metric\",\"type\":\"max\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"scaleMetricValues\":false,\"timeRange\":{\"from\":\"now-15m\",\"to\":\"now\"},\"useNormalizedEsInterval\":true},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Read Utilization\",\"field\":\"aws.dynamodb.metrics.AccountProvisionedReadCapacityUtilization.avg\"},\"schema\":\"metric\",\"type\":\"max\"}],\"searchSource\":{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"detailedTooltip\":true,\"dimensions\":{\"x\":{\"accessor\":0,\"aggType\":\"date_histogram\",\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm:ss\"}},\"label\":\"@timestamp per 30 seconds\",\"params\":{\"bounds\":{\"max\":\"2020-04-10T10:29:58.462Z\",\"min\":\"2020-04-10T10:14:58.462Z\"},\"date\":true,\"format\":\"HH:mm:ss\",\"interval\":\"PT30S\",\"intervalESUnit\":\"s\",\"intervalESValue\":30}},\"y\":[{\"accessor\":1,\"aggType\":\"max\",\"format\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"basePath\":\"\",\"origin\":\"http://localhost:5601\",\"pathname\":\"/app/kibana\"}}},\"label\":\"Write Utilization\",\"params\":{}},{\"accessor\":2,\"aggType\":\"max\",\"format\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"basePath\":\"\",\"origin\":\"http://localhost:5601\",\"pathname\":\"/app/kibana\"}}},\"label\":\"Read Utilization\",\"params\":{}}]},\"fittingFunction\":\"linear\",\"grid\":{\"categoryLines\":false},\"isVislibVis\":true,\"labels\":{},\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"seriesParams\":[{\"circlesRadius\":1,\"data\":{\"id\":\"1\",\"label\":\"Write Utilization\"},\"drawLinesBetweenPoints\":true,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"},{\"circlesRadius\":1,\"data\":{\"id\":\"3\",\"label\":\"Read Utilization\"},\"drawLinesBetweenPoints\":true,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#34130C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Write Utilization\"},\"type\":\"value\"}],\"legendSize\":\"auto\"},\"title\":\"DynamoDB Account Provisioned Capacity Utilization [Metrics AWS]\",\"type\":\"line\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Account Provisioned Write Capacity Utilization\"}]","timeRestore":false,"title":"[Metrics AWS] DynamoDB Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"aws-68ba7bd0-20b6-11ea-8f72-2f8d21e50b0c","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"9642fcd0-464b-46ea-815c-cd2d9efc056d:control_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"9642fcd0-464b-46ea-815c-cd2d9efc056d:control_1_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"1bd7141d-b410-4ca0-8550-f8f645d97983:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"metrics-*","name":"e81e9817-c971-454b-881a-09cec10da0e9:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688996741503,6049],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1MTYsMV0="}
+{"attributes":{"description":"Overview of AWS Lambda Metrics","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.lambda\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.lambda\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"8f2d1b8f-fef3-4a9a-9cc8-7f0e2c65e35a\",\"w\":14,\"x\":0,\"y\":0},\"panelIndex\":\"8f2d1b8f-fef3-4a9a-9cc8-7f0e2c65e35a\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloud.account.name\",\"id\":\"1549397251041\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"account name\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":true,\"useTimeFilter\":false},\"title\":\"AWS Account Filter [Metrics AWS]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"AWS Account Filter\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"443a9699-3451-44f7-8415-99a16c3f45b3\",\"w\":34,\"x\":14,\"y\":0},\"panelIndex\":\"443a9699-3451-44f7-8415-99a16c3f45b3\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":0,\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"fbf0eac0-28d0-11ea-8789-f72e3366fb25\"}],\"bar_color_rules\":[{\"id\":\"f679afa0-28d0-11ea-8789-f72e3366fb25\"}],\"drop_last_bucket\":1,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"gauge_color_rules\":[{\"id\":\"3eabbde0-28d1-11ea-8789-f72e3366fb25\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"id\":\"ca2e4c60-28cd-11ea-822d-3ba2c0089081\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#3185FC\",\"fill\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"formatter\":\"number\",\"id\":\"ca2e4c61-28cd-11ea-822d-3ba2c0089081\",\"label\":\"avg(aws.metrics.Duration.avg)\",\"line_width\":2,\"metrics\":[{\"field\":\"aws.lambda.metrics.Errors.avg\",\"id\":\"ca2e4c62-28cd-11ea-822d-3ba2c0089081\",\"type\":\"max\"}],\"point_size\":\"4\",\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.FunctionName\",\"terms_order_by\":\"ca2e4c62-28cd-11ea-822d-3ba2c0089081\",\"type\":\"timeseries\",\"value_template\":\"{{value}}\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"Lambda Top Errors [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Top Errors\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"60a16bf0-2979-467a-b30e-05ea29547b41\",\"w\":14,\"x\":0,\"y\":5},\"panelIndex\":\"60a16bf0-2979-467a-b30e-05ea29547b41\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloud.region\",\"id\":\"1549397251041\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"region name\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":true,\"useTimeFilter\":false},\"title\":\"AWS Region Filter [Metrics AWS]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"AWS Region Filter\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":14,\"i\":\"349ef0d1-fea1-4b91-b95d-7a668914e10b\",\"w\":48,\"x\":0,\"y\":10},\"panelIndex\":\"349ef0d1-fea1-4b91-b95d-7a668914e10b\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":0,\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"id\":\"ca2e4c60-28cd-11ea-822d-3ba2c0089081\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#3185FC\",\"fill\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"formatter\":\"number\",\"id\":\"ca2e4c61-28cd-11ea-822d-3ba2c0089081\",\"label\":\"avg(aws.metrics.Duration.avg)\",\"line_width\":2,\"metrics\":[{\"field\":\"aws.lambda.metrics.Duration.avg\",\"id\":\"ca2e4c62-28cd-11ea-822d-3ba2c0089081\",\"type\":\"avg\"}],\"point_size\":\"4\",\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.FunctionName\",\"terms_order_by\":\"ca2e4c62-28cd-11ea-822d-3ba2c0089081\",\"type\":\"timeseries\",\"value_template\":\"{{value}}\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"Lambda Duration in Milliseconds [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Lambda Function Duration in Milliseconds\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"048b1577-5aed-48e5-8f90-147aa3d56c1a\",\"w\":24,\"x\":0,\"y\":24},\"panelIndex\":\"048b1577-5aed-48e5-8f90-147aa3d56c1a\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":0,\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"fbf0eac0-28d0-11ea-8789-f72e3366fb25\"}],\"bar_color_rules\":[{\"id\":\"f679afa0-28d0-11ea-8789-f72e3366fb25\"}],\"drop_last_bucket\":1,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"hide_last_value_indicator\":true,\"id\":\"ca2e4c60-28cd-11ea-822d-3ba2c0089081\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#3185FC\",\"fill\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"formatter\":\"number\",\"id\":\"ca2e4c61-28cd-11ea-822d-3ba2c0089081\",\"label\":\"avg(aws.metrics.Duration.avg)\",\"line_width\":2,\"metrics\":[{\"field\":\"aws.lambda.metrics.Invocations.avg\",\"id\":\"ca2e4c62-28cd-11ea-822d-3ba2c0089081\",\"type\":\"max\"}],\"point_size\":\"4\",\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.FunctionName\",\"terms_order_by\":\"ca2e4c62-28cd-11ea-822d-3ba2c0089081\",\"type\":\"timeseries\",\"value_template\":\"{{value}}\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"top_n\",\"use_kibana_indexes\":false},\"title\":\"Lambda Top Invoked Functions [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Top Invoked Lambda Functions\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"4c8e471c-45da-47be-a866-c5bfc6d28a05\",\"w\":24,\"x\":24,\"y\":24},\"panelIndex\":\"4c8e471c-45da-47be-a866-c5bfc6d28a05\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":0,\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"fbf0eac0-28d0-11ea-8789-f72e3366fb25\"}],\"bar_color_rules\":[{\"id\":\"f679afa0-28d0-11ea-8789-f72e3366fb25\"}],\"drop_last_bucket\":1,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"gauge_color_rules\":[{\"id\":\"3eabbde0-28d1-11ea-8789-f72e3366fb25\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"hide_last_value_indicator\":true,\"id\":\"ca2e4c60-28cd-11ea-822d-3ba2c0089081\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#3185FC\",\"fill\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"formatter\":\"number\",\"id\":\"ca2e4c61-28cd-11ea-822d-3ba2c0089081\",\"label\":\"avg(aws.metrics.Duration.avg)\",\"line_width\":2,\"metrics\":[{\"field\":\"aws.lambda.metrics.Duration.avg\",\"id\":\"ca2e4c62-28cd-11ea-822d-3ba2c0089081\",\"type\":\"max\"}],\"point_size\":\"4\",\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.FunctionName\",\"terms_order_by\":\"ca2e4c62-28cd-11ea-822d-3ba2c0089081\",\"type\":\"timeseries\",\"value_template\":\"{{value}}\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"top_n\",\"use_kibana_indexes\":false},\"title\":\"Lambda Top Throttles [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Top Throttled Lambda Functions\"}]","timeRestore":false,"title":"[Metrics AWS] Lambda Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"aws-7ac8e1d0-28d2-11ea-ba6c-49a884eb104f","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"8f2d1b8f-fef3-4a9a-9cc8-7f0e2c65e35a:control_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"60a16bf0-2979-467a-b30e-05ea29547b41:control_0_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688996741503,6055],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1MTcsMV0="}
+{"attributes":{"description":"Overview of AWS S3 Storage Lens Metrics","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.s3_storage_lens\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.s3_storage_lens\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"0b61b236-11aa-4040-abf9-7b8eb4db1e31\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"0b61b236-11aa-4040-abf9-7b8eb4db1e31\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":16,\"markdown\":\"Daily Overview\",\"openLinksInNewTab\":false},\"title\":\"S3 Storage Lens Daily Overview Markdown [AWS Metrics]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"9b8691d3-9f30-4776-bf5c-342900818a80\",\"w\":8,\"x\":0,\"y\":4},\"panelIndex\":\"9b8691d3-9f30-4776-bf5c-342900818a80\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"aws.dimensions.aws_account_number\",\"id\":\"1636497293904\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"Account\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"aws.dimensions.aws_region\",\"id\":\"1549397251041\",\"indexPatternRefName\":\"control_1_index_pattern\",\"label\":\"Region\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"aws.dimensions.bucket_name\",\"id\":\"1549512142947\",\"indexPatternRefName\":\"control_2_index_pattern\",\"label\":\"S3 Bucket Name\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":true,\"useTimeFilter\":false},\"title\":\"S3 Storage Lens Filters [Metrics AWS]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Filters\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"3fc410ab-c8ca-4a7d-9566-c9921f7f3323\",\"w\":8,\"x\":8,\"y\":4},\"panelIndex\":\"3fc410ab-c8ca-4a7d-9566-c9921f7f3323\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"65c0c4b0-42a2-11ec-afe1-bb42ec488e9b\"}],\"drop_last_bucket\":0,\"id\":\"142ea8b7-6859-4f47-a442-71e4c5995e8d\",\"index_pattern_ref_name\":\"metrics_0_index_pattern\",\"interval\":\"\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\" \"},\"formatter\":\"bytes\",\"id\":\"de4a05bf-2a2d-422d-98ba-49350f7442d9\",\"label\":\"Total Storage\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.s3_storage_lens.metrics.StorageBytes.avg\",\"id\":\"cf9f8d20-f581-4036-8f5f-07748b6f9533\",\"type\":\"sum\"}],\"override_index_pattern\":1,\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"point_size\":1,\"separate_axis\":0,\"series_index_pattern_ref_name\":\"metrics_1_index_pattern\",\"series_interval\":\"3d\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"time_range_mode\":\"last_value\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"metric\",\"use_kibana_indexes\":true},\"title\":\"S3 Storage Lens Total Storage [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"6d7c0316-d2fa-4e3c-9028-fc7f109a7337\",\"w\":8,\"x\":16,\"y\":4},\"panelIndex\":\"6d7c0316-d2fa-4e3c-9028-fc7f109a7337\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"66732f50-42a3-11ec-afe1-bb42ec488e9b\"}],\"drop_last_bucket\":0,\"id\":\"c9efe17d-a8ee-4317-8eaa-e00070f8c4f4\",\"index_pattern_ref_name\":\"metrics_0_index_pattern\",\"interval\":\"\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\" \"},\"formatter\":\"number\",\"id\":\"de4a05bf-2a2d-422d-98ba-49350f7442d9\",\"label\":\"Object Count\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.s3_storage_lens.metrics.ObjectCount.avg\",\"id\":\"cf9f8d20-f581-4036-8f5f-07748b6f9533\",\"type\":\"sum\"}],\"override_index_pattern\":1,\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"point_size\":1,\"separate_axis\":0,\"series_index_pattern_ref_name\":\"metrics_1_index_pattern\",\"series_interval\":\"3d\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"metric\",\"use_kibana_indexes\":true},\"title\":\"S3 Storage Lens Object Count [AWS Metrics]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"90e351eb-70b7-4a7b-b113-b399adf6ff28\",\"w\":8,\"x\":24,\"y\":4},\"panelIndex\":\"90e351eb-70b7-4a7b-b113-b399adf6ff28\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"65c0c4b0-42a2-11ec-afe1-bb42ec488e9b\"}],\"drop_last_bucket\":0,\"id\":\"142ea8b7-6859-4f47-a442-71e4c5995e8d\",\"index_pattern_ref_name\":\"metrics_0_index_pattern\",\"interval\":\"\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\" \"},\"formatter\":\"bytes\",\"id\":\"de4a05bf-2a2d-422d-98ba-49350f7442d9\",\"label\":\"Average Object Size\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.s3_storage_lens.metrics.ObjectCount.avg\",\"id\":\"4074b470-42a5-11ec-9ec9-3315b0d7914c\",\"type\":\"sum\"},{\"field\":\"aws.s3_storage_lens.metrics.StorageBytes.avg\",\"id\":\"cf9f8d20-f581-4036-8f5f-07748b6f9533\",\"type\":\"sum\"},{\"id\":\"568cd530-42a5-11ec-9ec9-3315b0d7914c\",\"script\":\"divide(params.TotalStorage, params.ObjectCount)\",\"type\":\"math\",\"variables\":[{\"field\":\"cf9f8d20-f581-4036-8f5f-07748b6f9533\",\"id\":\"59e1cc90-42a5-11ec-9ec9-3315b0d7914c\",\"name\":\"TotalStorage\"},{\"field\":\"4074b470-42a5-11ec-9ec9-3315b0d7914c\",\"id\":\"64d21790-42a5-11ec-9ec9-3315b0d7914c\",\"name\":\"ObjectCount\"}]}],\"override_index_pattern\":1,\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"point_size\":1,\"separate_axis\":0,\"series_index_pattern_ref_name\":\"metrics_1_index_pattern\",\"series_interval\":\"3d\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"time_range_mode\":\"last_value\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"metric\",\"use_kibana_indexes\":true},\"title\":\"S3 Storage Lens Average Object Size[Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"f5ccf3a7-2922-43ff-bc79-1cd7d56e89a0\",\"w\":8,\"x\":32,\"y\":4},\"panelIndex\":\"f5ccf3a7-2922-43ff-bc79-1cd7d56e89a0\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"6479f000-42a6-11ec-afe1-bb42ec488e9b\"}],\"drop_last_bucket\":0,\"id\":\"2e804eee-436c-4e36-917b-7400ea5e5f89\",\"index_pattern_ref_name\":\"metrics_0_index_pattern\",\"interval\":\"\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"not aws.dimensions.storage_class : \\\"-\\\" \"},\"formatter\":\"number\",\"id\":\"de4a05bf-2a2d-422d-98ba-49350f7442d9\",\"label\":\"Active Buckets\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.dimensions.bucket_name\",\"id\":\"cf9f8d20-f581-4036-8f5f-07748b6f9533\",\"type\":\"cardinality\"}],\"override_index_pattern\":1,\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"point_size\":1,\"separate_axis\":0,\"series_index_pattern_ref_name\":\"metrics_1_index_pattern\",\"series_interval\":\"3d\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"metric\",\"use_kibana_indexes\":true},\"title\":\"S3 Storage Lens Active Buckets [AWS Metrics]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"03a07a48-e7e7-4aad-9b3f-74617467c739\",\"w\":8,\"x\":40,\"y\":4},\"panelIndex\":\"03a07a48-e7e7-4aad-9b3f-74617467c739\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"6479f000-42a6-11ec-afe1-bb42ec488e9b\"}],\"drop_last_bucket\":0,\"id\":\"2e804eee-436c-4e36-917b-7400ea5e5f89\",\"index_pattern_ref_name\":\"metrics_0_index_pattern\",\"interval\":\"\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"not aws.dimensions.storage_class : \\\"-\\\" \"},\"formatter\":\"number\",\"id\":\"de4a05bf-2a2d-422d-98ba-49350f7442d9\",\"label\":\"Accounts\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.dimensions.aws_account_number\",\"id\":\"cf9f8d20-f581-4036-8f5f-07748b6f9533\",\"type\":\"cardinality\"}],\"override_index_pattern\":1,\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"point_size\":1,\"separate_axis\":0,\"series_index_pattern_ref_name\":\"metrics_1_index_pattern\",\"series_interval\":\"3d\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"metric\",\"use_kibana_indexes\":true},\"title\":\"S3 Storage Lens Accounts [AWS Metrics]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"82b50202-e42d-49fb-9db7-2213216350f9\",\"w\":24,\"x\":0,\"y\":15},\"panelIndex\":\"82b50202-e42d-49fb-9db7-2213216350f9\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"88f52970-42a8-11ec-afe1-bb42ec488e9b\"}],\"bar_color_rules\":[{\"id\":\"5fac2960-42a8-11ec-afe1-bb42ec488e9b\"}],\"drop_last_bucket\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\" \"},\"gauge_color_rules\":[{\"id\":\"864db020-42a8-11ec-afe1-bb42ec488e9b\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"id\":\"c08f117f-f0e8-4d10-ace7-5d2a5aab35c0\",\"index_pattern_ref_name\":\"metrics_0_index_pattern\",\"interval\":\"3d\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"left\",\"chart_type\":\"bar\",\"color\":\"rgba(96,146,192,1)\",\"fill\":\"1\",\"formatter\":\"bytes\",\"id\":\"de4a05bf-2a2d-422d-98ba-49350f7442d9\",\"label\":\"Total Storage\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.s3_storage_lens.metrics.StorageBytes.avg\",\"id\":\"cf9f8d20-f581-4036-8f5f-07748b6f9533\",\"type\":\"sum\"}],\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"point_size\":1,\"separate_axis\":1,\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.aws_region\",\"terms_order_by\":\"cf9f8d20-f581-4036-8f5f-07748b6f9533\",\"terms_size\":\"5\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"last_value\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"top_n\",\"use_kibana_indexes\":true},\"title\":\"S3 Storage Lens Total Storage Region Distribution [AWS Metrics]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Total Storage Region Distribution\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"048f0020-8699-459c-bbb3-33a5597798f9\",\"w\":24,\"x\":24,\"y\":15},\"panelIndex\":\"048f0020-8699-459c-bbb3-33a5597798f9\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"88f52970-42a8-11ec-afe1-bb42ec488e9b\"}],\"bar_color_rules\":[{\"id\":\"5fac2960-42a8-11ec-afe1-bb42ec488e9b\"}],\"drop_last_bucket\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"gauge_color_rules\":[{\"id\":\"864db020-42a8-11ec-afe1-bb42ec488e9b\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"id\":\"c08f117f-f0e8-4d10-ace7-5d2a5aab35c0\",\"index_pattern_ref_name\":\"metrics_0_index_pattern\",\"interval\":\"3d\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"left\",\"chart_type\":\"bar\",\"color\":\"rgba(96,146,192,1)\",\"fill\":\"1\",\"filter\":{\"language\":\"kuery\",\"query\":\"aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\"\"},\"formatter\":\"bytes\",\"id\":\"de4a05bf-2a2d-422d-98ba-49350f7442d9\",\"label\":\"Total Storage\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.s3_storage_lens.metrics.StorageBytes.avg\",\"id\":\"cf9f8d20-f581-4036-8f5f-07748b6f9533\",\"type\":\"sum\"}],\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"point_size\":1,\"separate_axis\":1,\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.storage_class\",\"terms_order_by\":\"cf9f8d20-f581-4036-8f5f-07748b6f9533\",\"terms_size\":\"5\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"last_value\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"top_n\",\"use_kibana_indexes\":true},\"title\":\"S3 Storage Lens Total Storage Class Distribution [AWS Metrics]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Total Storage Class Distribution\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"939563b6-0601-45ef-86fc-bc18fb7fa474\",\"w\":24,\"x\":0,\"y\":22},\"panelIndex\":\"939563b6-0601-45ef-86fc-bc18fb7fa474\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"88f52970-42a8-11ec-afe1-bb42ec488e9b\"}],\"bar_color_rules\":[{\"id\":\"5fac2960-42a8-11ec-afe1-bb42ec488e9b\"}],\"drop_last_bucket\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\" \"},\"gauge_color_rules\":[{\"id\":\"864db020-42a8-11ec-afe1-bb42ec488e9b\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"id\":\"c08f117f-f0e8-4d10-ace7-5d2a5aab35c0\",\"index_pattern_ref_name\":\"metrics_0_index_pattern\",\"interval\":\"3d\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"left\",\"chart_type\":\"bar\",\"color\":\"rgba(231,102,76,1)\",\"fill\":\"1\",\"formatter\":\"number\",\"id\":\"de4a05bf-2a2d-422d-98ba-49350f7442d9\",\"label\":\"Object Count\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.s3_storage_lens.metrics.ObjectCount.avg\",\"id\":\"cf9f8d20-f581-4036-8f5f-07748b6f9533\",\"type\":\"sum\"}],\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"point_size\":1,\"separate_axis\":1,\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.aws_region\",\"terms_order_by\":\"cf9f8d20-f581-4036-8f5f-07748b6f9533\",\"terms_size\":\"5\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"last_value\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"top_n\",\"use_kibana_indexes\":true},\"title\":\"S3 Storage Lens Object Count Region Distribution [AWS Metrics]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Object Count Region Distribution\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"283f4fe8-710f-4f21-b024-ecb77d1933ab\",\"w\":24,\"x\":24,\"y\":22},\"panelIndex\":\"283f4fe8-710f-4f21-b024-ecb77d1933ab\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"88f52970-42a8-11ec-afe1-bb42ec488e9b\"}],\"bar_color_rules\":[{\"id\":\"5fac2960-42a8-11ec-afe1-bb42ec488e9b\"}],\"drop_last_bucket\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\" \"},\"gauge_color_rules\":[{\"id\":\"864db020-42a8-11ec-afe1-bb42ec488e9b\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"id\":\"c08f117f-f0e8-4d10-ace7-5d2a5aab35c0\",\"index_pattern_ref_name\":\"metrics_0_index_pattern\",\"interval\":\"3d\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"left\",\"chart_type\":\"bar\",\"color\":\"rgba(231,102,76,1)\",\"fill\":\"1\",\"formatter\":\"number\",\"id\":\"de4a05bf-2a2d-422d-98ba-49350f7442d9\",\"label\":\"Object Count\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.s3_storage_lens.metrics.ObjectCount.avg\",\"id\":\"cf9f8d20-f581-4036-8f5f-07748b6f9533\",\"type\":\"sum\"}],\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"point_size\":1,\"separate_axis\":1,\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.storage_class\",\"terms_order_by\":\"cf9f8d20-f581-4036-8f5f-07748b6f9533\",\"terms_size\":\"5\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"last_value\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"top_n\",\"use_kibana_indexes\":true},\"title\":\"S3 Storage Lens Object Count Class Distribution [AWS Metrics]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Object Count Class Distribution\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"826b9a1d-3ff4-4792-a833-e274f1a39c46\",\"w\":48,\"x\":0,\"y\":30},\"panelIndex\":\"826b9a1d-3ff4-4792-a833-e274f1a39c46\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":16,\"markdown\":\"Trends\",\"openLinksInNewTab\":false},\"title\":\"S3 Storage Lens Trends Markdown [AWS Metrics]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":14,\"i\":\"02d4d942-8c9a-4cb4-b3a3-18aacc0b2493\",\"w\":48,\"x\":0,\"y\":34},\"panelIndex\":\"02d4d942-8c9a-4cb4-b3a3-18aacc0b2493\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-eab1960c-2b9a-4e4a-9380-c29e91cbb47f\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"eab1960c-2b9a-4e4a-9380-c29e91cbb47f\":{\"columnOrder\":[\"e9704a86-fb68-4316-b885-42328390c6c0\",\"a80c40e7-af1b-4ac9-ba2e-baa7c13a729a\",\"d3578c4c-8e60-4bb8-9295-72b90c88d168\",\"a80c40e7-af1b-4ac9-ba2e-baa7c13a729aX0\",\"d3578c4c-8e60-4bb8-9295-72b90c88d168X0\"],\"columns\":{\"a80c40e7-af1b-4ac9-ba2e-baa7c13a729a\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Total Storage\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}},\"formula\":\"sum(aws.s3_storage_lens.metrics.StorageBytes.avg, kql='aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\" ')\",\"isFormulaBroken\":false},\"references\":[\"a80c40e7-af1b-4ac9-ba2e-baa7c13a729aX0\"],\"scale\":\"ratio\"},\"a80c40e7-af1b-4ac9-ba2e-baa7c13a729aX0\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\" \"},\"isBucketed\":false,\"label\":\"Part of Total Storage\",\"operationType\":\"sum\",\"scale\":\"ratio\",\"sourceField\":\"aws.s3_storage_lens.metrics.StorageBytes.avg\"},\"d3578c4c-8e60-4bb8-9295-72b90c88d168\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Storage Count\",\"operationType\":\"formula\",\"params\":{\"formula\":\"sum(aws.s3_storage_lens.metrics.ObjectCount.avg, kql='aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\" ')\",\"isFormulaBroken\":false},\"references\":[\"d3578c4c-8e60-4bb8-9295-72b90c88d168X0\"],\"scale\":\"ratio\"},\"d3578c4c-8e60-4bb8-9295-72b90c88d168X0\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\" \"},\"isBucketed\":false,\"label\":\"Part of Storage Count\",\"operationType\":\"sum\",\"scale\":\"ratio\",\"sourceField\":\"aws.s3_storage_lens.metrics.ObjectCount.avg\"},\"e9704a86-fb68-4316-b885-42328390c6c0\":{\"customLabel\":false,\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"interval\":\"1d\",\"includeEmptyRows\":true},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"filter-index-pattern-0\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.s3_storage_lens\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.s3_storage_lens\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"a80c40e7-af1b-4ac9-ba2e-baa7c13a729a\",\"d3578c4c-8e60-4bb8-9295-72b90c88d168\"],\"layerId\":\"eab1960c-2b9a-4e4a-9380-c29e91cbb47f\",\"layerType\":\"data\",\"seriesType\":\"line\",\"xAccessor\":\"e9704a86-fb68-4316-b885-42328390c6c0\",\"yConfig\":[{\"axisMode\":\"auto\",\"forAccessor\":\"d3578c4c-8e60-4bb8-9295-72b90c88d168\"},{\"axisMode\":\"auto\",\"color\":\"#e7664c\",\"forAccessor\":\"a80c40e7-af1b-4ac9-ba2e-baa7c13a729a\"}]}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"dataBounds\"},\"yRightExtent\":{\"mode\":\"dataBounds\"}}},\"title\":\"S3 Storage Lens Total Storage and Object Count [Metrics AWS]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Storage and Object Count\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"45489a96-fc7f-4c8f-b037-2a6a7fa37316\",\"w\":48,\"x\":0,\"y\":48},\"panelIndex\":\"45489a96-fc7f-4c8f-b037-2a6a7fa37316\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":14,\"markdown\":\"Cost Efficiency\",\"openLinksInNewTab\":false},\"title\":\"S3 Storage Lens Cost Efficiency Markdown [AWS Metrics]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":16,\"i\":\"d77a360f-abbd-41cb-8c72-ac1848168dbc\",\"w\":6,\"x\":0,\"y\":52},\"panelIndex\":\"d77a360f-abbd-41cb-8c72-ac1848168dbc\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"66732f50-42a3-11ec-afe1-bb42ec488e9b\"}],\"drop_last_bucket\":0,\"id\":\"c9efe17d-a8ee-4317-8eaa-e00070f8c4f4\",\"index_pattern_ref_name\":\"metrics_0_index_pattern\",\"interval\":\"\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\" \"},\"formatter\":\"number\",\"id\":\"de4a05bf-2a2d-422d-98ba-49350f7442d9\",\"label\":\"Delete Marker Object Count\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.s3_storage_lens.metrics.DeleteMarkerObjectCount.avg\",\"id\":\"cf9f8d20-f581-4036-8f5f-07748b6f9533\",\"type\":\"sum\"}],\"override_index_pattern\":1,\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"point_size\":1,\"separate_axis\":0,\"series_index_pattern_ref_name\":\"metrics_1_index_pattern\",\"series_interval\":\"3d\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"metric\",\"use_kibana_indexes\":true},\"title\":\"S3 Storage Lens Delete Marker Object Count [AWS Metrics]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":16,\"i\":\"4a0a8cb0-acce-4b4f-8635-d19b33a5b7c7\",\"w\":21,\"x\":6,\"y\":52},\"panelIndex\":\"4a0a8cb0-acce-4b4f-8635-d19b33a5b7c7\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-af6bd20f-099d-4817-a951-99bcba7e1752\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"af6bd20f-099d-4817-a951-99bcba7e1752\":{\"columnOrder\":[\"6af18f84-7f98-4aec-88d2-51eb0e177fa7\",\"f13847d9-f404-41a8-8e17-12b47d683bd0\",\"f13847d9-f404-41a8-8e17-12b47d683bd0X0\",\"f13847d9-f404-41a8-8e17-12b47d683bd0X1\",\"f13847d9-f404-41a8-8e17-12b47d683bd0X2\"],\"columns\":{\"6af18f84-7f98-4aec-88d2-51eb0e177fa7\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"interval\":\"1d\",\"includeEmptyRows\":true},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"f13847d9-f404-41a8-8e17-12b47d683bd0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"% Current Version Bytes\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":2}},\"formula\":\"divide(sum(aws.s3_storage_lens.metrics.CurrentVersionStorageBytes.avg, kql='aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\" '), sum(aws.s3_storage_lens.metrics.StorageBytes.avg, kql='aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\" '))\",\"isFormulaBroken\":false},\"references\":[\"f13847d9-f404-41a8-8e17-12b47d683bd0X2\"],\"scale\":\"ratio\"},\"f13847d9-f404-41a8-8e17-12b47d683bd0X0\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\" \"},\"isBucketed\":false,\"label\":\"Part of % Current Version Bytes\",\"operationType\":\"sum\",\"scale\":\"ratio\",\"sourceField\":\"aws.s3_storage_lens.metrics.CurrentVersionStorageBytes.avg\"},\"f13847d9-f404-41a8-8e17-12b47d683bd0X1\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\" \"},\"isBucketed\":false,\"label\":\"Part of % Current Version Bytes\",\"operationType\":\"sum\",\"scale\":\"ratio\",\"sourceField\":\"aws.s3_storage_lens.metrics.StorageBytes.avg\"},\"f13847d9-f404-41a8-8e17-12b47d683bd0X2\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of % Current Version Bytes\",\"operationType\":\"math\",\"params\":{\"tinymathAst\":{\"args\":[\"f13847d9-f404-41a8-8e17-12b47d683bd0X0\",\"f13847d9-f404-41a8-8e17-12b47d683bd0X1\"],\"location\":{\"max\":302,\"min\":0},\"name\":\"divide\",\"text\":\"divide(sum(aws.s3_storage_lens.metrics.CurrentVersionStorageBytes.avg, kql='aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\" '), sum(aws.s3_storage_lens.metrics.StorageBytes.avg, kql='aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\" '))\",\"type\":\"function\"}},\"references\":[\"f13847d9-f404-41a8-8e17-12b47d683bd0X0\",\"f13847d9-f404-41a8-8e17-12b47d683bd0X1\"],\"scale\":\"ratio\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"filter-index-pattern-0\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.s3_storage_lens\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.s3_storage_lens\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"f13847d9-f404-41a8-8e17-12b47d683bd0\"],\"layerId\":\"af6bd20f-099d-4817-a951-99bcba7e1752\",\"layerType\":\"data\",\"seriesType\":\"line\",\"xAccessor\":\"6af18f84-7f98-4aec-88d2-51eb0e177fa7\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"title\":\"S3 Storage Lens Percentage Current Version Bytes [AWS Metrics]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Current Version Bytes Percentage\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":16,\"i\":\"f4087f7c-4714-430d-9fce-9232215efcea\",\"w\":21,\"x\":27,\"y\":52},\"panelIndex\":\"f4087f7c-4714-430d-9fce-9232215efcea\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-af6bd20f-099d-4817-a951-99bcba7e1752\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"af6bd20f-099d-4817-a951-99bcba7e1752\":{\"columnOrder\":[\"e959c162-4cf1-42f8-bcc7-e08698adc162\",\"f13847d9-f404-41a8-8e17-12b47d683bd0\",\"f13847d9-f404-41a8-8e17-12b47d683bd0X0\",\"f13847d9-f404-41a8-8e17-12b47d683bd0X1\",\"f13847d9-f404-41a8-8e17-12b47d683bd0X2\"],\"columns\":{\"e959c162-4cf1-42f8-bcc7-e08698adc162\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"interval\":\"1d\",\"includeEmptyRows\":true},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"f13847d9-f404-41a8-8e17-12b47d683bd0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"% incomplete MPU bytes\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":2}},\"formula\":\"divide(sum(aws.s3_storage_lens.metrics.IncompleteMultipartUploadStorageBytes.avg, kql='aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\" '), sum(aws.s3_storage_lens.metrics.StorageBytes.avg, kql='aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\" '))\",\"isFormulaBroken\":false},\"references\":[\"f13847d9-f404-41a8-8e17-12b47d683bd0X2\"],\"scale\":\"ratio\"},\"f13847d9-f404-41a8-8e17-12b47d683bd0X0\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\" \"},\"isBucketed\":false,\"label\":\"Part of % incomplete MPU bytes\",\"operationType\":\"sum\",\"scale\":\"ratio\",\"sourceField\":\"aws.s3_storage_lens.metrics.IncompleteMultipartUploadStorageBytes.avg\"},\"f13847d9-f404-41a8-8e17-12b47d683bd0X1\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\" \"},\"isBucketed\":false,\"label\":\"Part of % incomplete MPU bytes\",\"operationType\":\"sum\",\"scale\":\"ratio\",\"sourceField\":\"aws.s3_storage_lens.metrics.StorageBytes.avg\"},\"f13847d9-f404-41a8-8e17-12b47d683bd0X2\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of % incomplete MPU bytes\",\"operationType\":\"math\",\"params\":{\"tinymathAst\":{\"args\":[\"f13847d9-f404-41a8-8e17-12b47d683bd0X0\",\"f13847d9-f404-41a8-8e17-12b47d683bd0X1\"],\"location\":{\"max\":313,\"min\":0},\"name\":\"divide\",\"text\":\"divide(sum(aws.s3_storage_lens.metrics.IncompleteMultipartUploadStorageBytes.avg, kql='aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\" '), sum(aws.s3_storage_lens.metrics.StorageBytes.avg, kql='aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\" '))\",\"type\":\"function\"}},\"references\":[\"f13847d9-f404-41a8-8e17-12b47d683bd0X0\",\"f13847d9-f404-41a8-8e17-12b47d683bd0X1\"],\"scale\":\"ratio\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"f13847d9-f404-41a8-8e17-12b47d683bd0\"],\"layerId\":\"af6bd20f-099d-4817-a951-99bcba7e1752\",\"layerType\":\"data\",\"seriesType\":\"line\",\"xAccessor\":\"e959c162-4cf1-42f8-bcc7-e08698adc162\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"title\":\"S3 Storage Lens Percentage incomplete MPU bytes [AWS Metrics]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Incomplete MPU bytes Percentage\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"2dbf68cd-48be-4e1f-a526-a47ec24f8359\",\"w\":48,\"x\":0,\"y\":68},\"panelIndex\":\"2dbf68cd-48be-4e1f-a526-a47ec24f8359\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":14,\"markdown\":\"Data Protection\",\"openLinksInNewTab\":false},\"title\":\"S3 Storage Lens Data Protection Markdown [AWS Metrics]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"b21580ab-7ec7-47fe-9449-14b1d617fd63\",\"w\":17,\"x\":0,\"y\":72},\"panelIndex\":\"b21580ab-7ec7-47fe-9449-14b1d617fd63\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"8d0ce9b0-42aa-11ec-93b6-03cae606ce61\"}],\"bar_color_rules\":[{\"id\":\"ddaf4ed0-42aa-11ec-a5a1-73d3b46a933e\"}],\"drop_last_bucket\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\" \"},\"gauge_color_rules\":[{\"id\":\"0d38a660-42ab-11ec-a5a1-73d3b46a933e\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"id\":\"7c0ba441-be60-42ec-9d68-6959f1c1e709\",\"index_pattern_ref_name\":\"metrics_0_index_pattern\",\"interval\":\"\",\"isModelInvalid\":false,\"markdown\":\"test\\t{{ object_lock_bytes_percentage.last.raw }}\",\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"percent\",\"id\":\"4e7561ec-a29c-4558-9d40-d8f378c85daf\",\"label\":\"Object Locked\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.s3_storage_lens.metrics.ObjectLockEnabledStorageBytes.avg\",\"id\":\"5e067d85-0dfc-4208-a72b-75279b58b2b2\",\"type\":\"sum\"},{\"field\":\"aws.s3_storage_lens.metrics.StorageBytes.avg\",\"id\":\"66645e10-42aa-11ec-93b6-03cae606ce61\",\"type\":\"sum\"},{\"id\":\"707b8720-42aa-11ec-93b6-03cae606ce61\",\"script\":\"divide(params.ObjectLock, params.StorageBytes)\",\"type\":\"math\",\"variables\":[{\"field\":\"5e067d85-0dfc-4208-a72b-75279b58b2b2\",\"id\":\"73b2bd50-42aa-11ec-93b6-03cae606ce61\",\"name\":\"ObjectLock\"},{\"field\":\"66645e10-42aa-11ec-93b6-03cae606ce61\",\"id\":\"7c32cba0-42aa-11ec-93b6-03cae606ce61\",\"name\":\"StorageBytes\"}]}],\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"point_size\":1,\"separate_axis\":0,\"split_mode\":\"everything\",\"stacked\":\"none\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"metric\",\"use_kibana_indexes\":true},\"title\":\"S3 Storage Lens Object Lock Bytes Percentage [AWS Metrics]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Object Lock Bytes Percentage\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"ba2bd05a-ad1c-4d35-8396-89febc950636\",\"w\":16,\"x\":17,\"y\":72},\"panelIndex\":\"ba2bd05a-ad1c-4d35-8396-89febc950636\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"8d0ce9b0-42aa-11ec-93b6-03cae606ce61\"}],\"bar_color_rules\":[{\"id\":\"ddaf4ed0-42aa-11ec-a5a1-73d3b46a933e\"}],\"drop_last_bucket\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\" \"},\"gauge_color_rules\":[{\"id\":\"0d38a660-42ab-11ec-a5a1-73d3b46a933e\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"id\":\"7c0ba441-be60-42ec-9d68-6959f1c1e709\",\"index_pattern_ref_name\":\"metrics_0_index_pattern\",\"interval\":\"\",\"isModelInvalid\":false,\"markdown\":\"test\\t{{ object_lock_bytes_percentage.last.raw }}\",\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"percent\",\"id\":\"4e7561ec-a29c-4558-9d40-d8f378c85daf\",\"label\":\"Replicated\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.s3_storage_lens.metrics.ReplicatedStorageBytes.avg\",\"id\":\"5e067d85-0dfc-4208-a72b-75279b58b2b2\",\"type\":\"sum\"},{\"field\":\"aws.s3_storage_lens.metrics.StorageBytes.avg\",\"id\":\"66645e10-42aa-11ec-93b6-03cae606ce61\",\"type\":\"sum\"},{\"id\":\"707b8720-42aa-11ec-93b6-03cae606ce61\",\"script\":\"divide(params.Replicated, params.StorageBytes)\",\"type\":\"math\",\"variables\":[{\"field\":\"5e067d85-0dfc-4208-a72b-75279b58b2b2\",\"id\":\"73b2bd50-42aa-11ec-93b6-03cae606ce61\",\"name\":\"Replicated\"},{\"field\":\"66645e10-42aa-11ec-93b6-03cae606ce61\",\"id\":\"7c32cba0-42aa-11ec-93b6-03cae606ce61\",\"name\":\"StorageBytes\"}]}],\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"point_size\":1,\"separate_axis\":0,\"split_mode\":\"everything\",\"stacked\":\"none\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"metric\",\"use_kibana_indexes\":true},\"title\":\"S3 Storage Lens Replicated Bytes Percentage [AWS Metrics]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Replicated Bytes Percentage\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"c8ab3a47-5316-495a-bb9e-a78fb867b059\",\"w\":15,\"x\":33,\"y\":72},\"panelIndex\":\"c8ab3a47-5316-495a-bb9e-a78fb867b059\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"8d0ce9b0-42aa-11ec-93b6-03cae606ce61\"}],\"bar_color_rules\":[{\"id\":\"ddaf4ed0-42aa-11ec-a5a1-73d3b46a933e\"}],\"drop_last_bucket\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"aws.dimensions.record_type : \\\"ACCOUNT\\\" and not aws.dimensions.storage_class : \\\"-\\\" \"},\"gauge_color_rules\":[{\"id\":\"0d38a660-42ab-11ec-a5a1-73d3b46a933e\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"id\":\"7c0ba441-be60-42ec-9d68-6959f1c1e709\",\"index_pattern_ref_name\":\"metrics_0_index_pattern\",\"interval\":\"\",\"isModelInvalid\":false,\"markdown\":\"test\\t{{ object_lock_bytes_percentage.last.raw }}\",\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(96,146,192,1)\",\"fill\":0.5,\"formatter\":\"percent\",\"id\":\"4e7561ec-a29c-4558-9d40-d8f378c85daf\",\"label\":\"Encrypted\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.s3_storage_lens.metrics.EncryptedStorageBytes.avg\",\"id\":\"5e067d85-0dfc-4208-a72b-75279b58b2b2\",\"type\":\"sum\"},{\"field\":\"aws.s3_storage_lens.metrics.StorageBytes.avg\",\"id\":\"66645e10-42aa-11ec-93b6-03cae606ce61\",\"type\":\"sum\"},{\"id\":\"707b8720-42aa-11ec-93b6-03cae606ce61\",\"script\":\"divide(params.Encrypted, params.StorageBytes)\",\"type\":\"math\",\"variables\":[{\"field\":\"5e067d85-0dfc-4208-a72b-75279b58b2b2\",\"id\":\"73b2bd50-42aa-11ec-93b6-03cae606ce61\",\"name\":\"Encrypted\"},{\"field\":\"66645e10-42aa-11ec-93b6-03cae606ce61\",\"id\":\"7c32cba0-42aa-11ec-93b6-03cae606ce61\",\"name\":\"StorageBytes\"}]}],\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"point_size\":1,\"separate_axis\":0,\"split_mode\":\"everything\",\"stacked\":\"none\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"metric\",\"use_kibana_indexes\":true},\"title\":\"S3 Storage Lens Encrypted Bytes Percentage [AWS Metrics]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Encrypted Bytes Percentage\"}]","timeRestore":false,"title":"[Metrics AWS] S3 Storage Lens Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"aws-80ed1380-41a6-11ec-a605-bff67d9b7872","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"3fc410ab-c8ca-4a7d-9566-c9921f7f3323:metrics_3fc410ab-c8ca-4a7d-9566-c9921f7f3323_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"3fc410ab-c8ca-4a7d-9566-c9921f7f3323:metrics_3fc410ab-c8ca-4a7d-9566-c9921f7f3323_1_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"82b50202-e42d-49fb-9db7-2213216350f9:metrics_82b50202-e42d-49fb-9db7-2213216350f9_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"9b8691d3-9f30-4776-bf5c-342900818a80:control_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"9b8691d3-9f30-4776-bf5c-342900818a80:control_1_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"9b8691d3-9f30-4776-bf5c-342900818a80:control_2_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"3fc410ab-c8ca-4a7d-9566-c9921f7f3323:metrics_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"3fc410ab-c8ca-4a7d-9566-c9921f7f3323:metrics_1_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"6d7c0316-d2fa-4e3c-9028-fc7f109a7337:metrics_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"6d7c0316-d2fa-4e3c-9028-fc7f109a7337:metrics_1_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"90e351eb-70b7-4a7b-b113-b399adf6ff28:metrics_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"90e351eb-70b7-4a7b-b113-b399adf6ff28:metrics_1_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"f5ccf3a7-2922-43ff-bc79-1cd7d56e89a0:metrics_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"f5ccf3a7-2922-43ff-bc79-1cd7d56e89a0:metrics_1_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"03a07a48-e7e7-4aad-9b3f-74617467c739:metrics_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"03a07a48-e7e7-4aad-9b3f-74617467c739:metrics_1_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"82b50202-e42d-49fb-9db7-2213216350f9:metrics_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"048f0020-8699-459c-bbb3-33a5597798f9:metrics_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"939563b6-0601-45ef-86fc-bc18fb7fa474:metrics_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"283f4fe8-710f-4f21-b024-ecb77d1933ab:metrics_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"02d4d942-8c9a-4cb4-b3a3-18aacc0b2493:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"02d4d942-8c9a-4cb4-b3a3-18aacc0b2493:indexpattern-datasource-layer-eab1960c-2b9a-4e4a-9380-c29e91cbb47f","type":"index-pattern"},{"id":"metrics-*","name":"02d4d942-8c9a-4cb4-b3a3-18aacc0b2493:filter-index-pattern-0","type":"index-pattern"},{"id":"metrics-*","name":"d77a360f-abbd-41cb-8c72-ac1848168dbc:metrics_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"d77a360f-abbd-41cb-8c72-ac1848168dbc:metrics_1_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"4a0a8cb0-acce-4b4f-8635-d19b33a5b7c7:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"4a0a8cb0-acce-4b4f-8635-d19b33a5b7c7:indexpattern-datasource-layer-af6bd20f-099d-4817-a951-99bcba7e1752","type":"index-pattern"},{"id":"metrics-*","name":"4a0a8cb0-acce-4b4f-8635-d19b33a5b7c7:filter-index-pattern-0","type":"index-pattern"},{"id":"metrics-*","name":"f4087f7c-4714-430d-9fce-9232215efcea:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"f4087f7c-4714-430d-9fce-9232215efcea:indexpattern-datasource-layer-af6bd20f-099d-4817-a951-99bcba7e1752","type":"index-pattern"},{"id":"metrics-*","name":"b21580ab-7ec7-47fe-9449-14b1d617fd63:metrics_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"ba2bd05a-ad1c-4d35-8396-89febc950636:metrics_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"c8ab3a47-5316-495a-bb9e-a78fb867b059:metrics_0_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688996741503,6092],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1MTgsMV0="}
+{"attributes":{"description":"Overview of Amazon Redshift metrics","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.redshift\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.redshift\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":true,\"useMargins\":false}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":6,\"i\":\"88b83992-1fc4-4509-b89d-2de22163f92c\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"88b83992-1fc4-4509-b89d-2de22163f92c\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloud.account.name\",\"id\":\"1549397251041\",\"indexPatternRefName\":\"control_88b83992-1fc4-4509-b89d-2de22163f92c_0_index_pattern\",\"label\":\"account name\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"aws.dimensions.ClusterIdentifier\",\"id\":\"1655371342369\",\"indexPatternRefName\":\"control_88b83992-1fc4-4509-b89d-2de22163f92c_1_index_pattern\",\"label\":\"cluster identifier\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":true,\"useTimeFilter\":false},\"title\":\"\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"AWS Account and Redshift Cluster Filters\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"dffd1329-1668-441d-907d-c04a5cee3fcc\",\"w\":48,\"x\":0,\"y\":6},\"panelIndex\":\"dffd1329-1668-441d-907d-c04a5cee3fcc\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"## Cluster monitoring\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"500e407a-5b1e-4963-b229-f14024f7678d\",\"w\":24,\"x\":0,\"y\":11},\"panelIndex\":\"500e407a-5b1e-4963-b229-f14024f7678d\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-f26f3fa9-c910-4463-917a-a5190e20d8cc\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"f26f3fa9-c910-4463-917a-a5190e20d8cc\":{\"columnOrder\":[\"bd14bb61-5b34-4c10-82e1-d5257330293c\",\"64a0425b-0eb6-425b-b8de-e2e13f77a408\"],\"columns\":{\"64a0425b-0eb6-425b-b8de-e2e13f77a408\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Median of aws.redshift.metrics.HealthStatus.avg\",\"operationType\":\"median\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.redshift.metrics.HealthStatus.avg\"},\"bd14bb61-5b34-4c10-82e1-d5257330293c\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":true,\"ignoreTimeRange\":false,\"includeEmptyRows\":true,\"interval\":\"5m\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"curveType\":\"CURVE_MONOTONE_X\",\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"64a0425b-0eb6-425b-b8de-e2e13f77a408\"],\"layerId\":\"f26f3fa9-c910-4463-917a-a5190e20d8cc\",\"layerType\":\"data\",\"seriesType\":\"line\",\"xAccessor\":\"bd14bb61-5b34-4c10-82e1-d5257330293c\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Health Status\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"cdb8dc8b-e920-459d-b55e-462059dd148c\",\"w\":24,\"x\":24,\"y\":11},\"panelIndex\":\"cdb8dc8b-e920-459d-b55e-462059dd148c\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-63ac4267-da50-47f2-a95d-f210ac96e7be\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"63ac4267-da50-47f2-a95d-f210ac96e7be\":{\"columnOrder\":[\"e6191554-4017-4820-953d-db002484bda8\",\"eb938638-2ee8-4e13-aa43-dfd479ebb210\"],\"columns\":{\"e6191554-4017-4820-953d-db002484bda8\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":true,\"ignoreTimeRange\":false,\"includeEmptyRows\":true,\"interval\":\"5m\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"eb938638-2ee8-4e13-aa43-dfd479ebb210\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Median of aws.redshift.metrics.MaintenanceMode.avg\",\"operationType\":\"median\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.redshift.metrics.MaintenanceMode.avg\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"eb938638-2ee8-4e13-aa43-dfd479ebb210\"],\"layerId\":\"63ac4267-da50-47f2-a95d-f210ac96e7be\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"xAccessor\":\"e6191554-4017-4820-953d-db002484bda8\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"yLeftExtent\":{\"lowerBound\":0,\"mode\":\"custom\",\"upperBound\":1}}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Maintenance mode\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":12,\"i\":\"e1952ece-22a7-4d9e-a96d-035e49e48e89\",\"w\":15,\"x\":0,\"y\":26},\"panelIndex\":\"e1952ece-22a7-4d9e-a96d-035e49e48e89\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-07d0e5df-2cdd-4f7d-89a5-79cd6faf96d2\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"07d0e5df-2cdd-4f7d-89a5-79cd6faf96d2\":{\"columnOrder\":[\"9dc06753-8051-4a65-8122-bd693491cf43\"],\"columns\":{\"9dc06753-8051-4a65-8122-bd693491cf43\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Database connections (Average)\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":1}}},\"scale\":\"ratio\",\"sourceField\":\"aws.redshift.metrics.DatabaseConnections.avg\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"9dc06753-8051-4a65-8122-bd693491cf43\",\"layerId\":\"07d0e5df-2cdd-4f7d-89a5-79cd6faf96d2\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":true,\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":12,\"i\":\"a2c1cf3b-86a2-4a9f-9f5f-99c51d536a5a\",\"w\":33,\"x\":15,\"y\":26},\"panelIndex\":\"a2c1cf3b-86a2-4a9f-9f5f-99c51d536a5a\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-95dadc13-e250-40e4-8ae8-9c612d40d8b5\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"95dadc13-e250-40e4-8ae8-9c612d40d8b5\":{\"columnOrder\":[\"bdfde3b8-4241-4177-9a45-d30e28c6710e\",\"0379c1a5-31f8-4b73-86ac-4107d3e157a6\"],\"columns\":{\"0379c1a5-31f8-4b73-86ac-4107d3e157a6\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average of aws.redshift.metrics.DatabaseConnections.avg\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.redshift.metrics.DatabaseConnections.avg\"},\"bdfde3b8-4241-4177-9a45-d30e28c6710e\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":true,\"ignoreTimeRange\":false,\"includeEmptyRows\":true,\"interval\":\"5m\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"curveType\":\"CURVE_MONOTONE_X\",\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"0379c1a5-31f8-4b73-86ac-4107d3e157a6\"],\"layerId\":\"95dadc13-e250-40e4-8ae8-9c612d40d8b5\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"xAccessor\":\"bdfde3b8-4241-4177-9a45-d30e28c6710e\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Database connections\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"c150200d-1645-49be-a3f6-103da488bc4e\",\"w\":48,\"x\":0,\"y\":38},\"panelIndex\":\"c150200d-1645-49be-a3f6-103da488bc4e\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"## Resource Usage\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":14,\"i\":\"818689c7-efe0-4c41-9fa7-640b9281d4d8\",\"w\":15,\"x\":0,\"y\":43},\"panelIndex\":\"818689c7-efe0-4c41-9fa7-640b9281d4d8\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-e8f1122f-78fe-4db5-b05e-e87553c61237\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"e8f1122f-78fe-4db5-b05e-e87553c61237\":{\"columnOrder\":[\"4a9dedca-ac19-47ac-a001-0b305e74202b\"],\"columns\":{\"4a9dedca-ac19-47ac-a001-0b305e74202b\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"CPU Utilization (Average)\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":2,\"suffix\":\"%\"}}},\"scale\":\"ratio\",\"sourceField\":\"aws.redshift.metrics.CPUUtilization.avg\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"4a9dedca-ac19-47ac-a001-0b305e74202b\",\"colorMode\":\"Background\",\"layerId\":\"e8f1122f-78fe-4db5-b05e-e87553c61237\",\"layerType\":\"data\",\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#209280\",\"stop\":0},{\"color\":\"#d6bf57\",\"stop\":70},{\"color\":\"#cc5642\",\"stop\":85}],\"continuity\":\"above\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":0,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#209280\",\"stop\":70},{\"color\":\"#d6bf57\",\"stop\":85},{\"color\":\"#cc5642\",\"stop\":86}]},\"type\":\"palette\"},\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":true,\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":14,\"i\":\"860dc77f-8d28-4af7-8c04-baf0ad10e402\",\"w\":33,\"x\":15,\"y\":43},\"panelIndex\":\"860dc77f-8d28-4af7-8c04-baf0ad10e402\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-27acbd7b-a2c6-4116-989a-ec58fc9d0e29\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"27acbd7b-a2c6-4116-989a-ec58fc9d0e29\":{\"columnOrder\":[\"c92564d1-e6d7-42e7-94dc-7fcd5519a510\",\"aa557c3c-0775-42da-a96f-32db7e70b349\",\"01231ec4-aedf-47ff-8b7f-ac7a913c5aa7\"],\"columns\":{\"01231ec4-aedf-47ff-8b7f-ac7a913c5aa7\":{\"customLabel\":false,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average of aws.redshift.metrics.CPUUtilization.avg\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":2,\"suffix\":\"%\"}}},\"scale\":\"ratio\",\"sourceField\":\"aws.redshift.metrics.CPUUtilization.avg\"},\"aa557c3c-0775-42da-a96f-32db7e70b349\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":true,\"ignoreTimeRange\":false,\"includeEmptyRows\":true,\"interval\":\"5m\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"c92564d1-e6d7-42e7-94dc-7fcd5519a510\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 3 values of aws.dimensions.NodeID\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"01231ec4-aedf-47ff-8b7f-ac7a913c5aa7\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":3},\"scale\":\"ordinal\",\"sourceField\":\"aws.dimensions.NodeID\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"curveType\":\"CURVE_MONOTONE_X\",\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"01231ec4-aedf-47ff-8b7f-ac7a913c5aa7\"],\"layerId\":\"27acbd7b-a2c6-4116-989a-ec58fc9d0e29\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"c92564d1-e6d7-42e7-94dc-7fcd5519a510\",\"xAccessor\":\"aa557c3c-0775-42da-a96f-32db7e70b349\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"showSingleSeries\":false,\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"valuesInLegend\":false,\"yLeftExtent\":{\"mode\":\"full\"}}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"CPU Utilization per Node\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"2ce96451-53a0-4fb7-90a4-0ef0d09b9aa3\",\"w\":24,\"x\":0,\"y\":57},\"panelIndex\":\"2ce96451-53a0-4fb7-90a4-0ef0d09b9aa3\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-2a63294f-c73c-4822-bf57-5ceebef529f4\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"2a63294f-c73c-4822-bf57-5ceebef529f4\":{\"columnOrder\":[\"5e9f7406-154a-45fd-89f8-02c1d4a1bf2a\",\"58514e8d-e8b8-440a-b7c3-b5b9d523f274\"],\"columns\":{\"58514e8d-e8b8-440a-b7c3-b5b9d523f274\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Median of aws.redshift.metrics.ReadThroughput.avg\",\"operationType\":\"median\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.redshift.metrics.ReadThroughput.avg\"},\"5e9f7406-154a-45fd-89f8-02c1d4a1bf2a\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":true,\"ignoreTimeRange\":false,\"includeEmptyRows\":true,\"interval\":\"5m\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"curveType\":\"CURVE_MONOTONE_X\",\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"58514e8d-e8b8-440a-b7c3-b5b9d523f274\"],\"layerId\":\"2a63294f-c73c-4822-bf57-5ceebef529f4\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"xAccessor\":\"5e9f7406-154a-45fd-89f8-02c1d4a1bf2a\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Disk Read Throughput\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"1289046b-48c1-4506-a473-cebc26cc5a1c\",\"w\":24,\"x\":24,\"y\":57},\"panelIndex\":\"1289046b-48c1-4506-a473-cebc26cc5a1c\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-115b9c0c-4ad8-44df-b8ed-2771d89a23d2\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"115b9c0c-4ad8-44df-b8ed-2771d89a23d2\":{\"columnOrder\":[\"0e4ecc03-bbd1-45a0-b17b-5da860a46495\",\"e48879bc-a9b6-4511-942d-494e00e61f54\"],\"columns\":{\"0e4ecc03-bbd1-45a0-b17b-5da860a46495\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":true,\"ignoreTimeRange\":false,\"includeEmptyRows\":true,\"interval\":\"5m\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"e48879bc-a9b6-4511-942d-494e00e61f54\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Median of aws.redshift.metrics.WriteThroughput.avg\",\"operationType\":\"median\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.redshift.metrics.WriteThroughput.avg\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"curveType\":\"CURVE_MONOTONE_X\",\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"e48879bc-a9b6-4511-942d-494e00e61f54\"],\"layerId\":\"115b9c0c-4ad8-44df-b8ed-2771d89a23d2\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"xAccessor\":\"0e4ecc03-bbd1-45a0-b17b-5da860a46495\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Storage Write Throughput\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"464712cc-51aa-4e6f-a520-f7b528c17793\",\"w\":24,\"x\":0,\"y\":72},\"panelIndex\":\"464712cc-51aa-4e6f-a520-f7b528c17793\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-4ebcdab6-4f10-4f42-9f61-e4aec03c380e\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"4ebcdab6-4f10-4f42-9f61-e4aec03c380e\":{\"columnOrder\":[\"4f8a9048-f9fc-4062-af60-a21fb6eb6058\",\"8a570e69-c039-420e-b0bf-549356e5f0af\"],\"columns\":{\"4f8a9048-f9fc-4062-af60-a21fb6eb6058\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":true,\"ignoreTimeRange\":false,\"includeEmptyRows\":true,\"interval\":\"5m\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"8a570e69-c039-420e-b0bf-549356e5f0af\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Median of aws.redshift.metrics.ReadLatency.avg\",\"operationType\":\"median\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.redshift.metrics.ReadLatency.avg\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"8a570e69-c039-420e-b0bf-549356e5f0af\"],\"layerId\":\"4ebcdab6-4f10-4f42-9f61-e4aec03c380e\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"xAccessor\":\"4f8a9048-f9fc-4062-af60-a21fb6eb6058\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Storage Read Latency\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"fd92a37e-9ba8-4134-ac5d-71c1a0d1d0bc\",\"w\":24,\"x\":24,\"y\":72},\"panelIndex\":\"fd92a37e-9ba8-4134-ac5d-71c1a0d1d0bc\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-9b073139-c687-4094-aa13-d20f79b9f550\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"9b073139-c687-4094-aa13-d20f79b9f550\":{\"columnOrder\":[\"3d815a64-22e8-473e-a5e7-b8c37d844182\",\"cc81814f-2f77-4896-bf20-5b9b97158a9e\"],\"columns\":{\"3d815a64-22e8-473e-a5e7-b8c37d844182\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":true,\"ignoreTimeRange\":false,\"includeEmptyRows\":true,\"interval\":\"5m\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"cc81814f-2f77-4896-bf20-5b9b97158a9e\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Median of aws.redshift.metrics.WriteLatency.avg\",\"operationType\":\"median\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.redshift.metrics.WriteLatency.avg\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"cc81814f-2f77-4896-bf20-5b9b97158a9e\"],\"layerId\":\"9b073139-c687-4094-aa13-d20f79b9f550\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"xAccessor\":\"3d815a64-22e8-473e-a5e7-b8c37d844182\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Storage Write Latency\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"aa0f68cd-7a8e-4b27-9ec1-b8e288039cca\",\"w\":15,\"x\":0,\"y\":102},\"panelIndex\":\"aa0f68cd-7a8e-4b27-9ec1-b8e288039cca\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-1fddbb42-ef13-4a93-8b4a-d4e28866916e\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"1fddbb42-ef13-4a93-8b4a-d4e28866916e\":{\"columnOrder\":[\"e5fe73e2-9e8b-49e0-9737-cc72b60143f4\"],\"columns\":{\"e5fe73e2-9e8b-49e0-9737-cc72b60143f4\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Percentage of storage used (Average)\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":2,\"suffix\":\"%\"}}},\"scale\":\"ratio\",\"sourceField\":\"aws.redshift.metrics.PercentageDiskSpaceUsed.avg\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"e5fe73e2-9e8b-49e0-9737-cc72b60143f4\",\"colorMode\":\"Background\",\"layerId\":\"1fddbb42-ef13-4a93-8b4a-d4e28866916e\",\"layerType\":\"data\",\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#209280\",\"stop\":0},{\"color\":\"#d6bf57\",\"stop\":70},{\"color\":\"#cc5642\",\"stop\":85}],\"continuity\":\"above\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":0,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#209280\",\"stop\":70},{\"color\":\"#d6bf57\",\"stop\":85},{\"color\":\"#cc5642\",\"stop\":86}]},\"type\":\"palette\"},\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":true,\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"9c5ba303-08c6-455c-a1e0-9a85327682ca\",\"w\":33,\"x\":15,\"y\":102},\"panelIndex\":\"9c5ba303-08c6-455c-a1e0-9a85327682ca\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-84cfb763-392e-4bb7-9c83-ee13166710ef\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"84cfb763-392e-4bb7-9c83-ee13166710ef\":{\"columnOrder\":[\"96f763b1-bfcd-4bfc-a2cf-f0673d1edd24\",\"ab71bda3-a341-4321-8945-fc0950d6c336\"],\"columns\":{\"96f763b1-bfcd-4bfc-a2cf-f0673d1edd24\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":true,\"ignoreTimeRange\":false,\"includeEmptyRows\":true,\"interval\":\"5m\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"ab71bda3-a341-4321-8945-fc0950d6c336\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average of aws.redshift.metrics.PercentageDiskSpaceUsed.avg\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":2,\"suffix\":\"%\"}}},\"scale\":\"ratio\",\"sourceField\":\"aws.redshift.metrics.PercentageDiskSpaceUsed.avg\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"curveType\":\"CURVE_MONOTONE_X\",\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"ab71bda3-a341-4321-8945-fc0950d6c336\"],\"layerId\":\"84cfb763-392e-4bb7-9c83-ee13166710ef\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"xAccessor\":\"96f763b1-bfcd-4bfc-a2cf-f0673d1edd24\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"}}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Percentage of disk space used\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"be4f09e7-c419-435e-987f-98c491928001\",\"w\":48,\"x\":0,\"y\":117},\"panelIndex\":\"be4f09e7-c419-435e-987f-98c491928001\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"## Query Performance\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"3a0afa56-f307-4f5f-9668-81ed9c6de56f\",\"w\":24,\"x\":0,\"y\":122},\"panelIndex\":\"3a0afa56-f307-4f5f-9668-81ed9c6de56f\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-58906b59-5f5e-431d-a8a1-61210e31d56c\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"58906b59-5f5e-431d-a8a1-61210e31d56c\":{\"columnOrder\":[\"4ac0d578-d53a-4f26-9fad-f45f5b7cd20e\",\"1b86ed78-f99b-4478-898f-698358bdd726\",\"582538a1-ed91-4eb5-a447-e0e2af69c31d\"],\"columns\":{\"1b86ed78-f99b-4478-898f-698358bdd726\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":true,\"ignoreTimeRange\":false,\"includeEmptyRows\":true,\"interval\":\"5m\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"4ac0d578-d53a-4f26-9fad-f45f5b7cd20e\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 3 values of aws.dimensions.latency\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"582538a1-ed91-4eb5-a447-e0e2af69c31d\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":3},\"scale\":\"ordinal\",\"sourceField\":\"aws.dimensions.latency\"},\"582538a1-ed91-4eb5-a447-e0e2af69c31d\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Median of aws.redshift.metrics.QueryDuration.avg\",\"operationType\":\"median\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.redshift.metrics.QueryDuration.avg\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"curveType\":\"CURVE_MONOTONE_X\",\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"582538a1-ed91-4eb5-a447-e0e2af69c31d\"],\"layerId\":\"58906b59-5f5e-431d-a8a1-61210e31d56c\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"4ac0d578-d53a-4f26-9fad-f45f5b7cd20e\",\"xAccessor\":\"1b86ed78-f99b-4478-898f-698358bdd726\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Query Duration by latency range\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"8f853d89-2901-48a8-823d-affb864f1078\",\"w\":24,\"x\":24,\"y\":122},\"panelIndex\":\"8f853d89-2901-48a8-823d-affb864f1078\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-98a1fb8e-6416-4a46-9545-176a7b58e607\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"98a1fb8e-6416-4a46-9545-176a7b58e607\":{\"columnOrder\":[\"d73cc3ad-dad0-4758-be0f-20b66e8fc2a8\",\"24d49488-bc84-428f-a7b0-0833ed08769e\",\"234171f0-e345-4bc3-ba33-b89a82a4251a\"],\"columns\":{\"234171f0-e345-4bc3-ba33-b89a82a4251a\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Median of aws.redshift.metrics.WLMQueryDuration.avg\",\"operationType\":\"median\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.redshift.metrics.WLMQueryDuration.avg\"},\"24d49488-bc84-428f-a7b0-0833ed08769e\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":true,\"ignoreTimeRange\":false,\"includeEmptyRows\":true,\"interval\":\"5m\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"d73cc3ad-dad0-4758-be0f-20b66e8fc2a8\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 100 values of aws.dimensions.wlmid\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"234171f0-e345-4bc3-ba33-b89a82a4251a\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":100},\"scale\":\"ordinal\",\"sourceField\":\"aws.dimensions.wlmid\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"234171f0-e345-4bc3-ba33-b89a82a4251a\"],\"layerId\":\"98a1fb8e-6416-4a46-9545-176a7b58e607\",\"layerType\":\"data\",\"seriesType\":\"line\",\"splitAccessor\":\"d73cc3ad-dad0-4758-be0f-20b66e8fc2a8\",\"xAccessor\":\"24d49488-bc84-428f-a7b0-0833ed08769e\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Query duration by WLM queue\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"90e8066a-f9fb-405f-85ba-c0456fcd055a\",\"w\":24,\"x\":0,\"y\":87},\"panelIndex\":\"90e8066a-f9fb-405f-85ba-c0456fcd055a\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-0a5a3c92-22e8-4794-b07c-78477920697f\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"0a5a3c92-22e8-4794-b07c-78477920697f\":{\"columnOrder\":[\"9b9ce2ec-ec40-48ff-894c-04d739967317\",\"27c6cf85-54c5-450f-aae1-f7d67111e032\"],\"columns\":{\"27c6cf85-54c5-450f-aae1-f7d67111e032\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Median of aws.redshift.metrics.NetworkReceiveThroughput.avg\",\"operationType\":\"median\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.redshift.metrics.NetworkReceiveThroughput.avg\"},\"9b9ce2ec-ec40-48ff-894c-04d739967317\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":true,\"ignoreTimeRange\":false,\"includeEmptyRows\":true,\"interval\":\"5m\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"curveType\":\"CURVE_MONOTONE_X\",\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"27c6cf85-54c5-450f-aae1-f7d67111e032\"],\"layerId\":\"0a5a3c92-22e8-4794-b07c-78477920697f\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"xAccessor\":\"9b9ce2ec-ec40-48ff-894c-04d739967317\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Network Receive Throughput\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"83d380db-07a5-45e7-bd97-661c06da0455\",\"w\":24,\"x\":24,\"y\":87},\"panelIndex\":\"83d380db-07a5-45e7-bd97-661c06da0455\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-b5db7d5d-7e7c-413c-b691-4481bc1ec5e3\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b5db7d5d-7e7c-413c-b691-4481bc1ec5e3\":{\"columnOrder\":[\"23a5e3cb-f2f4-4ba0-bde0-8c102ff73cbb\",\"0d130c43-606c-4563-8c0a-ab1d22480940\"],\"columns\":{\"0d130c43-606c-4563-8c0a-ab1d22480940\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Median of aws.redshift.metrics.NetworkTransmitThroughput.avg\",\"operationType\":\"median\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.redshift.metrics.NetworkTransmitThroughput.avg\"},\"23a5e3cb-f2f4-4ba0-bde0-8c102ff73cbb\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":true,\"ignoreTimeRange\":false,\"includeEmptyRows\":true,\"interval\":\"5m\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"curveType\":\"CURVE_MONOTONE_X\",\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"0d130c43-606c-4563-8c0a-ab1d22480940\"],\"layerId\":\"b5db7d5d-7e7c-413c-b691-4481bc1ec5e3\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"xAccessor\":\"23a5e3cb-f2f4-4ba0-bde0-8c102ff73cbb\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Network Transmit Throughput\"}]","timeRestore":false,"title":"[Metrics AWS] Redshift metrics overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"aws-81f2c980-e743-11ec-93f6-9b98f71110cd","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"88b83992-1fc4-4509-b89d-2de22163f92c:control_88b83992-1fc4-4509-b89d-2de22163f92c_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"88b83992-1fc4-4509-b89d-2de22163f92c:control_88b83992-1fc4-4509-b89d-2de22163f92c_1_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"500e407a-5b1e-4963-b229-f14024f7678d:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"500e407a-5b1e-4963-b229-f14024f7678d:indexpattern-datasource-layer-f26f3fa9-c910-4463-917a-a5190e20d8cc","type":"index-pattern"},{"id":"metrics-*","name":"cdb8dc8b-e920-459d-b55e-462059dd148c:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"cdb8dc8b-e920-459d-b55e-462059dd148c:indexpattern-datasource-layer-63ac4267-da50-47f2-a95d-f210ac96e7be","type":"index-pattern"},{"id":"metrics-*","name":"e1952ece-22a7-4d9e-a96d-035e49e48e89:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"e1952ece-22a7-4d9e-a96d-035e49e48e89:indexpattern-datasource-layer-07d0e5df-2cdd-4f7d-89a5-79cd6faf96d2","type":"index-pattern"},{"id":"metrics-*","name":"a2c1cf3b-86a2-4a9f-9f5f-99c51d536a5a:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"a2c1cf3b-86a2-4a9f-9f5f-99c51d536a5a:indexpattern-datasource-layer-95dadc13-e250-40e4-8ae8-9c612d40d8b5","type":"index-pattern"},{"id":"metrics-*","name":"818689c7-efe0-4c41-9fa7-640b9281d4d8:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"818689c7-efe0-4c41-9fa7-640b9281d4d8:indexpattern-datasource-layer-e8f1122f-78fe-4db5-b05e-e87553c61237","type":"index-pattern"},{"id":"metrics-*","name":"860dc77f-8d28-4af7-8c04-baf0ad10e402:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"860dc77f-8d28-4af7-8c04-baf0ad10e402:indexpattern-datasource-layer-27acbd7b-a2c6-4116-989a-ec58fc9d0e29","type":"index-pattern"},{"id":"metrics-*","name":"2ce96451-53a0-4fb7-90a4-0ef0d09b9aa3:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"2ce96451-53a0-4fb7-90a4-0ef0d09b9aa3:indexpattern-datasource-layer-2a63294f-c73c-4822-bf57-5ceebef529f4","type":"index-pattern"},{"id":"metrics-*","name":"1289046b-48c1-4506-a473-cebc26cc5a1c:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"1289046b-48c1-4506-a473-cebc26cc5a1c:indexpattern-datasource-layer-115b9c0c-4ad8-44df-b8ed-2771d89a23d2","type":"index-pattern"},{"id":"metrics-*","name":"464712cc-51aa-4e6f-a520-f7b528c17793:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"464712cc-51aa-4e6f-a520-f7b528c17793:indexpattern-datasource-layer-4ebcdab6-4f10-4f42-9f61-e4aec03c380e","type":"index-pattern"},{"id":"metrics-*","name":"fd92a37e-9ba8-4134-ac5d-71c1a0d1d0bc:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"fd92a37e-9ba8-4134-ac5d-71c1a0d1d0bc:indexpattern-datasource-layer-9b073139-c687-4094-aa13-d20f79b9f550","type":"index-pattern"},{"id":"metrics-*","name":"aa0f68cd-7a8e-4b27-9ec1-b8e288039cca:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"aa0f68cd-7a8e-4b27-9ec1-b8e288039cca:indexpattern-datasource-layer-1fddbb42-ef13-4a93-8b4a-d4e28866916e","type":"index-pattern"},{"id":"metrics-*","name":"9c5ba303-08c6-455c-a1e0-9a85327682ca:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"9c5ba303-08c6-455c-a1e0-9a85327682ca:indexpattern-datasource-layer-84cfb763-392e-4bb7-9c83-ee13166710ef","type":"index-pattern"},{"id":"metrics-*","name":"3a0afa56-f307-4f5f-9668-81ed9c6de56f:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"3a0afa56-f307-4f5f-9668-81ed9c6de56f:indexpattern-datasource-layer-58906b59-5f5e-431d-a8a1-61210e31d56c","type":"index-pattern"},{"id":"metrics-*","name":"8f853d89-2901-48a8-823d-affb864f1078:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"8f853d89-2901-48a8-823d-affb864f1078:indexpattern-datasource-layer-98a1fb8e-6416-4a46-9545-176a7b58e607","type":"index-pattern"},{"id":"metrics-*","name":"90e8066a-f9fb-405f-85ba-c0456fcd055a:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"90e8066a-f9fb-405f-85ba-c0456fcd055a:indexpattern-datasource-layer-0a5a3c92-22e8-4794-b07c-78477920697f","type":"index-pattern"},{"id":"metrics-*","name":"83d380db-07a5-45e7-bd97-661c06da0455:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"83d380db-07a5-45e7-bd97-661c06da0455:indexpattern-datasource-layer-b5db7d5d-7e7c-413c-b691-4481bc1ec5e3","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688996741503,6130],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1MTksMV0="}
+{"attributes":{"description":"Overview of AWS Security Hub Findings Malware, Threat Intelligence Indicator and Network Path","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"33863c95-e6d3-4329-9542-6e9217835667\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"33863c95-e6d3-4329-9542-6e9217835667\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"[Findings and Insights Overview](#/dashboard/aws-cc571400-dc61-11ec-a6e3-1bc5ab0aa1b4) | [Findings Action Overview](#/dashboard/aws-3d3dbe00-f79f-11ec-aa7f-c173c0f9e267) | [Summary Dashboard](#/dashboard/aws-c9f103d0-5f63-11ed-bd69-473ce047ef30)\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Dashboards [Logs AWS]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"69aa2695-1a0d-4880-a442-78b49526c18f\",\"w\":24,\"x\":0,\"y\":4},\"panelIndex\":\"69aa2695-1a0d-4880-a442-78b49526c18f\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-97ae45f9-914d-400a-a0ff-a552929da066\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"97ae45f9-914d-400a-a0ff-a552929da066\":{\"columnOrder\":[\"197371a3-1954-4de8-8cfc-23d0a50d6397\",\"0d3af6a4-596e-4883-aeee-f44a2b42837b\"],\"columns\":{\"0d3af6a4-596e-4883-aeee-f44a2b42837b\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"197371a3-1954-4de8-8cfc-23d0a50d6397\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Malware Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0d3af6a4-596e-4883-aeee-f44a2b42837b\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.malware.type\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"97ae45f9-914d-400a-a0ff-a552929da066\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"197371a3-1954-4de8-8cfc-23d0a50d6397\"],\"metrics\":[\"0d3af6a4-596e-4883-aeee-f44a2b42837b\"]}],\"shape\":\"pie\"}},\"title\":\"Distribution of Events by Malware Type [Logs AWS]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"6837f195-98b9-4779-b57f-9c5e07ff792a\",\"w\":24,\"x\":24,\"y\":4},\"panelIndex\":\"6837f195-98b9-4779-b57f-9c5e07ff792a\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-ec821de0-e8d0-46f4-8e63-1388b7c57265\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"ec821de0-e8d0-46f4-8e63-1388b7c57265\":{\"columnOrder\":[\"07ec2df6-4405-4d5b-9eba-0e06202a1d06\",\"4f0675c0-0d2b-4e6c-b51f-385a8d21cae7\"],\"columns\":{\"07ec2df6-4405-4d5b-9eba-0e06202a1d06\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Malware Name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"4f0675c0-0d2b-4e6c-b51f-385a8d21cae7\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.malware.name\"},\"4f0675c0-0d2b-4e6c-b51f-385a8d21cae7\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"ec821de0-e8d0-46f4-8e63-1388b7c57265\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"07ec2df6-4405-4d5b-9eba-0e06202a1d06\"],\"metrics\":[\"4f0675c0-0d2b-4e6c-b51f-385a8d21cae7\"]}],\"shape\":\"pie\"}},\"title\":\"Distribution of Events by Malware Name [Logs AWS]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"52ad6981-7a3f-4e9c-af24-518e29ffe56d\",\"w\":24,\"x\":0,\"y\":19},\"panelIndex\":\"52ad6981-7a3f-4e9c-af24-518e29ffe56d\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-ec5625d1-6a47-4ead-a7c4-6e369d0fb4e7\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"ec5625d1-6a47-4ead-a7c4-6e369d0fb4e7\":{\"columnOrder\":[\"6a5480e3-e770-443f-8e46-49d5b0d6e937\",\"1360be01-4532-4723-be1b-4fe11a715f5c\"],\"columns\":{\"1360be01-4532-4723-be1b-4fe11a715f5c\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"6a5480e3-e770-443f-8e46-49d5b0d6e937\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Malware State\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"1360be01-4532-4723-be1b-4fe11a715f5c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.malware.state\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"1360be01-4532-4723-be1b-4fe11a715f5c\"],\"layerId\":\"ec5625d1-6a47-4ead-a7c4-6e369d0fb4e7\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"6a5480e3-e770-443f-8e46-49d5b0d6e937\"}],\"legend\":{\"isVisible\":true,\"legendSize\":\"auto\",\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"title\":\"Distribution of Events by Malware State [Logs AWS]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"5cd7295e-838e-4f5c-80de-a9dd230c526c\",\"w\":24,\"x\":24,\"y\":19},\"panelIndex\":\"5cd7295e-838e-4f5c-80de-a9dd230c526c\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-8eb34878-735f-482c-b58b-0bcfd9f11ed1\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"8eb34878-735f-482c-b58b-0bcfd9f11ed1\":{\"columnOrder\":[\"0bd238d4-8fa8-46cf-8a18-c69c7c8ee1ea\",\"9591a475-adab-45fc-892a-911080cd07a7\"],\"columns\":{\"0bd238d4-8fa8-46cf-8a18-c69c7c8ee1ea\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Network Path Component Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"9591a475-adab-45fc-892a-911080cd07a7\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.network_path.component.type\"},\"9591a475-adab-45fc-892a-911080cd07a7\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"8eb34878-735f-482c-b58b-0bcfd9f11ed1\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"0bd238d4-8fa8-46cf-8a18-c69c7c8ee1ea\"],\"metrics\":[\"9591a475-adab-45fc-892a-911080cd07a7\"]}],\"shape\":\"pie\"}},\"title\":\"Distribution of Events by Network Path Component Type [Logs AWS]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"56982ba0-3da7-46bc-8ce6-61c1bb1e0820\",\"w\":24,\"x\":0,\"y\":34},\"panelIndex\":\"56982ba0-3da7-46bc-8ce6-61c1bb1e0820\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-4a40b1d8-5f8b-442d-a352-5bf66b4f364f\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"4a40b1d8-5f8b-442d-a352-5bf66b4f364f\":{\"columnOrder\":[\"dcf34ccb-9682-4f73-a3ca-8d630092f8d9\",\"51b15243-b996-40c3-85ab-be8c8081abaf\"],\"columns\":{\"51b15243-b996-40c3-85ab-be8c8081abaf\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"dcf34ccb-9682-4f73-a3ca-8d630092f8d9\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Ingress Protocol\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"51b15243-b996-40c3-85ab-be8c8081abaf\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.network_path.ingress.protocol\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"dcf34ccb-9682-4f73-a3ca-8d630092f8d9\"},{\"columnId\":\"51b15243-b996-40c3-85ab-be8c8081abaf\"}],\"layerId\":\"4a40b1d8-5f8b-442d-a352-5bf66b4f364f\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"Top 10 Ingress Protocol [Logs AWS]\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"2b7f73cd-2ada-421b-84a5-35d2982c3e1d\",\"w\":24,\"x\":24,\"y\":34},\"panelIndex\":\"2b7f73cd-2ada-421b-84a5-35d2982c3e1d\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-6ef8ab89-3684-480c-af93-3fad3b718174\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"6ef8ab89-3684-480c-af93-3fad3b718174\":{\"columnOrder\":[\"5e1a60f9-5f4f-46a1-974f-bae2fbd4c458\",\"dce3a466-6e6c-40b7-bc3a-4f574550ade1\"],\"columns\":{\"5e1a60f9-5f4f-46a1-974f-bae2fbd4c458\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Egress Protocol\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"dce3a466-6e6c-40b7-bc3a-4f574550ade1\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.network_path.egress.protocol\"},\"dce3a466-6e6c-40b7-bc3a-4f574550ade1\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"5e1a60f9-5f4f-46a1-974f-bae2fbd4c458\"},{\"columnId\":\"dce3a466-6e6c-40b7-bc3a-4f574550ade1\"}],\"layerId\":\"6ef8ab89-3684-480c-af93-3fad3b718174\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"Top 10 Egress Protocol [Logs AWS]\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"2c62f9a1-c269-4a3b-b62d-526c2e174a6c\",\"w\":24,\"x\":0,\"y\":49},\"panelIndex\":\"2c62f9a1-c269-4a3b-b62d-526c2e174a6c\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-3a11fcb2-1821-437a-91ef-48d8338f7ba2\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"3a11fcb2-1821-437a-91ef-48d8338f7ba2\":{\"columnOrder\":[\"ef7d92b1-db24-49eb-adaa-a05684e881a1\",\"67719af2-f662-4ffd-91d2-f875af400840\"],\"columns\":{\"67719af2-f662-4ffd-91d2-f875af400840\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"ef7d92b1-db24-49eb-adaa-a05684e881a1\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Threat Intelligence Indicator Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"67719af2-f662-4ffd-91d2-f875af400840\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"threat.indicator.type\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"3a11fcb2-1821-437a-91ef-48d8338f7ba2\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"ef7d92b1-db24-49eb-adaa-a05684e881a1\"],\"metrics\":[\"67719af2-f662-4ffd-91d2-f875af400840\"]}],\"shape\":\"pie\"}},\"title\":\"Distribution of Events by Threat Intelligence Indicator Type [Logs AWS]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"00a582c1-01a0-4e9f-817e-b79a7937c42c\",\"w\":24,\"x\":24,\"y\":49},\"panelIndex\":\"00a582c1-01a0-4e9f-817e-b79a7937c42c\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-5f1e82af-15cf-4d2c-aff7-447ac521d7f8\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"5f1e82af-15cf-4d2c-aff7-447ac521d7f8\":{\"columnOrder\":[\"bc1e8902-547d-4243-a66d-36067c1507e3\",\"248d6591-7c85-4edd-aaa6-cd0242a86384\"],\"columns\":{\"248d6591-7c85-4edd-aaa6-cd0242a86384\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"bc1e8902-547d-4243-a66d-36067c1507e3\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Threat Intelligence Indicator Source\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"248d6591-7c85-4edd-aaa6-cd0242a86384\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.threat_intel_indicators.source\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"5f1e82af-15cf-4d2c-aff7-447ac521d7f8\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"bc1e8902-547d-4243-a66d-36067c1507e3\"],\"metrics\":[\"248d6591-7c85-4edd-aaa6-cd0242a86384\"]}],\"shape\":\"pie\"}},\"title\":\"Distribution of Events by Threat Intelligence Indicator Source [Logs AWS]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"97fc0cf4-15d3-4e5c-a1a5-943fc892b0c4\",\"w\":24,\"x\":0,\"y\":64},\"panelIndex\":\"97fc0cf4-15d3-4e5c-a1a5-943fc892b0c4\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-fae68851-ba41-4905-ac89-ca3c4a38e39f\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"fae68851-ba41-4905-ac89-ca3c4a38e39f\":{\"columnOrder\":[\"6a71130a-c336-4454-8f15-83fde3a5e0a8\",\"115799f5-6e44-4786-ad84-90989e5274a7\"],\"columns\":{\"115799f5-6e44-4786-ad84-90989e5274a7\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"6a71130a-c336-4454-8f15-83fde3a5e0a8\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Threat Intelligence Indicator Category\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"115799f5-6e44-4786-ad84-90989e5274a7\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.threat_intel_indicators.category\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"fae68851-ba41-4905-ac89-ca3c4a38e39f\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"6a71130a-c336-4454-8f15-83fde3a5e0a8\"],\"metrics\":[\"115799f5-6e44-4786-ad84-90989e5274a7\"]}],\"shape\":\"pie\"}},\"title\":\"Distribution of Events by Threat Intelligence Indicator Category [Logs AWS]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"type\":\"lens\"}}]","timeRestore":false,"title":"[Logs AWS] Security Hub Findings Malware, Threat Intelligence Indicator and Network Path","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"aws-8fcf4c20-f7a3-11ec-aa7f-c173c0f9e267","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"69aa2695-1a0d-4880-a442-78b49526c18f:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"69aa2695-1a0d-4880-a442-78b49526c18f:indexpattern-datasource-layer-97ae45f9-914d-400a-a0ff-a552929da066","type":"index-pattern"},{"id":"logs-*","name":"6837f195-98b9-4779-b57f-9c5e07ff792a:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"6837f195-98b9-4779-b57f-9c5e07ff792a:indexpattern-datasource-layer-ec821de0-e8d0-46f4-8e63-1388b7c57265","type":"index-pattern"},{"id":"logs-*","name":"52ad6981-7a3f-4e9c-af24-518e29ffe56d:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"52ad6981-7a3f-4e9c-af24-518e29ffe56d:indexpattern-datasource-layer-ec5625d1-6a47-4ead-a7c4-6e369d0fb4e7","type":"index-pattern"},{"id":"logs-*","name":"5cd7295e-838e-4f5c-80de-a9dd230c526c:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"5cd7295e-838e-4f5c-80de-a9dd230c526c:indexpattern-datasource-layer-8eb34878-735f-482c-b58b-0bcfd9f11ed1","type":"index-pattern"},{"id":"logs-*","name":"56982ba0-3da7-46bc-8ce6-61c1bb1e0820:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"56982ba0-3da7-46bc-8ce6-61c1bb1e0820:indexpattern-datasource-layer-4a40b1d8-5f8b-442d-a352-5bf66b4f364f","type":"index-pattern"},{"id":"logs-*","name":"2b7f73cd-2ada-421b-84a5-35d2982c3e1d:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"2b7f73cd-2ada-421b-84a5-35d2982c3e1d:indexpattern-datasource-layer-6ef8ab89-3684-480c-af93-3fad3b718174","type":"index-pattern"},{"id":"logs-*","name":"2c62f9a1-c269-4a3b-b62d-526c2e174a6c:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"2c62f9a1-c269-4a3b-b62d-526c2e174a6c:indexpattern-datasource-layer-3a11fcb2-1821-437a-91ef-48d8338f7ba2","type":"index-pattern"},{"id":"logs-*","name":"00a582c1-01a0-4e9f-817e-b79a7937c42c:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"00a582c1-01a0-4e9f-817e-b79a7937c42c:indexpattern-datasource-layer-5f1e82af-15cf-4d2c-aff7-447ac521d7f8","type":"index-pattern"},{"id":"logs-*","name":"97fc0cf4-15d3-4e5c-a1a5-943fc892b0c4:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"97fc0cf4-15d3-4e5c-a1a5-943fc892b0c4:indexpattern-datasource-layer-fae68851-ba41-4905-ac89-ca3c4a38e39f","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688996741503,6151],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1MjAsMV0="}
+{"attributes":{"description":"Overview of AWS Usage Metrics","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.usage\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.usage\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"2ea7bd59-d748-4e4a-889d-f7e2ca1cfe36\",\"w\":9,\"x\":0,\"y\":0},\"panelIndex\":\"2ea7bd59-d748-4e4a-889d-f7e2ca1cfe36\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloud.region\",\"id\":\"1549397251041\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"region name\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":true,\"useTimeFilter\":false},\"title\":\"AWS Region Filter [Metrics AWS]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"AWS Region Filter\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"00c2b1f6-3367-4b6f-ac01-7e48b76c262a\",\"w\":20,\"x\":9,\"y\":0},\"panelIndex\":\"00c2b1f6-3367-4b6f-ac01-7e48b76c262a\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"field\":\"aws.usage.metrics.ResourceCount.sum\"},\"schema\":\"metric\",\"type\":\"sum\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"filters\":[{\"input\":{\"language\":\"kuery\",\"query\":\"aws.dimensions.Type : \\\"Resource\\\" \"},\"label\":\"\"}],\"row\":true},\"schema\":\"split\",\"type\":\"filters\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"aws.dimensions.Service\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"field\":\"aws.dimensions.Resource\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"dimensions\":{\"buckets\":[{\"accessor\":2,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":4,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metric\":{\"accessor\":3,\"aggType\":\"sum\",\"format\":{\"id\":\"number\"},\"params\":{}},\"splitRow\":[{\"accessor\":0,\"aggType\":\"filters\",\"format\":{},\"params\":{}}]},\"distinctColors\":true,\"isDonut\":true,\"labels\":{\"last_level\":false,\"show\":true,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"type\":\"pie\",\"legendSize\":\"auto\"},\"title\":\"Usage ResourceCount [Metrics AWS]\",\"type\":\"pie\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Usage Resource Count\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"fecfe5d4-ef1c-4f38-954a-a2506d72bc5b\",\"w\":18,\"x\":30,\"y\":0},\"panelIndex\":\"fecfe5d4-ef1c-4f38-954a-a2506d72bc5b\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"field\":\"aws.usage.metrics.CallCount.sum\"},\"schema\":\"metric\",\"type\":\"sum\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"filters\":[{\"input\":{\"language\":\"kuery\",\"query\":\"aws.dimensions.Type : \\\"API\\\" \"},\"label\":\"\"}],\"row\":true},\"schema\":\"split\",\"type\":\"filters\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"aws.dimensions.Service\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"field\":\"aws.dimensions.Resource\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"dimensions\":{\"buckets\":[{\"accessor\":2,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":4,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metric\":{\"accessor\":3,\"aggType\":\"sum\",\"format\":{\"id\":\"number\"},\"params\":{}},\"splitRow\":[{\"accessor\":0,\"aggType\":\"filters\",\"format\":{},\"params\":{}}]},\"distinctColors\":true,\"isDonut\":true,\"labels\":{\"last_level\":false,\"show\":true,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"type\":\"pie\",\"legendSize\":\"auto\"},\"title\":\"Usage CallCount [Metrics AWS]\",\"type\":\"pie\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Usage API Call Count\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"69ce7461-36ad-4e7c-b541-c6a1601bf089\",\"w\":9,\"x\":0,\"y\":5},\"panelIndex\":\"69ce7461-36ad-4e7c-b541-c6a1601bf089\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloud.account.name\",\"id\":\"1549397251041\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"account name\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":true,\"useTimeFilter\":false},\"title\":\"AWS Account Filter [Metrics AWS]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"AWS Account Filter\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"62e86407-6ae3-47d3-9136-dd61bdf3267a\",\"w\":9,\"x\":0,\"y\":10},\"panelIndex\":\"62e86407-6ae3-47d3-9136-dd61bdf3267a\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"aws.dimensions.Service\",\"id\":\"1549397251041\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"service name\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":true,\"useTimeFilter\":false},\"title\":\"AWS Service Filter [Metrics AWS]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"AWS Service Filter\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"196a044c-5c20-4417-8aa0-f60fc502e46c\",\"w\":48,\"x\":0,\"y\":15},\"panelIndex\":\"196a044c-5c20-4417-8aa0-f60fc502e46c\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"filter\":{\"language\":\"kuery\",\"query\":\"aws.dimensions.Type : \\\"Resource\\\" \"},\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.usage.metrics.ResourceCount.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\"}],\"point_size\":\"4\",\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.Service\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"Usage Resource Count Per Service [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Usage Resource Count Per Service\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"022941b7-01a1-4570-86e9-d03451d4e102\",\"w\":48,\"x\":0,\"y\":25},\"panelIndex\":\"022941b7-01a1-4570-86e9-d03451d4e102\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"filter\":{\"language\":\"kuery\",\"query\":\"aws.dimensions.Type : \\\"API\\\"  \"},\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.usage.metrics.CallCount.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\"}],\"point_size\":\"4\",\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.Service\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"Usage Call Count Per Service [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Usage API Call Count Per Service\"}]","timeRestore":false,"title":"[Metrics AWS] Usage Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"aws-917a07b0-178e-11ea-8650-fb606deb5be4","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"2ea7bd59-d748-4e4a-889d-f7e2ca1cfe36:control_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"00c2b1f6-3367-4b6f-ac01-7e48b76c262a:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"metrics-*","name":"fecfe5d4-ef1c-4f38-954a-a2506d72bc5b:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"metrics-*","name":"69ce7461-36ad-4e7c-b541-c6a1601bf089:control_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"62e86407-6ae3-47d3-9136-dd61bdf3267a:control_0_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688996741503,6160],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1MjEsMV0="}
+{"attributes":{"description":"Summary of events from AWS CloudTrail.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.cloudtrail\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.cloudtrail\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"map\",\"gridData\":{\"h\":15,\"i\":\"85d26d9a-2a71-4b98-a026-5f513094d6e5\",\"w\":24,\"x\":0,\"y\":0},\"panelIndex\":\"85d26d9a-2a71-4b98-a026-5f513094d6e5\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"layerListJSON\":\"[{\\\"alpha\\\":1,\\\"id\\\":\\\"2c7b49fb-3fb5-4e18-b27f-fabe930971f3\\\",\\\"label\\\":null,\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"sourceDescriptor\\\":{\\\"isAutoSelect\\\":true,\\\"type\\\":\\\"EMS_TMS\\\",\\\"lightModeDefault\\\":\\\"road_map\\\"},\\\"style\\\":{},\\\"type\\\":\\\"EMS_VECTOR_TILE\\\",\\\"visible\\\":true},{\\\"alpha\\\":0.75,\\\"id\\\":\\\"a10fa758-30ad-4e2a-bf9d-472e133a7f17\\\",\\\"joins\\\":[],\\\"label\\\":\\\"CloudTrail Soure Location\\\",\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"query\\\":{\\\"language\\\":\\\"kuery\\\",\\\"query\\\":\\\"data_stream.dataset:aws.cloudtrail\\\"},\\\"sourceDescriptor\\\":{\\\"applyGlobalQuery\\\":true,\\\"filterByMapBounds\\\":true,\\\"geoField\\\":\\\"source.geo.location\\\",\\\"id\\\":\\\"7bfe2df9-9398-4f1a-8cf7-b57aa5f3f31e\\\",\\\"indexPatternRefName\\\":\\\"layer_1_source_index_pattern\\\",\\\"scalingType\\\":\\\"LIMIT\\\",\\\"sortField\\\":\\\"\\\",\\\"sortOrder\\\":\\\"desc\\\",\\\"tooltipProperties\\\":[],\\\"topHitsSize\\\":1,\\\"type\\\":\\\"ES_SEARCH\\\"},\\\"style\\\":{\\\"isTimeAware\\\":true,\\\"properties\\\":{\\\"fillColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#54B399\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"icon\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"value\\\":\\\"marker\\\"}},\\\"iconOrientation\\\":{\\\"options\\\":{\\\"orientation\\\":0},\\\"type\\\":\\\"STATIC\\\"},\\\"iconSize\\\":{\\\"options\\\":{\\\"size\\\":6},\\\"type\\\":\\\"STATIC\\\"},\\\"labelBorderColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#FFFFFF\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"labelBorderSize\\\":{\\\"options\\\":{\\\"size\\\":\\\"SMALL\\\"}},\\\"labelColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#000000\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"labelSize\\\":{\\\"options\\\":{\\\"size\\\":14},\\\"type\\\":\\\"STATIC\\\"},\\\"labelText\\\":{\\\"options\\\":{\\\"value\\\":\\\"\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"lineColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#41937c\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"lineWidth\\\":{\\\"options\\\":{\\\"size\\\":1},\\\"type\\\":\\\"STATIC\\\"},\\\"symbolizeAs\\\":{\\\"options\\\":{\\\"value\\\":\\\"circle\\\"}}},\\\"type\\\":\\\"VECTOR\\\"},\\\"type\\\":\\\"GEOJSON_VECTOR\\\",\\\"visible\\\":true}]\",\"mapStateJSON\":\"{\\\"center\\\":{\\\"lat\\\":19.94277,\\\"lon\\\":0},\\\"filters\\\":[],\\\"query\\\":{\\\"language\\\":\\\"kuery\\\",\\\"query\\\":\\\"\\\"},\\\"refreshConfig\\\":{\\\"interval\\\":0,\\\"isPaused\\\":false},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-15m\\\",\\\"to\\\":\\\"now\\\"},\\\"zoom\\\":1.97,\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false}}\",\"title\":\"CloudTrail Source Location [Logs AWS]\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[]}\"},\"hiddenLayers\":[],\"isLayerTOCOpen\":false,\"mapCenter\":{\"lat\":17.90562,\"lon\":-12.20429,\"zoom\":0.97},\"openTOCDetails\":[],\"type\":\"map\",\"enhancements\":{}}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"6b3eff90-3071-451e-a827-ca569e0ac10b\",\"w\":24,\"x\":24,\"y\":0},\"panelIndex\":\"6b3eff90-3071-451e-a827-ca569e0ac10b\",\"embeddableConfig\":{\"colors\":{\"failure\":\"#E24D42\"},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"scaleMetricValues\":false,\"timeRange\":{\"from\":\"now-24h\",\"to\":\"now\"},\"useNormalizedEsInterval\":true},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"event.outcome\",\"missingBucket\":true,\"missingBucketLabel\":\"[unknown]\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"group\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"detailedTooltip\":true,\"fittingFunction\":\"linear\",\"grid\":{\"categoryLines\":false},\"isVislibVis\":true,\"labels\":{},\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"seriesParams\":[{\"circlesRadius\":1,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"stacked\",\"show\":true,\"showCircles\":true,\"type\":\"area\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"type\":\"area\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"legendSize\":\"auto\"},\"title\":\"CloudTrail Event Outcome over time [Logs AWS]\",\"type\":\"area\",\"uiState\":{}},\"vis\":{\"colors\":{\"failure\":\"#E24D42\",\"success\":\"#629E51\"}},\"type\":\"visualization\",\"enhancements\":{}}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":13,\"i\":\"952e456a-e9ae-4606-b838-e16019375336\",\"w\":12,\"x\":0,\"y\":15},\"panelIndex\":\"952e456a-e9ae-4606-b838-e16019375336\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"event.provider\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"event.action\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"event.action values separated by event.provider.\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"distinctColors\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"type\":\"pie\",\"legendSize\":\"auto\"},\"title\":\"CloudTrail Actions [Logs AWS]\",\"type\":\"pie\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":13,\"i\":\"802ad09d-5883-4e41-99ac-6c356144d24d\",\"w\":12,\"x\":12,\"y\":15},\"panelIndex\":\"802ad09d-5883-4e41-99ac-6c356144d24d\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"CloudTrail Event Type\",\"field\":\"aws.cloudtrail.event_type\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"distinctColors\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"type\":\"pie\",\"legendSize\":\"auto\"},\"title\":\"CloudTrail Event Type [Logs AWS]\",\"type\":\"pie\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":13,\"i\":\"3e617d87-3acf-4203-b03b-c907c9145fce\",\"w\":12,\"x\":24,\"y\":15},\"panelIndex\":\"3e617d87-3acf-4203-b03b-c907c9145fce\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"user_agent.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"distinctColors\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"type\":\"pie\",\"legendSize\":\"auto\"},\"title\":\"CloudTrail User Agents [Logs AWS]\",\"type\":\"pie\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":13,\"i\":\"d6f03440-c717-4f5e-928c-72ae9d450318\",\"w\":12,\"x\":36,\"y\":15},\"panelIndex\":\"d6f03440-c717-4f5e-928c-72ae9d450318\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"aws.cloudtrail.error_code\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":20},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"distinctColors\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"type\":\"pie\",\"legendSize\":\"auto\"},\"title\":\"CloudTrail Error Code [Logs AWS]\",\"type\":\"pie\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}}},{\"embeddableConfig\":{},\"gridData\":{\"h\":13,\"i\":\"2b82a2c9-3809-447c-8e95-52125acccb42\",\"w\":30,\"x\":0,\"y\":28},\"panelIndex\":\"2b82a2c9-3809-447c-8e95-52125acccb42\",\"panelRefName\":\"panel_6\",\"version\":\"8.0.0-SNAPSHOT\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":13,\"i\":\"40f0a89b-7ce5-498f-a0f0-5c7edf7f8b50\",\"w\":18,\"x\":30,\"y\":28},\"panelIndex\":\"40f0a89b-7ce5-498f-a0f0-5c7edf7f8b50\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Event Count\"},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"User ID\",\"field\":\"user.id\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":25},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"CloudTrail Top User IDs [Logs AWS]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\",\"enhancements\":{}}}]","timeRestore":false,"title":"[Logs AWS] CloudTrail","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"aws-9c09cd20-7399-11ea-a345-f985c61fe654","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"aws-30ccde50-7397-11ea-a345-f985c61fe654","name":"panel_6","type":"search"},{"id":"logs-*","name":"85d26d9a-2a71-4b98-a026-5f513094d6e5:layer_1_source_index_pattern","type":"index-pattern"},{"id":"aws-30ccde50-7397-11ea-a345-f985c61fe654","name":"6b3eff90-3071-451e-a827-ca569e0ac10b:search_0","type":"search"},{"id":"aws-30ccde50-7397-11ea-a345-f985c61fe654","name":"952e456a-e9ae-4606-b838-e16019375336:search_0","type":"search"},{"id":"aws-30ccde50-7397-11ea-a345-f985c61fe654","name":"802ad09d-5883-4e41-99ac-6c356144d24d:search_0","type":"search"},{"id":"aws-30ccde50-7397-11ea-a345-f985c61fe654","name":"3e617d87-3acf-4203-b03b-c907c9145fce:search_0","type":"search"},{"id":"aws-30ccde50-7397-11ea-a345-f985c61fe654","name":"d6f03440-c717-4f5e-928c-72ae9d450318:search_0","type":"search"},{"id":"aws-30ccde50-7397-11ea-a345-f985c61fe654","name":"40f0a89b-7ce5-498f-a0f0-5c7edf7f8b50:search_0","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688996741503,6172],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1MjIsMV0="}
+{"attributes":{"columns":["cloud.account.id","cloud.provider","cloud.region","event.action","event.id"],"description":"","grid":{},"hideChart":false,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.guardduty\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.guardduty\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"sort":[["@timestamp","desc"]],"title":"Findings Essential Details [Logs Guardduty]"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"aws-df758050-6a49-11ed-b880-2f1b70138655","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688996741503,6177],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1MjMsMV0="}
+{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{\"50ad3275-2e9f-4fb5-86f7-2abb13053d60\":{\"order\":0,\"width\":\"large\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"aws.guardduty.severity.value\",\"parentFieldName\":\"aws.guardduty.severity.value\",\"title\":\"Findings Severity\",\"id\":\"50ad3275-2e9f-4fb5-86f7-2abb13053d60\",\"enhancements\":{},\"selectedOptions\":[]}},\"b1defe1a-26e0-4ec4-86fe-9506c27734a9\":{\"order\":1,\"width\":\"large\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"cloud.account.id\",\"title\":\"Cloud Account ID\",\"id\":\"b1defe1a-26e0-4ec4-86fe-9506c27734a9\",\"enhancements\":{}}},\"cee8fa25-e40b-43d6-be3f-4fa1d86da1ef\":{\"order\":2,\"width\":\"large\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"cloud.region\",\"title\":\"Cloud Region\",\"id\":\"cee8fa25-e40b-43d6-be3f-4fa1d86da1ef\",\"enhancements\":{}}},\"77b15205-772d-492d-9a35-1311d1b95bd2\":{\"order\":3,\"width\":\"large\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"cloud.provider\",\"title\":\"Cloud Provider\",\"id\":\"77b15205-772d-492d-9a35-1311d1b95bd2\",\"enhancements\":{},\"selectedOptions\":[]}}}"},"description":"Overview of Amazon Guardduty Findings logs.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.guardduty\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.guardduty\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"e54ffa6b-51d6-4d63-a5fe-6e0ccd3e38c5\",\"w\":24,\"x\":0,\"y\":0},\"panelIndex\":\"e54ffa6b-51d6-4d63-a5fe-6e0ccd3e38c5\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-38c44a96-07c8-4b58-99a2-e29ae95408e4\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"38c44a96-07c8-4b58-99a2-e29ae95408e4\":{\"columnOrder\":[\"c09646ef-de2b-4763-9a8c-5d638e7e87ca\",\"8552a4c3-4a33-4b7f-a6a1-37ea256ed0e7\"],\"columns\":{\"8552a4c3-4a33-4b7f-a6a1-37ea256ed0e7\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"c09646ef-de2b-4763-9a8c-5d638e7e87ca\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Action Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"8552a4c3-4a33-4b7f-a6a1-37ea256ed0e7\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"event.action\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"accessors\":[\"8552a4c3-4a33-4b7f-a6a1-37ea256ed0e7\"],\"layerId\":\"38c44a96-07c8-4b58-99a2-e29ae95408e4\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"c09646ef-de2b-4763-9a8c-5d638e7e87ca\",\"yConfig\":[{\"axisMode\":\"auto\",\"forAccessor\":\"8552a4c3-4a33-4b7f-a6a1-37ea256ed0e7\"}]}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false,\"showSingleSeries\":true},\"preferredSeriesType\":\"bar_stacked\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Findings by Action Type [Logs Guardduty]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"dddf31a0-8b26-4bb6-b226-6ca4aeb0c8de\",\"w\":24,\"x\":24,\"y\":0},\"panelIndex\":\"dddf31a0-8b26-4bb6-b226-6ca4aeb0c8de\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-d3e3da2f-07a4-42fe-b7cb-c95949158b5d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"d3e3da2f-07a4-42fe-b7cb-c95949158b5d\":{\"columnOrder\":[\"be6d076f-1f09-4396-a1cc-c0c008fb2cf4\",\"329a84e3-c949-45e6-9087-0b3703d5c17c\"],\"columns\":{\"329a84e3-c949-45e6-9087-0b3703d5c17c\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"be6d076f-1f09-4396-a1cc-c0c008fb2cf4\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Account ID\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"329a84e3-c949-45e6-9087-0b3703d5c17c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"cloud.account.id\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"be6d076f-1f09-4396-a1cc-c0c008fb2cf4\",\"isTransposed\":false},{\"alignment\":\"left\",\"columnId\":\"329a84e3-c949-45e6-9087-0b3703d5c17c\",\"isTransposed\":false}],\"layerId\":\"d3e3da2f-07a4-42fe-b7cb-c95949158b5d\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top 10 Account ID [Logs Guardduty]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"affec3f3-1392-4022-8ef4-2c9205b410de\",\"w\":24,\"x\":0,\"y\":15},\"panelIndex\":\"affec3f3-1392-4022-8ef4-2c9205b410de\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-d3e3da2f-07a4-42fe-b7cb-c95949158b5d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"d3e3da2f-07a4-42fe-b7cb-c95949158b5d\":{\"columnOrder\":[\"be6d076f-1f09-4396-a1cc-c0c008fb2cf4\",\"329a84e3-c949-45e6-9087-0b3703d5c17c\"],\"columns\":{\"329a84e3-c949-45e6-9087-0b3703d5c17c\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"be6d076f-1f09-4396-a1cc-c0c008fb2cf4\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"329a84e3-c949-45e6-9087-0b3703d5c17c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"rule.name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"be6d076f-1f09-4396-a1cc-c0c008fb2cf4\",\"isTransposed\":false},{\"alignment\":\"left\",\"columnId\":\"329a84e3-c949-45e6-9087-0b3703d5c17c\",\"isTransposed\":false}],\"layerId\":\"d3e3da2f-07a4-42fe-b7cb-c95949158b5d\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top 10 Highest Findings by Type [Logs Guardduty]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"14a16e94-f5b1-403c-9087-d90b8891acf5\",\"w\":24,\"x\":24,\"y\":15},\"panelIndex\":\"14a16e94-f5b1-403c-9087-d90b8891acf5\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-d3e3da2f-07a4-42fe-b7cb-c95949158b5d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"d3e3da2f-07a4-42fe-b7cb-c95949158b5d\":{\"columnOrder\":[\"be6d076f-1f09-4396-a1cc-c0c008fb2cf4\",\"329a84e3-c949-45e6-9087-0b3703d5c17c\"],\"columns\":{\"329a84e3-c949-45e6-9087-0b3703d5c17c\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Confidence Score\",\"operationType\":\"max\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.guardduty.confidence\"},\"be6d076f-1f09-4396-a1cc-c0c008fb2cf4\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Findings ARN\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"329a84e3-c949-45e6-9087-0b3703d5c17c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.guardduty.arn\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"be6d076f-1f09-4396-a1cc-c0c008fb2cf4\",\"isTransposed\":false},{\"alignment\":\"left\",\"columnId\":\"329a84e3-c949-45e6-9087-0b3703d5c17c\",\"isTransposed\":false}],\"layerId\":\"d3e3da2f-07a4-42fe-b7cb-c95949158b5d\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top 10 Findings ARN with Highest Confidence Score [Logs Guardduty]\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":15,\"i\":\"8c9bbda7-ee27-43a2-b815-656ae730bb01\",\"w\":48,\"x\":0,\"y\":30},\"panelIndex\":\"8c9bbda7-ee27-43a2-b815-656ae730bb01\",\"panelRefName\":\"panel_8c9bbda7-ee27-43a2-b815-656ae730bb01\",\"type\":\"search\",\"version\":\"8.4.0\"}]","timeRestore":false,"title":"[Logs AWS] Guardduty Findings Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"aws-9d21f520-6a36-11ed-b880-2f1b70138655","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"e54ffa6b-51d6-4d63-a5fe-6e0ccd3e38c5:indexpattern-datasource-layer-38c44a96-07c8-4b58-99a2-e29ae95408e4","type":"index-pattern"},{"id":"logs-*","name":"dddf31a0-8b26-4bb6-b226-6ca4aeb0c8de:indexpattern-datasource-layer-d3e3da2f-07a4-42fe-b7cb-c95949158b5d","type":"index-pattern"},{"id":"logs-*","name":"affec3f3-1392-4022-8ef4-2c9205b410de:indexpattern-datasource-layer-d3e3da2f-07a4-42fe-b7cb-c95949158b5d","type":"index-pattern"},{"id":"logs-*","name":"14a16e94-f5b1-403c-9087-d90b8891acf5:indexpattern-datasource-layer-d3e3da2f-07a4-42fe-b7cb-c95949158b5d","type":"index-pattern"},{"id":"aws-df758050-6a49-11ed-b880-2f1b70138655","name":"8c9bbda7-ee27-43a2-b815-656ae730bb01:panel_8c9bbda7-ee27-43a2-b815-656ae730bb01","type":"search"},{"id":"logs-*","name":"controlGroup_50ad3275-2e9f-4fb5-86f7-2abb13053d60:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_b1defe1a-26e0-4ec4-86fe-9506c27734a9:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_cee8fa25-e40b-43d6-be3f-4fa1d86da1ef:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_77b15205-772d-492d-9a35-1311d1b95bd2:optionsListDataView","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688996741503,6190],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1MjQsMV0="}
+{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{\"d842e601-78ae-4001-8c73-0c6131832238\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"cloud.account.name\",\"title\":\"Account Names\",\"id\":\"d842e601-78ae-4001-8c73-0c6131832238\",\"enhancements\":{}}},\"426ffa24-3e19-4e20-9a9e-e1eedcaf8051\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"cloud.region\",\"title\":\"Regions\",\"id\":\"426ffa24-3e19-4e20-9a9e-e1eedcaf8051\",\"enhancements\":{}}},\"d7c787c2-569d-4885-ad67-769c15f96470\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"cloud.availability_zone\",\"title\":\"Availability Zones\",\"id\":\"d7c787c2-569d-4885-ad67-769c15f96470\",\"enhancements\":{}}},\"72cc9b12-4e22-4766-bc89-a7d9e8897123\":{\"order\":3,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"aws.s3.bucket.name\",\"title\":\"Bucket Names\",\"id\":\"72cc9b12-4e22-4766-bc89-a7d9e8897123\",\"enhancements\":{}}}}"},"description":"Overview of AWS S3 Metrics","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"38c1f878-ea80-4442-a455-9b669bd9b08f\",\"w\":4,\"x\":0,\"y\":0},\"panelIndex\":\"38c1f878-ea80-4442-a455-9b669bd9b08f\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-3a6b5560-57cf-4d5a-ab7c-fa2fc2911ed1\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"3a6b5560-57cf-4d5a-ab7c-fa2fc2911ed1\":{\"columnOrder\":[\"e962b376-5889-4a57-8628-dcac9f4208cc\",\"e962b376-5889-4a57-8628-dcac9f4208ccX0\"],\"columns\":{\"e962b376-5889-4a57-8628-dcac9f4208cc\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Total S3 Bucket Size\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}},\"formula\":\"sum(aws.s3_daily_storage.bucket.size.bytes)\",\"isFormulaBroken\":false},\"references\":[\"e962b376-5889-4a57-8628-dcac9f4208ccX0\"],\"scale\":\"ratio\"},\"e962b376-5889-4a57-8628-dcac9f4208ccX0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Total S3 Bucket Size\",\"operationType\":\"sum\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"aws.s3_daily_storage.bucket.size.bytes\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"e962b376-5889-4a57-8628-dcac9f4208cc\",\"layerId\":\"3a6b5560-57cf-4d5a-ab7c-fa2fc2911ed1\",\"layerType\":\"data\",\"size\":\"l\",\"textAlign\":\"center\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":true,\"timeRange\":{\"from\":\"now-2d\",\"to\":\"now-1d\"},\"type\":\"lens\"},\"title\":\"Total S3 Bucket Size\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"9044e628-dfdd-48c2-8a8e-0bfbfe5d1f95\",\"w\":4,\"x\":4,\"y\":0},\"panelIndex\":\"9044e628-dfdd-48c2-8a8e-0bfbfe5d1f95\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-0efc887f-76bc-499e-b51b-23780b4b7075\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"0efc887f-76bc-499e-b51b-23780b4b7075\":{\"columnOrder\":[\"c85259ee-d33a-4b01-b0be-aa137d07fcb8\"],\"columns\":{\"c85259ee-d33a-4b01-b0be-aa137d07fcb8\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"aws.s3_daily_storage.number_of_objects: *\"},\"isBucketed\":false,\"label\":\"Total Number of Objects\",\"operationType\":\"sum\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.s3_daily_storage.number_of_objects\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"c85259ee-d33a-4b01-b0be-aa137d07fcb8\",\"layerId\":\"0efc887f-76bc-499e-b51b-23780b4b7075\",\"layerType\":\"data\",\"size\":\"l\",\"textAlign\":\"center\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":true,\"timeRange\":{\"from\":\"now-2d\",\"to\":\"now-1d\"},\"type\":\"lens\"},\"title\":\"Total number of objects\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"e0b784e3-242b-4690-9bc6-287a3fe6c950\",\"w\":19,\"x\":8,\"y\":0},\"panelIndex\":\"e0b784e3-242b-4690-9bc6-287a3fe6c950\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-1c30a386-39ac-4525-a832-15cc8031dad8\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"1c30a386-39ac-4525-a832-15cc8031dad8\":{\"columnOrder\":[\"9f70a78c-036c-4959-9551-86149f5d42bb\",\"5d688be2-3ff8-48ec-a4af-97f6a0ea881e\"],\"columns\":{\"5d688be2-3ff8-48ec-a4af-97f6a0ea881e\":{\"customLabel\":false,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"aws.s3_daily_storage.bucket.size.bytes: *\"},\"isBucketed\":false,\"label\":\"Last value of aws.s3_daily_storage.bucket.size.bytes\",\"operationType\":\"last_value\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}},\"showArrayValues\":false,\"sortField\":\"@timestamp\"},\"scale\":\"ratio\",\"sourceField\":\"aws.s3_daily_storage.bucket.size.bytes\"},\"9f70a78c-036c-4959-9551-86149f5d42bb\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 values of aws.s3.bucket.name\",\"operationType\":\"terms\",\"params\":{\"accuracyMode\":true,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"5d688be2-3ff8-48ec-a4af-97f6a0ea881e\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.s3.bucket.name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"5d688be2-3ff8-48ec-a4af-97f6a0ea881e\"],\"layerId\":\"1c30a386-39ac-4525-a832-15cc8031dad8\",\"layerType\":\"data\",\"seriesType\":\"bar_horizontal\",\"xAccessor\":\"9f70a78c-036c-4959-9551-86149f5d42bb\"}],\"legend\":{\"isInside\":false,\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_horizontal\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"xTitle\":\"\",\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"timeRange\":{\"from\":\"now-2d\",\"to\":\"now-1d\"},\"type\":\"lens\"},\"title\":\"Top 10 Bucket Size in Bytes\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"504a187a-f1db-4b84-8f31-d502238e64c2\",\"w\":21,\"x\":27,\"y\":0},\"panelIndex\":\"504a187a-f1db-4b84-8f31-d502238e64c2\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-af61dbed-5160-44f1-9926-68ce33152b0d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"af61dbed-5160-44f1-9926-68ce33152b0d\":{\"columnOrder\":[\"0c368248-8555-434d-b8bc-7fc51eef527e\",\"9745c0a5-3ede-4010-8f70-e961503850c6\"],\"columns\":{\"0c368248-8555-434d-b8bc-7fc51eef527e\":{\"customLabel\":false,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 values of aws.s3.bucket.name\",\"operationType\":\"terms\",\"params\":{\"accuracyMode\":true,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"9745c0a5-3ede-4010-8f70-e961503850c6\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.s3.bucket.name\"},\"9745c0a5-3ede-4010-8f70-e961503850c6\":{\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"aws.s3_daily_storage.number_of_objects: *\"},\"isBucketed\":false,\"label\":\"Last value of aws.s3_daily_storage.number_of_objects\",\"operationType\":\"last_value\",\"params\":{\"sortField\":\"@timestamp\"},\"scale\":\"ratio\",\"sourceField\":\"aws.s3_daily_storage.number_of_objects\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"9745c0a5-3ede-4010-8f70-e961503850c6\"],\"layerId\":\"af61dbed-5160-44f1-9926-68ce33152b0d\",\"layerType\":\"data\",\"seriesType\":\"bar_horizontal\",\"xAccessor\":\"0c368248-8555-434d-b8bc-7fc51eef527e\"}],\"legend\":{\"isInside\":true,\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_horizontal\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"xTitle\":\"\",\"yLeftExtent\":{\"mode\":\"dataBounds\"},\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"timeRange\":{\"from\":\"now-2d\",\"to\":\"now-1d\"},\"type\":\"lens\"},\"title\":\"Top 10 Number of Objects\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":12,\"i\":\"06d123df-0904-4a9f-ab84-a542273ffb46\",\"w\":24,\"x\":0,\"y\":8},\"panelIndex\":\"06d123df-0904-4a9f-ab84-a542273ffb46\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-190281eb-58c9-469f-b75e-c9ba458b570c\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"190281eb-58c9-469f-b75e-c9ba458b570c\":{\"columnOrder\":[\"b255fdcd-4a88-4e26-ad95-f96d5fa71f56\",\"f2ac53f6-a4db-4519-86bf-280d76d25c5d\",\"673d465d-234b-46b0-9cb1-3bd22817c3d7\"],\"columns\":{\"673d465d-234b-46b0-9cb1-3bd22817c3d7\":{\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"aws.s3_daily_storage.bucket.size.bytes: *\"},\"isBucketed\":false,\"label\":\"Last value of aws.s3_daily_storage.bucket.size.bytes\",\"operationType\":\"last_value\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}},\"showArrayValues\":false,\"sortField\":\"@timestamp\"},\"scale\":\"ratio\",\"sourceField\":\"aws.s3_daily_storage.bucket.size.bytes\"},\"b255fdcd-4a88-4e26-ad95-f96d5fa71f56\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 5 values of aws.s3.bucket.name\",\"operationType\":\"terms\",\"params\":{\"accuracyMode\":true,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"673d465d-234b-46b0-9cb1-3bd22817c3d7\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.s3.bucket.name\"},\"f2ac53f6-a4db-4519-86bf-280d76d25c5d\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":false,\"interval\":\"d\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"curveType\":\"CURVE_MONOTONE_X\",\"endValue\":\"Nearest\",\"fittingFunction\":\"Linear\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"673d465d-234b-46b0-9cb1-3bd22817c3d7\"],\"layerId\":\"190281eb-58c9-469f-b75e-c9ba458b570c\",\"layerType\":\"data\",\"seriesType\":\"line\",\"splitAccessor\":\"b255fdcd-4a88-4e26-ad95-f96d5fa71f56\",\"xAccessor\":\"f2ac53f6-a4db-4519-86bf-280d76d25c5d\"}],\"legend\":{\"isInside\":true,\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"xTitle\":\"\",\"yLeftExtent\":{\"mode\":\"dataBounds\"},\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"timeRange\":{\"from\":\"now-7d\",\"to\":\"now\"},\"type\":\"lens\"},\"title\":\"Bucket Size\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":12,\"i\":\"1e851b43-a868-431b-a1a3-f1a05b3a743f\",\"w\":24,\"x\":24,\"y\":8},\"panelIndex\":\"1e851b43-a868-431b-a1a3-f1a05b3a743f\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-d2ed9ebb-b73f-4b8d-a214-1d03704a8b60\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"d2ed9ebb-b73f-4b8d-a214-1d03704a8b60\":{\"columnOrder\":[\"f4f5900c-06e2-4f02-a147-657036931d2d\",\"8526b422-9f2d-4482-8be9-80be6308a159\",\"02a5b22e-865f-4b85-826f-11b3ca347035\"],\"columns\":{\"02a5b22e-865f-4b85-826f-11b3ca347035\":{\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"aws.s3_daily_storage.number_of_objects: *\"},\"isBucketed\":false,\"label\":\"Last value of aws.s3_daily_storage.number_of_objects\",\"operationType\":\"last_value\",\"params\":{\"sortField\":\"@timestamp\"},\"scale\":\"ratio\",\"sourceField\":\"aws.s3_daily_storage.number_of_objects\"},\"8526b422-9f2d-4482-8be9-80be6308a159\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 5 values of aws.s3.bucket.name\",\"operationType\":\"terms\",\"params\":{\"accuracyMode\":true,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"02a5b22e-865f-4b85-826f-11b3ca347035\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.s3.bucket.name\"},\"f4f5900c-06e2-4f02-a147-657036931d2d\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":false,\"interval\":\"d\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"curveType\":\"CURVE_MONOTONE_X\",\"endValue\":\"Nearest\",\"fittingFunction\":\"Linear\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"02a5b22e-865f-4b85-826f-11b3ca347035\"],\"layerId\":\"d2ed9ebb-b73f-4b8d-a214-1d03704a8b60\",\"layerType\":\"data\",\"seriesType\":\"line\",\"splitAccessor\":\"8526b422-9f2d-4482-8be9-80be6308a159\",\"xAccessor\":\"f4f5900c-06e2-4f02-a147-657036931d2d\"}],\"legend\":{\"isInside\":true,\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"xTitle\":\"\",\"yLeftExtent\":{\"mode\":\"dataBounds\"},\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"timeRange\":{\"from\":\"now-7d\",\"to\":\"now\"},\"type\":\"lens\"},\"title\":\"Number of Objects\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"1e4a9ad9-15c1-4788-a1fb-80637edf7b95\",\"w\":48,\"x\":0,\"y\":20},\"panelIndex\":\"1e4a9ad9-15c1-4788-a1fb-80637edf7b95\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"Note: visualizations below rely on S3 request metrics to be enabled in AWS first. Please see how to [enable request metrics](https://docs.aws.amazon.com/AmazonS3/latest/userguide/configure-request-metrics-bucket.html) for more details.\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"s3_request_note\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":38,\"i\":\"6f4152e8-0944-4149-941a-0b58e69b8ecd\",\"w\":4,\"x\":0,\"y\":24},\"panelIndex\":\"6f4152e8-0944-4149-941a-0b58e69b8ecd\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"Requests\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"requests title\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":5,\"i\":\"ffbba1de-c2a3-4d55-97c4-ef47b26973e2\",\"w\":8,\"x\":4,\"y\":24},\"panelIndex\":\"ffbba1de-c2a3-4d55-97c4-ef47b26973e2\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-0ccf08d3-d668-4ec7-8ef3-e4de412e7d05\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"0ccf08d3-d668-4ec7-8ef3-e4de412e7d05\":{\"columnOrder\":[\"9670cf93-ad58-473b-bb4b-7f03d919d5f9\"],\"columns\":{\"9670cf93-ad58-473b-bb4b-7f03d919d5f9\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"aws.s3_request.latency.total_request.ms: *\"},\"isBucketed\":false,\"label\":\"Average Total Request Latency (ms)\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":2}}},\"scale\":\"ratio\",\"sourceField\":\"aws.s3_request.latency.total_request.ms\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"9670cf93-ad58-473b-bb4b-7f03d919d5f9\",\"layerId\":\"0ccf08d3-d668-4ec7-8ef3-e4de412e7d05\",\"layerType\":\"data\",\"size\":\"l\",\"textAlign\":\"center\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":true,\"type\":\"lens\"},\"title\":\"Average Total Request Latency\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":5,\"i\":\"1244972a-2e1f-4dbd-9db0-f56a79dcdfba\",\"w\":8,\"x\":12,\"y\":24},\"panelIndex\":\"1244972a-2e1f-4dbd-9db0-f56a79dcdfba\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-b7b988d0-8a23-4f66-8aa0-e73e0b453026\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b7b988d0-8a23-4f66-8aa0-e73e0b453026\":{\"columnOrder\":[\"85e36aab-a782-4b29-a2a3-3c0735c1104d\"],\"columns\":{\"85e36aab-a782-4b29-a2a3-3c0735c1104d\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"aws.s3_request.requests.total: *\"},\"isBucketed\":false,\"label\":\"Total HTTP Requests\",\"operationType\":\"sum\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.s3_request.requests.total\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"85e36aab-a782-4b29-a2a3-3c0735c1104d\",\"layerId\":\"b7b988d0-8a23-4f66-8aa0-e73e0b453026\",\"layerType\":\"data\",\"size\":\"l\",\"textAlign\":\"center\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":true,\"type\":\"lens\"},\"title\":\"Total HTTP Requests\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":5,\"i\":\"3816e81e-b2f9-46bf-8870-fc0b300f5550\",\"w\":7,\"x\":20,\"y\":24},\"panelIndex\":\"3816e81e-b2f9-46bf-8870-fc0b300f5550\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-fc38c622-e1d2-42a4-ae60-6508f677868b\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"fc38c622-e1d2-42a4-ae60-6508f677868b\":{\"columnOrder\":[\"2b81b770-436c-4374-b89a-53dbb8905020\"],\"columns\":{\"2b81b770-436c-4374-b89a-53dbb8905020\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average Download per Request\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}},\"scale\":\"ratio\",\"sourceField\":\"aws.s3_request.downloaded.bytes\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"2b81b770-436c-4374-b89a-53dbb8905020\",\"layerId\":\"fc38c622-e1d2-42a4-ae60-6508f677868b\",\"layerType\":\"data\",\"size\":\"l\",\"textAlign\":\"center\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":true,\"type\":\"lens\"},\"title\":\"Average Download Bytes per Request\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":5,\"i\":\"23e3c7f4-7fdf-421c-b461-e5ae21f10a5c\",\"w\":7,\"x\":27,\"y\":24},\"panelIndex\":\"23e3c7f4-7fdf-421c-b461-e5ae21f10a5c\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-61c0910a-1394-4414-9de9-00a2c4c1df99\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"61c0910a-1394-4414-9de9-00a2c4c1df99\":{\"columnOrder\":[\"8949b8fd-522d-4242-bbff-739d10bba463\"],\"columns\":{\"8949b8fd-522d-4242-bbff-739d10bba463\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average Upload per Request\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}},\"scale\":\"ratio\",\"sourceField\":\"aws.s3_request.uploaded.bytes\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"8949b8fd-522d-4242-bbff-739d10bba463\",\"layerId\":\"61c0910a-1394-4414-9de9-00a2c4c1df99\",\"layerType\":\"data\",\"size\":\"l\",\"textAlign\":\"center\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":true,\"type\":\"lens\"},\"title\":\"Average Upload Bytes per Request\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":5,\"i\":\"4507cadf-b442-4d6b-b397-9fc047f7e4ed\",\"w\":7,\"x\":34,\"y\":24},\"panelIndex\":\"4507cadf-b442-4d6b-b397-9fc047f7e4ed\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-e4780eff-c9b6-4e7c-81d4-000f9e618ee8\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"e4780eff-c9b6-4e7c-81d4-000f9e618ee8\":{\"columnOrder\":[\"d0036bf5-11c8-40b4-875c-c15443ea5999\",\"d0036bf5-11c8-40b4-875c-c15443ea5999X0\"],\"columns\":{\"d0036bf5-11c8-40b4-875c-c15443ea5999\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Bytes per Period Downloaded\",\"operationType\":\"formula\",\"params\":{\"formula\":\"average(aws.s3_request.downloaded.bytes_per_period)\",\"isFormulaBroken\":false},\"references\":[\"d0036bf5-11c8-40b4-875c-c15443ea5999X0\"],\"scale\":\"ratio\"},\"d0036bf5-11c8-40b4-875c-c15443ea5999X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Bytes per Period Downloaded\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"aws.s3_request.downloaded.bytes_per_period\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"d0036bf5-11c8-40b4-875c-c15443ea5999\",\"layerId\":\"e4780eff-c9b6-4e7c-81d4-000f9e618ee8\",\"layerType\":\"data\",\"size\":\"l\",\"textAlign\":\"center\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":true,\"type\":\"lens\"},\"title\":\"Bytes per Period Downloaded\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":5,\"i\":\"1bbf9bfb-10a5-406c-b7b1-0a8dc332280a\",\"w\":7,\"x\":41,\"y\":24},\"panelIndex\":\"1bbf9bfb-10a5-406c-b7b1-0a8dc332280a\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-aadc60fc-e93e-437e-9209-4b4df243c3db\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"aadc60fc-e93e-437e-9209-4b4df243c3db\":{\"columnOrder\":[\"3572bcd6-9a91-4ab6-82d1-80116c8ff17c\"],\"columns\":{\"3572bcd6-9a91-4ab6-82d1-80116c8ff17c\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Bytes per Period Uploaded\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.s3_request.uploaded.bytes_per_period\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"3572bcd6-9a91-4ab6-82d1-80116c8ff17c\",\"layerId\":\"aadc60fc-e93e-437e-9209-4b4df243c3db\",\"layerType\":\"data\",\"size\":\"l\",\"textAlign\":\"center\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":true,\"type\":\"lens\"},\"title\":\"Bytes per Period Uploaded\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"3dea49df-7a75-470f-bd28-79c54e6eb9cd\",\"w\":22,\"x\":4,\"y\":29},\"panelIndex\":\"3dea49df-7a75-470f-bd28-79c54e6eb9cd\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-5bc892ab-f3cc-4395-a9a4-1c24f055b210\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"5bc892ab-f3cc-4395-a9a4-1c24f055b210\":{\"columnOrder\":[\"10209ab6-019a-49e8-ae29-e3404c6fdc96\",\"f736b9f9-d6da-4e2d-b50d-843eaa0f7a1a\",\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\"],\"columns\":{\"10209ab6-019a-49e8-ae29-e3404c6fdc96\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 5 values of aws.s3.bucket.name\",\"operationType\":\"terms\",\"params\":{\"accuracyMode\":true,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\",\"type\":\"column\"},\"orderDirection\":\"asc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.s3.bucket.name\"},\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average of aws.s3_request.requests.total\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.s3_request.requests.total\"},\"f736b9f9-d6da-4e2d-b50d-843eaa0f7a1a\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"curveType\":\"CURVE_MONOTONE_X\",\"fittingFunction\":\"Linear\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\"],\"layerId\":\"5bc892ab-f3cc-4395-a9a4-1c24f055b210\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"splitAccessor\":\"10209ab6-019a-49e8-ae29-e3404c6fdc96\",\"xAccessor\":\"f736b9f9-d6da-4e2d-b50d-843eaa0f7a1a\"}],\"legend\":{\"isInside\":true,\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"xTitle\":\"\",\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"All Requests\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"b080b2b1-d252-4b0c-ac0f-9031f73fd009\",\"w\":22,\"x\":26,\"y\":29},\"panelIndex\":\"b080b2b1-d252-4b0c-ac0f-9031f73fd009\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-5bc892ab-f3cc-4395-a9a4-1c24f055b210\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"5bc892ab-f3cc-4395-a9a4-1c24f055b210\":{\"columnOrder\":[\"10209ab6-019a-49e8-ae29-e3404c6fdc96\",\"f736b9f9-d6da-4e2d-b50d-843eaa0f7a1a\",\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\"],\"columns\":{\"10209ab6-019a-49e8-ae29-e3404c6fdc96\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 5 values of aws.s3.bucket.name\",\"operationType\":\"terms\",\"params\":{\"accuracyMode\":true,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\",\"type\":\"column\"},\"orderDirection\":\"asc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.s3.bucket.name\"},\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average of aws.s3_request.requests.get\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.s3_request.requests.get\"},\"f736b9f9-d6da-4e2d-b50d-843eaa0f7a1a\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"curveType\":\"CURVE_MONOTONE_X\",\"fittingFunction\":\"Linear\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\"],\"layerId\":\"5bc892ab-f3cc-4395-a9a4-1c24f055b210\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"splitAccessor\":\"10209ab6-019a-49e8-ae29-e3404c6fdc96\",\"xAccessor\":\"f736b9f9-d6da-4e2d-b50d-843eaa0f7a1a\"}],\"legend\":{\"isInside\":true,\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"xTitle\":\"\",\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Get Requests\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"17a9a6ad-c32c-41a8-8184-791d434bb504\",\"w\":22,\"x\":4,\"y\":40},\"panelIndex\":\"17a9a6ad-c32c-41a8-8184-791d434bb504\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-5bc892ab-f3cc-4395-a9a4-1c24f055b210\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"5bc892ab-f3cc-4395-a9a4-1c24f055b210\":{\"columnOrder\":[\"10209ab6-019a-49e8-ae29-e3404c6fdc96\",\"f736b9f9-d6da-4e2d-b50d-843eaa0f7a1a\",\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\"],\"columns\":{\"10209ab6-019a-49e8-ae29-e3404c6fdc96\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 5 values of aws.s3.bucket.name\",\"operationType\":\"terms\",\"params\":{\"accuracyMode\":true,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\",\"type\":\"column\"},\"orderDirection\":\"asc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.s3.bucket.name\"},\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average of aws.s3_request.requests.put\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.s3_request.requests.put\"},\"f736b9f9-d6da-4e2d-b50d-843eaa0f7a1a\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"curveType\":\"CURVE_MONOTONE_X\",\"fittingFunction\":\"Linear\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\"],\"layerId\":\"5bc892ab-f3cc-4395-a9a4-1c24f055b210\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"splitAccessor\":\"10209ab6-019a-49e8-ae29-e3404c6fdc96\",\"xAccessor\":\"f736b9f9-d6da-4e2d-b50d-843eaa0f7a1a\"}],\"legend\":{\"isInside\":true,\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"xTitle\":\"\",\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Put Requests\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"b56599a0-8704-4474-9b1f-def104f812a1\",\"w\":22,\"x\":26,\"y\":40},\"panelIndex\":\"b56599a0-8704-4474-9b1f-def104f812a1\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-5bc892ab-f3cc-4395-a9a4-1c24f055b210\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"5bc892ab-f3cc-4395-a9a4-1c24f055b210\":{\"columnOrder\":[\"10209ab6-019a-49e8-ae29-e3404c6fdc96\",\"f736b9f9-d6da-4e2d-b50d-843eaa0f7a1a\",\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\"],\"columns\":{\"10209ab6-019a-49e8-ae29-e3404c6fdc96\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 5 values of aws.s3.bucket.name\",\"operationType\":\"terms\",\"params\":{\"accuracyMode\":true,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\",\"type\":\"column\"},\"orderDirection\":\"asc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.s3.bucket.name\"},\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average of aws.s3_request.requests.head\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.s3_request.requests.head\"},\"f736b9f9-d6da-4e2d-b50d-843eaa0f7a1a\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"curveType\":\"CURVE_MONOTONE_X\",\"fittingFunction\":\"Linear\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\"],\"layerId\":\"5bc892ab-f3cc-4395-a9a4-1c24f055b210\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"splitAccessor\":\"10209ab6-019a-49e8-ae29-e3404c6fdc96\",\"xAccessor\":\"f736b9f9-d6da-4e2d-b50d-843eaa0f7a1a\"}],\"legend\":{\"isInside\":true,\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"xTitle\":\"\",\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Head Requests\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"0ba2d2dc-a517-484a-8838-30d42e11203a\",\"w\":22,\"x\":4,\"y\":51},\"panelIndex\":\"0ba2d2dc-a517-484a-8838-30d42e11203a\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-5bc892ab-f3cc-4395-a9a4-1c24f055b210\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"5bc892ab-f3cc-4395-a9a4-1c24f055b210\":{\"columnOrder\":[\"10209ab6-019a-49e8-ae29-e3404c6fdc96\",\"f736b9f9-d6da-4e2d-b50d-843eaa0f7a1a\",\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\"],\"columns\":{\"10209ab6-019a-49e8-ae29-e3404c6fdc96\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 5 values of aws.s3.bucket.name\",\"operationType\":\"terms\",\"params\":{\"accuracyMode\":true,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\",\"type\":\"column\"},\"orderDirection\":\"asc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.s3.bucket.name\"},\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average of aws.s3_request.errors.4xx\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.s3_request.errors.4xx\"},\"f736b9f9-d6da-4e2d-b50d-843eaa0f7a1a\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"curveType\":\"CURVE_MONOTONE_X\",\"fittingFunction\":\"Linear\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\"],\"layerId\":\"5bc892ab-f3cc-4395-a9a4-1c24f055b210\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"splitAccessor\":\"10209ab6-019a-49e8-ae29-e3404c6fdc96\",\"xAccessor\":\"f736b9f9-d6da-4e2d-b50d-843eaa0f7a1a\"}],\"legend\":{\"isInside\":true,\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"xTitle\":\"\",\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Average 4xx Errors per Request\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"6870d13b-f0e5-4083-94d7-aa9083985ea9\",\"w\":22,\"x\":26,\"y\":51},\"panelIndex\":\"6870d13b-f0e5-4083-94d7-aa9083985ea9\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-5bc892ab-f3cc-4395-a9a4-1c24f055b210\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"5bc892ab-f3cc-4395-a9a4-1c24f055b210\":{\"columnOrder\":[\"10209ab6-019a-49e8-ae29-e3404c6fdc96\",\"f736b9f9-d6da-4e2d-b50d-843eaa0f7a1a\",\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\"],\"columns\":{\"10209ab6-019a-49e8-ae29-e3404c6fdc96\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 5 values of aws.s3.bucket.name\",\"operationType\":\"terms\",\"params\":{\"accuracyMode\":true,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\",\"type\":\"column\"},\"orderDirection\":\"asc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.s3.bucket.name\"},\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average of aws.s3_request.errors.5xx\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.s3_request.errors.5xx\"},\"f736b9f9-d6da-4e2d-b50d-843eaa0f7a1a\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"curveType\":\"CURVE_MONOTONE_X\",\"fittingFunction\":\"Linear\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\"],\"layerId\":\"5bc892ab-f3cc-4395-a9a4-1c24f055b210\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"splitAccessor\":\"10209ab6-019a-49e8-ae29-e3404c6fdc96\",\"xAccessor\":\"f736b9f9-d6da-4e2d-b50d-843eaa0f7a1a\"}],\"legend\":{\"isInside\":true,\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"xTitle\":\"\",\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Average 5xx Errors per Request\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"8b7777c6-c8ba-4768-87db-2c0bb53a7d86\",\"w\":4,\"x\":0,\"y\":62},\"panelIndex\":\"8b7777c6-c8ba-4768-87db-2c0bb53a7d86\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"Downloads and Uploads\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"downloads and uploads title\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"bc8539c4-dc85-4742-911f-220091b082eb\",\"w\":22,\"x\":4,\"y\":62},\"panelIndex\":\"bc8539c4-dc85-4742-911f-220091b082eb\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-5bc892ab-f3cc-4395-a9a4-1c24f055b210\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"5bc892ab-f3cc-4395-a9a4-1c24f055b210\":{\"columnOrder\":[\"10209ab6-019a-49e8-ae29-e3404c6fdc96\",\"f736b9f9-d6da-4e2d-b50d-843eaa0f7a1a\",\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\"],\"columns\":{\"10209ab6-019a-49e8-ae29-e3404c6fdc96\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 5 values of aws.s3.bucket.name\",\"operationType\":\"terms\",\"params\":{\"accuracyMode\":true,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\",\"type\":\"column\"},\"orderDirection\":\"asc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.s3.bucket.name\"},\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average of aws.s3_request.downloaded.bytes\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}},\"scale\":\"ratio\",\"sourceField\":\"aws.s3_request.downloaded.bytes\"},\"f736b9f9-d6da-4e2d-b50d-843eaa0f7a1a\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"curveType\":\"CURVE_MONOTONE_X\",\"fittingFunction\":\"Linear\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\"],\"layerId\":\"5bc892ab-f3cc-4395-a9a4-1c24f055b210\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"splitAccessor\":\"10209ab6-019a-49e8-ae29-e3404c6fdc96\",\"xAccessor\":\"f736b9f9-d6da-4e2d-b50d-843eaa0f7a1a\"}],\"legend\":{\"isInside\":true,\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"xTitle\":\"\",\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Downloaded Bytes per Request\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"81e65dcf-8ce4-4bdd-923d-199f54f7ef74\",\"w\":22,\"x\":26,\"y\":62},\"panelIndex\":\"81e65dcf-8ce4-4bdd-923d-199f54f7ef74\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-5bc892ab-f3cc-4395-a9a4-1c24f055b210\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"5bc892ab-f3cc-4395-a9a4-1c24f055b210\":{\"columnOrder\":[\"10209ab6-019a-49e8-ae29-e3404c6fdc96\",\"f736b9f9-d6da-4e2d-b50d-843eaa0f7a1a\",\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\"],\"columns\":{\"10209ab6-019a-49e8-ae29-e3404c6fdc96\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 5 values of aws.s3.bucket.name\",\"operationType\":\"terms\",\"params\":{\"accuracyMode\":true,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\",\"type\":\"column\"},\"orderDirection\":\"asc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.s3.bucket.name\"},\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average of aws.s3_request.uploaded.bytes\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}},\"scale\":\"ratio\",\"sourceField\":\"aws.s3_request.uploaded.bytes\"},\"f736b9f9-d6da-4e2d-b50d-843eaa0f7a1a\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"curveType\":\"CURVE_MONOTONE_X\",\"fittingFunction\":\"Linear\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"b5f2950b-4e7a-434d-a9b2-84c9fc8be0d6\"],\"layerId\":\"5bc892ab-f3cc-4395-a9a4-1c24f055b210\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"splitAccessor\":\"10209ab6-019a-49e8-ae29-e3404c6fdc96\",\"xAccessor\":\"f736b9f9-d6da-4e2d-b50d-843eaa0f7a1a\"}],\"legend\":{\"isInside\":true,\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"xTitle\":\"\",\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Uploaded Bytes per Request\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"e6e94705-0ae9-4c7c-8b93-c46fe0ebcf61\",\"w\":4,\"x\":0,\"y\":73},\"panelIndex\":\"e6e94705-0ae9-4c7c-8b93-c46fe0ebcf61\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"Latency\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"latency label\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"0bd1714a-bd98-4f66-a280-4ca934795c7f\",\"w\":22,\"x\":4,\"y\":73},\"panelIndex\":\"0bd1714a-bd98-4f66-a280-4ca934795c7f\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-190281eb-58c9-469f-b75e-c9ba458b570c\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"190281eb-58c9-469f-b75e-c9ba458b570c\":{\"columnOrder\":[\"f2ac53f6-a4db-4519-86bf-280d76d25c5d\",\"b255fdcd-4a88-4e26-ad95-f96d5fa71f56\",\"673d465d-234b-46b0-9cb1-3bd22817c3d7\"],\"columns\":{\"673d465d-234b-46b0-9cb1-3bd22817c3d7\":{\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"aws.s3_request.latency.first_byte.ms: *\"},\"isBucketed\":false,\"label\":\"Average of aws.s3_request.latency.total_request.ms\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.s3_request.latency.total_request.ms\"},\"b255fdcd-4a88-4e26-ad95-f96d5fa71f56\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 5 values of aws.s3.bucket.name\",\"operationType\":\"terms\",\"params\":{\"accuracyMode\":true,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"673d465d-234b-46b0-9cb1-3bd22817c3d7\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.s3.bucket.name\"},\"f2ac53f6-a4db-4519-86bf-280d76d25c5d\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":false,\"interval\":\"d\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"curveType\":\"CURVE_MONOTONE_X\",\"fittingFunction\":\"Linear\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"673d465d-234b-46b0-9cb1-3bd22817c3d7\"],\"layerId\":\"190281eb-58c9-469f-b75e-c9ba458b570c\",\"layerType\":\"data\",\"seriesType\":\"line\",\"splitAccessor\":\"b255fdcd-4a88-4e26-ad95-f96d5fa71f56\",\"xAccessor\":\"f2ac53f6-a4db-4519-86bf-280d76d25c5d\"}],\"legend\":{\"isInside\":true,\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"xTitle\":\"\",\"yLeftExtent\":{\"mode\":\"dataBounds\"},\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Request Latency (ms)\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"953c200c-289d-4594-b238-5b851a9a8b00\",\"w\":22,\"x\":26,\"y\":73},\"panelIndex\":\"953c200c-289d-4594-b238-5b851a9a8b00\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-190281eb-58c9-469f-b75e-c9ba458b570c\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"190281eb-58c9-469f-b75e-c9ba458b570c\":{\"columnOrder\":[\"f2ac53f6-a4db-4519-86bf-280d76d25c5d\",\"b255fdcd-4a88-4e26-ad95-f96d5fa71f56\",\"673d465d-234b-46b0-9cb1-3bd22817c3d7\"],\"columns\":{\"673d465d-234b-46b0-9cb1-3bd22817c3d7\":{\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"aws.s3_request.latency.first_byte.ms: *\"},\"isBucketed\":false,\"label\":\"Average of aws.s3_request.latency.first_byte.ms\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"aws.s3_request.latency.first_byte.ms\"},\"b255fdcd-4a88-4e26-ad95-f96d5fa71f56\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 5 values of aws.s3.bucket.name\",\"operationType\":\"terms\",\"params\":{\"accuracyMode\":true,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"673d465d-234b-46b0-9cb1-3bd22817c3d7\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.s3.bucket.name\"},\"f2ac53f6-a4db-4519-86bf-280d76d25c5d\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":false,\"interval\":\"d\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"curveType\":\"CURVE_MONOTONE_X\",\"endValue\":\"Nearest\",\"fittingFunction\":\"Linear\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"673d465d-234b-46b0-9cb1-3bd22817c3d7\"],\"layerId\":\"190281eb-58c9-469f-b75e-c9ba458b570c\",\"layerType\":\"data\",\"seriesType\":\"line\",\"splitAccessor\":\"b255fdcd-4a88-4e26-ad95-f96d5fa71f56\",\"xAccessor\":\"f2ac53f6-a4db-4519-86bf-280d76d25c5d\"}],\"legend\":{\"isInside\":true,\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"xTitle\":\"\",\"yLeftExtent\":{\"mode\":\"dataBounds\"},\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"First Byte Latency (ms)\"}]","refreshInterval":{"pause":true,"value":0},"timeFrom":"now-8d","timeRestore":true,"timeTo":"now","title":"[Metrics AWS] S3 Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"aws-a096b830-4762-11e9-8062-c98a86cb6f94","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"metrics-*","name":"38c1f878-ea80-4442-a455-9b669bd9b08f:indexpattern-datasource-layer-3a6b5560-57cf-4d5a-ab7c-fa2fc2911ed1","type":"index-pattern"},{"id":"metrics-*","name":"9044e628-dfdd-48c2-8a8e-0bfbfe5d1f95:indexpattern-datasource-layer-0efc887f-76bc-499e-b51b-23780b4b7075","type":"index-pattern"},{"id":"metrics-*","name":"e0b784e3-242b-4690-9bc6-287a3fe6c950:indexpattern-datasource-layer-1c30a386-39ac-4525-a832-15cc8031dad8","type":"index-pattern"},{"id":"metrics-*","name":"504a187a-f1db-4b84-8f31-d502238e64c2:indexpattern-datasource-layer-af61dbed-5160-44f1-9926-68ce33152b0d","type":"index-pattern"},{"id":"metrics-*","name":"06d123df-0904-4a9f-ab84-a542273ffb46:indexpattern-datasource-layer-190281eb-58c9-469f-b75e-c9ba458b570c","type":"index-pattern"},{"id":"metrics-*","name":"1e851b43-a868-431b-a1a3-f1a05b3a743f:indexpattern-datasource-layer-d2ed9ebb-b73f-4b8d-a214-1d03704a8b60","type":"index-pattern"},{"id":"metrics-*","name":"ffbba1de-c2a3-4d55-97c4-ef47b26973e2:indexpattern-datasource-layer-0ccf08d3-d668-4ec7-8ef3-e4de412e7d05","type":"index-pattern"},{"id":"metrics-*","name":"1244972a-2e1f-4dbd-9db0-f56a79dcdfba:indexpattern-datasource-layer-b7b988d0-8a23-4f66-8aa0-e73e0b453026","type":"index-pattern"},{"id":"metrics-*","name":"3816e81e-b2f9-46bf-8870-fc0b300f5550:indexpattern-datasource-layer-fc38c622-e1d2-42a4-ae60-6508f677868b","type":"index-pattern"},{"id":"metrics-*","name":"23e3c7f4-7fdf-421c-b461-e5ae21f10a5c:indexpattern-datasource-layer-61c0910a-1394-4414-9de9-00a2c4c1df99","type":"index-pattern"},{"id":"metrics-*","name":"4507cadf-b442-4d6b-b397-9fc047f7e4ed:indexpattern-datasource-layer-e4780eff-c9b6-4e7c-81d4-000f9e618ee8","type":"index-pattern"},{"id":"metrics-*","name":"1bbf9bfb-10a5-406c-b7b1-0a8dc332280a:indexpattern-datasource-layer-aadc60fc-e93e-437e-9209-4b4df243c3db","type":"index-pattern"},{"id":"metrics-*","name":"3dea49df-7a75-470f-bd28-79c54e6eb9cd:indexpattern-datasource-layer-5bc892ab-f3cc-4395-a9a4-1c24f055b210","type":"index-pattern"},{"id":"metrics-*","name":"b080b2b1-d252-4b0c-ac0f-9031f73fd009:indexpattern-datasource-layer-5bc892ab-f3cc-4395-a9a4-1c24f055b210","type":"index-pattern"},{"id":"metrics-*","name":"17a9a6ad-c32c-41a8-8184-791d434bb504:indexpattern-datasource-layer-5bc892ab-f3cc-4395-a9a4-1c24f055b210","type":"index-pattern"},{"id":"metrics-*","name":"b56599a0-8704-4474-9b1f-def104f812a1:indexpattern-datasource-layer-5bc892ab-f3cc-4395-a9a4-1c24f055b210","type":"index-pattern"},{"id":"metrics-*","name":"0ba2d2dc-a517-484a-8838-30d42e11203a:indexpattern-datasource-layer-5bc892ab-f3cc-4395-a9a4-1c24f055b210","type":"index-pattern"},{"id":"metrics-*","name":"6870d13b-f0e5-4083-94d7-aa9083985ea9:indexpattern-datasource-layer-5bc892ab-f3cc-4395-a9a4-1c24f055b210","type":"index-pattern"},{"id":"metrics-*","name":"bc8539c4-dc85-4742-911f-220091b082eb:indexpattern-datasource-layer-5bc892ab-f3cc-4395-a9a4-1c24f055b210","type":"index-pattern"},{"id":"metrics-*","name":"81e65dcf-8ce4-4bdd-923d-199f54f7ef74:indexpattern-datasource-layer-5bc892ab-f3cc-4395-a9a4-1c24f055b210","type":"index-pattern"},{"id":"metrics-*","name":"0bd1714a-bd98-4f66-a280-4ca934795c7f:indexpattern-datasource-layer-190281eb-58c9-469f-b75e-c9ba458b570c","type":"index-pattern"},{"id":"metrics-*","name":"953c200c-289d-4594-b238-5b851a9a8b00:indexpattern-datasource-layer-190281eb-58c9-469f-b75e-c9ba458b570c","type":"index-pattern"},{"id":"metrics-*","name":"controlGroup_d842e601-78ae-4001-8c73-0c6131832238:optionsListDataView","type":"index-pattern"},{"id":"metrics-*","name":"controlGroup_426ffa24-3e19-4e20-9a9e-e1eedcaf8051:optionsListDataView","type":"index-pattern"},{"id":"metrics-*","name":"controlGroup_d7c787c2-569d-4885-ad67-769c15f96470:optionsListDataView","type":"index-pattern"},{"id":"metrics-*","name":"controlGroup_72cc9b12-4e22-4766-bc89-a7d9e8897123:optionsListDataView","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688996741503,6219],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1MjUsMV0="}
+{"attributes":{"columns":[],"description":"","grid":{},"hideChart":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\" or data_stream.dataset : \\\"aws.securityhub_insights\\\" \"}}"},"sort":[["@timestamp","desc"]],"title":"Security Hub - Raw Events [Logs AWS]"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"aws-b111d3a0-5f3e-11ed-b2ee-f91fa284c4b5","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688996741503,6223],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1MjYsMV0="}
+{"attributes":{"columns":["aws.guardduty.service.evidence.threat_intelligence_details.threat.names","aws.guardduty.resource.type","cloud.account.id","cloud.region","message"],"description":"","grid":{},"hideChart":false,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.guardduty\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.guardduty\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"aws.guardduty.severity.value\",\"negate\":false,\"params\":{\"query\":\"High\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"aws.guardduty.severity.value\":\"High\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"sort":[["@timestamp","desc"]],"title":"High Severity Threat Details [Logs Guardduty]"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"aws-b3169d70-6a38-11ed-b880-2f1b70138655","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688996741503,6229],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1MjcsMV0="}
+{"attributes":{"description":"Overview of AWS NAT Gateway Metrics","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.natgateway\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.natgateway\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"346ce7bf-e1af-4e0d-856b-5aa412903167\",\"w\":7,\"x\":0,\"y\":0},\"panelIndex\":\"346ce7bf-e1af-4e0d-856b-5aa412903167\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloud.account.name\",\"id\":\"1565034367477\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"account name\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloud.region\",\"id\":\"1584478324642\",\"indexPatternRefName\":\"control_1_index_pattern\",\"label\":\"region\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"aws.dimensions.NatGatewayId\",\"id\":\"1584479118709\",\"indexPatternRefName\":\"control_2_index_pattern\",\"label\":\"NATGateway ID\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":true,\"useTimeFilter\":true},\"title\":\"NATGateway Filters [Metrics AWS]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Filters\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"19a9f053-a548-4e9d-a257-45932c3b73a5\",\"w\":8,\"x\":7,\"y\":0},\"panelIndex\":\"19a9f053-a548-4e9d-a257-45932c3b73a5\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"688b0480-688d-11ea-8b7d-fd9d15a13cd0\",\"value\":0}],\"bar_color_rules\":[{\"id\":\"6b6b1a00-688d-11ea-8b7d-fd9d15a13cd0\"}],\"drop_last_bucket\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"hide_last_value_indicator\":true,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Total Error of Port Allocation\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.natgateway.metrics.ErrorPortAllocation.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\"}],\"point_size\":\"3\",\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.NatGatewayId\",\"terms_order_by\":\"_count\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"last_value\",\"type\":\"metric\",\"use_kibana_indexes\":false},\"title\":\"NATGateway Error Port Allocation [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Error Port Allocation\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"a7a70775-f4ad-4323-b13c-9c9a3bf1bdf3\",\"w\":8,\"x\":15,\"y\":0},\"panelIndex\":\"a7a70775-f4ad-4323-b13c-9c9a3bf1bdf3\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"688b0480-688d-11ea-8b7d-fd9d15a13cd0\",\"value\":0}],\"bar_color_rules\":[{\"id\":\"6b6b1a00-688d-11ea-8b7d-fd9d15a13cd0\"}],\"drop_last_bucket\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"hide_last_value_indicator\":true,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"formatter\":\"number\",\"id\":\"f444c0e0-688f-11ea-8b7d-fd9d15a13cd0\",\"label\":\"Total Packets Drop\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.natgateway.metrics.PacketsDropCount.sum\",\"id\":\"f444c0e1-688f-11ea-8b7d-fd9d15a13cd0\",\"type\":\"sum\"}],\"point_size\":\"3\",\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.NatGatewayId\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"last_value\",\"type\":\"metric\",\"use_kibana_indexes\":false},\"title\":\"NATGateway Packet Drop [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Packets Drop\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"b5fe853e-d5b0-4918-93ec-8be70f2881a8\",\"w\":8,\"x\":23,\"y\":0},\"panelIndex\":\"b5fe853e-d5b0-4918-93ec-8be70f2881a8\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"688b0480-688d-11ea-8b7d-fd9d15a13cd0\",\"value\":0}],\"bar_color_rules\":[{\"id\":\"6b6b1a00-688d-11ea-8b7d-fd9d15a13cd0\"}],\"drop_last_bucket\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"hide_last_value_indicator\":true,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"formatter\":\"number\",\"id\":\"f444c0e0-688f-11ea-8b7d-fd9d15a13cd0\",\"label\":\"Total Connections Established\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.natgateway.metrics.ConnectionEstablishedCount.sum\",\"id\":\"f444c0e1-688f-11ea-8b7d-fd9d15a13cd0\",\"type\":\"sum\"}],\"point_size\":\"3\",\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.NatGatewayId\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"last_value\",\"type\":\"metric\",\"use_kibana_indexes\":false},\"title\":\"NATGateway Connection Established [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Total Connection Established\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"33663eae-1bc3-47d4-a9fc-3cd2b43c66ef\",\"w\":17,\"x\":31,\"y\":0},\"panelIndex\":\"33663eae-1bc3-47d4-a9fc-3cd2b43c66ef\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"688b0480-688d-11ea-8b7d-fd9d15a13cd0\"}],\"bar_color_rules\":[{\"id\":\"6b6b1a00-688d-11ea-8b7d-fd9d15a13cd0\"}],\"drop_last_bucket\":0,\"hide_last_value_indicator\":true,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"\",\"line_width\":\"3\",\"metrics\":[{\"field\":\"aws.natgateway.metrics.ActiveConnectionCount.max\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"2\",\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.NatGatewayId\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"last_value\",\"type\":\"top_n\",\"use_kibana_indexes\":false},\"title\":\"NATGateway Active Connection Count Top10 [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Active Connection Count\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":13,\"i\":\"4e454740-281a-43b1-92f4-8dd2e37e184f\",\"w\":24,\"x\":0,\"y\":11},\"panelIndex\":\"4e454740-281a-43b1-92f4-8dd2e37e184f\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"688b0480-688d-11ea-8b7d-fd9d15a13cd0\"}],\"bar_color_rules\":[{\"id\":\"6b6b1a00-688d-11ea-8b7d-fd9d15a13cd0\"}],\"drop_last_bucket\":0,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.natgateway.metrics.BytesInFromDestination.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"3\",\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.NatGatewayId\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"last_value\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"NATGateway Bytes In From Destination [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Bytes In From Destination\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":13,\"i\":\"f40587a4-47f1-494a-b8b9-33365ce34d2f\",\"w\":24,\"x\":24,\"y\":11},\"panelIndex\":\"f40587a4-47f1-494a-b8b9-33365ce34d2f\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"688b0480-688d-11ea-8b7d-fd9d15a13cd0\"}],\"bar_color_rules\":[{\"id\":\"6b6b1a00-688d-11ea-8b7d-fd9d15a13cd0\"}],\"drop_last_bucket\":0,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.natgateway.metrics.BytesInFromSource.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"3\",\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.NatGatewayId\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"last_value\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"NATGateway Bytes In From Source [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Bytes In From Source\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":13,\"i\":\"00075068-bf27-49e1-8beb-d5572500205b\",\"w\":24,\"x\":0,\"y\":24},\"panelIndex\":\"00075068-bf27-49e1-8beb-d5572500205b\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"688b0480-688d-11ea-8b7d-fd9d15a13cd0\"}],\"bar_color_rules\":[{\"id\":\"6b6b1a00-688d-11ea-8b7d-fd9d15a13cd0\"}],\"drop_last_bucket\":0,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.natgateway.metrics.BytesOutToDestination.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"3\",\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.NatGatewayId\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"last_value\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"NATGateway Bytes Out To Destination [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Bytes Out To Destination\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":13,\"i\":\"c95ab156-9118-4c3c-94ee-55b4c9f5589c\",\"w\":24,\"x\":24,\"y\":24},\"panelIndex\":\"c95ab156-9118-4c3c-94ee-55b4c9f5589c\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"688b0480-688d-11ea-8b7d-fd9d15a13cd0\"}],\"bar_color_rules\":[{\"id\":\"6b6b1a00-688d-11ea-8b7d-fd9d15a13cd0\"}],\"drop_last_bucket\":0,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.natgateway.metrics.BytesOutToSource.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"3\",\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.NatGatewayId\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"last_value\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"NATGateway Bytes Out To Source [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Bytes Out To Source\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":13,\"i\":\"f7c6e3f7-419d-43ff-a2bb-d5931371f347\",\"w\":24,\"x\":0,\"y\":37},\"panelIndex\":\"f7c6e3f7-419d-43ff-a2bb-d5931371f347\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"688b0480-688d-11ea-8b7d-fd9d15a13cd0\",\"value\":0}],\"bar_color_rules\":[{\"id\":\"6b6b1a00-688d-11ea-8b7d-fd9d15a13cd0\"}],\"drop_last_bucket\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"formatter\":\"number\",\"id\":\"f444c0e0-688f-11ea-8b7d-fd9d15a13cd0\",\"label\":\"\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.natgateway.metrics.PacketsInFromDestination.sum\",\"id\":\"f444c0e1-688f-11ea-8b7d-fd9d15a13cd0\",\"type\":\"avg\"}],\"point_size\":\"3\",\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.NatGatewayId\",\"terms_order_by\":\"f444c0e1-688f-11ea-8b7d-fd9d15a13cd0\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"last_value\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"NATGateway Packet In From Destination [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Packets In From Destination\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":13,\"i\":\"dcc56438-240a-45a4-81ec-a54be3d27c43\",\"w\":24,\"x\":24,\"y\":37},\"panelIndex\":\"dcc56438-240a-45a4-81ec-a54be3d27c43\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"688b0480-688d-11ea-8b7d-fd9d15a13cd0\",\"value\":0}],\"bar_color_rules\":[{\"id\":\"6b6b1a00-688d-11ea-8b7d-fd9d15a13cd0\"}],\"drop_last_bucket\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"formatter\":\"number\",\"id\":\"f444c0e0-688f-11ea-8b7d-fd9d15a13cd0\",\"label\":\"\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.natgateway.metrics.PacketsInFromSource.sum\",\"id\":\"f444c0e1-688f-11ea-8b7d-fd9d15a13cd0\",\"type\":\"avg\"}],\"point_size\":\"3\",\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.NatGatewayId\",\"terms_order_by\":\"f444c0e1-688f-11ea-8b7d-fd9d15a13cd0\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"last_value\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"NATGateway Packet In From Source [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Packets In From Source\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":13,\"i\":\"db77d690-f343-4dc2-8695-d45a03361e01\",\"w\":24,\"x\":0,\"y\":50},\"panelIndex\":\"db77d690-f343-4dc2-8695-d45a03361e01\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"688b0480-688d-11ea-8b7d-fd9d15a13cd0\",\"value\":0}],\"bar_color_rules\":[{\"id\":\"6b6b1a00-688d-11ea-8b7d-fd9d15a13cd0\"}],\"drop_last_bucket\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"formatter\":\"number\",\"id\":\"f444c0e0-688f-11ea-8b7d-fd9d15a13cd0\",\"label\":\"\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.natgateway.metrics.PacketsOutToDestination.sum\",\"id\":\"f444c0e1-688f-11ea-8b7d-fd9d15a13cd0\",\"type\":\"avg\"}],\"point_size\":\"3\",\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.NatGatewayId\",\"terms_order_by\":\"f444c0e1-688f-11ea-8b7d-fd9d15a13cd0\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"last_value\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"NATGateway Packet Out To Destination [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Packets Out To Destination\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":13,\"i\":\"d882a862-87aa-4169-9dc3-0591252fa736\",\"w\":24,\"x\":24,\"y\":50},\"panelIndex\":\"d882a862-87aa-4169-9dc3-0591252fa736\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"688b0480-688d-11ea-8b7d-fd9d15a13cd0\",\"value\":0}],\"bar_color_rules\":[{\"id\":\"6b6b1a00-688d-11ea-8b7d-fd9d15a13cd0\"}],\"drop_last_bucket\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"1m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"formatter\":\"number\",\"id\":\"f444c0e0-688f-11ea-8b7d-fd9d15a13cd0\",\"label\":\"\",\"line_width\":\"2\",\"metrics\":[{\"field\":\"aws.natgateway.metrics.PacketsOutToSource.sum\",\"id\":\"f444c0e1-688f-11ea-8b7d-fd9d15a13cd0\",\"type\":\"avg\"}],\"point_size\":\"3\",\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.NatGatewayId\",\"terms_order_by\":\"f444c0e1-688f-11ea-8b7d-fd9d15a13cd0\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"last_value\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"NATGateway Packet Out To Source [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Packets Out To Source\"}]","timeRestore":false,"title":"[Metrics AWS] NATGateway Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"aws-c2b1cbc0-6891-11ea-b0ac-95d4ecb1fecd","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"346ce7bf-e1af-4e0d-856b-5aa412903167:control_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"346ce7bf-e1af-4e0d-856b-5aa412903167:control_1_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"346ce7bf-e1af-4e0d-856b-5aa412903167:control_2_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688996741503,6236],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1MjgsMV0="}
+{"attributes":{"description":"Overview of AWS EC2 Metrics","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"3\",\"w\":24,\"x\":24,\"y\":27},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"annotations\":[],\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"23428b30-f7f2-11e8-bff8-21537b07dd44\"}],\"bar_color_rules\":[{\"id\":\"2592bcc0-f7f2-11e8-bff8-21537b07dd44\"}],\"drop_last_bucket\":1,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.ec2_metrics\\\" \"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\">=5m\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(104,188,0,1)\",\"fill\":\"0\",\"filter\":\"\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"AWS EC2 DiskIO Write Bytes\",\"line_width\":1,\"metrics\":[{\"field\":\"host.disk.write.bytes\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"max\"}],\"point_size\":1,\"separate_axis\":0,\"series_drop_last_bucket\":1,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"steps\":0,\"terms_field\":\"cloud.instance.id\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"terms_size\":\"5\",\"time_range_mode\":\"entire_time_range\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"EC2 DiskIO Write Bytes [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"EC2 DiskIO Write Bytes\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"5\",\"w\":12,\"x\":36,\"y\":0},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"d13f6b50-f7f6-11e8-bff8-21537b07dd44\"}],\"bar_color_rules\":[{\"id\":\"ad6d62d0-f7f7-11e8-bff8-21537b07dd44\"}],\"drop_last_bucket\":1,\"gauge_color_rules\":[{\"id\":\"b0c5b590-f7f7-11e8-bff8-21537b07dd44\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"hide_last_value_indicator\":true,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"EC2 Status Check Failed\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.ec2.status.check_failed\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"terms_field\":\"cloud.instance.id\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\",\"use_kibana_indexes\":false},\"title\":\"EC2 Status Check Failed [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"EC2 Status Check Failed\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"11\",\"w\":24,\"x\":0,\"y\":42},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"annotations\":[],\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"23428b30-f7f2-11e8-bff8-21537b07dd44\"}],\"bar_color_rules\":[{\"id\":\"2592bcc0-f7f2-11e8-bff8-21537b07dd44\"}],\"drop_last_bucket\":1,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.ec2_metrics\\\" \"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\">=5m\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(104,188,0,1)\",\"fill\":\"0\",\"filter\":\"\",\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"AWS EC2 Network In Bytes\",\"line_width\":1,\"metrics\":[{\"field\":\"host.network.ingress.bytes\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"max\"}],\"point_size\":1,\"separate_axis\":0,\"series_drop_last_bucket\":1,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"steps\":0,\"terms_field\":\"cloud.instance.id\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"terms_size\":\"5\",\"time_range_mode\":\"entire_time_range\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"EC2 Network In Bytes [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"EC2 Network In Bytes\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"12\",\"w\":24,\"x\":24,\"y\":42},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"annotations\":[],\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"23428b30-f7f2-11e8-bff8-21537b07dd44\"}],\"bar_color_rules\":[{\"id\":\"2592bcc0-f7f2-11e8-bff8-21537b07dd44\"}],\"drop_last_bucket\":1,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.ec2_metrics\\\" \"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\">=5m\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(104,188,0,1)\",\"fill\":\"0\",\"filter\":\"\",\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"AWS EC2 Network Out Bytes\",\"line_width\":1,\"metrics\":[{\"field\":\"host.network.egress.bytes\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"max\"}],\"point_size\":1,\"separate_axis\":0,\"series_drop_last_bucket\":1,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"steps\":0,\"terms_field\":\"cloud.instance.id\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"terms_size\":\"5\",\"time_range_mode\":\"entire_time_range\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"EC2 Network Out Bytes [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"EC2 Network Out Bytes\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"15\",\"w\":24,\"x\":0,\"y\":27},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"annotations\":[],\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"23428b30-f7f2-11e8-bff8-21537b07dd44\"}],\"bar_color_rules\":[{\"id\":\"2592bcc0-f7f2-11e8-bff8-21537b07dd44\"}],\"drop_last_bucket\":1,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.ec2_metrics\\\" \"},\"gauge_color_rules\":[{\"id\":\"dcc75b70-2328-11ed-8313-17cbcb322386\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\">=5m\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(104,188,0,1)\",\"fill\":\"0\",\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"AWS EC2 DiskIO Read Bytes\",\"line_width\":1,\"metrics\":[{\"field\":\"host.disk.read.bytes\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"max\"}],\"point_size\":1,\"separate_axis\":0,\"series_drop_last_bucket\":1,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"steps\":0,\"terms_field\":\"cloud.instance.id\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"terms_size\":\"5\",\"time_range_mode\":\"entire_time_range\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"EC2 DiskIO Read Bytes [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"EC2 DiskIO Read Bytes\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"17\",\"w\":48,\"x\":0,\"y\":12},\"panelIndex\":\"17\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"annotations\":[],\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"23428b30-f7f2-11e8-bff8-21537b07dd44\"}],\"bar_color_rules\":[{\"id\":\"2592bcc0-f7f2-11e8-bff8-21537b07dd44\"}],\"drop_last_bucket\":1,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.ec2_metrics\\\" \"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\">=5m\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(104,188,0,1)\",\"fill\":\"0\",\"filter\":\"\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"AWS EC2 CPU Utilization\",\"line_width\":1,\"metrics\":[{\"field\":\"host.cpu.usage\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"max\"}],\"point_size\":1,\"separate_axis\":0,\"series_drop_last_bucket\":1,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"steps\":0,\"terms_field\":\"cloud.instance.id\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"terms_size\":\"5\",\"time_range_mode\":\"entire_time_range\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"EC2 CPU Utilization [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"EC2 CPU Utilization\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"18\",\"w\":17,\"x\":0,\"y\":0},\"panelIndex\":\"18\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloud.account.name\",\"id\":\"1549397251041\",\"indexPatternRefName\":\"control_18_0_index_pattern\",\"label\":\"account name\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":true,\"useTimeFilter\":false},\"title\":\"AWS Account Filter [Metrics AWS]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"AWS Account Filter\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"19\",\"w\":19,\"x\":17,\"y\":0},\"panelIndex\":\"19\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"EC2 Instance State\"},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"\",\"field\":\"aws.ec2.instance.state.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"distinctColors\":true,\"isDonut\":false,\"labels\":{\"last_level\":true,\"show\":true,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"legendSize\":\"auto\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"type\":\"pie\"},\"title\":\"EC2 Instance State [Metrics AWS]\",\"type\":\"pie\",\"uiState\":{\"vis\":{\"colors\":{\"16\":\"#629E51\",\"80\":\"#E24D42\",\"272\":\"#DEDAF7\",\"running\":\"#7EB26D\",\"stopped\":\"#E24D42\"},\"legendOpen\":true}}},\"type\":\"visualization\"},\"title\":\"EC2 Instance State\"}]","timeRestore":false,"title":"[Metrics AWS] EC2 Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"aws-c5846400-f7fb-11e8-af03-c999c9dea608","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"metrics-*","name":"18:control_18_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"19:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688996741503,6241],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1MjksMV0="}
+{"attributes":{"columns":["cloud.account.id","event.module","rule.name","source.ip","source.geo.country_name","cloud.instance.id","user.id","user.name"],"description":"","grid":{},"hideChart":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\" or data_stream.dataset : \\\"aws.securityhub_insights\\\" \"}}"},"sort":[["@timestamp","desc"]],"title":"Essential Details - Security Hub [Logs AWS]"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"aws-cc2e2cf0-5f3f-11ed-b2ee-f91fa284c4b5","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688996741503,6245],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1MzAsMV0="}
+{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{\"d620f0d7-381f-456f-8660-a6e6838e34fc\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"data_stream.dataset\",\"title\":\"Integrations\",\"id\":\"d620f0d7-381f-456f-8660-a6e6838e34fc\",\"enhancements\":{},\"selectedOptions\":[]}},\"f7d8c037-280e-4387-84e2-fa76ee6124da\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"aws.securityhub_findings.region\",\"title\":\"Region\",\"id\":\"f7d8c037-280e-4387-84e2-fa76ee6124da\",\"enhancements\":{},\"selectedOptions\":[]}},\"c819da49-49e8-4460-8329-8521d7f8ac8a\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"cloud.account.id\",\"title\":\"Account\",\"id\":\"c819da49-49e8-4460-8329-8521d7f8ac8a\",\"enhancements\":{},\"selectedOptions\":[]}}}"},"description":"AWS Security Hub Findings Summary","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.module\",\"negate\":false,\"params\":{\"query\":\"aws\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.module\":\"aws\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":3,\"i\":\"cc027475-1e31-4ccf-bdd7-9655809a1c30\",\"w\":48,\"x\":0,\"y\":4},\"panelIndex\":\"cc027475-1e31-4ccf-bdd7-9655809a1c30\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"# AWS Security Hub Finding summary\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"146c2ac6-d83d-4fcb-808a-d24c2762f45c\",\"w\":24,\"x\":0,\"y\":7},\"panelIndex\":\"146c2ac6-d83d-4fcb-808a-d24c2762f45c\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-4b9a3fe3-f262-48c5-97cd-3f32f2264fdb\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"4b9a3fe3-f262-48c5-97cd-3f32f2264fdb\":{\"columnOrder\":[\"fb8cd887-3cd0-45c3-8aed-262a64d6b8b3\",\"7bcad210-7a5d-4afe-94ea-942f04dc5e68\"],\"columns\":{\"7bcad210-7a5d-4afe-94ea-942f04dc5e68\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"fb8cd887-3cd0-45c3-8aed-262a64d6b8b3\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Cloud Account Id\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"7bcad210-7a5d-4afe-94ea-942f04dc5e68\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"cloud.account.id\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"4b9a3fe3-f262-48c5-97cd-3f32f2264fdb\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"fb8cd887-3cd0-45c3-8aed-262a64d6b8b3\"],\"metrics\":[\"7bcad210-7a5d-4afe-94ea-942f04dc5e68\"]}],\"shape\":\"donut\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Events by Account [Logs AWS]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"2aeb6bda-8e7f-40bf-a8b3-ea8fdee8dea7\",\"w\":24,\"x\":24,\"y\":7},\"panelIndex\":\"2aeb6bda-8e7f-40bf-a8b3-ea8fdee8dea7\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-45c33cba-b3b0-45a4-91f3-a13600dbfdcc\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"45c33cba-b3b0-45a4-91f3-a13600dbfdcc\":{\"columnOrder\":[\"6d202975-b109-4e8b-a047-019162160e00\",\"25539159-d53b-4507-9e4b-e5aa60e46960\"],\"columns\":{\"25539159-d53b-4507-9e4b-e5aa60e46960\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"6d202975-b109-4e8b-a047-019162160e00\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Region\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"25539159-d53b-4507-9e4b-e5aa60e46960\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.region\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"45c33cba-b3b0-45a4-91f3-a13600dbfdcc\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"6d202975-b109-4e8b-a047-019162160e00\"],\"metrics\":[\"25539159-d53b-4507-9e4b-e5aa60e46960\"]}],\"shape\":\"donut\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Events by Region [Logs AWS]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"7a319626-d1c2-4728-9611-3bbea3c850d4\",\"w\":24,\"x\":0,\"y\":22},\"panelIndex\":\"7a319626-d1c2-4728-9611-3bbea3c850d4\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-abc2e8dc-c832-4535-bdf4-d39175c25d2e\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"abc2e8dc-c832-4535-bdf4-d39175c25d2e\":{\"columnOrder\":[\"4472ff1b-db62-487f-a6e3-749c5f62befd\",\"3774d612-21ea-4250-92b8-a2fe326e024c\"],\"columns\":{\"3774d612-21ea-4250-92b8-a2fe326e024c\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Findings\",\"operationType\":\"unique_count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"event.id\"},\"4472ff1b-db62-487f-a6e3-749c5f62befd\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Severity Label\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"3774d612-21ea-4250-92b8-a2fe326e024c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.severity.label\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"breakdownByAccessor\":\"4472ff1b-db62-487f-a6e3-749c5f62befd\",\"layerId\":\"abc2e8dc-c832-4535-bdf4-d39175c25d2e\",\"layerType\":\"data\",\"metricAccessor\":\"3774d612-21ea-4250-92b8-a2fe326e024c\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Count by Severity [Logs AWS]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"7cb13a54-c41f-4653-be22-340b99b6d83c\",\"w\":24,\"x\":24,\"y\":22},\"panelIndex\":\"7cb13a54-c41f-4653-be22-340b99b6d83c\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-cc8f028d-adf1-46a8-a162-aa6ba2cb8406\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"cc8f028d-adf1-46a8-a162-aa6ba2cb8406\":{\"columnOrder\":[\"4b241e3b-e550-4cc9-b68b-c47ba8b8cec3\",\"29f0109a-96df-439a-ae1c-a5dc3f53ff5c\"],\"columns\":{\"29f0109a-96df-439a-ae1c-a5dc3f53ff5c\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Findings\",\"operationType\":\"unique_count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"event.id\"},\"4b241e3b-e550-4cc9-b68b-c47ba8b8cec3\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Product Name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"29f0109a-96df-439a-ae1c-a5dc3f53ff5c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.product.name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"breakdownByAccessor\":\"4b241e3b-e550-4cc9-b68b-c47ba8b8cec3\",\"layerId\":\"cc8f028d-adf1-46a8-a162-aa6ba2cb8406\",\"layerType\":\"data\",\"metricAccessor\":\"29f0109a-96df-439a-ae1c-a5dc3f53ff5c\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":9,\"i\":\"7c5505a3-f4e0-43af-8e25-260e9e7e8473\",\"w\":48,\"x\":0,\"y\":30},\"panelIndex\":\"7c5505a3-f4e0-43af-8e25-260e9e7e8473\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-abc2e8dc-c832-4535-bdf4-d39175c25d2e\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"abc2e8dc-c832-4535-bdf4-d39175c25d2e\":{\"columnOrder\":[\"fed4a1c5-b8c0-4d90-a3b2-ab4f7703b784\",\"c2e3c0d5-8616-4909-ad4c-6c3438beb81c\",\"4900fbee-6544-4c05-9996-8d4ff192713f\"],\"columns\":{\"4900fbee-6544-4c05-9996-8d4ff192713f\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"c2e3c0d5-8616-4909-ad4c-6c3438beb81c\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"fed4a1c5-b8c0-4d90-a3b2-ab4f7703b784\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 5 values of aws.securityhub_findings.severity.label\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"4900fbee-6544-4c05-9996-8d4ff192713f\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.severity.label\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\" or data_stream.dataset : \\\"aws.securityhub_insights\\\" \"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"4900fbee-6544-4c05-9996-8d4ff192713f\"],\"layerId\":\"abc2e8dc-c832-4535-bdf4-d39175c25d2e\",\"layerType\":\"data\",\"seriesType\":\"bar_stacked\",\"splitAccessor\":\"fed4a1c5-b8c0-4d90-a3b2-ab4f7703b784\",\"xAccessor\":\"c2e3c0d5-8616-4909-ad4c-6c3438beb81c\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Finding's Severity Over Time [Logs AWS]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"d296bb5b-a63d-4931-84aa-d3a2d0fa754d\",\"w\":11,\"x\":0,\"y\":39},\"panelIndex\":\"d296bb5b-a63d-4931-84aa-d3a2d0fa754d\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Count\",\"emptyAsNull\":false,\"field\":\"event.id\"},\"schema\":\"metric\",\"type\":\"cardinality\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Instance ID \",\"excludeIsRegex\":true,\"field\":\"cloud.instance.id\",\"includeIsRegex\":true,\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10000},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\" or data_stream.dataset : \\\"aws.securityhub_insights\\\" \"}}},\"description\":\"\",\"params\":{\"autoFitRowToContent\":false,\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"},\"title\":\"Security Hub - Affected Instance ID [Logs AWS]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":16,\"i\":\"933df910-8ae4-4a4b-9af7-87b30a92d952\",\"w\":37,\"x\":11,\"y\":39},\"panelIndex\":\"933df910-8ae4-4a4b-9af7-87b30a92d952\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Finding Type\",\"excludeIsRegex\":true,\"field\":\"aws.securityhub_findings.types\",\"includeIsRegex\":true,\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Severity Label\",\"excludeIsRegex\":true,\"field\":\"aws.securityhub_findings.severity.label\",\"includeIsRegex\":true,\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\" or data_stream.dataset : \\\"aws.securityhub_insights\\\" \"}}},\"description\":\"\",\"params\":{\"autoFitRowToContent\":false,\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"colWidth\":[{\"colIndex\":0,\"width\":650},{\"colIndex\":1,\"width\":556}],\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}},\"type\":\"visualization\"},\"title\":\"Security Hub - Finding Types [Logs AWS]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"a4cba719-5f51-4090-910f-12e39dc01239\",\"w\":11,\"x\":0,\"y\":47},\"panelIndex\":\"a4cba719-5f51-4090-910f-12e39dc01239\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Count\",\"emptyAsNull\":false,\"field\":\"event.id\"},\"schema\":\"metric\",\"type\":\"cardinality\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"excludeIsRegex\":true,\"field\":\"network.direction\",\"includeIsRegex\":true,\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":6},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\" or data_stream.dataset : \\\"aws.securityhub_insights\\\" \"}}},\"description\":\"\",\"params\":{\"autoFitRowToContent\":false,\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"},\"title\":\"Security Hub - Network Direction [Logs AWS]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":18,\"i\":\"5c3b2b5f-b097-4b2e-adae-a4d9149e808f\",\"w\":48,\"x\":0,\"y\":55},\"panelIndex\":\"5c3b2b5f-b097-4b2e-adae-a4d9149e808f\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"aggregate\":\"concat\",\"customLabel\":\"Workflow\",\"field\":\"aws.securityhub_findings.workflow.status\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\"},\"schema\":\"metric\",\"type\":\"top_hits\"},{\"enabled\":true,\"id\":\"5\",\"params\":{\"customLabel\":\"Severity\",\"excludeIsRegex\":true,\"field\":\"aws.securityhub_findings.severity.normalized\",\"includeIsRegex\":true,\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":1000},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"6\",\"params\":{\"customLabel\":\"Label\",\"excludeIsRegex\":true,\"field\":\"aws.securityhub_findings.severity.label\",\"includeIsRegex\":true,\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10000},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Account\",\"excludeIsRegex\":true,\"field\":\"cloud.account.id\",\"includeIsRegex\":true,\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10000},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Region\",\"excludeIsRegex\":true,\"field\":\"aws.securityhub_findings.region\",\"includeIsRegex\":true,\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10000},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Product\",\"excludeIsRegex\":true,\"field\":\"aws.securityhub_findings.product.name\",\"includeIsRegex\":true,\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10000},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"7\",\"params\":{\"aggregate\":\"concat\",\"customLabel\":\"Record State\",\"field\":\"aws.securityhub_findings.record_state\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\"},\"schema\":\"metric\",\"type\":\"top_hits\"},{\"enabled\":true,\"id\":\"8\",\"params\":{\"customLabel\":\"Timestamp\",\"field\":\"@timestamp\"},\"schema\":\"metric\",\"type\":\"max\"},{\"enabled\":true,\"id\":\"10\",\"params\":{\"customLabel\":\"ID\",\"excludeIsRegex\":true,\"field\":\"event.id\",\"includeIsRegex\":true,\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10000},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\" or data_stream.dataset : \\\"aws.securityhub_insights\\\" \"}}},\"description\":\"\",\"params\":{\"autoFitRowToContent\":false,\"perPage\":20,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"},\"title\":\"Security Hub - Findings [Logs AWS]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":3,\"i\":\"7a8bdb96-e4c4-4e63-bc80-14fbd4b97c2f\",\"w\":48,\"x\":0,\"y\":73},\"panelIndex\":\"7a8bdb96-e4c4-4e63-bc80-14fbd4b97c2f\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":24,\"markdown\":\"Security Standards and Controls\",\"openLinksInNewTab\":false},\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":17,\"i\":\"9c9ea523-c04c-4783-9737-494bb8a1d068\",\"w\":48,\"x\":0,\"y\":76},\"panelIndex\":\"9c9ea523-c04c-4783-9737-494bb8a1d068\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"aggregate\":\"concat\",\"customLabel\":\"Workflow\",\"field\":\"aws.securityhub_findings.workflow.status\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\"},\"schema\":\"metric\",\"type\":\"top_hits\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Account\",\"excludeIsRegex\":true,\"field\":\"cloud.account.id\",\"includeIsRegex\":true,\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderAgg\":{\"enabled\":true,\"id\":\"2-orderAgg\",\"params\":{\"emptyAsNull\":false},\"schema\":\"orderAgg\",\"type\":\"count\"},\"orderBy\":\"custom\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10000},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Region\",\"excludeIsRegex\":true,\"field\":\"aws.securityhub_findings.region\",\"includeIsRegex\":true,\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10000},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"7\",\"params\":{\"customLabel\":\"Generator Id\",\"excludeIsRegex\":true,\"field\":\"aws.securityhub_findings.generator.id\",\"includeIsRegex\":true,\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"asc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10000},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Id\",\"excludeIsRegex\":true,\"field\":\"event.id\",\"includeIsRegex\":true,\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"5\",\"params\":{\"aggregate\":\"concat\",\"customLabel\":\"Compliance\",\"field\":\"aws.securityhub_findings.compliance.status\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\"},\"schema\":\"metric\",\"type\":\"top_hits\"},{\"enabled\":true,\"id\":\"6\",\"params\":{\"aggregate\":\"concat\",\"customLabel\":\"Record State\",\"field\":\"aws.securityhub_findings.record_state\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\"},\"schema\":\"metric\",\"type\":\"top_hits\"},{\"enabled\":true,\"id\":\"8\",\"params\":{\"customLabel\":\"Timestamp\",\"field\":\"@timestamp\"},\"schema\":\"metric\",\"type\":\"max\"}],\"searchSource\":{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\" or data_stream.dataset : \\\"aws.securityhub_insights\\\" \"}}},\"description\":\"\",\"params\":{\"autoFitRowToContent\":false,\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"},\"title\":\"\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":3,\"i\":\"a22c199d-3314-4dc0-9c99-79d7dad12c6c\",\"w\":48,\"x\":0,\"y\":93},\"panelIndex\":\"a22c199d-3314-4dc0-9c99-79d7dad12c6c\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":24,\"markdown\":\"Details\",\"openLinksInNewTab\":false},\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":16,\"i\":\"7fad8ba7-c80b-45f5-ace4-0757caa63766\",\"w\":48,\"x\":0,\"y\":96},\"panelIndex\":\"7fad8ba7-c80b-45f5-ace4-0757caa63766\",\"panelRefName\":\"panel_7fad8ba7-c80b-45f5-ace4-0757caa63766\",\"type\":\"search\",\"version\":\"8.4.0\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":16,\"i\":\"d730fda4-95c3-4c8f-9236-6dd187a9f63c\",\"w\":48,\"x\":0,\"y\":112},\"panelIndex\":\"d730fda4-95c3-4c8f-9236-6dd187a9f63c\",\"panelRefName\":\"panel_d730fda4-95c3-4c8f-9236-6dd187a9f63c\",\"type\":\"search\",\"version\":\"8.4.0\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"d5280fe0-536d-45b0-87c4-1fb9c41065fd\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"d5280fe0-536d-45b0-87c4-1fb9c41065fd\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"[Findings Action Overview](#/dashboard/aws-3d3dbe00-f79f-11ec-aa7f-c173c0f9e267) | [Findings Malware, Threat Intelligence Indicator and Network Path Overview](#/dashboard/aws-8fcf4c20-f7a3-11ec-aa7f-c173c0f9e267) | [Findings and Insights Overview](#/dashboard/aws-cc571400-dc61-11ec-a6e3-1bc5ab0aa1b4)\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Dashboards [Logs AWS]\"}]","timeRestore":false,"title":"[Logs AWS] Security Hub Summary Dashboard","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"aws-c9f103d0-5f63-11ed-bd69-473ce047ef30","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"146c2ac6-d83d-4fcb-808a-d24c2762f45c:indexpattern-datasource-layer-4b9a3fe3-f262-48c5-97cd-3f32f2264fdb","type":"index-pattern"},{"id":"logs-*","name":"2aeb6bda-8e7f-40bf-a8b3-ea8fdee8dea7:indexpattern-datasource-layer-45c33cba-b3b0-45a4-91f3-a13600dbfdcc","type":"index-pattern"},{"id":"logs-*","name":"7a319626-d1c2-4728-9611-3bbea3c850d4:indexpattern-datasource-layer-abc2e8dc-c832-4535-bdf4-d39175c25d2e","type":"index-pattern"},{"id":"logs-*","name":"7cb13a54-c41f-4653-be22-340b99b6d83c:indexpattern-datasource-layer-cc8f028d-adf1-46a8-a162-aa6ba2cb8406","type":"index-pattern"},{"id":"logs-*","name":"7c5505a3-f4e0-43af-8e25-260e9e7e8473:indexpattern-datasource-layer-abc2e8dc-c832-4535-bdf4-d39175c25d2e","type":"index-pattern"},{"id":"logs-*","name":"d296bb5b-a63d-4931-84aa-d3a2d0fa754d:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"933df910-8ae4-4a4b-9af7-87b30a92d952:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"a4cba719-5f51-4090-910f-12e39dc01239:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"5c3b2b5f-b097-4b2e-adae-a4d9149e808f:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"9c9ea523-c04c-4783-9737-494bb8a1d068:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"aws-b111d3a0-5f3e-11ed-b2ee-f91fa284c4b5","name":"7fad8ba7-c80b-45f5-ace4-0757caa63766:panel_7fad8ba7-c80b-45f5-ace4-0757caa63766","type":"search"},{"id":"aws-cc2e2cf0-5f3f-11ed-b2ee-f91fa284c4b5","name":"d730fda4-95c3-4c8f-9236-6dd187a9f63c:panel_d730fda4-95c3-4c8f-9236-6dd187a9f63c","type":"search"},{"id":"logs-*","name":"controlGroup_d620f0d7-381f-456f-8660-a6e6838e34fc:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_f7d8c037-280e-4387-84e2-fa76ee6124da:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_c819da49-49e8-4460-8329-8521d7f8ac8a:optionsListDataView","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688996741503,6264],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1MzEsMV0="}
+{"attributes":{"description":"Overview of AWS Security Hub Findings and Insights","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\" or data_stream.dataset : \\\"aws.securityhub_insights\\\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"4668ee49-067c-4cfc-a1d4-a3ab08c226b3\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"4668ee49-067c-4cfc-a1d4-a3ab08c226b3\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"[Findings Action Overview](#/dashboard/aws-3d3dbe00-f79f-11ec-aa7f-c173c0f9e267) | [Findings Malware, Threat Intelligence Indicator and Network Path Overview](#/dashboard/aws-8fcf4c20-f7a3-11ec-aa7f-c173c0f9e267) | [Summary Dashboard](#/dashboard/aws-c9f103d0-5f63-11ed-bd69-473ce047ef30) \",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Dashboards [Logs AWS]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"172b1706-6063-4239-92f8-3b8467011451\",\"w\":24,\"x\":24,\"y\":4},\"panelIndex\":\"172b1706-6063-4239-92f8-3b8467011451\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-0e162cf0-664f-4e61-811a-53b6647439eb\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"0e162cf0-664f-4e61-811a-53b6647439eb\":{\"columnOrder\":[\"fe5c1f4e-c9e8-4f5a-af66-097da74ee739\",\"30d0d102-8112-43c2-b002-2da63701c0cd\"],\"columns\":{\"30d0d102-8112-43c2-b002-2da63701c0cd\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"fe5c1f4e-c9e8-4f5a-af66-097da74ee739\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Network Protocols\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"30d0d102-8112-43c2-b002-2da63701c0cd\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"network.protocol\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"fe5c1f4e-c9e8-4f5a-af66-097da74ee739\"},{\"columnId\":\"30d0d102-8112-43c2-b002-2da63701c0cd\"}],\"layerId\":\"0e162cf0-664f-4e61-811a-53b6647439eb\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top 10 Network Protocols [Logs AWS]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"97721563-8afc-4ff2-b30d-a309a6673b09\",\"w\":24,\"x\":0,\"y\":4},\"panelIndex\":\"97721563-8afc-4ff2-b30d-a309a6673b09\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-4a594fbf-8dbd-4a05-b3e0-3fbbad5b9935\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"4a594fbf-8dbd-4a05-b3e0-3fbbad5b9935\":{\"columnOrder\":[\"13ac5e44-4247-4cd7-ba24-485bab02c205\",\"5438dbe3-f3f6-4def-8a4a-3584628557c7\"],\"columns\":{\"13ac5e44-4247-4cd7-ba24-485bab02c205\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Network Direction\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"5438dbe3-f3f6-4def-8a4a-3584628557c7\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"network.direction\"},\"5438dbe3-f3f6-4def-8a4a-3584628557c7\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"4a594fbf-8dbd-4a05-b3e0-3fbbad5b9935\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"13ac5e44-4247-4cd7-ba24-485bab02c205\"],\"metrics\":[\"5438dbe3-f3f6-4def-8a4a-3584628557c7\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Events by Network Direction [Logs AWS]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"40ab8dcf-a27a-4c38-b007-9d089e826939\",\"w\":24,\"x\":24,\"y\":19},\"panelIndex\":\"40ab8dcf-a27a-4c38-b007-9d089e826939\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a2993a77-e691-4f3b-8924-14a76108ce95\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a2993a77-e691-4f3b-8924-14a76108ce95\":{\"columnOrder\":[\"24c75e40-cfec-4583-8dec-ba92430ae1d6\",\"ade3e20e-e041-490f-a414-098dee0435ef\"],\"columns\":{\"24c75e40-cfec-4583-8dec-ba92430ae1d6\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Patch Summary Operation\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"ade3e20e-e041-490f-a414-098dee0435ef\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.patch_summary.operation.type\"},\"ade3e20e-e041-490f-a414-098dee0435ef\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"ade3e20e-e041-490f-a414-098dee0435ef\"],\"layerId\":\"a2993a77-e691-4f3b-8924-14a76108ce95\",\"layerType\":\"data\",\"seriesType\":\"bar_stacked\",\"xAccessor\":\"24c75e40-cfec-4583-8dec-ba92430ae1d6\"}],\"legend\":{\"isVisible\":true,\"legendSize\":\"auto\",\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Events by Patch Summary Operation [Logs AWS]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"ab35d746-7e18-49e8-b7e0-f7d9d2ade580\",\"w\":24,\"x\":0,\"y\":19},\"panelIndex\":\"ab35d746-7e18-49e8-b7e0-f7d9d2ade580\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-474374c1-eb7e-4000-908b-730e850b8860\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"474374c1-eb7e-4000-908b-730e850b8860\":{\"columnOrder\":[\"256717a7-0674-4a1b-92d9-54aa940245b3\",\"2cf6c73d-46f7-4acd-82d9-249f323a5499\"],\"columns\":{\"256717a7-0674-4a1b-92d9-54aa940245b3\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Severity Label\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"2cf6c73d-46f7-4acd-82d9-249f323a5499\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.severity.label\"},\"2cf6c73d-46f7-4acd-82d9-249f323a5499\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"474374c1-eb7e-4000-908b-730e850b8860\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"256717a7-0674-4a1b-92d9-54aa940245b3\"],\"metrics\":[\"2cf6c73d-46f7-4acd-82d9-249f323a5499\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Events by Severity Label [Logs AWS]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"6d092e76-fd08-4a90-a79d-f4a6d7c0539a\",\"w\":24,\"x\":24,\"y\":34},\"panelIndex\":\"6d092e76-fd08-4a90-a79d-f4a6d7c0539a\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-f338c401-cb0d-4b88-b79a-331e97840ec7\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"f338c401-cb0d-4b88-b79a-331e97840ec7\":{\"columnOrder\":[\"f90394f0-f268-40db-b0df-1fc66f92f3dd\",\"70f96d67-909a-4954-b3b1-2baa7ed05c5a\"],\"columns\":{\"70f96d67-909a-4954-b3b1-2baa7ed05c5a\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"f90394f0-f268-40db-b0df-1fc66f92f3dd\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Workflow Status\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"70f96d67-909a-4954-b3b1-2baa7ed05c5a\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.workflow.status\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"f338c401-cb0d-4b88-b79a-331e97840ec7\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"f90394f0-f268-40db-b0df-1fc66f92f3dd\"],\"metrics\":[\"70f96d67-909a-4954-b3b1-2baa7ed05c5a\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Events by Workflow Status [Logs AWS]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"d73afd74-7fb1-467f-a1a3-2758d228d350\",\"w\":24,\"x\":0,\"y\":34},\"panelIndex\":\"d73afd74-7fb1-467f-a1a3-2758d228d350\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-24f9158d-6500-4033-9d0a-e5e66e628cd4\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"24f9158d-6500-4033-9d0a-e5e66e628cd4\":{\"columnOrder\":[\"a6b636e0-9986-49ba-ab84-80e3e3e466f1\",\"e9a0408a-e93b-4457-acc0-abe894aa8c0a\"],\"columns\":{\"a6b636e0-9986-49ba-ab84-80e3e3e466f1\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Process Name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e9a0408a-e93b-4457-acc0-abe894aa8c0a\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"process.name\"},\"e9a0408a-e93b-4457-acc0-abe894aa8c0a\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"a6b636e0-9986-49ba-ab84-80e3e3e466f1\"},{\"columnId\":\"e9a0408a-e93b-4457-acc0-abe894aa8c0a\"}],\"layerId\":\"24f9158d-6500-4033-9d0a-e5e66e628cd4\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top 10 Process Name [Logs AWS]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"7a63107d-cb62-4206-bd3b-23f9d492d158\",\"w\":24,\"x\":24,\"y\":49},\"panelIndex\":\"7a63107d-cb62-4206-bd3b-23f9d492d158\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-121c4faf-2de3-4bca-9a64-a1f1c5a0a8f0\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"121c4faf-2de3-4bca-9a64-a1f1c5a0a8f0\":{\"columnOrder\":[\"3d8e7c68-095e-4e40-bfe8-2199305ddfc6\",\"5ebd8b37-0d00-4eef-9733-2c122890207c\"],\"columns\":{\"3d8e7c68-095e-4e40-bfe8-2199305ddfc6\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Patch Summary Reboot Option \",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"5ebd8b37-0d00-4eef-9733-2c122890207c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.patch_summary.reboot_option\"},\"5ebd8b37-0d00-4eef-9733-2c122890207c\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"121c4faf-2de3-4bca-9a64-a1f1c5a0a8f0\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"3d8e7c68-095e-4e40-bfe8-2199305ddfc6\"],\"metrics\":[\"5ebd8b37-0d00-4eef-9733-2c122890207c\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Events by Patch Summary Reboot Option [Logs AWS]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"615635af-0004-4e26-984b-e35cf9b65678\",\"w\":24,\"x\":0,\"y\":49},\"panelIndex\":\"615635af-0004-4e26-984b-e35cf9b65678\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-70c66cc2-30b9-462d-9581-705567e5cdcc\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"70c66cc2-30b9-462d-9581-705567e5cdcc\":{\"columnOrder\":[\"128f5751-155b-4132-891d-0f8e19ba0e09\",\"9bda1334-7bb8-4ee1-bf62-b7e89a34ddf1\"],\"columns\":{\"128f5751-155b-4132-891d-0f8e19ba0e09\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Software Packages having Vulnerability\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"9bda1334-7bb8-4ee1-bf62-b7e89a34ddf1\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.vulnerabilities.vulnerable_packages.name\"},\"9bda1334-7bb8-4ee1-bf62-b7e89a34ddf1\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"128f5751-155b-4132-891d-0f8e19ba0e09\"},{\"columnId\":\"9bda1334-7bb8-4ee1-bf62-b7e89a34ddf1\"}],\"layerId\":\"70c66cc2-30b9-462d-9581-705567e5cdcc\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top 10 Software Packages having Vulnerability [Logs AWS]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"e2e1e909-11f4-4143-90f2-01f8f655889e\",\"w\":24,\"x\":24,\"y\":64},\"panelIndex\":\"e2e1e909-11f4-4143-90f2-01f8f655889e\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-6501c2cb-9124-4f68-959f-0edcdf9192df\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"6501c2cb-9124-4f68-959f-0edcdf9192df\":{\"columnOrder\":[\"b6af7a3e-4422-4a19-a0f8-745088629509\",\"59a527c4-30d6-40c2-90ee-978520ad0a6d\"],\"columns\":{\"59a527c4-30d6-40c2-90ee-978520ad0a6d\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"b6af7a3e-4422-4a19-a0f8-745088629509\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Vendor Severity\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"59a527c4-30d6-40c2-90ee-978520ad0a6d\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.vulnerabilities.vendor.severity\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"6501c2cb-9124-4f68-959f-0edcdf9192df\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"b6af7a3e-4422-4a19-a0f8-745088629509\"],\"metrics\":[\"59a527c4-30d6-40c2-90ee-978520ad0a6d\"]}],\"shape\":\"pie\"}},\"title\":\"Distribution of Events by Vendor Severity [Logs AWS]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Events by Vendor Severity [Logs AWS]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"0fb0e89f-d06b-410f-833a-7cdd065bb0f1\",\"w\":24,\"x\":0,\"y\":64},\"panelIndex\":\"0fb0e89f-d06b-410f-833a-7cdd065bb0f1\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-d0ec8900-0fdd-42d2-a9ca-341473136d56\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"d0ec8900-0fdd-42d2-a9ca-341473136d56\":{\"columnOrder\":[\"d7b65dd5-a2c5-4c33-be01-05c9ee6ea625\",\"e7bec509-1241-4872-8ee6-4c732d8bf311\"],\"columns\":{\"d7b65dd5-a2c5-4c33-be01-05c9ee6ea625\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Vulnerable Packages Architecture\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e7bec509-1241-4872-8ee6-4c732d8bf311\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.vulnerabilities.vulnerable_packages.architecture\"},\"e7bec509-1241-4872-8ee6-4c732d8bf311\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"e7bec509-1241-4872-8ee6-4c732d8bf311\"],\"layerId\":\"d0ec8900-0fdd-42d2-a9ca-341473136d56\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"d7b65dd5-a2c5-4c33-be01-05c9ee6ea625\"}],\"legend\":{\"isVisible\":true,\"legendSize\":\"auto\",\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Events by Vulnerable Packages Architecture [Logs AWS]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"e2d82ea2-864c-43f0-835a-eb20d0c81595\",\"w\":24,\"x\":24,\"y\":79},\"panelIndex\":\"e2d82ea2-864c-43f0-835a-eb20d0c81595\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a35f9122-38bb-412a-bfe8-63ac32cff907\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a35f9122-38bb-412a-bfe8-63ac32cff907\":{\"columnOrder\":[\"98fd6f34-859b-4715-b89a-ac7c5df5d069\",\"a929085b-2ce4-42a8-8fce-220f12728af8\"],\"columns\":{\"98fd6f34-859b-4715-b89a-ac7c5df5d069\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Compliance Status\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"a929085b-2ce4-42a8-8fce-220f12728af8\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_findings.compliance.status\"},\"a929085b-2ce4-42a8-8fce-220f12728af8\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_findings\\\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"a35f9122-38bb-412a-bfe8-63ac32cff907\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"98fd6f34-859b-4715-b89a-ac7c5df5d069\"],\"metrics\":[\"a929085b-2ce4-42a8-8fce-220f12728af8\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Events by Compliance Status [Logs AWS]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"12d448b6-1ea8-42a9-89d0-c9b025b86438\",\"w\":24,\"x\":0,\"y\":79},\"panelIndex\":\"12d448b6-1ea8-42a9-89d0-c9b025b86438\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a43577d9-3b6a-4b88-945e-20a290ac059a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a43577d9-3b6a-4b88-945e-20a290ac059a\":{\"columnOrder\":[\"e1282a2c-e5d0-4fba-b51a-c5ea7ed34949\",\"4b0578ca-9eee-4b30-a70f-8c30f770ff8b\"],\"columns\":{\"4b0578ca-9eee-4b30-a70f-8c30f770ff8b\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"e1282a2c-e5d0-4fba-b51a-c5ea7ed34949\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Security Hub Insight Name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"4b0578ca-9eee-4b30-a70f-8c30f770ff8b\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"aws.securityhub_insights.name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"aws.securityhub_insights\\\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"e1282a2c-e5d0-4fba-b51a-c5ea7ed34949\"},{\"columnId\":\"4b0578ca-9eee-4b30-a70f-8c30f770ff8b\"}],\"layerId\":\"a43577d9-3b6a-4b88-945e-20a290ac059a\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top 10 Security Hub Insight Name [Logs AWS]\"}]","timeRestore":false,"title":"[Logs AWS] Security Hub Findings and Insights Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"aws-cc571400-dc61-11ec-a6e3-1bc5ab0aa1b4","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"172b1706-6063-4239-92f8-3b8467011451:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"172b1706-6063-4239-92f8-3b8467011451:indexpattern-datasource-layer-0e162cf0-664f-4e61-811a-53b6647439eb","type":"index-pattern"},{"id":"logs-*","name":"97721563-8afc-4ff2-b30d-a309a6673b09:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"97721563-8afc-4ff2-b30d-a309a6673b09:indexpattern-datasource-layer-4a594fbf-8dbd-4a05-b3e0-3fbbad5b9935","type":"index-pattern"},{"id":"logs-*","name":"40ab8dcf-a27a-4c38-b007-9d089e826939:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"40ab8dcf-a27a-4c38-b007-9d089e826939:indexpattern-datasource-layer-a2993a77-e691-4f3b-8924-14a76108ce95","type":"index-pattern"},{"id":"logs-*","name":"ab35d746-7e18-49e8-b7e0-f7d9d2ade580:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"ab35d746-7e18-49e8-b7e0-f7d9d2ade580:indexpattern-datasource-layer-474374c1-eb7e-4000-908b-730e850b8860","type":"index-pattern"},{"id":"logs-*","name":"6d092e76-fd08-4a90-a79d-f4a6d7c0539a:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"6d092e76-fd08-4a90-a79d-f4a6d7c0539a:indexpattern-datasource-layer-f338c401-cb0d-4b88-b79a-331e97840ec7","type":"index-pattern"},{"id":"logs-*","name":"d73afd74-7fb1-467f-a1a3-2758d228d350:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"d73afd74-7fb1-467f-a1a3-2758d228d350:indexpattern-datasource-layer-24f9158d-6500-4033-9d0a-e5e66e628cd4","type":"index-pattern"},{"id":"logs-*","name":"7a63107d-cb62-4206-bd3b-23f9d492d158:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"7a63107d-cb62-4206-bd3b-23f9d492d158:indexpattern-datasource-layer-121c4faf-2de3-4bca-9a64-a1f1c5a0a8f0","type":"index-pattern"},{"id":"logs-*","name":"615635af-0004-4e26-984b-e35cf9b65678:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"615635af-0004-4e26-984b-e35cf9b65678:indexpattern-datasource-layer-70c66cc2-30b9-462d-9581-705567e5cdcc","type":"index-pattern"},{"id":"logs-*","name":"e2e1e909-11f4-4143-90f2-01f8f655889e:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"e2e1e909-11f4-4143-90f2-01f8f655889e:indexpattern-datasource-layer-6501c2cb-9124-4f68-959f-0edcdf9192df","type":"index-pattern"},{"id":"logs-*","name":"0fb0e89f-d06b-410f-833a-7cdd065bb0f1:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"0fb0e89f-d06b-410f-833a-7cdd065bb0f1:indexpattern-datasource-layer-d0ec8900-0fdd-42d2-a9ca-341473136d56","type":"index-pattern"},{"id":"logs-*","name":"e2d82ea2-864c-43f0-835a-eb20d0c81595:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"e2d82ea2-864c-43f0-835a-eb20d0c81595:indexpattern-datasource-layer-a35f9122-38bb-412a-bfe8-63ac32cff907","type":"index-pattern"},{"id":"logs-*","name":"12d448b6-1ea8-42a9-89d0-c9b025b86438:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"12d448b6-1ea8-42a9-89d0-c9b025b86438:indexpattern-datasource-layer-a43577d9-3b6a-4b88-945e-20a290ac059a","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688996741503,6291],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1MzIsMV0="}
+{"attributes":{"description":"Overview of AWS SNS Metrics","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.sns\"},\"type\":\"phrase\",\"value\":\"aws.sns\"},\"query\":{\"match\":{\"data_stream.dataset\":{\"query\":\"aws.sns\",\"type\":\"phrase\"}}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"3b9b0cee-b175-4268-8c5b-4ce869a09caf\",\"w\":9,\"x\":0,\"y\":0},\"panelIndex\":\"3b9b0cee-b175-4268-8c5b-4ce869a09caf\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloud.region\",\"id\":\"1549397251041\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"region name\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":true,\"useTimeFilter\":false},\"title\":\"AWS Region Filter [Metrics AWS]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"5f0d72c5-0f28-449f-9c93-3b4074f068f7\",\"w\":39,\"x\":9,\"y\":0},\"panelIndex\":\"5f0d72c5-0f28-449f-9c93-3b4074f068f7\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"legend_position\":\"bottom\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"s,s,3\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Messages Published\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.sns.metrics.NumberOfMessagesPublished.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"5\",\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":null,\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(115,216,255,1)\",\"fill\":\"0\",\"formatter\":\"s,s,3\",\"id\":\"204ff2b0-1b77-11ea-9357-231d0e09a8a9\",\"label\":\"Notifications Delivered\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.sns.metrics.NumberOfNotificationsDelivered.sum\",\"id\":\"204ff2b1-1b77-11ea-9357-231d0e09a8a9\",\"type\":\"avg\"}],\"point_size\":\"5\",\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":null,\"terms_order_by\":\"204ff2b1-1b77-11ea-9357-231d0e09a8a9\",\"type\":\"timeseries\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(244,78,59,1)\",\"fill\":\"0\",\"formatter\":\"s,s,3\",\"id\":\"32e925e0-1b77-11ea-9357-231d0e09a8a9\",\"label\":\"Notifications Failed\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.sns.metrics.NumberOfNotificationsFailed.sum\",\"id\":\"32e925e1-1b77-11ea-9357-231d0e09a8a9\",\"type\":\"avg\"}],\"point_size\":\"5\",\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":null,\"terms_order_by\":\"32e925e1-1b77-11ea-9357-231d0e09a8a9\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"SNS Messages and Notifications [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"SNS Messages and Notifications\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"5a9d5f2f-b075-4892-8188-c6e808a1163d\",\"w\":9,\"x\":0,\"y\":5},\"panelIndex\":\"5a9d5f2f-b075-4892-8188-c6e808a1163d\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"aws.dimensions.TopicName\",\"id\":\"1565034367477\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"topic name\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":true,\"useTimeFilter\":true},\"title\":\"SNS Topic Name Filter [Metrics AWS]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"c6d5a54d-61a4-470b-8769-c5b6d6ab6c0f\",\"w\":16,\"x\":0,\"y\":10},\"panelIndex\":\"c6d5a54d-61a4-470b-8769-c5b6d6ab6c0f\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"legend_position\":\"bottom\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Publish Size\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.sns.metrics.PublishSize.avg\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"5\",\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":null,\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"SNS Publish Size [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"SNS Publish Size\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"0684c25d-34e8-425e-9069-dd8364e6325b\",\"w\":16,\"x\":16,\"y\":10},\"panelIndex\":\"0684c25d-34e8-425e-9069-dd8364e6325b\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"legend_position\":\"bottom\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"s,s,3\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Notifications Filtered Out\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.sns.metrics.NumberOfNotificationsFilteredOut.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"5\",\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":null,\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"SNS Notifications Filtered Out [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"SNS Notifications Filtered Out\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"72e987da-9a49-4dd4-99c4-4acbc49a0e0b\",\"w\":16,\"x\":32,\"y\":10},\"panelIndex\":\"72e987da-9a49-4dd4-99c4-4acbc49a0e0b\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"legend_position\":\"bottom\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"s,s,3\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Notifications Filtered Out Invalid Attributes\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.sns.metrics.NumberOfNotificationsFilteredOut-InvalidAttributes.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"5\",\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":null,\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"SNS Notifications Filtered Out Invalid Attributes [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"SNS Notifications Filtered Out Invalid Attributes\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"923bd4cd-d8fe-47b5-afcf-577bf2c5987c\",\"w\":16,\"x\":0,\"y\":20},\"panelIndex\":\"923bd4cd-d8fe-47b5-afcf-577bf2c5987c\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"legend_position\":\"bottom\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"s,s,3\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Notifications Filtered Out No Message Attributes\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.sns.metrics.NumberOfNotificationsFilteredOut-NoMessageAttributes.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"5\",\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":null,\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"SNS Notifications Filtered Out No Message Attributes [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"SNS Notifications Filtered Out No Message Attributes\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"f176153f-4588-42f9-a7bb-3015909d5610\",\"w\":16,\"x\":32,\"y\":20},\"panelIndex\":\"f176153f-4588-42f9-a7bb-3015909d5610\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"legend_position\":\"bottom\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"s,s,3\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Notifications Failed To Redrive To DLQ\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.sns.metrics.NumberOfNotificationsFailedToRedriveToDlq.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"5\",\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":null,\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"SNS Notifications Failed To Redrive To DLQ [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"SNS Notifications Failed to Redrive to DLQ\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"f3c5915b-6848-4950-afca-53653d13d6af\",\"w\":16,\"x\":0,\"y\":30},\"panelIndex\":\"f3c5915b-6848-4950-afca-53653d13d6af\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"legend_position\":\"bottom\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"SMS Success Rate\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.sns.metrics.SMSSuccessRate.avg\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"5\",\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":null,\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"SNS SMS Success Rate [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"SNS SMS Success Rate\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"3b3cc747-b57c-44e0-a18c-77155072bee4\",\"w\":16,\"x\":16,\"y\":20},\"panelIndex\":\"3b3cc747-b57c-44e0-a18c-77155072bee4\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"legend_position\":\"bottom\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"s,s,3\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Notifications Redriven To DLQ\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.sns.metrics.NumberOfNotificationsRedrivenToDlq.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"5\",\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":null,\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"SNS Notifications Redriven To DLQ [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"SNS Notifications Redriven To DLQ\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"ee130150-c1de-465b-8a8e-013f466528bf\",\"w\":16,\"x\":16,\"y\":30},\"panelIndex\":\"ee130150-c1de-465b-8a8e-013f466528bf\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"legend_position\":\"bottom\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"s,s,3\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"SMS Month To Date Spent USD\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.sns.metrics.SMSMonthToDateSpentUSD.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":\"5\",\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":null,\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"SNS SMS Month To Date Spent USD [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"SNS SMS Month To Date Spent USD\"}]","timeRestore":false,"title":"[Metrics AWS] SNS Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"aws-d17b1000-17a4-11ea-8e91-03c7047cbb9d","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"3b9b0cee-b175-4268-8c5b-4ce869a09caf:control_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"5a9d5f2f-b075-4892-8188-c6e808a1163d:control_0_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688996741503,6297],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1MzMsMV0="}
+{"attributes":{"description":"Dashboard providing statistics about alerts ingested from the AWS Network Firewall integration.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.firewall_logs\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.firewall_logs\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"event.kind\",\"negate\":false,\"params\":{\"query\":\"alert\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.kind\":\"alert\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":14,\"i\":\"258f7245-5011-4f03-bcd3-cada0180dc7a\",\"w\":12,\"x\":0,\"y\":0},\"panelIndex\":\"258f7245-5011-4f03-bcd3-cada0180dc7a\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"**Navigation**\\n\\n[Overview](/app/dashboards#/view/aws-2ba11b50-4b9d-11ec-8282-5342b8988acc)  \\n**[Alerts (This Page)](/app/dashboards#/view/aws-dfa76470-4ba1-11ec-8282-5342b8988acc)**  \\n[Flows](/app/dashboards#/view/aws-562bdea0-4ba7-11ec-8282-5342b8988acc)  \\n[Metrics](/app/dashboards#/view/aws-3abffe60-4ba9-11ec-8282-5342b8988acc)  \\n\\n[Integrations Page](/app/integrations/detail/aws/overview?integration=firewall)  \\n\\n**Overview**\\n\\nThis dashboard provides an overall view of AWS Network Firewall alerts.\\n\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"8bc8eff1-b70e-4f81-b2a1-de0db6742337\",\"w\":36,\"x\":12,\"y\":0},\"panelIndex\":\"8bc8eff1-b70e-4f81-b2a1-de0db6742337\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloud.region\",\"id\":\"1637591016076\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"Region\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloud.availability_zone\",\"id\":\"1637591029629\",\"indexPatternRefName\":\"control_1_index_pattern\",\"label\":\"Availability Zone\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"observer.name\",\"id\":\"1637591118622\",\"indexPatternRefName\":\"control_2_index_pattern\",\"label\":\"Firewall\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":false,\"useTimeFilter\":false},\"title\":\"Firewall Filters [Logs AWS]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Firewall Filters\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64\",\"w\":6,\"x\":12,\"y\":7},\"panelIndex\":\"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Source IPs\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(source.ip)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of unique_count(source.ip)\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"source.ip\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Source IPs\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"4c85d573-baea-49ca-bb9e-4013a0373da7\",\"w\":6,\"x\":18,\"y\":7},\"panelIndex\":\"4c85d573-baea-49ca-bb9e-4013a0373da7\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Destination IPs\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(destination.ip)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Unique Source IPs\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"destination.ip\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Destination IPs\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"b0b8c30c-2096-49ee-95b3-9adbf27808e5\",\"w\":6,\"x\":24,\"y\":7},\"panelIndex\":\"b0b8c30c-2096-49ee-95b3-9adbf27808e5\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Source Countries\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(source.geo.country_name)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Unique Source IPs\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"source.geo.country_name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Source Countries\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"e0be3094-1544-4c59-858c-05320b57c3a7\",\"w\":6,\"x\":30,\"y\":7},\"panelIndex\":\"e0be3094-1544-4c59-858c-05320b57c3a7\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Destination Countries\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(destination.geo.country_name)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Unique Source Countries\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"destination.geo.country_name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Destination Countries\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"673dd2b3-e271-4ad9-9b86-83e4e1070647\",\"w\":6,\"x\":36,\"y\":7},\"panelIndex\":\"673dd2b3-e271-4ad9-9b86-83e4e1070647\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Network Protocols\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(network.protocol)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Unique Rules\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"network.protocol\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Network Protocols\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"09caeba8-1f98-4937-b1b8-60debe3e3728\",\"w\":6,\"x\":42,\"y\":7},\"panelIndex\":\"09caeba8-1f98-4937-b1b8-60debe3e3728\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Rules\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(rule.id)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Unique Network Protocols\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"rule.id\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Rules\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"0e2449f9-149d-473f-99f6-28e3ef05f2fd\",\"w\":12,\"x\":0,\"y\":14},\"panelIndex\":\"0e2449f9-149d-473f-99f6-28e3ef05f2fd\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-1759e92e-4fa4-4b59-ad5b-333b72cc71b2\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"1759e92e-4fa4-4b59-ad5b-333b72cc71b2\":{\"columnOrder\":[\"89ef0f2c-d13c-4c54-93d0-acf58ff43d3f\",\"78c62ee4-eb82-401b-b39b-423df9c7e0eb\"],\"columns\":{\"78c62ee4-eb82-401b-b39b-423df9c7e0eb\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"89ef0f2c-d13c-4c54-93d0-acf58ff43d3f\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Rules\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"78c62ee4-eb82-401b-b39b-423df9c7e0eb\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"rule.name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"accessors\":[\"78c62ee4-eb82-401b-b39b-423df9c7e0eb\"],\"layerId\":\"1759e92e-4fa4-4b59-ad5b-333b72cc71b2\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_horizontal_stacked\",\"showGridlines\":false,\"xAccessor\":\"89ef0f2c-d13c-4c54-93d0-acf58ff43d3f\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"bar_horizontal_stacked\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Rules\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"2148efa5-f130-4751-909d-6a79eed2e16b\",\"w\":12,\"x\":12,\"y\":14},\"panelIndex\":\"2148efa5-f130-4751-909d-6a79eed2e16b\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"77c8c7dc-b073-4d7c-8403-b25ee4647152\":{\"columnOrder\":[\"f49ff962-9e8a-4170-a0d8-54cee9438651\",\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"],\"columns\":{\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"f49ff962-9e8a-4170-a0d8-54cee9438651\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of source.geo.country_name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"source.geo.country_name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"legendSize\":\"auto\",\"primaryGroups\":[\"f49ff962-9e8a-4170-a0d8-54cee9438651\"],\"metrics\":[\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Source Countries\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"6790d45f-4fa9-4a70-b0e1-a3e10682c852\",\"w\":12,\"x\":24,\"y\":14},\"panelIndex\":\"6790d45f-4fa9-4a70-b0e1-a3e10682c852\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"77c8c7dc-b073-4d7c-8403-b25ee4647152\":{\"columnOrder\":[\"f49ff962-9e8a-4170-a0d8-54cee9438651\",\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"],\"columns\":{\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"f49ff962-9e8a-4170-a0d8-54cee9438651\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of destination.geo.country_name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"destination.geo.country_name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"legendSize\":\"auto\",\"primaryGroups\":[\"f49ff962-9e8a-4170-a0d8-54cee9438651\"],\"metrics\":[\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Destination Countries\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"f7c1e866-ba0d-45af-95bf-2736901431dc\",\"w\":12,\"x\":36,\"y\":14},\"panelIndex\":\"f7c1e866-ba0d-45af-95bf-2736901431dc\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"77c8c7dc-b073-4d7c-8403-b25ee4647152\":{\"columnOrder\":[\"9367ad41-b48b-438e-b4d8-2c3f85aff052\",\"76f26815-f13c-4273-b52f-7c25247f2b0d\",\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"],\"columns\":{\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"76f26815-f13c-4273-b52f-7c25247f2b0d\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of network.protocol\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"network.protocol\"},\"9367ad41-b48b-438e-b4d8-2c3f85aff052\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of network.transport\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":3},\"scale\":\"ordinal\",\"sourceField\":\"network.transport\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"legendSize\":\"auto\",\"primaryGroups\":[\"76f26815-f13c-4273-b52f-7c25247f2b0d\",\"76f26815-f13c-4273-b52f-7c25247f2b0d\",\"9367ad41-b48b-438e-b4d8-2c3f85aff052\",\"76f26815-f13c-4273-b52f-7c25247f2b0d\",\"76f26815-f13c-4273-b52f-7c25247f2b0d\",\"76f26815-f13c-4273-b52f-7c25247f2b0d\"],\"metrics\":[\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"]}],\"shape\":\"donut\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Network Protocols and Applications\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"ce8caf3c-c830-4500-a4bf-66a9f354cd49\",\"w\":12,\"x\":0,\"y\":29},\"panelIndex\":\"ce8caf3c-c830-4500-a4bf-66a9f354cd49\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5c93c96-5038-49e1-acca-2e876257c059\":{\"columnOrder\":[\"b2d72986-1818-4a93-9155-2a66cd00eca4\",\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\"],\"columns\":{\"b2d72986-1818-4a93-9155-2a66cd00eca4\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Firewall\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"observer.name\"},\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"b2d72986-1818-4a93-9155-2a66cd00eca4\",\"isTransposed\":false},{\"columnId\":\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\",\"isTransposed\":false}],\"layerId\":\"a5c93c96-5038-49e1-acca-2e876257c059\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Event Generating Firewalls\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"9609e04b-0043-4b3a-a31b-a2461c1e3dcb\",\"w\":12,\"x\":12,\"y\":29},\"panelIndex\":\"9609e04b-0043-4b3a-a31b-a2461c1e3dcb\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5c93c96-5038-49e1-acca-2e876257c059\":{\"columnOrder\":[\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"915adad5-4455-40d4-a9cd-0702da79189c\"],\"columns\":{\"63e483b4-0ce2-4f05-92a2-8e699650d64c\":{\"customLabel\":true,\"dataType\":\"ip\",\"isBucketed\":true,\"label\":\"Source IP\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"source.ip\"},\"915adad5-4455-40d4-a9cd-0702da79189c\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"isTransposed\":false},{\"columnId\":\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"isTransposed\":false}],\"layerId\":\"a5c93c96-5038-49e1-acca-2e876257c059\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Event Source IPs\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"8a1bd282-e360-473d-b26d-e73f2b470c81\",\"w\":12,\"x\":24,\"y\":29},\"panelIndex\":\"8a1bd282-e360-473d-b26d-e73f2b470c81\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5c93c96-5038-49e1-acca-2e876257c059\":{\"columnOrder\":[\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"915adad5-4455-40d4-a9cd-0702da79189c\"],\"columns\":{\"63e483b4-0ce2-4f05-92a2-8e699650d64c\":{\"customLabel\":true,\"dataType\":\"ip\",\"isBucketed\":true,\"label\":\"Destination IP\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"destination.ip\"},\"915adad5-4455-40d4-a9cd-0702da79189c\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"isTransposed\":false},{\"columnId\":\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"isTransposed\":false}],\"layerId\":\"a5c93c96-5038-49e1-acca-2e876257c059\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Event Destination IPs\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"3b9a2a5f-1226-415c-88d5-21496508d060\",\"w\":12,\"x\":36,\"y\":29},\"panelIndex\":\"3b9a2a5f-1226-415c-88d5-21496508d060\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5c93c96-5038-49e1-acca-2e876257c059\":{\"columnOrder\":[\"71a5a0d6-161e-4175-9a34-b25e8cfbf4c0\",\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\"],\"columns\":{\"71a5a0d6-161e-4175-9a34-b25e8cfbf4c0\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Network Protocol\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"network.protocol\"},\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"71a5a0d6-161e-4175-9a34-b25e8cfbf4c0\",\"isTransposed\":false},{\"columnId\":\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\",\"isTransposed\":false}],\"layerId\":\"a5c93c96-5038-49e1-acca-2e876257c059\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Network Protocols\"},{\"embeddableConfig\":{\"columns\":[\"observer.name\",\"source.ip\",\"source.port\",\"destination.ip\",\"destination.port\",\"rule.name\",\"event.type\"],\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":12,\"i\":\"cc6fd495-c70e-4805-b097-e40ac11d2fb8\",\"w\":48,\"x\":0,\"y\":40},\"panelIndex\":\"cc6fd495-c70e-4805-b097-e40ac11d2fb8\",\"panelRefName\":\"panel_cc6fd495-c70e-4805-b097-e40ac11d2fb8\",\"title\":\"Firewall Logs\",\"type\":\"search\",\"version\":\"7.15.1\"}]","timeRestore":false,"title":"[Logs AWS] Firewall Alerts","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"aws-dfa76470-4ba1-11ec-8282-5342b8988acc","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"logs-*","name":"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"4c85d573-baea-49ca-bb9e-4013a0373da7:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"4c85d573-baea-49ca-bb9e-4013a0373da7:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"b0b8c30c-2096-49ee-95b3-9adbf27808e5:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"b0b8c30c-2096-49ee-95b3-9adbf27808e5:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"e0be3094-1544-4c59-858c-05320b57c3a7:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"e0be3094-1544-4c59-858c-05320b57c3a7:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"673dd2b3-e271-4ad9-9b86-83e4e1070647:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"673dd2b3-e271-4ad9-9b86-83e4e1070647:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"09caeba8-1f98-4937-b1b8-60debe3e3728:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"09caeba8-1f98-4937-b1b8-60debe3e3728:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"0e2449f9-149d-473f-99f6-28e3ef05f2fd:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"0e2449f9-149d-473f-99f6-28e3ef05f2fd:indexpattern-datasource-layer-1759e92e-4fa4-4b59-ad5b-333b72cc71b2","type":"index-pattern"},{"id":"logs-*","name":"2148efa5-f130-4751-909d-6a79eed2e16b:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"2148efa5-f130-4751-909d-6a79eed2e16b:indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152","type":"index-pattern"},{"id":"logs-*","name":"6790d45f-4fa9-4a70-b0e1-a3e10682c852:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"6790d45f-4fa9-4a70-b0e1-a3e10682c852:indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152","type":"index-pattern"},{"id":"logs-*","name":"f7c1e866-ba0d-45af-95bf-2736901431dc:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"f7c1e866-ba0d-45af-95bf-2736901431dc:indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152","type":"index-pattern"},{"id":"logs-*","name":"ce8caf3c-c830-4500-a4bf-66a9f354cd49:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"ce8caf3c-c830-4500-a4bf-66a9f354cd49:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059","type":"index-pattern"},{"id":"logs-*","name":"9609e04b-0043-4b3a-a31b-a2461c1e3dcb:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"9609e04b-0043-4b3a-a31b-a2461c1e3dcb:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059","type":"index-pattern"},{"id":"logs-*","name":"8a1bd282-e360-473d-b26d-e73f2b470c81:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"8a1bd282-e360-473d-b26d-e73f2b470c81:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059","type":"index-pattern"},{"id":"logs-*","name":"3b9a2a5f-1226-415c-88d5-21496508d060:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"3b9a2a5f-1226-415c-88d5-21496508d060:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059","type":"index-pattern"},{"id":"aws-f4856850-4d32-11ec-a678-057fce71e8cd","name":"cc6fd495-c70e-4805-b097-e40ac11d2fb8:panel_cc6fd495-c70e-4805-b097-e40ac11d2fb8","type":"search"},{"id":"logs-*","name":"8bc8eff1-b70e-4f81-b2a1-de0db6742337:control_0_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"8bc8eff1-b70e-4f81-b2a1-de0db6742337:control_1_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"8bc8eff1-b70e-4f81-b2a1-de0db6742337:control_2_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688996741503,6334],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1MzQsMV0="}
+{"attributes":{"description":"Overview of AWS Billing Metrics","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.billing\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.billing\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"89dccfe8-a25e-44ea-afdb-ff01ab1f05d6\",\"w\":16,\"x\":0,\"y\":0},\"panelIndex\":\"89dccfe8-a25e-44ea-afdb-ff01ab1f05d6\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloud.account.name\",\"id\":\"1549397251041\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"account name\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":true,\"useTimeFilter\":false},\"title\":\"AWS Account Filter [Metrics AWS]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"AWS Account Filter\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":16,\"i\":\"26670498-b079-4447-bbc8-e4ca8215898c\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"26670498-b079-4447-bbc8-e4ca8215898c\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"\",\"field\":\"aws.billing.EstimatedCharges\"},\"schema\":\"metric\",\"type\":\"sum\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"\",\"field\":\"aws.billing.ServiceName\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderAgg\":{\"enabled\":true,\"id\":\"2-orderAgg\",\"params\":{\"field\":\"aws.billing.EstimatedCharges\"},\"schema\":\"orderAgg\",\"type\":\"avg\"},\"orderBy\":\"custom\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"size\":10},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metric\":{\"accessor\":1,\"aggType\":\"sum\",\"format\":{\"id\":\"number\"},\"params\":{}}},\"distinctColors\":true,\"isDonut\":false,\"labels\":{\"last_level\":true,\"show\":true,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"type\":\"pie\",\"legendSize\":\"auto\"},\"title\":\"Estimated Billing Pie Chart [Metrics AWS]\",\"type\":\"pie\",\"uiState\":{\"vis\":{\"colors\":{\"16\":\"#629E51\",\"80\":\"#E24D42\",\"272\":\"#DEDAF7\",\"running\":\"#7EB26D\",\"stopped\":\"#E24D42\"},\"legendOpen\":true}}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Estimated Billing Chart\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"221aab02-2747-4d84-9dde-028ccd51bdce\",\"w\":16,\"x\":0,\"y\":5},\"panelIndex\":\"221aab02-2747-4d84-9dde-028ccd51bdce\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"88a80e30-1530-11ea-961e-c1db9cc6166e\"}],\"bar_color_rules\":[{\"id\":\"ebb52700-1531-11ea-961e-c1db9cc6166e\"}],\"drop_last_bucket\":0,\"gauge_color_rules\":[{\"id\":\"e8a045e0-1531-11ea-961e-c1db9cc6166e\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"hide_last_value_indicator\":true,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"12h\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"not aws.billing.ServiceName : * \"},\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Total Estimated Charges\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.billing.EstimatedCharges\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\"}],\"override_index_pattern\":0,\"point_size\":1,\"separate_axis\":0,\"series_drop_last_bucket\":0,\"series_interval\":\"12h\",\"split_color_mode\":\"gradient\",\"split_mode\":\"filter\",\"stacked\":\"none\",\"time_range_mode\":\"last_value\",\"value_template\":\"${{value}}\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\",\"use_kibana_indexes\":false},\"title\":\"Total Estimated Charges [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Total Estimated Charges\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"21e91e6b-0ff0-42ba-9132-6f30c5c6bbb7\",\"w\":48,\"x\":0,\"y\":16},\"panelIndex\":\"21e91e6b-0ff0-42ba-9132-6f30c5c6bbb7\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":0,\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"id\":\"729af8b0-152a-11ea-ae8f-79fec1a0d4d3\",\"index_pattern\":\"metrics-*\",\"interval\":\"12h\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#3185FC\",\"fill\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"formatter\":\"number\",\"id\":\"729b1fc0-152a-11ea-ae8f-79fec1a0d4d3\",\"label\":\"avg(aws.billing.EstimatedCharges)\",\"line_width\":2,\"metrics\":[{\"field\":\"aws.billing.EstimatedCharges\",\"id\":\"729b1fc1-152a-11ea-ae8f-79fec1a0d4d3\",\"type\":\"sum\"}],\"override_index_pattern\":0,\"point_size\":\"4\",\"separate_axis\":0,\"series_drop_last_bucket\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"steps\":0,\"terms_field\":\"aws.billing.ServiceName\",\"terms_include\":\"\",\"terms_order_by\":\"729b1fc1-152a-11ea-ae8f-79fec1a0d4d3\",\"terms_size\":\"10\",\"type\":\"timeseries\",\"value_template\":\"${{value}}\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"Top 10 Billing per Service Name [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Top 10 Estimated Billing Per Service Name\"}]","timeRestore":false,"title":"[Metrics AWS] Billing Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"aws-e6776b10-1534-11ea-841c-01bf20a6c8ba","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"89dccfe8-a25e-44ea-afdb-ff01ab1f05d6:control_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"26670498-b079-4447-bbc8-e4ca8215898c:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688996741503,6340],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1MzUsMV0="}
+{"attributes":{"description":"Overview of AWS ELB Metrics","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.elb_metrics\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.elb_metrics\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"2\",\"w\":25,\"x\":23,\"y\":32},\"panelIndex\":\"2\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"7e66beb0-b3c6-11e9-af6e-ef22c5680226\"}],\"bar_color_rules\":[{\"id\":\"7db91990-b3c6-11e9-af6e-ef22c5680226\"}],\"drop_last_bucket\":1,\"filter\":\"\",\"gauge_color_rules\":[{\"id\":\"7d0b9b80-b3c6-11e9-af6e-ef22c5680226\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"id\":\"35d3cbc0-b3c6-11e9-bf3f-29d51aa3d971\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#3185FC\",\"fill\":0,\"formatter\":\"number\",\"id\":\"35d3cbc1-b3c6-11e9-bf3f-29d51aa3d971\",\"label\":\"HTTP 5XX Errors\",\"line_width\":2,\"metrics\":[{\"field\":\"aws.elb.metrics.HTTPCode_ELB_5XX.sum\",\"id\":\"35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971\",\"type\":\"avg\"}],\"point_size\":\"5\",\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.LoadBalancerName\",\"terms_order_by\":\"35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971\",\"value_template\":\"{{value}}\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"ELB HTTP 5XX Errors [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"HTTP 5XX Errors\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"3\",\"w\":37,\"x\":11,\"y\":0},\"panelIndex\":\"3\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"7e66beb0-b3c6-11e9-af6e-ef22c5680226\"}],\"bar_color_rules\":[{\"id\":\"7db91990-b3c6-11e9-af6e-ef22c5680226\"}],\"drop_last_bucket\":1,\"filter\":\"\",\"gauge_color_rules\":[{\"id\":\"7d0b9b80-b3c6-11e9-af6e-ef22c5680226\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"id\":\"35d3cbc0-b3c6-11e9-bf3f-29d51aa3d971\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#3185FC\",\"fill\":0,\"formatter\":\"number\",\"id\":\"35d3cbc1-b3c6-11e9-bf3f-29d51aa3d971\",\"label\":\"Request Count\",\"line_width\":2,\"metrics\":[{\"field\":\"aws.elb.metrics.RequestCount.sum\",\"id\":\"35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971\",\"type\":\"avg\"}],\"point_size\":\"5\",\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.LoadBalancerName\",\"terms_order_by\":\"35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971\",\"type\":\"timeseries\",\"value_template\":\"{{value}}\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"ELB Request Count [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Request Count\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"4\",\"w\":11,\"x\":0,\"y\":15},\"panelIndex\":\"4\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"background_color\":\"rgba(244,78,59,1)\",\"color\":\"rgba(255,255,255,1)\",\"id\":\"7e66beb0-b3c6-11e9-af6e-ef22c5680226\",\"operator\":\"gt\",\"value\":0}],\"bar_color_rules\":[{\"id\":\"7db91990-b3c6-11e9-af6e-ef22c5680226\"}],\"drop_last_bucket\":1,\"filter\":\"\",\"gauge_color_rules\":[{\"id\":\"7d0b9b80-b3c6-11e9-af6e-ef22c5680226\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"hide_last_value_indicator\":true,\"id\":\"35d3cbc0-b3c6-11e9-bf3f-29d51aa3d971\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#3185FC\",\"fill\":0,\"formatter\":\"number\",\"id\":\"35d3cbc1-b3c6-11e9-bf3f-29d51aa3d971\",\"label\":\"Unhealthy Host Count\",\"line_width\":2,\"metrics\":[{\"field\":\"aws.elb.metrics.UnHealthyHostCount.max\",\"id\":\"35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971\",\"type\":\"max\"}],\"point_size\":0,\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.AvailabilityZone\",\"terms_order_by\":\"35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971\",\"value_template\":\"{{value}}\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\",\"use_kibana_indexes\":false},\"title\":\"ELB Unhealthy Host Count [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Unhealthy Host Count\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"5\",\"w\":11,\"x\":0,\"y\":7},\"panelIndex\":\"5\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"background_color\":\"rgba(104,188,0,1)\",\"color\":\"rgba(255,255,255,1)\",\"id\":\"7e66beb0-b3c6-11e9-af6e-ef22c5680226\",\"operator\":\"gt\",\"value\":0}],\"bar_color_rules\":[{\"id\":\"7db91990-b3c6-11e9-af6e-ef22c5680226\"}],\"drop_last_bucket\":1,\"filter\":\"\",\"gauge_color_rules\":[{\"id\":\"7d0b9b80-b3c6-11e9-af6e-ef22c5680226\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"hide_last_value_indicator\":true,\"id\":\"35d3cbc0-b3c6-11e9-bf3f-29d51aa3d971\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#3185FC\",\"fill\":0,\"formatter\":\"number\",\"id\":\"35d3cbc1-b3c6-11e9-bf3f-29d51aa3d971\",\"label\":\"Healthy Host Count\",\"line_width\":2,\"metrics\":[{\"field\":\"aws.elb.metrics.HealthyHostCount.max\",\"id\":\"35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971\",\"type\":\"max\"}],\"point_size\":0,\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.AvailabilityZone\",\"terms_order_by\":\"35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971\",\"value_template\":\"{{value}}\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\",\"use_kibana_indexes\":false},\"title\":\"ELB Healthy Host Count [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Healthy Host Count\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"6\",\"w\":37,\"x\":11,\"y\":11},\"panelIndex\":\"6\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"7e66beb0-b3c6-11e9-af6e-ef22c5680226\"}],\"bar_color_rules\":[{\"id\":\"7db91990-b3c6-11e9-af6e-ef22c5680226\"}],\"drop_last_bucket\":1,\"filter\":\"\",\"gauge_color_rules\":[{\"id\":\"7d0b9b80-b3c6-11e9-af6e-ef22c5680226\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"id\":\"35d3cbc0-b3c6-11e9-bf3f-29d51aa3d971\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#3185FC\",\"fill\":0,\"formatter\":\"s,s,3\",\"id\":\"35d3cbc1-b3c6-11e9-bf3f-29d51aa3d971\",\"label\":\"Latency in seconds\",\"line_width\":2,\"metrics\":[{\"field\":\"aws.elb.metrics.Latency.avg\",\"id\":\"35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971\",\"type\":\"avg\"}],\"point_size\":\"5\",\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.LoadBalancerName\",\"terms_order_by\":\"35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971\",\"value_template\":\"{{value}}\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"ELB Latency in Seconds [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Latency in Seconds\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"7\",\"w\":23,\"x\":0,\"y\":32},\"panelIndex\":\"7\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"7e66beb0-b3c6-11e9-af6e-ef22c5680226\"}],\"bar_color_rules\":[{\"id\":\"7db91990-b3c6-11e9-af6e-ef22c5680226\"}],\"drop_last_bucket\":1,\"filter\":\"\",\"gauge_color_rules\":[{\"id\":\"7d0b9b80-b3c6-11e9-af6e-ef22c5680226\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"id\":\"35d3cbc0-b3c6-11e9-bf3f-29d51aa3d971\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#3185FC\",\"fill\":\"0\",\"formatter\":\"number\",\"id\":\"35d3cbc1-b3c6-11e9-bf3f-29d51aa3d971\",\"label\":\"HTTP Backend 4XX Errors\",\"line_width\":2,\"metrics\":[{\"field\":\"aws.elb.metrics.HTTPCode_Backend_4XX.sum\",\"id\":\"35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971\",\"type\":\"avg\"}],\"point_size\":\"5\",\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.LoadBalancerName\",\"terms_order_by\":\"35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971\",\"value_template\":\"{{value}}\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"ELB HTTP Backend 4XX Errors [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"HTTP Backend 4XX Errors\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"8\",\"w\":23,\"x\":0,\"y\":23},\"panelIndex\":\"8\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"7e66beb0-b3c6-11e9-af6e-ef22c5680226\"}],\"bar_color_rules\":[{\"id\":\"7db91990-b3c6-11e9-af6e-ef22c5680226\"}],\"drop_last_bucket\":1,\"filter\":\"\",\"gauge_color_rules\":[{\"id\":\"7d0b9b80-b3c6-11e9-af6e-ef22c5680226\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"id\":\"35d3cbc0-b3c6-11e9-bf3f-29d51aa3d971\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#3185FC\",\"fill\":\"00\",\"formatter\":\"number\",\"id\":\"35d3cbc1-b3c6-11e9-bf3f-29d51aa3d971\",\"label\":\"Backend Connection Errors\",\"line_width\":2,\"metrics\":[{\"field\":\"aws.elb.metrics.BackendConnectionErrors.sum\",\"id\":\"35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971\",\"type\":\"avg\"}],\"point_size\":\"5\",\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"steps\":0,\"terms_field\":\"aws.dimensions.LoadBalancerName\",\"terms_order_by\":\"35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971\",\"value_template\":\"{{value}}\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"ELB Backend Connection Errors [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"Backend Connection Errors\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"9\",\"w\":11,\"x\":0,\"y\":0},\"panelIndex\":\"9\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloud.region\",\"id\":\"1549397251041\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"region name\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":true,\"useTimeFilter\":false},\"title\":\"AWS Region Filter [Metrics AWS]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"10\",\"w\":25,\"x\":23,\"y\":23},\"panelIndex\":\"10\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"7e66beb0-b3c6-11e9-af6e-ef22c5680226\"}],\"bar_color_rules\":[{\"id\":\"7db91990-b3c6-11e9-af6e-ef22c5680226\"}],\"drop_last_bucket\":1,\"filter\":\"\",\"gauge_color_rules\":[{\"id\":\"7d0b9b80-b3c6-11e9-af6e-ef22c5680226\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"id\":\"35d3cbc0-b3c6-11e9-bf3f-29d51aa3d971\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#3185FC\",\"fill\":0,\"formatter\":\"number\",\"id\":\"35d3cbc1-b3c6-11e9-bf3f-29d51aa3d971\",\"label\":\"HTTP Backend 2XX\",\"line_width\":2,\"metrics\":[{\"field\":\"aws.elb.metrics.HTTPCode_Backend_2XX.sum\",\"id\":\"35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971\",\"type\":\"avg\"}],\"point_size\":\"5\",\"separate_axis\":0,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.LoadBalancerName\",\"terms_order_by\":\"35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971\",\"value_template\":\"{{value}}\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"ELB HTTP Backend 2XX [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}},\"title\":\"HTTP Backend 2XX\"}]","timeRestore":false,"title":"[Metrics AWS] ELB Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"aws-e74bf320-b3ce-11e9-87a4-078dbbae220d","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"9:control_0_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688996741503,6345],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1MzYsMV0="}
+{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{\"ca2b6a90-582d-4564-a0b0-1e41d59a3354\":{\"order\":0,\"width\":\"large\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"aws.guardduty.severity.value\",\"parentFieldName\":\"aws.guardduty.severity.value\",\"title\":\"Findings Severity\",\"id\":\"ca2b6a90-582d-4564-a0b0-1e41d59a3354\",\"enhancements\":{}}},\"7baf430f-c5f2-41b3-9759-bcc954c83f5a\":{\"order\":1,\"width\":\"large\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"cloud.account.id\",\"title\":\"Cloud Account ID\",\"id\":\"7baf430f-c5f2-41b3-9759-bcc954c83f5a\",\"enhancements\":{}}},\"a8f4f8e8-fdc9-46a1-9875-87b5ac0b1f55\":{\"order\":2,\"width\":\"large\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"cloud.region\",\"title\":\"Cloud Region\",\"id\":\"a8f4f8e8-fdc9-46a1-9875-87b5ac0b1f55\",\"enhancements\":{}}},\"1bda4437-a500-4db2-a965-9bf9457099b3\":{\"order\":3,\"width\":\"large\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"cloud.provider\",\"title\":\"Cloud Provider\",\"id\":\"1bda4437-a500-4db2-a965-9bf9457099b3\",\"enhancements\":{}}}}"},"description":"Overview of Amazon Guardduty Threat.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"aws.guardduty\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"aws.guardduty\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"61a40814-9dd1-4831-afe7-c890f0d577ef\",\"w\":24,\"x\":0,\"y\":0},\"panelIndex\":\"61a40814-9dd1-4831-afe7-c890f0d577ef\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-ae36b619-b48f-4c2c-9488-529c1d556a45\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"ae36b619-b48f-4c2c-9488-529c1d556a45\":{\"columnOrder\":[\"f4d5b22b-fd83-4008-863c-ae1ca6c1b6c7\",\"cccccc67-3390-4055-9d65-af9da8413fc3\",\"146dba13-563a-41c0-aca7-74c8b5d61d5f\"],\"columns\":{\"146dba13-563a-41c0-aca7-74c8b5d61d5f\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"cccccc67-3390-4055-9d65-af9da8413fc3\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Resource Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"146dba13-563a-41c0-aca7-74c8b5d61d5f\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"rule.ruleset\"},\"f4d5b22b-fd83-4008-863c-ae1ca6c1b6c7\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Threat Purpose\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"146dba13-563a-41c0-aca7-74c8b5d61d5f\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"rule.category\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"f4d5b22b-fd83-4008-863c-ae1ca6c1b6c7\",\"isTransposed\":false},{\"alignment\":\"left\",\"columnId\":\"146dba13-563a-41c0-aca7-74c8b5d61d5f\",\"hidden\":false,\"isTransposed\":false},{\"columnId\":\"cccccc67-3390-4055-9d65-af9da8413fc3\",\"isTransposed\":false}],\"layerId\":\"ae36b619-b48f-4c2c-9488-529c1d556a45\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Threats by Threat Purpose, Resource Type [Logs Guardduty]\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":16,\"i\":\"609f0379-b003-41e8-9c10-eb62a4ec31bf\",\"w\":48,\"x\":0,\"y\":15},\"panelIndex\":\"609f0379-b003-41e8-9c10-eb62a4ec31bf\",\"panelRefName\":\"panel_609f0379-b003-41e8-9c10-eb62a4ec31bf\",\"type\":\"search\",\"version\":\"8.4.0\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"54628857-cd79-42c3-932b-7e8df3759e45\",\"w\":24,\"x\":24,\"y\":0},\"panelIndex\":\"54628857-cd79-42c3-932b-7e8df3759e45\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-f28ae8c1-640f-4d79-8e2e-ce78d5b2baf3\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"f28ae8c1-640f-4d79-8e2e-ce78d5b2baf3\":{\"columnOrder\":[\"017ea05f-da86-49d8-8dda-de0459fdd312\",\"dbea28c7-a444-4ae7-a39e-1f3a9e247714\"],\"columns\":{\"017ea05f-da86-49d8-8dda-de0459fdd312\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Threat Name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"dbea28c7-a444-4ae7-a39e-1f3a9e247714\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":25},\"scale\":\"ordinal\",\"sourceField\":\"aws.guardduty.service.evidence.threat_intelligence_details.threat.names\"},\"dbea28c7-a444-4ae7-a39e-1f3a9e247714\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"accessors\":[\"dbea28c7-a444-4ae7-a39e-1f3a9e247714\"],\"layerId\":\"f28ae8c1-640f-4d79-8e2e-ce78d5b2baf3\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_horizontal_stacked\",\"showGridlines\":false,\"xAccessor\":\"017ea05f-da86-49d8-8dda-de0459fdd312\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_horizontal_stacked\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Findings by Threat Name [Logs Guardduty]\"}]","timeRestore":false,"title":"[Logs AWS] Guardduty Findings Threat","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"aws-f890a5b0-6a3a-11ed-b880-2f1b70138655","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"61a40814-9dd1-4831-afe7-c890f0d577ef:indexpattern-datasource-layer-ae36b619-b48f-4c2c-9488-529c1d556a45","type":"index-pattern"},{"id":"aws-b3169d70-6a38-11ed-b880-2f1b70138655","name":"609f0379-b003-41e8-9c10-eb62a4ec31bf:panel_609f0379-b003-41e8-9c10-eb62a4ec31bf","type":"search"},{"id":"logs-*","name":"54628857-cd79-42c3-932b-7e8df3759e45:indexpattern-datasource-layer-f28ae8c1-640f-4d79-8e2e-ce78d5b2baf3","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_ca2b6a90-582d-4564-a0b0-1e41d59a3354:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_7baf430f-c5f2-41b3-9759-bcc954c83f5a:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_a8f4f8e8-fdc9-46a1-9875-87b5ac0b1f55:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_1bda4437-a500-4db2-a965-9bf9457099b3:optionsListDataView","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688996741503,6356],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1MzcsMV0="}
+{"attributes":{"description":"Overview of AWS Metrics","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"2\",\"w\":9,\"x\":0,\"y\":0},\"panelIndex\":\"2\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloud.region\",\"id\":\"1549397251041\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"region name\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":true,\"useTimeFilter\":false},\"title\":\"AWS Region Filter [Metrics AWS]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"3\",\"w\":10,\"x\":9,\"y\":0},\"panelIndex\":\"3\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"EC2 Instance State\"},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"\",\"field\":\"aws.ec2.instance.state.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"distinctColors\":true,\"isDonut\":false,\"labels\":{\"last_level\":true,\"show\":true,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"type\":\"pie\",\"legendSize\":\"auto\"},\"title\":\"EC2 Instance State [Metrics AWS]\",\"type\":\"pie\",\"uiState\":{\"vis\":{\"colors\":{\"16\":\"#629E51\",\"80\":\"#E24D42\",\"272\":\"#DEDAF7\",\"running\":\"#7EB26D\",\"stopped\":\"#E24D42\"},\"legendOpen\":true}}},\"type\":\"visualization\",\"enhancements\":{}}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"4\",\"w\":29,\"x\":19,\"y\":0},\"panelIndex\":\"4\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"annotations\":[],\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"23428b30-f7f2-11e8-bff8-21537b07dd44\"}],\"bar_color_rules\":[{\"id\":\"2592bcc0-f7f2-11e8-bff8-21537b07dd44\"}],\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(104,188,0,1)\",\"fill\":\"0\",\"filter\":\"\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"AWS EC2 CPU Utilization\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.ec2.cpu.total.pct\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":1,\"separate_axis\":0,\"series_drop_last_bucket\":1,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"steps\":0,\"terms_field\":\"cloud.instance.id\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"terms_size\":\"5\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"EC2 CPU Utilization [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"6\",\"w\":9,\"x\":0,\"y\":7},\"panelIndex\":\"6\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"59207fe0-4762-11e9-bf81-69a4e579cab5\"}],\"bar_color_rules\":[{\"id\":\"5ad9a190-4762-11e9-bf81-69a4e579cab5\"}],\"drop_last_bucket\":1,\"hide_last_value_indicator\":true,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Total # of HTTP 4xx Errors\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.s3_request.errors.4xx\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\",\"use_kibana_indexes\":false},\"title\":\"S3 Total Error 4xx [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"7\",\"w\":9,\"x\":9,\"y\":7},\"panelIndex\":\"7\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"59207fe0-4762-11e9-bf81-69a4e579cab5\"}],\"bar_color_rules\":[{\"id\":\"5ad9a190-4762-11e9-bf81-69a4e579cab5\"}],\"drop_last_bucket\":1,\"hide_last_value_indicator\":true,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Total # of HTTP 5xx Errors\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.s3_request.errors.5xx\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\",\"use_kibana_indexes\":false},\"title\":\"S3 Total Error 5xx [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"9\",\"w\":15,\"x\":18,\"y\":7},\"panelIndex\":\"9\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"bar_color_rules\":[{\"id\":\"23be77d0-734a-11e9-a683-47ca322fa6f9\"}],\"drop_last_bucket\":1,\"hide_last_value_indicator\":true,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"AWS SQS Empty Receives\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.sqs.empty_receives\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.sqs.queue.name\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"terms_size\":\"5\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"top_n\",\"use_kibana_indexes\":false},\"title\":\"SQS Empty Receives Top5 [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"10\",\"w\":15,\"x\":33,\"y\":7},\"panelIndex\":\"10\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"bar_color_rules\":[{\"id\":\"23be77d0-734a-11e9-a683-47ca322fa6f9\"}],\"drop_last_bucket\":1,\"hide_last_value_indicator\":true,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"AWS SQS Messages Delayed\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.sqs.messages.delayed\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.sqs.queue.name\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"terms_size\":\"5\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"top_n\",\"use_kibana_indexes\":false},\"title\":\"SQS Messages Delayed Top5 [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"12\",\"w\":13,\"x\":0,\"y\":14},\"panelIndex\":\"12\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"bar_color_rules\":[{\"id\":\"94f2ce40-734c-11e9-a683-47ca322fa6f9\"}],\"drop_last_bucket\":1,\"hide_last_value_indicator\":true,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"ELB Request Count Top5\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.elb.metrics.RequestCount.sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.LoadBalancerName\",\"terms_size\":\"5\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"top_n\",\"use_kibana_indexes\":false},\"title\":\"Cloudwatch ELB Request Count Top5 [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"14\",\"w\":20,\"x\":13,\"y\":14},\"panelIndex\":\"14\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"annotations\":[],\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"23428b30-f7f2-11e8-bff8-21537b07dd44\"}],\"bar_color_rules\":[{\"id\":\"2592bcc0-f7f2-11e8-bff8-21537b07dd44\"}],\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(104,188,0,1)\",\"fill\":\"0\",\"filter\":\"\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"AWS Cloudwatch ELB Latency\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.elb.metrics.Latency\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":1,\"separate_axis\":0,\"series_drop_last_bucket\":1,\"split_color_mode\":\"rainbow\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"steps\":0,\"terms_field\":\"aws.dimensions.LoadBalancerName\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"terms_size\":\"5\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"Cloudwatch ELB Latency [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"15\",\"w\":15,\"x\":33,\"y\":14},\"panelIndex\":\"15\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"cbb498f0-734c-11e9-a683-47ca322fa6f9\"}],\"bar_color_rules\":[{\"id\":\"94f2ce40-734c-11e9-a683-47ca322fa6f9\"}],\"drop_last_bucket\":1,\"hide_last_value_indicator\":true,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"ELB Unhealthy Host Count\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.elb.metrics.UnHealthyHostCount\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.LoadBalancerName\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"terms_size\":\"5\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"top_n\",\"use_kibana_indexes\":false},\"title\":\"Cloudwatch ELB Unhealthy Host Count [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"17\",\"w\":16,\"x\":15,\"y\":21},\"panelIndex\":\"17\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"cbb498f0-734c-11e9-a683-47ca322fa6f9\"}],\"bar_color_rules\":[{\"id\":\"94f2ce40-734c-11e9-a683-47ca322fa6f9\"}],\"drop_last_bucket\":1,\"hide_last_value_indicator\":true,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Lambda Invocations\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.lambda.metrics.Invocations\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.FunctionName\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"terms_size\":\"5\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"top_n\",\"use_kibana_indexes\":false},\"title\":\"Cloudwatch Lambda Invocations Top5 [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"18\",\"w\":15,\"x\":0,\"y\":21},\"panelIndex\":\"18\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"cbb498f0-734c-11e9-a683-47ca322fa6f9\"}],\"bar_color_rules\":[{\"id\":\"94f2ce40-734c-11e9-a683-47ca322fa6f9\"}],\"drop_last_bucket\":1,\"hide_last_value_indicator\":true,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Lambda Errors\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.lambda.metrics.Errors.avg\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.FunctionName\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"terms_size\":\"5\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"top_n\",\"use_kibana_indexes\":false},\"title\":\"Cloudwatch Lambda Errors Top5 [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"19\",\"w\":17,\"x\":31,\"y\":21},\"panelIndex\":\"19\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"cbb498f0-734c-11e9-a683-47ca322fa6f9\"}],\"bar_color_rules\":[{\"id\":\"94f2ce40-734c-11e9-a683-47ca322fa6f9\"}],\"drop_last_bucket\":1,\"hide_last_value_indicator\":true,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Lambda Throttles\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.lambda.metrics.Throttles.avg\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.FunctionName\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"terms_size\":\"5\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"top_n\",\"use_kibana_indexes\":false},\"title\":\"Cloudwatch Lambda Throttles Top5 [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"24\",\"w\":24,\"x\":0,\"y\":28},\"panelIndex\":\"24\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"bb21d180-830d-11e9-9c4c-391fa0a2e15f\"}],\"drop_last_bucket\":1,\"filter\":\"\",\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"filter\":{\"language\":\"lucene\",\"query\":\"(aws.cloudwatch.namespace:\\\"AWS/ECS\\\") AND (_exists_: aws.ecs.metrics.CPUReservation.avg) AND (_exists_: aws.ecs.metrics.CPUUtilization.avg)\"},\"formatter\":\"percent\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.ecs.metrics.CPUUtilization\",\"id\":\"17f8ddf0-830d-11e9-9f3d-ed346f48a007\",\"type\":\"sum\"},{\"field\":\"aws.ecs.metrics.CPUReservation\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\"},{\"id\":\"68a93050-830e-11e9-9c4c-391fa0a2e15f\",\"script\":\"(params.res - params.util) / 100\",\"type\":\"math\",\"variables\":[{\"field\":\"17f8ddf0-830d-11e9-9f3d-ed346f48a007\",\"id\":\"6f338920-830e-11e9-9c4c-391fa0a2e15f\",\"name\":\"util\"},{\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"id\":\"7ab9f9a0-830e-11e9-9c4c-391fa0a2e15f\",\"name\":\"res\"}]}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.ClusterName\",\"terms_order_by\":\"_key\",\"terms_size\":\"5\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"Cloudwatch CPU Available [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"25\",\"w\":24,\"x\":24,\"y\":28},\"panelIndex\":\"25\",\"embeddableConfig\":{\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"bb21d180-830d-11e9-9c4c-391fa0a2e15f\"}],\"drop_last_bucket\":1,\"filter\":\"\",\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"5m\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"filter\":{\"language\":\"lucene\",\"query\":\"(aws.cloudwatch.namespace:\\\"AWS/ECS\\\") AND (_exists_: aws.ecs.metrics.MemoryReservation.avg) AND (_exists_: aws.ecs.metrics.MemoryUtilization.avg)\"},\"formatter\":\"percent\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"\",\"line_width\":1,\"metrics\":[{\"field\":\"aws.ecs.metrics.MemoryUtilization\",\"id\":\"17f8ddf0-830d-11e9-9f3d-ed346f48a007\",\"type\":\"sum\"},{\"field\":\"aws.ecs.metrics.MemoryReservation\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\"},{\"id\":\"68a93050-830e-11e9-9c4c-391fa0a2e15f\",\"script\":\"(params.res - params.util) / 100\",\"type\":\"math\",\"variables\":[{\"field\":\"17f8ddf0-830d-11e9-9f3d-ed346f48a007\",\"id\":\"6f338920-830e-11e9-9c4c-391fa0a2e15f\",\"name\":\"util\"},{\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"id\":\"7ab9f9a0-830e-11e9-9c4c-391fa0a2e15f\",\"name\":\"res\"}]}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"aws.dimensions.ClusterName\",\"terms_order_by\":\"_key\",\"terms_size\":\"5\",\"value_template\":\"{{value}}\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"Cloudwatch Memory Available [Metrics AWS]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\",\"enhancements\":{}}}]","timeRestore":false,"title":"[Metrics AWS] Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"aws-fac28650-7349-11e9-816b-07687310a99a","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"metrics-*","name":"2:control_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"3:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-aws-default","name":"tag-ref-fleet-pkg-aws-default","type":"tag"}],"sort":[1688996741503,6361],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1MzgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Azure Spring cloud Logs Application Console Apps [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Azure Spring cloud Logs Application Console Apps [Logs Azure]\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"ab65f411-b92e-4b25-959d-b60941882406\",\"type\":\"timeseries\",\"series\":[{\"id\":\"76dedc9c-dc5f-487f-a56a-f78712f3b249\",\"color\":\"#68BC00\",\"split_mode\":\"terms\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"bbf3df20-f52c-11eb-9798-91531c982260\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"azure.springcloudlogs.properties.app_name\",\"label\":\"Application\",\"type\":\"timeseries\"},{\"id\":\"ccf24e10-f52c-11eb-9798-91531c982260\",\"color\":\"#68BC00\",\"split_mode\":\"terms\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"ccf24e11-f52c-11eb-9798-91531c982260\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Instance\",\"type\":\"timeseries\",\"terms_field\":\"azure.springcloudlogs.properties.instance_name\"}],\"time_field\":\"\",\"use_kibana_indexes\":true,\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"drop_last_bucket\":0,\"isModelInvalid\":false,\"filter\":{\"query\":\"data_stream.dataset : \\\"azure.springcloudlogs\\\" and azure.springcloudlogs.category : \\\"ApplicationConsole\\\" \",\"language\":\"kuery\"},\"index_pattern_ref_name\":\"metrics_0_index_pattern\"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-013d9a80-f52d-11eb-b9f3-73fa29f35762","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"metrics_0_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6365],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1MzksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Azure Spring Cloud Logs System Logs Services [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Azure Spring Cloud Logs System Logs Services [Logs Azure]\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"aee8223d-7cfa-4776-a006-15876e5bb382\",\"type\":\"timeseries\",\"series\":[{\"id\":\"286b9de2-90e1-48c1-9357-63dc88a0d500\",\"color\":\"rgba(160,165,230,1)\",\"split_mode\":\"terms\",\"palette\":{\"type\":\"palette\",\"name\":\"complimentary\"},\"metrics\":[{\"id\":\"4a944774-8d00-4412-aeae-1a3e978f1a6a\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"azure.springcloudlogs.properties.service_name\",\"label\":\"Services\",\"split_color_mode\":null}],\"time_field\":\"\",\"use_kibana_indexes\":true,\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"drop_last_bucket\":0,\"isModelInvalid\":false,\"filter\":{\"query\":\"data_stream.dataset : \\\"azure.springcloudlogs\\\" and azure.springcloudlogs.category : \\\"SystemLogs\\\" \",\"language\":\"kuery\"},\"index_pattern_ref_name\":\"metrics_0_index_pattern\"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-037fa5d0-f52e-11eb-b9f3-73fa29f35762","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"metrics_0_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6369],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1NDAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"title":"Subscriptions Filter [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"controls\":[{\"fieldName\":\"azure.subscription_id\",\"id\":\"1571250866125\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"Subscription ID\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":true,\"useTimeFilter\":false},\"title\":\"Subscriptions Filter [Logs Azure]\",\"type\":\"input_control_vis\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-097d74d0-f044-11e9-90ec-112a988266d5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6373],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1NDEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Authorization Activity User [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset :\\\"azure.activitylogs\\\" and azure.activitylogs.operation_name : *LISTKEYS* \"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(164,221,0,1)\",\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"azure.activitylogs.result_type : \\\"Success\\\" \"},\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Success\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"azure.activitylogs.result_type\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(244,78,59,1)\",\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"azure.activitylogs.result_type : \\\"Fail\\\" \"},\"formatter\":\"number\",\"id\":\"78e85470-f0cb-11e9-bf79-0db2fc8554f1\",\"label\":\"Failure\",\"line_width\":1,\"metrics\":[{\"id\":\"78e85471-f0cb-11e9-bf79-0db2fc8554f1\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"filter\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":0,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"title\":\"Authorization Activity User [Logs Azure]\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-0dd135c0-f0cc-11e9-90ec-112a988266d5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6376],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1NDIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"title":"Navigation Alerts [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"fontSize\":10,\"markdown\":\"### Azure Monitoring\\n\\n[Overview](#/dashboard/azure-41e84340-ec20-11e9-90ec-112a988266d5) | [Users](#/dashboard/azure-87095750-f05a-11e9-90ec-112a988266d5) | [**Alerts**](#/dashboard/azure-0f559cc0-f0d5-11e9-90ec-112a988266d5) \",\"openLinksInNewTab\":false},\"title\":\"Navigation Alerts [Logs Azure]\",\"type\":\"markdown\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-46544960-f0d5-11e9-90ec-112a988266d5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6379],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1NDMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Alerts Overview [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset :\\\"azure.activitylogs\\\" and azure.activitylogs.event_category : \\\"Alert\\\"\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(252,220,0,1)\",\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"azure.activitylogs.result_type: \\\"Activated\\\"\"},\"formatter\":\"number\",\"hide_in_legend\":0,\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"filter\",\"stacked\":\"none\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"azure.activitylogs.result_type: \\\"Resolved\\\" or azure.activitylogs.result_type: \\\"Succeeded\\\"\"},\"formatter\":\"number\",\"hide_in_legend\":0,\"id\":\"5a52f170-ec1e-11e9-b6a7-21d19b63822a\",\"line_width\":1,\"metrics\":[{\"id\":\"5a52f171-ec1e-11e9-b6a7-21d19b63822a\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"filter\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":0,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"title\":\"Alerts Overview [Logs Azure]\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-52c2a4e0-ec1f-11e9-90ec-112a988266d5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6382],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1NDQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset :\\\"azure.activitylogs\\\" and azure.activitylogs.event_category : \\\"Alert\\\" \"}}"},"title":"Alerts Count [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Alerts\"},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"filters\":[{\"input\":{\"language\":\"kuery\",\"query\":\"azure.activitylogs.result_type : \\\"Activated\\\"\"},\"label\":\"Activated\"},{\"input\":{\"language\":\"kuery\",\"query\":\"azure.activitylogs.result_type : \\\"Resolved\\\"\"},\"label\":\"Resolved\"},{\"input\":{\"language\":\"kuery\",\"query\":\"azure.activitylogs.result_type : \\\"Succeeded\\\"\"},\"label\":\"Succeeded\"}]},\"schema\":\"group\",\"type\":\"filters\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"dimensions\":{\"bucket\":{\"accessor\":0,\"format\":{\"id\":\"string\",\"params\":{}},\"type\":\"vis_dimension\"},\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{}},\"type\":\"vis_dimension\"}]},\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000,\"type\":\"range\"}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Alerts Count [Logs Azure]\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-f684a750-ec23-11e9-90ec-112a988266d5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6386],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1NDUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset :\\\"azure.activitylogs\\\" and azure.activitylogs.event_category : \\\"Alert\\\" \"}}"},"title":"Alerts Heatmap [Logs Azure]","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0\":\"rgb(247,252,245)\"}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Provider\",\"field\":\"azure.resource.provider\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Resource Group\",\"field\":\"azure.resource.group\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"group\",\"type\":\"terms\"}],\"params\":{\"addLegend\":true,\"addTooltip\":true,\"colorSchema\":\"Greens\",\"colorsNumber\":4,\"colorsRange\":[],\"dimensions\":{\"x\":{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},\"y\":[{\"accessor\":1,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"enableHover\":false,\"invertColors\":false,\"legendPosition\":\"right\",\"percentageMode\":false,\"setColorRange\":false,\"times\":[],\"type\":\"heatmap\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"color\":\"black\",\"overwriteColor\":false,\"rotate\":0,\"show\":false},\"scale\":{\"defaultYExtents\":false,\"type\":\"linear\"},\"show\":false,\"type\":\"value\"}],\"legendSize\":\"auto\"},\"title\":\"Alerts Heatmap [Logs Azure]\",\"type\":\"heatmap\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-c704b050-f0de-11e9-90ec-112a988266d5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6390],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1NDYsMV0="}
+{"attributes":{"description":"This dashboard provides expanded alerts overview for Azure cloud","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"9d1a26e6-2ff0-4d3e-bab3-7bb3c50cd060\",\"w\":7,\"x\":0,\"y\":0},\"panelIndex\":\"9d1a26e6-2ff0-4d3e-bab3-7bb3c50cd060\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Navigation Alerts\",\"panelRefName\":\"panel_9d1a26e6-2ff0-4d3e-bab3-7bb3c50cd060\"},{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"676fd632-a9c1-46ed-829b-ca5b55817379\",\"w\":14,\"x\":7,\"y\":0},\"panelIndex\":\"676fd632-a9c1-46ed-829b-ca5b55817379\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Subscriptions Filter\",\"panelRefName\":\"panel_676fd632-a9c1-46ed-829b-ca5b55817379\"},{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"096b4eaa-072e-455f-befa-3076f71be12d\",\"w\":27,\"x\":21,\"y\":0},\"panelIndex\":\"096b4eaa-072e-455f-befa-3076f71be12d\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Alerts Overview\",\"panelRefName\":\"panel_096b4eaa-072e-455f-befa-3076f71be12d\"},{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"162fb43e-fff3-4f50-aa9b-a713418bd651\",\"w\":27,\"x\":21,\"y\":15},\"panelIndex\":\"162fb43e-fff3-4f50-aa9b-a713418bd651\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Alerts Count\",\"panelRefName\":\"panel_162fb43e-fff3-4f50-aa9b-a713418bd651\"},{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":20,\"i\":\"36fb5c08-80d9-4a1c-8fde-9c063381fdd8\",\"w\":21,\"x\":0,\"y\":4},\"panelIndex\":\"36fb5c08-80d9-4a1c-8fde-9c063381fdd8\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Alerts Heatmap\",\"panelRefName\":\"panel_36fb5c08-80d9-4a1c-8fde-9c063381fdd8\"}]","timeRestore":false,"title":"[Logs Azure] Alerts Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-0f559cc0-f0d5-11e9-90ec-112a988266d5","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"azure-46544960-f0d5-11e9-90ec-112a988266d5","name":"9d1a26e6-2ff0-4d3e-bab3-7bb3c50cd060:panel_9d1a26e6-2ff0-4d3e-bab3-7bb3c50cd060","type":"visualization"},{"id":"azure-097d74d0-f044-11e9-90ec-112a988266d5","name":"676fd632-a9c1-46ed-829b-ca5b55817379:panel_676fd632-a9c1-46ed-829b-ca5b55817379","type":"visualization"},{"id":"azure-52c2a4e0-ec1f-11e9-90ec-112a988266d5","name":"096b4eaa-072e-455f-befa-3076f71be12d:panel_096b4eaa-072e-455f-befa-3076f71be12d","type":"visualization"},{"id":"azure-f684a750-ec23-11e9-90ec-112a988266d5","name":"162fb43e-fff3-4f50-aa9b-a713418bd651:panel_162fb43e-fff3-4f50-aa9b-a713418bd651","type":"visualization"},{"id":"azure-c704b050-f0de-11e9-90ec-112a988266d5","name":"36fb5c08-80d9-4a1c-8fde-9c063381fdd8:panel_36fb5c08-80d9-4a1c-8fde-9c063381fdd8","type":"visualization"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6398],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1NDcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Azure Spring Cloud Logs System Logs Level List [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Azure Spring Cloud Logs System Logs Level List [Logs Azure]\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"e8ae1bbe-9172-4214-986d-7118f06a8f02\",\"type\":\"timeseries\",\"series\":[{\"id\":\"710c298a-93bb-4d00-99c0-605bbd463ac0\",\"color\":\"rgba(170,101,86,1)\",\"split_mode\":\"terms\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"10c7e926-cf10-42a7-89f7-0c0018b38c62\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"log.level\"}],\"time_field\":\"\",\"use_kibana_indexes\":true,\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"drop_last_bucket\":0,\"isModelInvalid\":false,\"filter\":{\"query\":\"data_stream.dataset : \\\"azure.springcloudlogs\\\" and azure.springcloudlogs.category : \\\"SystemLogs\\\" \",\"language\":\"kuery\"},\"index_pattern_ref_name\":\"metrics_0_index_pattern\"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-16df08d0-f526-11eb-b9f3-73fa29f35762","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"metrics_0_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6402],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1NDgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Azure Spring Cloud Logs Navigation System Logs [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Azure Spring Cloud Logs Navigation System Logs [Logs Azure]\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"### Azure Spring Cloud System Logs\\n[Overview](#/dashboard/azure-5ad41d90-f50e-11eb-a831-732d3e9bbd43) | [**System Logs**](#/dashboard/azure-1adf52d0-f50f-11eb-a831-732d3e9bbd43) | [Application Console Logs](#/dashboard/azure-32aedb00-f524-11eb-b9f3-73fa29f35762) \"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-e58802b0-f510-11eb-a831-732d3e9bbd43","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6405],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1NDksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Subscription and Type Filter [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Subscription and Type Filter [Logs Azure]\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1628066574084\",\"fieldName\":\"azure.subscription_id\",\"parent\":\"\",\"label\":\"Subscription ID\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1628066623258\",\"fieldName\":\"azure.springcloudlogs.category\",\"parent\":\"\",\"label\":\"Spring Cloud Logs Type\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-f619df10-f50e-11eb-a831-732d3e9bbd43","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6410],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1NTAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Azure Spring Cloud Logs System Logs Activity [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Azure Spring Cloud Logs System Logs Activity [Logs Azure]\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"2377e52f-91ef-4ff1-bdad-211ff2c25f0f\",\"type\":\"timeseries\",\"series\":[{\"id\":\"267ec4fa-03f7-4089-b02f-c738d4a0dd04\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"737a9957-834d-4a30-8e4c-468cfb3c4905\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\"}],\"time_field\":\"\",\"use_kibana_indexes\":true,\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"drop_last_bucket\":0,\"isModelInvalid\":false,\"filter\":{\"query\":\"data_stream.dataset : \\\"azure.springcloudlogs\\\" and azure.springcloudlogs.category : \\\"SystemLogs\\\" \",\"language\":\"kuery\"},\"index_pattern_ref_name\":\"metrics_0_index_pattern\"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-803777a0-f511-11eb-a831-732d3e9bbd43","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"metrics_0_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6414],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1NTEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Azure Spring Cloud Logs System Logs Logger Type [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Azure Spring Cloud Logs System Logs Logger Type [Logs Azure]\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"c8b02450-7668-4c2b-9b21-e7d59f0867a7\",\"type\":\"timeseries\",\"series\":[{\"id\":\"901af5fd-96ec-4e96-b35d-7a1941b85a40\",\"color\":\"#68BC00\",\"split_mode\":\"terms\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"08168ad0-60ba-492f-a7be-af47252f9cfe\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"azure.springcloudlogs.properties.logger\",\"label\":\"Logger\"},{\"id\":\"d9a5e200-f52e-11eb-ba9b-7b2d136782e1\",\"color\":\"rgba(145,112,184,1)\",\"split_mode\":\"terms\",\"palette\":{\"type\":\"palette\",\"name\":\"negative\"},\"metrics\":[{\"id\":\"d9a5e201-f52e-11eb-ba9b-7b2d136782e1\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"stacked_within_series\",\"label\":\"Type\",\"terms_field\":\"azure.springcloudlogs.properties.type\",\"split_color_mode\":null}],\"time_field\":\"\",\"use_kibana_indexes\":true,\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"drop_last_bucket\":0,\"isModelInvalid\":false,\"filter\":{\"query\":\"data_stream.dataset : \\\"azure.springcloudlogs\\\" and azure.springcloudlogs.category : \\\"SystemLogs\\\" \",\"language\":\"kuery\"},\"background_color\":null,\"index_pattern_ref_name\":\"metrics_0_index_pattern\"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-30e95c40-f52f-11eb-b9f3-73fa29f35762","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"metrics_0_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6418],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1NTIsMV0="}
+{"attributes":{"description":"[Logs Azure] Azure Spring cloud Logs System Logs","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":10,\"h\":7,\"i\":\"36cfd9c9-98e2-427a-9f99-3b4406d86841\"},\"panelIndex\":\"36cfd9c9-98e2-427a-9f99-3b4406d86841\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"### Azure Spring Cloud Logs\\n\\n[Overview](#/dashboard/azure-41e84340-ec20-11e9-90ec-112a988266d5) | [**System Logs**](#/dashboard/azure-87095750-f05a-11e9-90ec-112a988266d5) | [Application Console Logs](#/dashboard/azure-0f559cc0-f0d5-11e9-90ec-112a988266d5) \"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":false,\"enhancements\":{},\"type\":\"visualization\"},\"title\":\"Navigation Azure System Logs\",\"panelRefName\":\"panel_36cfd9c9-98e2-427a-9f99-3b4406d86841\"},{\"version\":\"7.14.0-SNAPSHOT\",\"type\":\"visualization\",\"gridData\":{\"x\":10,\"y\":0,\"w\":13,\"h\":7,\"i\":\"5cbc2c45-1213-4bb9-ab65-8dfc0cfbad8a\"},\"panelIndex\":\"5cbc2c45-1213-4bb9-ab65-8dfc0cfbad8a\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Subscription and Type Filter\",\"panelRefName\":\"panel_5cbc2c45-1213-4bb9-ab65-8dfc0cfbad8a\"},{\"version\":\"7.14.0-SNAPSHOT\",\"type\":\"visualization\",\"gridData\":{\"x\":23,\"y\":0,\"w\":25,\"h\":15,\"i\":\"dd3bc6e6-219b-46d1-a458-cf79faa14c22\"},\"panelIndex\":\"dd3bc6e6-219b-46d1-a458-cf79faa14c22\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"System Logs Activity\",\"panelRefName\":\"panel_dd3bc6e6-219b-46d1-a458-cf79faa14c22\"},{\"version\":\"7.14.0-SNAPSHOT\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":7,\"w\":23,\"h\":18,\"i\":\"6c53434c-d1f9-4210-a0fe-0e406cffb1a7\"},\"panelIndex\":\"6c53434c-d1f9-4210-a0fe-0e406cffb1a7\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Log Level\",\"panelRefName\":\"panel_6c53434c-d1f9-4210-a0fe-0e406cffb1a7\"},{\"version\":\"7.14.0-SNAPSHOT\",\"type\":\"lens\",\"gridData\":{\"x\":23,\"y\":15,\"w\":25,\"h\":19,\"i\":\"748eb38a-92e4-4636-87c4-ca8bde01e6d8\"},\"panelIndex\":\"748eb38a-92e4-4636-87c4-ca8bde01e6d8\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Operations\",\"panelRefName\":\"panel_748eb38a-92e4-4636-87c4-ca8bde01e6d8\"},{\"version\":\"7.14.0-SNAPSHOT\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":25,\"w\":23,\"h\":18,\"i\":\"f10825d9-48e7-4c3b-b225-51ac95988c8a\"},\"panelIndex\":\"f10825d9-48e7-4c3b-b225-51ac95988c8a\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Services\",\"panelRefName\":\"panel_f10825d9-48e7-4c3b-b225-51ac95988c8a\"},{\"version\":\"7.14.0-SNAPSHOT\",\"type\":\"visualization\",\"gridData\":{\"x\":23,\"y\":34,\"w\":25,\"h\":17,\"i\":\"65014b13-0aa6-488b-9015-5dcb7b0dfe74\"},\"panelIndex\":\"65014b13-0aa6-488b-9015-5dcb7b0dfe74\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Logger & Type\",\"panelRefName\":\"panel_65014b13-0aa6-488b-9015-5dcb7b0dfe74\"}]","timeRestore":false,"title":"[Logs Azure] Azure Spring Cloud Logs System Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-1adf52d0-f50f-11eb-a831-732d3e9bbd43","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"azure-e58802b0-f510-11eb-a831-732d3e9bbd43","name":"36cfd9c9-98e2-427a-9f99-3b4406d86841:panel_36cfd9c9-98e2-427a-9f99-3b4406d86841","type":"visualization"},{"id":"azure-f619df10-f50e-11eb-a831-732d3e9bbd43","name":"5cbc2c45-1213-4bb9-ab65-8dfc0cfbad8a:panel_5cbc2c45-1213-4bb9-ab65-8dfc0cfbad8a","type":"visualization"},{"id":"azure-803777a0-f511-11eb-a831-732d3e9bbd43","name":"dd3bc6e6-219b-46d1-a458-cf79faa14c22:panel_dd3bc6e6-219b-46d1-a458-cf79faa14c22","type":"visualization"},{"id":"azure-16df08d0-f526-11eb-b9f3-73fa29f35762","name":"6c53434c-d1f9-4210-a0fe-0e406cffb1a7:panel_6c53434c-d1f9-4210-a0fe-0e406cffb1a7","type":"visualization"},{"id":"azure-87256380-f52d-11eb-b9f3-73fa29f35762","name":"748eb38a-92e4-4636-87c4-ca8bde01e6d8:panel_748eb38a-92e4-4636-87c4-ca8bde01e6d8","type":"lens"},{"id":"azure-037fa5d0-f52e-11eb-b9f3-73fa29f35762","name":"f10825d9-48e7-4c3b-b225-51ac95988c8a:panel_f10825d9-48e7-4c3b-b225-51ac95988c8a","type":"visualization"},{"id":"azure-30e95c40-f52f-11eb-b9f3-73fa29f35762","name":"65014b13-0aa6-488b-9015-5dcb7b0dfe74:panel_65014b13-0aa6-488b-9015-5dcb7b0dfe74","type":"visualization"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6428],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1NTMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Azure Spring Cloud Logs Navigation Application Console Logs [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Azure Spring Cloud Logs Navigation Application Console Logs [Logs Azure]\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"### Azure Spring Cloud Application Console Logs\\n\\n[Overview](#/dashboard/azure-5ad41d90-f50e-11eb-a831-732d3e9bbd43) | [System Logs](#/dashboard/azure-1adf52d0-f50f-11eb-a831-732d3e9bbd43) | [**Application Console Logs**](#/dashboard/azure-32aedb00-f524-11eb-b9f3-73fa29f35762) \"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-1bb61e40-f524-11eb-b9f3-73fa29f35762","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6431],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1NTQsMV0="}
+{"attributes":{"columns":["observer.name","source.address","source.port","destination.address","destination.port","network.protocol","event.type","event.kind"],"description":"","grid":{},"hideChart":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"azure.firewall_logs\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"azure.firewall_logs\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"azure.firewall.operation_name : \\\"AzureFirewallApplicationRuleLog\\\"  \"}}"},"sort":[["@timestamp","desc"]],"title":"Firewall Network Application Rule Logs [Logs Azure]"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-671ff040-f24e-11ec-a5a8-bf965bcd5646","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6436],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1NTUsMV0="}
+{"attributes":{"description":"Dashboard providing statistics about alerts ingested from the Azure Firewall Application Rule Log events.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"azure.firewall_logs\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"azure.firewall_logs\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"azure.firewall.operation_name\",\"negate\":false,\"params\":{\"query\":\"AzureFirewallApplicationRuleLog\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"azure.firewall.operation_name\":\"AzureFirewallApplicationRuleLog\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":14,\"i\":\"258f7245-5011-4f03-bcd3-cada0180dc7a\",\"w\":12,\"x\":0,\"y\":0},\"panelIndex\":\"258f7245-5011-4f03-bcd3-cada0180dc7a\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"**Navigation**\\n\\n[Overview](/app/dashboards#/view/auzre-280493a0-f1a1-11ec-a5a8-bf965bcd5646)  \\n[Network Rule Logs](/app/dashboards#/view/azure-91224490-f1a6-11ec-a5a8-bf965bcd5646)  \\n[Network NAT Rule Logs](/app/dashboards#/view/azure-8731b980-f1aa-11ec-a5a8-bf965bcd5646)  \\n**[Application Rule Logs (This Page)](/app/dashboards#/view/azure-1e5c9b50-f24a-11ec-a5a8-bf965bcd5646)**  \\n[DNS Proxy Logs](/app/dashboards#/view/azure-cad82b40-f251-11ec-a5a8-bf965bcd5646)\\n\\n[Integrations Page](/app/integrations/detail/azure/overview?integration=firewall_logs)    \\n\\n**Overview**\\n\\nThis dashboard provides an overall view of Azure Firewall Application Rule Log events.\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"7cbe886c-4cc4-4fec-beff-7336b0965067\",\"w\":36,\"x\":12,\"y\":0},\"panelIndex\":\"7cbe886c-4cc4-4fec-beff-7336b0965067\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloud.account.id\",\"id\":\"1637591016076\",\"indexPatternRefName\":\"control_7cbe886c-4cc4-4fec-beff-7336b0965067_0_index_pattern\",\"label\":\"Subscription ID\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"observer.name\",\"id\":\"1637591118622\",\"indexPatternRefName\":\"control_7cbe886c-4cc4-4fec-beff-7336b0965067_1_index_pattern\",\"label\":\"Firewall\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":false,\"useTimeFilter\":false},\"title\":\"Firewall Filters\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64\",\"w\":6,\"x\":12,\"y\":7},\"panelIndex\":\"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Source IPs\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(source.ip)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of unique_count(source.ip)\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"source.ip\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Source IPs\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"4c85d573-baea-49ca-bb9e-4013a0373da7\",\"w\":6,\"x\":18,\"y\":7},\"panelIndex\":\"4c85d573-baea-49ca-bb9e-4013a0373da7\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Destination IPs\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(destination.ip)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Unique Source IPs\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"destination.ip\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Destination IPs\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"b0b8c30c-2096-49ee-95b3-9adbf27808e5\",\"w\":6,\"x\":24,\"y\":7},\"panelIndex\":\"b0b8c30c-2096-49ee-95b3-9adbf27808e5\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Source Countries\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(source.geo.country_name)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Unique Source IPs\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"source.geo.country_name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Source Countries\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"e0be3094-1544-4c59-858c-05320b57c3a7\",\"w\":6,\"x\":30,\"y\":7},\"panelIndex\":\"e0be3094-1544-4c59-858c-05320b57c3a7\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Destination Countries\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(destination.geo.country_name)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Unique Source Countries\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"destination.geo.country_name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Destination Countries\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"673dd2b3-e271-4ad9-9b86-83e4e1070647\",\"w\":6,\"x\":36,\"y\":7},\"panelIndex\":\"673dd2b3-e271-4ad9-9b86-83e4e1070647\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Network Protocols\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(network.protocol)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Unique Rules\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"network.protocol\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Network Protocols\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"ce8caf3c-c830-4500-a4bf-66a9f354cd49\",\"w\":12,\"x\":0,\"y\":14},\"panelIndex\":\"ce8caf3c-c830-4500-a4bf-66a9f354cd49\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5c93c96-5038-49e1-acca-2e876257c059\":{\"columnOrder\":[\"b2d72986-1818-4a93-9155-2a66cd00eca4\",\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\"],\"columns\":{\"b2d72986-1818-4a93-9155-2a66cd00eca4\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Firewall\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"observer.name\"},\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"b2d72986-1818-4a93-9155-2a66cd00eca4\",\"isTransposed\":false},{\"columnId\":\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\",\"isTransposed\":false}],\"layerId\":\"a5c93c96-5038-49e1-acca-2e876257c059\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Event Generating Firewalls\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"2148efa5-f130-4751-909d-6a79eed2e16b\",\"w\":12,\"x\":12,\"y\":14},\"panelIndex\":\"2148efa5-f130-4751-909d-6a79eed2e16b\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"77c8c7dc-b073-4d7c-8403-b25ee4647152\":{\"columnOrder\":[\"f49ff962-9e8a-4170-a0d8-54cee9438651\",\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"],\"columns\":{\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"f49ff962-9e8a-4170-a0d8-54cee9438651\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of source.geo.country_name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"source.geo.country_name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"legendSize\":\"auto\",\"primaryGroups\":[\"f49ff962-9e8a-4170-a0d8-54cee9438651\"],\"metrics\":[\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Source Countries\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"6790d45f-4fa9-4a70-b0e1-a3e10682c852\",\"w\":12,\"x\":24,\"y\":14},\"panelIndex\":\"6790d45f-4fa9-4a70-b0e1-a3e10682c852\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"77c8c7dc-b073-4d7c-8403-b25ee4647152\":{\"columnOrder\":[\"f49ff962-9e8a-4170-a0d8-54cee9438651\",\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"],\"columns\":{\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"f49ff962-9e8a-4170-a0d8-54cee9438651\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of destination.geo.country_name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"destination.geo.country_name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"legendSize\":\"auto\",\"primaryGroups\":[\"f49ff962-9e8a-4170-a0d8-54cee9438651\"],\"metrics\":[\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Destination Countries\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"f7c1e866-ba0d-45af-95bf-2736901431dc\",\"w\":12,\"x\":36,\"y\":14},\"panelIndex\":\"f7c1e866-ba0d-45af-95bf-2736901431dc\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"77c8c7dc-b073-4d7c-8403-b25ee4647152\":{\"columnOrder\":[\"76f26815-f13c-4273-b52f-7c25247f2b0d\",\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"],\"columns\":{\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"76f26815-f13c-4273-b52f-7c25247f2b0d\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of network.protocol\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"network.protocol\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"legendSize\":\"auto\",\"primaryGroups\":[\"76f26815-f13c-4273-b52f-7c25247f2b0d\",\"76f26815-f13c-4273-b52f-7c25247f2b0d\",\"76f26815-f13c-4273-b52f-7c25247f2b0d\",\"76f26815-f13c-4273-b52f-7c25247f2b0d\",\"76f26815-f13c-4273-b52f-7c25247f2b0d\"],\"metrics\":[\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"]}],\"shape\":\"donut\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Network Protocols and Applications\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"ffc33e34-3225-40da-97c6-ea9fbfa6db02\",\"w\":12,\"x\":0,\"y\":29},\"panelIndex\":\"ffc33e34-3225-40da-97c6-ea9fbfa6db02\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5c93c96-5038-49e1-acca-2e876257c059\":{\"columnOrder\":[\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"915adad5-4455-40d4-a9cd-0702da79189c\"],\"columns\":{\"63e483b4-0ce2-4f05-92a2-8e699650d64c\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Rules\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"rule.name\"},\"915adad5-4455-40d4-a9cd-0702da79189c\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"isTransposed\":false},{\"columnId\":\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"isTransposed\":false}],\"layerId\":\"a5c93c96-5038-49e1-acca-2e876257c059\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Event Rules\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"9609e04b-0043-4b3a-a31b-a2461c1e3dcb\",\"w\":12,\"x\":12,\"y\":29},\"panelIndex\":\"9609e04b-0043-4b3a-a31b-a2461c1e3dcb\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5c93c96-5038-49e1-acca-2e876257c059\":{\"columnOrder\":[\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"915adad5-4455-40d4-a9cd-0702da79189c\"],\"columns\":{\"63e483b4-0ce2-4f05-92a2-8e699650d64c\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Source Address\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"source.address\"},\"915adad5-4455-40d4-a9cd-0702da79189c\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"isTransposed\":false},{\"columnId\":\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"isTransposed\":false}],\"layerId\":\"a5c93c96-5038-49e1-acca-2e876257c059\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Event Source Addresses\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"8a1bd282-e360-473d-b26d-e73f2b470c81\",\"w\":12,\"x\":24,\"y\":29},\"panelIndex\":\"8a1bd282-e360-473d-b26d-e73f2b470c81\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5c93c96-5038-49e1-acca-2e876257c059\":{\"columnOrder\":[\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"915adad5-4455-40d4-a9cd-0702da79189c\"],\"columns\":{\"63e483b4-0ce2-4f05-92a2-8e699650d64c\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Destination Address\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"destination.address\"},\"915adad5-4455-40d4-a9cd-0702da79189c\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"isTransposed\":false},{\"columnId\":\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"isTransposed\":false}],\"layerId\":\"a5c93c96-5038-49e1-acca-2e876257c059\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Event Destination Addresses\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"3b9a2a5f-1226-415c-88d5-21496508d060\",\"w\":12,\"x\":36,\"y\":29},\"panelIndex\":\"3b9a2a5f-1226-415c-88d5-21496508d060\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5c93c96-5038-49e1-acca-2e876257c059\":{\"columnOrder\":[\"71a5a0d6-161e-4175-9a34-b25e8cfbf4c0\",\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\"],\"columns\":{\"71a5a0d6-161e-4175-9a34-b25e8cfbf4c0\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Network Protocol\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"network.protocol\"},\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"71a5a0d6-161e-4175-9a34-b25e8cfbf4c0\",\"isTransposed\":false},{\"columnId\":\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\",\"isTransposed\":false}],\"layerId\":\"a5c93c96-5038-49e1-acca-2e876257c059\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Network Protocols\"},{\"version\":\"7.16.0\",\"type\":\"search\",\"gridData\":{\"h\":17,\"i\":\"01c53b97-697b-40fb-874d-6e7d720eb3fe\",\"w\":48,\"x\":0,\"y\":40},\"panelIndex\":\"01c53b97-697b-40fb-874d-6e7d720eb3fe\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_01c53b97-697b-40fb-874d-6e7d720eb3fe\"}]","timeRestore":false,"title":"[Logs Azure] Firewall Application Rule Log","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-1e5c9b50-f24a-11ec-a5a8-bf965bcd5646","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"logs-*","name":"7cbe886c-4cc4-4fec-beff-7336b0965067:control_7cbe886c-4cc4-4fec-beff-7336b0965067_0_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7cbe886c-4cc4-4fec-beff-7336b0965067:control_7cbe886c-4cc4-4fec-beff-7336b0965067_1_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"4c85d573-baea-49ca-bb9e-4013a0373da7:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"4c85d573-baea-49ca-bb9e-4013a0373da7:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"b0b8c30c-2096-49ee-95b3-9adbf27808e5:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"b0b8c30c-2096-49ee-95b3-9adbf27808e5:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"e0be3094-1544-4c59-858c-05320b57c3a7:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"e0be3094-1544-4c59-858c-05320b57c3a7:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"673dd2b3-e271-4ad9-9b86-83e4e1070647:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"673dd2b3-e271-4ad9-9b86-83e4e1070647:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"ce8caf3c-c830-4500-a4bf-66a9f354cd49:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"ce8caf3c-c830-4500-a4bf-66a9f354cd49:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059","type":"index-pattern"},{"id":"logs-*","name":"2148efa5-f130-4751-909d-6a79eed2e16b:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"2148efa5-f130-4751-909d-6a79eed2e16b:indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152","type":"index-pattern"},{"id":"logs-*","name":"6790d45f-4fa9-4a70-b0e1-a3e10682c852:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"6790d45f-4fa9-4a70-b0e1-a3e10682c852:indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152","type":"index-pattern"},{"id":"logs-*","name":"f7c1e866-ba0d-45af-95bf-2736901431dc:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"f7c1e866-ba0d-45af-95bf-2736901431dc:indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152","type":"index-pattern"},{"id":"logs-*","name":"ffc33e34-3225-40da-97c6-ea9fbfa6db02:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"ffc33e34-3225-40da-97c6-ea9fbfa6db02:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059","type":"index-pattern"},{"id":"logs-*","name":"9609e04b-0043-4b3a-a31b-a2461c1e3dcb:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"9609e04b-0043-4b3a-a31b-a2461c1e3dcb:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059","type":"index-pattern"},{"id":"logs-*","name":"8a1bd282-e360-473d-b26d-e73f2b470c81:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"8a1bd282-e360-473d-b26d-e73f2b470c81:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059","type":"index-pattern"},{"id":"logs-*","name":"3b9a2a5f-1226-415c-88d5-21496508d060:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"3b9a2a5f-1226-415c-88d5-21496508d060:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059","type":"index-pattern"},{"id":"azure-671ff040-f24e-11ec-a5a8-bf965bcd5646","name":"01c53b97-697b-40fb-874d-6e7d720eb3fe:panel_01c53b97-697b-40fb-874d-6e7d720eb3fe","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6470],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1NTYsMV0="}
+{"attributes":{"columns":["observer.name","source.ip","source.port","destination.ip","destination.port","destination.nat.ip","destination.nat.port","event.type","event.kind"],"description":"","grid":{},"hideChart":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"azure.firewall_logs\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"azure.firewall_logs\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"azure.firewall.operation_name : \\\"AzureFirewallNatRuleLog\\\" \"}}"},"sort":[["@timestamp","desc"]],"title":"Firewall Network NAT Rule Logs [Logs Azure]"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-252228a0-f1ab-11ec-a5a8-bf965bcd5646","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6475],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1NTcsMV0="}
+{"attributes":{"columns":["observer.name","source.address","source.port","destination.address","destination.port","event.kind","event.type"],"description":"","grid":{},"hideChart":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"azure.firewall_logs\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"azure.firewall_logs\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"sort":[["@timestamp","desc"]],"title":"Firewall Logs [Logs Azure]"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-fb61c4c0-f1a1-11ec-a5a8-bf965bcd5646","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6480],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1NTgsMV0="}
+{"attributes":{"description":"Dashboard providing an overall view of the AWS Network Firewall integration.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"azure.firewall_logs\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"azure.firewall_logs\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"258f7245-5011-4f03-bcd3-cada0180dc7a\",\"w\":13,\"x\":0,\"y\":0},\"panelIndex\":\"258f7245-5011-4f03-bcd3-cada0180dc7a\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"**Navigation**\\n\\n**[Overview (This Page)](/app/dashboards#/view/azure-280493a0-f1a1-11ec-a5a8-bf965bcd5646)**  \\n[Network Rule Logs](/app/dashboards#/view/azure-91224490-f1a6-11ec-a5a8-bf965bcd5646)  \\n[Network NAT Rule Logs](/app/dashboards#/view/azure-8731b980-f1aa-11ec-a5a8-bf965bcd5646)  \\n[Application Rule Logs](/app/dashboards#/view/azure-1e5c9b50-f24a-11ec-a5a8-bf965bcd5646)  \\n[DNS Proxy Logs](/app/dashboards#/view/azure-cad82b40-f251-11ec-a5a8-bf965bcd5646)\\n\\n[Integrations Page](/app/integrations/detail/azure/overview?integration=firewall_logs)  \\n\\n**Overview**\\n\\nThis dashboard provides an overall view of Azure Firewall integration.\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"f22a22bc-21e2-4fb2-8c4e-a31393cba5e9\",\"w\":35,\"x\":13,\"y\":0},\"panelIndex\":\"f22a22bc-21e2-4fb2-8c4e-a31393cba5e9\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloud.account.id\",\"id\":\"1637591016076\",\"indexPatternRefName\":\"control_f22a22bc-21e2-4fb2-8c4e-a31393cba5e9_0_index_pattern\",\"label\":\"Subscription ID\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"observer.name\",\"id\":\"1637591118622\",\"indexPatternRefName\":\"control_f22a22bc-21e2-4fb2-8c4e-a31393cba5e9_1_index_pattern\",\"label\":\"Firewall\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":false,\"useTimeFilter\":false},\"title\":\"Firewall Filters\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"e8d2a7be-bc2a-4ca5-ae71-5273156084b3\",\"w\":5,\"x\":13,\"y\":7},\"panelIndex\":\"e8d2a7be-bc2a-4ca5-ae71-5273156084b3\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"775a9e84-2203-42bf-a775-f60ad2cd84ae\"],\"columns\":{\"775a9e84-2203-42bf-a775-f60ad2cd84ae\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Total Events\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.kind\",\"negate\":false,\"params\":{\"query\":\"event\"},\"type\":\"phrase\",\"index\":\"filter-index-pattern-0\"},\"query\":{\"match_phrase\":{\"event.kind\":\"event\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"775a9e84-2203-42bf-a775-f60ad2cd84ae\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Events\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"3fc05a86-0b0d-435d-9df5-a5423225d5e5\",\"w\":6,\"x\":18,\"y\":7},\"panelIndex\":\"3fc05a86-0b0d-435d-9df5-a5423225d5e5\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"filter-index-pattern-1\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"775a9e84-2203-42bf-a775-f60ad2cd84ae\"],\"columns\":{\"775a9e84-2203-42bf-a775-f60ad2cd84ae\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Total Allowed Events\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.category\",\"negate\":false,\"params\":{\"query\":\"network\"},\"type\":\"phrase\",\"index\":\"filter-index-pattern-0\"},\"query\":{\"match_phrase\":{\"event.category\":\"network\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.type\",\"negate\":false,\"params\":{\"query\":\"allowed\"},\"type\":\"phrase\",\"index\":\"filter-index-pattern-1\"},\"query\":{\"match_phrase\":{\"event.type\":\"allowed\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"775a9e84-2203-42bf-a775-f60ad2cd84ae\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Allowed Events\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64\",\"w\":6,\"x\":24,\"y\":7},\"panelIndex\":\"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"filter-index-pattern-1\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"775a9e84-2203-42bf-a775-f60ad2cd84ae\"],\"columns\":{\"775a9e84-2203-42bf-a775-f60ad2cd84ae\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Total Denied Events\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.category\",\"negate\":false,\"params\":{\"query\":\"network\"},\"type\":\"phrase\",\"index\":\"filter-index-pattern-0\"},\"query\":{\"match_phrase\":{\"event.category\":\"network\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.type\",\"negate\":false,\"params\":{\"query\":\"denied\"},\"type\":\"phrase\",\"index\":\"filter-index-pattern-1\"},\"query\":{\"match_phrase\":{\"event.type\":\"denied\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"775a9e84-2203-42bf-a775-f60ad2cd84ae\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Denied Events\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"54c39a08-c881-4c64-af1a-8e48867947c3\",\"w\":6,\"x\":30,\"y\":7},\"panelIndex\":\"54c39a08-c881-4c64-af1a-8e48867947c3\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"775a9e84-2203-42bf-a775-f60ad2cd84ae\"],\"columns\":{\"775a9e84-2203-42bf-a775-f60ad2cd84ae\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Source Addresses\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"source.address\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"775a9e84-2203-42bf-a775-f60ad2cd84ae\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Source IPs\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"b9d7f8b6-deb6-4d46-ad11-7793dd783012\",\"w\":6,\"x\":36,\"y\":7},\"panelIndex\":\"b9d7f8b6-deb6-4d46-ad11-7793dd783012\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"775a9e84-2203-42bf-a775-f60ad2cd84ae\"],\"columns\":{\"775a9e84-2203-42bf-a775-f60ad2cd84ae\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Destination Addresses\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"destination.address\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"775a9e84-2203-42bf-a775-f60ad2cd84ae\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Destination IPs\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"83dde1a0-0605-4c05-9bd2-1f2686cd7007\",\"w\":6,\"x\":42,\"y\":7},\"panelIndex\":\"83dde1a0-0605-4c05-9bd2-1f2686cd7007\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"b6504f22-c6eb-439d-bb4d-a3acc2b5de34\",\"775a9e84-2203-42bf-a775-f60ad2cd84ae\"],\"columns\":{\"775a9e84-2203-42bf-a775-f60ad2cd84ae\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Network Protocols\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"network.protocol\"},\"b6504f22-c6eb-439d-bb4d-a3acc2b5de34\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique count of network.protocol\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"network.protocol\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.kind\",\"negate\":false,\"params\":{\"query\":\"event\"},\"type\":\"phrase\",\"index\":\"filter-index-pattern-0\"},\"query\":{\"match_phrase\":{\"event.kind\":\"event\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"775a9e84-2203-42bf-a775-f60ad2cd84ae\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Network Protocols\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":16,\"i\":\"f933435c-1f7d-4cb0-87eb-6c23c6ad6dbb\",\"w\":28,\"x\":0,\"y\":15},\"panelIndex\":\"f933435c-1f7d-4cb0-87eb-6c23c6ad6dbb\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-8c1d8a18-0da5-431f-8faf-f72f028b10de\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"8c1d8a18-0da5-431f-8faf-f72f028b10de\":{\"columnOrder\":[\"995b44f7-a7f2-474a-b080-bc5e61834c85\",\"ac103bf9-1072-42f9-88e1-645355cfab7d\",\"d75176b0-fe18-4834-8be1-876ae441c8f9\"],\"columns\":{\"995b44f7-a7f2-474a-b080-bc5e61834c85\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of event.kind\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"d75176b0-fe18-4834-8be1-876ae441c8f9\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":3},\"scale\":\"ordinal\",\"sourceField\":\"event.kind\"},\"ac103bf9-1072-42f9-88e1-645355cfab7d\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"d75176b0-fe18-4834-8be1-876ae441c8f9\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"d75176b0-fe18-4834-8be1-876ae441c8f9\"],\"layerId\":\"8c1d8a18-0da5-431f-8faf-f72f028b10de\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"995b44f7-a7f2-474a-b080-bc5e61834c85\",\"xAccessor\":\"ac103bf9-1072-42f9-88e1-645355cfab7d\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Events\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":16,\"i\":\"bcfbc5f5-fd40-48e3-937d-965fcb8a5585\",\"w\":20,\"x\":28,\"y\":15},\"panelIndex\":\"bcfbc5f5-fd40-48e3-937d-965fcb8a5585\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b2bc813b-af38-4aac-bf1f-7d3b6f3aa51c\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b2bc813b-af38-4aac-bf1f-7d3b6f3aa51c\":{\"columnOrder\":[\"7ea404e0-e31f-4216-a626-ee830469e97b\",\"de9ad2be-a35d-4e4c-a6ac-4a1b2dcc2c0b\",\"6e93ea29-3bab-47ea-b978-c91480873532\"],\"columns\":{\"6e93ea29-3bab-47ea-b978-c91480873532\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"7ea404e0-e31f-4216-a626-ee830469e97b\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Firewalls\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"6e93ea29-3bab-47ea-b978-c91480873532\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"observer.name\"},\"de9ad2be-a35d-4e4c-a6ac-4a1b2dcc2c0b\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of event.kind\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"6e93ea29-3bab-47ea-b978-c91480873532\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":3},\"scale\":\"ordinal\",\"sourceField\":\"event.kind\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"6e93ea29-3bab-47ea-b978-c91480873532\"],\"layerId\":\"b2bc813b-af38-4aac-bf1f-7d3b6f3aa51c\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"splitAccessor\":\"de9ad2be-a35d-4e4c-a6ac-4a1b2dcc2c0b\",\"xAccessor\":\"7ea404e0-e31f-4216-a626-ee830469e97b\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"bar_horizontal\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Events by Firewall\"},{\"version\":\"7.16.0\",\"type\":\"search\",\"gridData\":{\"h\":17,\"i\":\"eca6f69d-bee2-4e17-bdb9-4852f3056957\",\"w\":48,\"x\":0,\"y\":31},\"panelIndex\":\"eca6f69d-bee2-4e17-bdb9-4852f3056957\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Firewall Logs\",\"panelRefName\":\"panel_eca6f69d-bee2-4e17-bdb9-4852f3056957\"}]","timeRestore":false,"title":"[Logs Azure] Firewall Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-280493a0-f1a1-11ec-a5a8-bf965bcd5646","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"f22a22bc-21e2-4fb2-8c4e-a31393cba5e9:control_f22a22bc-21e2-4fb2-8c4e-a31393cba5e9_0_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"f22a22bc-21e2-4fb2-8c4e-a31393cba5e9:control_f22a22bc-21e2-4fb2-8c4e-a31393cba5e9_1_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"e8d2a7be-bc2a-4ca5-ae71-5273156084b3:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"e8d2a7be-bc2a-4ca5-ae71-5273156084b3:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"e8d2a7be-bc2a-4ca5-ae71-5273156084b3:filter-index-pattern-0","type":"index-pattern"},{"id":"logs-*","name":"3fc05a86-0b0d-435d-9df5-a5423225d5e5:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"3fc05a86-0b0d-435d-9df5-a5423225d5e5:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"3fc05a86-0b0d-435d-9df5-a5423225d5e5:filter-index-pattern-0","type":"index-pattern"},{"id":"logs-*","name":"3fc05a86-0b0d-435d-9df5-a5423225d5e5:filter-index-pattern-1","type":"index-pattern"},{"id":"logs-*","name":"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:filter-index-pattern-0","type":"index-pattern"},{"id":"logs-*","name":"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:filter-index-pattern-1","type":"index-pattern"},{"id":"logs-*","name":"54c39a08-c881-4c64-af1a-8e48867947c3:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"54c39a08-c881-4c64-af1a-8e48867947c3:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"b9d7f8b6-deb6-4d46-ad11-7793dd783012:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"b9d7f8b6-deb6-4d46-ad11-7793dd783012:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"83dde1a0-0605-4c05-9bd2-1f2686cd7007:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"83dde1a0-0605-4c05-9bd2-1f2686cd7007:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"83dde1a0-0605-4c05-9bd2-1f2686cd7007:filter-index-pattern-0","type":"index-pattern"},{"id":"logs-*","name":"f933435c-1f7d-4cb0-87eb-6c23c6ad6dbb:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"f933435c-1f7d-4cb0-87eb-6c23c6ad6dbb:indexpattern-datasource-layer-8c1d8a18-0da5-431f-8faf-f72f028b10de","type":"index-pattern"},{"id":"logs-*","name":"bcfbc5f5-fd40-48e3-937d-965fcb8a5585:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"bcfbc5f5-fd40-48e3-937d-965fcb8a5585:indexpattern-datasource-layer-b2bc813b-af38-4aac-bf1f-7d3b6f3aa51c","type":"index-pattern"},{"id":"azure-fb61c4c0-f1a1-11ec-a5a8-bf965bcd5646","name":"eca6f69d-bee2-4e17-bdb9-4852f3056957:panel_eca6f69d-bee2-4e17-bdb9-4852f3056957","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6509],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1NTksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Azure Spring Cloud Logs Application Console Logs [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Azure Spring Cloud Logs Application Console Logs [Logs Azure]\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"fe635368-0f50-4039-82f0-a229d13b6665\",\"type\":\"timeseries\",\"series\":[{\"id\":\"c99c6393-738a-452b-a68f-2cf1e7580ba0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"7c304953-51fe-4c51-8007-0c0035eb39da\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\"}],\"time_field\":\"\",\"use_kibana_indexes\":true,\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"drop_last_bucket\":0,\"isModelInvalid\":false,\"filter\":{\"query\":\"data_stream.dataset : \\\"azure.springcloudlogs\\\" and azure.springcloudlogs.category : \\\"ApplicationConsole\\\" \",\"language\":\"kuery\"},\"index_pattern_ref_name\":\"metrics_0_index_pattern\"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-6c570750-f525-11eb-b9f3-73fa29f35762","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"metrics_0_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6513],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1NjAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Azure Spring Cloud Logs Application Console Logs Log Level [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Azure Spring Cloud Logs Application Console Logs Log Level [Logs Azure]\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"d8e737ce-125a-4263-9045-c1106588cbbb\",\"type\":\"timeseries\",\"series\":[{\"id\":\"710c298a-93bb-4d00-99c0-605bbd463ac0\",\"color\":\"rgba(211,96,134,1)\",\"split_mode\":\"terms\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"10c7e926-cf10-42a7-89f7-0c0018b38c62\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"log.level\",\"label\":\"Log Level\"}],\"time_field\":\"\",\"use_kibana_indexes\":true,\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"drop_last_bucket\":0,\"isModelInvalid\":false,\"filter\":{\"query\":\"data_stream.dataset : \\\"azure.springcloudlogs\\\" and azure.springcloudlogs.category : \\\"ApplicationConsole\\\" \",\"language\":\"kuery\"},\"index_pattern_ref_name\":\"metrics_0_index_pattern\"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-8becb3c0-f526-11eb-b9f3-73fa29f35762","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"metrics_0_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6517],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1NjEsMV0="}
+{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"7.14.0-SNAPSHOT\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":9,\"h\":7,\"i\":\"0be608b5-cbdb-49a6-a789-a4f2ede7e5bd\"},\"panelIndex\":\"0be608b5-cbdb-49a6-a789-a4f2ede7e5bd\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Navigation Application Console Logs \",\"panelRefName\":\"panel_0be608b5-cbdb-49a6-a789-a4f2ede7e5bd\"},{\"version\":\"7.14.0-SNAPSHOT\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":0,\"w\":14,\"h\":7,\"i\":\"92623f66-de82-45c4-b8ef-63131d89c01e\"},\"panelIndex\":\"92623f66-de82-45c4-b8ef-63131d89c01e\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Subscription and Type Filter\",\"panelRefName\":\"panel_92623f66-de82-45c4-b8ef-63131d89c01e\"},{\"version\":\"7.14.0-SNAPSHOT\",\"type\":\"visualization\",\"gridData\":{\"x\":23,\"y\":0,\"w\":25,\"h\":15,\"i\":\"a6dbf221-669f-43e9-ae52-95ca08285b90\"},\"panelIndex\":\"a6dbf221-669f-43e9-ae52-95ca08285b90\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Application Console Logs Activity\",\"panelRefName\":\"panel_a6dbf221-669f-43e9-ae52-95ca08285b90\"},{\"version\":\"7.14.0-SNAPSHOT\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":7,\"w\":23,\"h\":16,\"i\":\"516b81e3-38d5-4858-bc21-780601523d46\"},\"panelIndex\":\"516b81e3-38d5-4858-bc21-780601523d46\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Log Level\",\"panelRefName\":\"panel_516b81e3-38d5-4858-bc21-780601523d46\"},{\"version\":\"7.14.0-SNAPSHOT\",\"type\":\"lens\",\"gridData\":{\"x\":23,\"y\":15,\"w\":13,\"h\":18,\"i\":\"98d4b7c1-7a04-4075-a35f-913e310b71bf\"},\"panelIndex\":\"98d4b7c1-7a04-4075-a35f-913e310b71bf\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Services\",\"panelRefName\":\"panel_98d4b7c1-7a04-4075-a35f-913e310b71bf\"},{\"version\":\"7.14.0-SNAPSHOT\",\"type\":\"lens\",\"gridData\":{\"x\":36,\"y\":15,\"w\":12,\"h\":18,\"i\":\"fdc7ed64-888b-438d-811a-567fc741276c\"},\"panelIndex\":\"fdc7ed64-888b-438d-811a-567fc741276c\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Applications\",\"panelRefName\":\"panel_fdc7ed64-888b-438d-811a-567fc741276c\"},{\"version\":\"7.14.0-SNAPSHOT\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":23,\"w\":23,\"h\":26,\"i\":\"ee0da4f3-5c39-4d08-91ed-ba518d1ae171\"},\"panelIndex\":\"ee0da4f3-5c39-4d08-91ed-ba518d1ae171\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Operations\",\"panelRefName\":\"panel_ee0da4f3-5c39-4d08-91ed-ba518d1ae171\"},{\"version\":\"7.14.0-SNAPSHOT\",\"type\":\"visualization\",\"gridData\":{\"x\":23,\"y\":33,\"w\":25,\"h\":16,\"i\":\"961f9ee7-5d00-4686-8ead-0538cef2c685\"},\"panelIndex\":\"961f9ee7-5d00-4686-8ead-0538cef2c685\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Applications & Instances\",\"panelRefName\":\"panel_961f9ee7-5d00-4686-8ead-0538cef2c685\"}]","timeRestore":false,"title":"[Logs Azure] Azure Spring Cloud Logs Application Cloud Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-32aedb00-f524-11eb-b9f3-73fa29f35762","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"azure-1bb61e40-f524-11eb-b9f3-73fa29f35762","name":"0be608b5-cbdb-49a6-a789-a4f2ede7e5bd:panel_0be608b5-cbdb-49a6-a789-a4f2ede7e5bd","type":"visualization"},{"id":"azure-f619df10-f50e-11eb-a831-732d3e9bbd43","name":"92623f66-de82-45c4-b8ef-63131d89c01e:panel_92623f66-de82-45c4-b8ef-63131d89c01e","type":"visualization"},{"id":"azure-6c570750-f525-11eb-b9f3-73fa29f35762","name":"a6dbf221-669f-43e9-ae52-95ca08285b90:panel_a6dbf221-669f-43e9-ae52-95ca08285b90","type":"visualization"},{"id":"azure-8becb3c0-f526-11eb-b9f3-73fa29f35762","name":"516b81e3-38d5-4858-bc21-780601523d46:panel_516b81e3-38d5-4858-bc21-780601523d46","type":"visualization"},{"id":"azure-d3708b30-f527-11eb-b9f3-73fa29f35762","name":"98d4b7c1-7a04-4075-a35f-913e310b71bf:panel_98d4b7c1-7a04-4075-a35f-913e310b71bf","type":"lens"},{"id":"azure-1c9f21e0-f528-11eb-b9f3-73fa29f35762","name":"fdc7ed64-888b-438d-811a-567fc741276c:panel_fdc7ed64-888b-438d-811a-567fc741276c","type":"lens"},{"id":"azure-18bb8240-f52c-11eb-b9f3-73fa29f35762","name":"ee0da4f3-5c39-4d08-91ed-ba518d1ae171:panel_ee0da4f3-5c39-4d08-91ed-ba518d1ae171","type":"lens"},{"id":"azure-013d9a80-f52d-11eb-b9f3-73fa29f35762","name":"961f9ee7-5d00-4686-8ead-0538cef2c685:panel_961f9ee7-5d00-4686-8ead-0538cef2c685","type":"visualization"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6528],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1NjIsMV0="}
+{"attributes":{"columns":[],"description":"Lists sync activities produced by the Azure AD Provisioning service.","grid":{},"hideChart":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"azure.provisioning.category : \\\"ProvisioningLogs\\\" \"}}"},"sort":[["@timestamp","desc"]],"title":"Provisioning Logs [Azure Logs]"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-a3664560-32ed-11ed-8fa6-3121b5e93ca0","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6532],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1NjMsMV0="}
+{"attributes":{"description":"Provide an overview and statistics of the provisioning activities on your enterprise applications.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":12,\"i\":\"3e85d806-64f3-4fef-9094-95820e962a59\",\"w\":7,\"x\":0,\"y\":0},\"panelIndex\":\"3e85d806-64f3-4fef-9094-95820e962a59\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-2ac1988b-9f69-439c-8898-0a385bb56434\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"2ac1988b-9f69-439c-8898-0a385bb56434\":{\"columnOrder\":[\"bb6d8913-2437-461c-a5cb-95f745f2e061\",\"37aa3be8-a77c-4241-92a7-4d1b58bc0d47\"],\"columns\":{\"37aa3be8-a77c-4241-92a7-4d1b58bc0d47\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"bb6d8913-2437-461c-a5cb-95f745f2e061\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"System Name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"37aa3be8-a77c-4241-92a7-4d1b58bc0d47\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"azure.provisioning.properties.source_system.name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"azure.provisioning.category : \\\"ProvisioningLogs\\\" \"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"2ac1988b-9f69-439c-8898-0a385bb56434\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"legendSize\":\"auto\",\"primaryGroups\":[\"bb6d8913-2437-461c-a5cb-95f745f2e061\"],\"metrics\":[\"37aa3be8-a77c-4241-92a7-4d1b58bc0d47\"]}],\"shape\":\"donut\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Source Systems\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":12,\"i\":\"2f5e0c64-5e96-420c-bc64-afacc08e6170\",\"w\":40,\"x\":7,\"y\":0},\"panelIndex\":\"2f5e0c64-5e96-420c-bc64-afacc08e6170\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-1f69b72b-c265-4fe1-b20d-88a15cff56f9\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"1f69b72b-c265-4fe1-b20d-88a15cff56f9\":{\"columnOrder\":[\"a586c6fb-aa02-42c6-a12b-8a283461a055\",\"284e3e1d-c5d0-4e97-ac45-ab7348467727\",\"e8e6a775-ed41-4215-9037-a7ee9e4b2b95\"],\"columns\":{\"284e3e1d-c5d0-4e97-ac45-ab7348467727\":{\"customLabel\":true,\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"Activity Date\",\"operationType\":\"date_histogram\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true},\"scale\":\"interval\",\"sourceField\":\"azure.provisioning.properties.activity_datetime\"},\"a586c6fb-aa02-42c6-a12b-8a283461a055\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Status\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e8e6a775-ed41-4215-9037-a7ee9e4b2b95\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":3},\"scale\":\"ordinal\",\"sourceField\":\"azure.provisioning.properties.provisioning_status_info.status\"},\"e8e6a775-ed41-4215-9037-a7ee9e4b2b95\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"azure.provisioning.category : \\\"ProvisioningLogs\\\" \"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"e8e6a775-ed41-4215-9037-a7ee9e4b2b95\"],\"layerId\":\"1f69b72b-c265-4fe1-b20d-88a15cff56f9\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"splitAccessor\":\"a586c6fb-aa02-42c6-a12b-8a283461a055\",\"xAccessor\":\"284e3e1d-c5d0-4e97-ac45-ab7348467727\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"bar_stacked\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Provisioning Timeline\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":12,\"i\":\"bbb69b3c-5709-44bf-9fb2-282185863941\",\"w\":7,\"x\":0,\"y\":12},\"panelIndex\":\"bbb69b3c-5709-44bf-9fb2-282185863941\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-2ac1988b-9f69-439c-8898-0a385bb56434\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"2ac1988b-9f69-439c-8898-0a385bb56434\":{\"columnOrder\":[\"bb6d8913-2437-461c-a5cb-95f745f2e061\",\"37aa3be8-a77c-4241-92a7-4d1b58bc0d47\"],\"columns\":{\"37aa3be8-a77c-4241-92a7-4d1b58bc0d47\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"bb6d8913-2437-461c-a5cb-95f745f2e061\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"System Name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"37aa3be8-a77c-4241-92a7-4d1b58bc0d47\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"azure.provisioning.properties.target_system.name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"azure.provisioning.category : \\\"ProvisioningLogs\\\" \"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"2ac1988b-9f69-439c-8898-0a385bb56434\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"legendSize\":\"auto\",\"primaryGroups\":[\"bb6d8913-2437-461c-a5cb-95f745f2e061\"],\"metrics\":[\"37aa3be8-a77c-4241-92a7-4d1b58bc0d47\"]}],\"shape\":\"donut\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Target Systems\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":12,\"i\":\"30ec913d-7cc6-46e6-aa9a-8fab0c3102e8\",\"w\":6,\"x\":7,\"y\":12},\"panelIndex\":\"30ec913d-7cc6-46e6-aa9a-8fab0c3102e8\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-294d1395-9af2-4496-a6a1-0092fe28f2c1\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"294d1395-9af2-4496-a6a1-0092fe28f2c1\":{\"columnOrder\":[\"c3972110-af8a-4610-9c78-356de76c5b42\"],\"columns\":{\"c3972110-af8a-4610-9c78-356de76c5b42\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Activities\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"azure.provisioning.category : \\\"ProvisioningLogs\\\" and azure.provisioning.operation_name : \\\"Provisioning activity\\\" \"},\"visualization\":{\"accessor\":\"c3972110-af8a-4610-9c78-356de76c5b42\",\"layerId\":\"294d1395-9af2-4496-a6a1-0092fe28f2c1\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Provisioning Activities\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"357e6699-3227-4674-a833-84c6487dc22e\",\"w\":34,\"x\":13,\"y\":12},\"panelIndex\":\"357e6699-3227-4674-a833-84c6487dc22e\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"aggregate\":\"concat\",\"customLabel\":\"Date\",\"field\":\"azure.provisioning.properties.activity_datetime\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\"},\"schema\":\"metric\",\"type\":\"top_hits\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Name\",\"field\":\"azure.provisioning.properties.source_identity.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":3},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Type\",\"field\":\"azure.provisioning.properties.source_identity.identity_type\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Action\",\"field\":\"azure.provisioning.properties.action\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"5\",\"params\":{\"customLabel\":\"Source\",\"field\":\"azure.provisioning.properties.source_system.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"6\",\"params\":{\"customLabel\":\"Target\",\"field\":\"azure.provisioning.properties.target_system.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"7\",\"params\":{\"customLabel\":\"Status\",\"field\":\"azure.provisioning.properties.provisioning_status_info.status\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":false,\"id\":\"8\",\"params\":{\"customLabel\":\"Date\",\"field\":\"azure.provisioning.properties.activity_datetime\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"savedSearchId\":\"azure-a3664560-32ed-11ed-8fa6-3121b5e93ca0\",\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"azure.provisioning.category : \\\"ProvisioningLogs\\\" \"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"autoFitRowToContent\":false,\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":false,\"showTotal\":false,\"totalFunc\":\"sum\"},\"title\":\"\",\"type\":\"table\",\"uiState\":{}},\"table\":null,\"vis\":{\"params\":{\"colWidth\":[{\"colIndex\":1,\"width\":121.42857142857142},{\"colIndex\":2,\"width\":123.0952380952381},{\"colIndex\":3,\"width\":256.8952380952381},{\"colIndex\":4,\"width\":213.89523809523808},{\"colIndex\":5,\"width\":107.2285714285714},{\"colIndex\":0,\"width\":179.22857142857146},{\"colIndex\":6,\"width\":295.61428571428564},{\"colIndex\":7,\"width\":89}]}},\"type\":\"visualization\"},\"title\":\"Last Activity\"}]","timeRestore":false,"title":"[Logs Azure] Azure AD Provisioning Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-3cdf69c0-32d9-11ed-a2e6-916b60bbea71","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"3e85d806-64f3-4fef-9094-95820e962a59:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"3e85d806-64f3-4fef-9094-95820e962a59:indexpattern-datasource-layer-2ac1988b-9f69-439c-8898-0a385bb56434","type":"index-pattern"},{"id":"logs-*","name":"2f5e0c64-5e96-420c-bc64-afacc08e6170:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"2f5e0c64-5e96-420c-bc64-afacc08e6170:indexpattern-datasource-layer-1f69b72b-c265-4fe1-b20d-88a15cff56f9","type":"index-pattern"},{"id":"logs-*","name":"bbb69b3c-5709-44bf-9fb2-282185863941:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"bbb69b3c-5709-44bf-9fb2-282185863941:indexpattern-datasource-layer-2ac1988b-9f69-439c-8898-0a385bb56434","type":"index-pattern"},{"id":"logs-*","name":"30ec913d-7cc6-46e6-aa9a-8fab0c3102e8:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"30ec913d-7cc6-46e6-aa9a-8fab0c3102e8:indexpattern-datasource-layer-294d1395-9af2-4496-a6a1-0092fe28f2c1","type":"index-pattern"},{"id":"azure-a3664560-32ed-11ed-8fa6-3121b5e93ca0","name":"357e6699-3227-4674-a833-84c6487dc22e:search_0","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6544],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1NjQsMV0="}
+{"attributes":{"columns":["observer.name","source.address","source.port","network.transport","dns.question.name","event.type","event.kind"],"description":"","grid":{},"hideChart":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"azure.firewall_logs\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"azure.firewall_logs\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"azure.firewall.operation_name : \\\"AzureFirewallDnsProxyLog\\\"   \"}}"},"sort":[["@timestamp","desc"]],"title":"Firewall Network DNS Proxy Logs [Logs Azure]"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-3d1466b0-f252-11ec-a5a8-bf965bcd5646","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6549],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1NjUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"title":"Navigation Overview [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"fontSize\":10,\"markdown\":\"### Azure Monitoring\\n\\n[**Overview**](#/dashboard/azure-41e84340-ec20-11e9-90ec-112a988266d5) | [Users](#/dashboard/azure-87095750-f05a-11e9-90ec-112a988266d5) | [Alerts](#/dashboard/azure-0f559cc0-f0d5-11e9-90ec-112a988266d5) \",\"openLinksInNewTab\":false},\"title\":\"Navigation Overview [Logs Azure]\",\"type\":\"markdown\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-fe24ac90-f05a-11e9-90ec-112a988266d5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6552],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1NjYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Activity Level [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset :\\\"azure.activitylogs\\\" and azure.activitylogs.event_category :\\\"Administrative\\\" \"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"bar\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":0,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"title\":\"Activity Level [Logs Azure]\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-da67d650-ec14-11e9-90ec-112a988266d5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6555],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1NjcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"azure.activitylogs\\\" \"}}"},"title":"Activity Stats [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Resources\",\"field\":\"azure.resource.name\"},\"schema\":\"metric\",\"type\":\"cardinality\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Users\",\"field\":\"azure.activitylogs.identity.claims_initiated_by_user.name\"},\"schema\":\"metric\",\"type\":\"cardinality\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Resource Groups\",\"field\":\"azure.resource.group\"},\"schema\":\"metric\",\"type\":\"cardinality\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Subscriptions\",\"field\":\"azure.subscription_id\"},\"schema\":\"metric\",\"type\":\"cardinality\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}},\"type\":\"vis_dimension\"},{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{}},\"type\":\"vis_dimension\"},{\"accessor\":2,\"format\":{\"id\":\"number\",\"params\":{}},\"type\":\"vis_dimension\"}]},\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000,\"type\":\"range\"}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Activity Stats [Logs Azure]\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-e4c7f4b0-f045-11e9-90ec-112a988266d5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6559],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1NjgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Access Requests [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset :\\\"azure.activitylogs\\\" and azure.activitylogs.operation_name : *LISTKEYS*\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0\",\"filter\":{\"language\":\"kuery\",\"query\":\"event.outcome : \\\"success\\\" or event.outcome : \\\"Success\\\" \"},\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Success\",\"line_width\":\"2\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"filter\",\"stacked\":\"none\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(226,115,0,1)\",\"fill\":\"0\",\"filter\":{\"language\":\"kuery\",\"query\":\"event.outcome : \\\"Failure\\\"  or event.outcome : \\\"failure\\\"  \"},\"formatter\":\"number\",\"id\":\"1b5f75a0-ec15-11e9-b6a7-21d19b63822a\",\"label\":\"Failure\",\"line_width\":\"2\",\"metrics\":[{\"id\":\"1b5f75a1-ec15-11e9-b6a7-21d19b63822a\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"filter\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":0,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"title\":\"Access Requests [Logs Azure]\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-709995e0-ec16-11e9-90ec-112a988266d5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6562],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1NjksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"title":"User Tag Cloud [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"azure.activitylogs.identity.claims_initiated_by_user.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"bucket\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"type\":\"vis_dimension\"},\"maxFontSize\":32,\"metric\":{\"accessor\":1,\"format\":{\"id\":\"string\",\"params\":{}},\"type\":\"vis_dimension\"},\"minFontSize\":12,\"orientation\":\"single\",\"scale\":\"linear\",\"showLabel\":true,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"}},\"title\":\"User Tag Cloud [Logs Azure]\",\"type\":\"tagcloud\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-ffe22180-ec1c-11e9-90ec-112a988266d5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6566],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1NzAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Service Health Overview [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset :\\\"azure.activitylogs\\\" and azure.activitylogs.event_category : \\\"ServiceHealth\\\"\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(252,220,0,1)\",\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"azure.activitylogs.result_type: \\\"Active\\\"\"},\"formatter\":\"number\",\"hide_in_legend\":0,\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"filter\",\"stacked\":\"none\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"azure.activitylogs.result_type: \\\"Resolved\\\" \"},\"formatter\":\"number\",\"hide_in_legend\":0,\"id\":\"5a52f170-ec1e-11e9-b6a7-21d19b63822a\",\"line_width\":1,\"metrics\":[{\"id\":\"5a52f171-ec1e-11e9-b6a7-21d19b63822a\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"filter\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":0,\"time_field\":\"\",\"type\":\"timeseries\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"title\":\"Service Health Overview [Logs Azure]\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-bc65e840-ec1e-11e9-90ec-112a988266d5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6569],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1NzEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"title":"Top Resource Groups [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Resource Groups\",\"field\":\"azure.resource.group\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":200},\"position\":\"left\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"dimensions\":{\"x\":{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},\"y\":[{\"accessor\":1,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"grid\":{\"categoryLines\":false},\"labels\":{},\"legendPosition\":\"right\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\",\"circlesRadius\":1}],\"times\":[],\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":true,\"rotate\":75,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"bottom\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":false,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"legendSize\":\"auto\"},\"title\":\"Top Resource Groups [Logs Azure]\",\"type\":\"horizontal_bar\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-71b62ca0-ec1a-11e9-90ec-112a988266d5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6573],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1NzIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset :\\\"azure.activitylogs\\\" and azure.activitylogs.event_category : \\\"ServiceHealth\\\" \"}}"},"title":"Service Health Count [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Incidents\"},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"filters\":[{\"input\":{\"language\":\"kuery\",\"query\":\"azure.activitylogs.result_type : \\\"Active\\\"\"},\"label\":\"Active\"},{\"input\":{\"language\":\"kuery\",\"query\":\"azure.activitylogs.result_type : \\\"Resolved\\\"\"},\"label\":\"Resolved\"}]},\"schema\":\"group\",\"type\":\"filters\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"dimensions\":{\"bucket\":{\"accessor\":0,\"format\":{\"id\":\"string\",\"params\":{}},\"type\":\"vis_dimension\"},\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{}},\"type\":\"vis_dimension\"}]},\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000,\"type\":\"range\"}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Service Health Count [Logs Azure]\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-e37cd3d0-ec23-11e9-90ec-112a988266d5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6577],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1NzMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset :\\\"azure.activitylogs\\\" \"}}"},"title":"Resource Creations [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Resource type\",\"field\":\"azure.resource.provider\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":15},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Creations\",\"field\":\"azure.activitylogs.identity.authorization.action\",\"include\":\".*write\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":15},\"schema\":\"group\",\"type\":\"terms\"}],\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":200},\"position\":\"left\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"dimensions\":{\"series\":[{\"accessor\":1,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"label\":\"Creations\",\"params\":{}}],\"x\":{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"label\":\"Resource type\",\"params\":{}},\"y\":[{\"accessor\":2,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"label\":\"Count\",\"params\":{}}]},\"grid\":{\"categoryLines\":false,\"valueAxis\":\"\"},\"labels\":{},\"legendPosition\":\"right\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"mode\":\"stacked\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\",\"circlesRadius\":1}],\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":true,\"rotate\":75,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"bottom\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":false,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"legendSize\":\"auto\"},\"title\":\"Resource Creations [Logs Azure]\",\"type\":\"horizontal_bar\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-d91ce8d0-53e8-11ea-b1b7-7de801e1c297","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6581],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1NzQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset :\\\"azure.activitylogs\\\" \"}}"},"title":"Resource Deletions [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Resource type\",\"field\":\"azure.resource.provider\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":15},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Deletions\",\"field\":\"azure.activitylogs.identity.authorization.action\",\"include\":\".*delete\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":15},\"schema\":\"group\",\"type\":\"terms\"}],\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":200},\"position\":\"left\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"dimensions\":{\"series\":[{\"accessor\":1,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"label\":\"Deletions\",\"params\":{}}],\"x\":{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"label\":\"azure.resource.provider: Descending\",\"params\":{}},\"y\":[{\"accessor\":2,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"label\":\"Count\",\"params\":{}}]},\"grid\":{\"categoryLines\":false},\"labels\":{},\"legendPosition\":\"right\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\",\"circlesRadius\":1}],\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":true,\"rotate\":75,\"show\":false,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"bottom\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"legendSize\":\"auto\"},\"title\":\"Resource Deletions [Logs Azure]\",\"type\":\"horizontal_bar\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-6db84660-53e9-11ea-b1b7-7de801e1c297","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6585],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1NzUsMV0="}
+{"attributes":{"description":"This dashboard provides an overview of user activity, alerts and resource in Azure cloud.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"6b6e7452-979c-4f78-afc2-cc58fcf105ff\",\"w\":9,\"x\":0,\"y\":0},\"panelIndex\":\"6b6e7452-979c-4f78-afc2-cc58fcf105ff\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Navigation Overview\",\"panelRefName\":\"panel_6b6e7452-979c-4f78-afc2-cc58fcf105ff\"},{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"042f777a-5e41-41e8-9d6e-d842473a8aed\",\"w\":15,\"x\":9,\"y\":0},\"panelIndex\":\"042f777a-5e41-41e8-9d6e-d842473a8aed\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Subscriptions Filter\",\"panelRefName\":\"panel_042f777a-5e41-41e8-9d6e-d842473a8aed\"},{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"1e73bca7-8569-41b5-830e-2f762602219a\",\"w\":24,\"x\":24,\"y\":0},\"panelIndex\":\"1e73bca7-8569-41b5-830e-2f762602219a\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Activity Level\",\"panelRefName\":\"panel_1e73bca7-8569-41b5-830e-2f762602219a\"},{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":6,\"i\":\"d9465e9f-49f1-4173-b1a4-fea9ee3120ab\",\"w\":24,\"x\":0,\"y\":4},\"panelIndex\":\"d9465e9f-49f1-4173-b1a4-fea9ee3120ab\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Activity Stats\",\"panelRefName\":\"panel_d9465e9f-49f1-4173-b1a4-fea9ee3120ab\"},{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"18ec1e20-202b-4a40-8d0d-22060ac3e23c\",\"w\":24,\"x\":24,\"y\":8},\"panelIndex\":\"18ec1e20-202b-4a40-8d0d-22060ac3e23c\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Access Requests\",\"panelRefName\":\"panel_18ec1e20-202b-4a40-8d0d-22060ac3e23c\"},{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"d2bdec0f-dde1-4925-bf7e-afbc430c0eca\",\"w\":24,\"x\":0,\"y\":10},\"panelIndex\":\"d2bdec0f-dde1-4925-bf7e-afbc430c0eca\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Top Active Users\",\"panelRefName\":\"panel_d2bdec0f-dde1-4925-bf7e-afbc430c0eca\"},{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"3bcc964d-6862-4fdd-9d82-f7510cc02162\",\"w\":12,\"x\":24,\"y\":15},\"panelIndex\":\"3bcc964d-6862-4fdd-9d82-f7510cc02162\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Alerts Overview\",\"panelRefName\":\"panel_3bcc964d-6862-4fdd-9d82-f7510cc02162\"},{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"74436614-9dfc-4c38-bc58-8cb76c348f37\",\"w\":12,\"x\":36,\"y\":15},\"panelIndex\":\"74436614-9dfc-4c38-bc58-8cb76c348f37\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Service Health\",\"panelRefName\":\"panel_74436614-9dfc-4c38-bc58-8cb76c348f37\"},{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":19,\"i\":\"a6f36dfe-b6d6-4dca-b63c-81f5b4f7c8f8\",\"w\":24,\"x\":0,\"y\":21},\"panelIndex\":\"a6f36dfe-b6d6-4dca-b63c-81f5b4f7c8f8\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false},\"enhancements\":{}},\"title\":\"Top Resource Groups\",\"panelRefName\":\"panel_a6f36dfe-b6d6-4dca-b63c-81f5b4f7c8f8\"},{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":6,\"i\":\"644c6151-fd05-4b2e-b18e-30843697e932\",\"w\":12,\"x\":24,\"y\":22},\"panelIndex\":\"644c6151-fd05-4b2e-b18e-30843697e932\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Alerts Count\",\"panelRefName\":\"panel_644c6151-fd05-4b2e-b18e-30843697e932\"},{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":6,\"i\":\"3d5ccff8-6576-4a1c-b3ee-363ae665906e\",\"w\":12,\"x\":36,\"y\":22},\"panelIndex\":\"3d5ccff8-6576-4a1c-b3ee-363ae665906e\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Service Health Count\",\"panelRefName\":\"panel_3d5ccff8-6576-4a1c-b3ee-363ae665906e\"},{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"1a6dce1d-d039-4d18-87c7-1b700da676c2\",\"w\":12,\"x\":24,\"y\":28},\"panelIndex\":\"1a6dce1d-d039-4d18-87c7-1b700da676c2\",\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true},\"enhancements\":{}},\"title\":\"Resource Creations\",\"panelRefName\":\"panel_1a6dce1d-d039-4d18-87c7-1b700da676c2\"},{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"8fddd3bb-c1e6-4533-b075-1ab7361b3af0\",\"w\":12,\"x\":36,\"y\":28},\"panelIndex\":\"8fddd3bb-c1e6-4533-b075-1ab7361b3af0\",\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true},\"enhancements\":{}},\"title\":\"Resource Deletions\",\"panelRefName\":\"panel_8fddd3bb-c1e6-4533-b075-1ab7361b3af0\"}]","timeRestore":false,"title":"[Logs Azure] Cloud Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-41e84340-ec20-11e9-90ec-112a988266d5","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"azure-fe24ac90-f05a-11e9-90ec-112a988266d5","name":"6b6e7452-979c-4f78-afc2-cc58fcf105ff:panel_6b6e7452-979c-4f78-afc2-cc58fcf105ff","type":"visualization"},{"id":"azure-097d74d0-f044-11e9-90ec-112a988266d5","name":"042f777a-5e41-41e8-9d6e-d842473a8aed:panel_042f777a-5e41-41e8-9d6e-d842473a8aed","type":"visualization"},{"id":"azure-da67d650-ec14-11e9-90ec-112a988266d5","name":"1e73bca7-8569-41b5-830e-2f762602219a:panel_1e73bca7-8569-41b5-830e-2f762602219a","type":"visualization"},{"id":"azure-e4c7f4b0-f045-11e9-90ec-112a988266d5","name":"d9465e9f-49f1-4173-b1a4-fea9ee3120ab:panel_d9465e9f-49f1-4173-b1a4-fea9ee3120ab","type":"visualization"},{"id":"azure-709995e0-ec16-11e9-90ec-112a988266d5","name":"18ec1e20-202b-4a40-8d0d-22060ac3e23c:panel_18ec1e20-202b-4a40-8d0d-22060ac3e23c","type":"visualization"},{"id":"azure-ffe22180-ec1c-11e9-90ec-112a988266d5","name":"d2bdec0f-dde1-4925-bf7e-afbc430c0eca:panel_d2bdec0f-dde1-4925-bf7e-afbc430c0eca","type":"visualization"},{"id":"azure-52c2a4e0-ec1f-11e9-90ec-112a988266d5","name":"3bcc964d-6862-4fdd-9d82-f7510cc02162:panel_3bcc964d-6862-4fdd-9d82-f7510cc02162","type":"visualization"},{"id":"azure-bc65e840-ec1e-11e9-90ec-112a988266d5","name":"74436614-9dfc-4c38-bc58-8cb76c348f37:panel_74436614-9dfc-4c38-bc58-8cb76c348f37","type":"visualization"},{"id":"azure-71b62ca0-ec1a-11e9-90ec-112a988266d5","name":"a6f36dfe-b6d6-4dca-b63c-81f5b4f7c8f8:panel_a6f36dfe-b6d6-4dca-b63c-81f5b4f7c8f8","type":"visualization"},{"id":"azure-f684a750-ec23-11e9-90ec-112a988266d5","name":"644c6151-fd05-4b2e-b18e-30843697e932:panel_644c6151-fd05-4b2e-b18e-30843697e932","type":"visualization"},{"id":"azure-e37cd3d0-ec23-11e9-90ec-112a988266d5","name":"3d5ccff8-6576-4a1c-b3ee-363ae665906e:panel_3d5ccff8-6576-4a1c-b3ee-363ae665906e","type":"visualization"},{"id":"azure-d91ce8d0-53e8-11ea-b1b7-7de801e1c297","name":"1a6dce1d-d039-4d18-87c7-1b700da676c2:panel_1a6dce1d-d039-4d18-87c7-1b700da676c2","type":"visualization"},{"id":"azure-6db84660-53e9-11ea-b1b7-7de801e1c297","name":"8fddd3bb-c1e6-4533-b075-1ab7361b3af0:panel_8fddd3bb-c1e6-4533-b075-1ab7361b3af0","type":"visualization"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6601],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1NzYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"lucene\",\"query\":\"\"}}"},"title":"Users List [Logs Azure]","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Email\",\"field\":\"azure.activitylogs.identity.claims_initiated_by_user.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":20},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Name\",\"field\":\"azure.activitylogs.identity.claims_initiated_by_user.fullname\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"5\",\"params\":{\"customLabel\":\"IPs\",\"field\":\"source.ip\"},\"schema\":\"metric\",\"type\":\"cardinality\"},{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Actions\"},\"schema\":\"metric\",\"type\":\"count\"}],\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":1,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metrics\":[{\"accessor\":2,\"aggType\":\"cardinality\",\"format\":{\"id\":\"number\"},\"params\":{}},{\"accessor\":3,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"title\":\"Users List [Logs Azure]\",\"type\":\"table\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-52da1700-f05d-11e9-90ec-112a988266d5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6605],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1NzcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Azure Spring Cloud Logs Navigation Overview [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Azure Spring Cloud Logs Navigation Overview [Logs Azure]\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"### Azure Spring Cloud  Overview Logs\\n\\n[**Overview**](#/dashboard/azure-5ad41d90-f50e-11eb-a831-732d3e9bbd43) | [System Logs](#/dashboard/azure-1adf52d0-f50f-11eb-a831-732d3e9bbd43) | [Application Console Logs](#/dashboard/azure-32aedb00-f524-11eb-b9f3-73fa29f35762) \"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-5f57bf00-f510-11eb-a831-732d3e9bbd43","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6608],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1NzgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Azure Spring Cloud Logs Activity Level [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Azure Spring Cloud Logs Activity Level [Logs Azure]\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"6e9eef83-a185-439a-984f-66145d3836a8\",\"type\":\"timeseries\",\"series\":[{\"id\":\"cde434f5-35d6-49e2-8730-ef347d66c57d\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"41bce31f-658c-4580-adfd-9fb86fe623db\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\"}],\"time_field\":\"\",\"use_kibana_indexes\":true,\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"drop_last_bucket\":0,\"isModelInvalid\":false,\"filter\":{\"query\":\"data_stream.dataset :\\\"azure.springcloudlogs\\\"\",\"language\":\"kuery\"},\"index_pattern_ref_name\":\"metrics_0_index_pattern\"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-bc8ef760-f510-11eb-a831-732d3e9bbd43","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"metrics_0_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6612],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1NzksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Azure Spring Cloud Logs Top Resource Groups [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Azure Spring Cloud Logs Top Resource Groups [Logs Azure]\",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"azure.resource.group\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{},\"style\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"},\"style\":{}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"interpolate\":\"linear\",\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true,\"circlesRadius\":3}],\"addTooltip\":true,\"detailedTooltip\":true,\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"radiusRatio\":0,\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"legendSize\":\"auto\"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-9d600690-f510-11eb-a831-732d3e9bbd43","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6616],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1ODAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Azure Spring Cloud Logs Service  List [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Azure Spring Cloud Logs Service  List [Logs Azure]\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"136ddaa9-9a6d-423b-b399-29018f0ea01b\",\"type\":\"timeseries\",\"series\":[{\"id\":\"c99c6393-738a-452b-a68f-2cf1e7580ba0\",\"color\":\"rgba(231,102,76,1)\",\"split_mode\":\"terms\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"7c304953-51fe-4c51-8007-0c0035eb39da\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"azure.springcloudlogs.properties.service_name\",\"label\":\"Service name\"}],\"time_field\":\"\",\"use_kibana_indexes\":true,\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"drop_last_bucket\":0,\"isModelInvalid\":false,\"filter\":{\"query\":\"data_stream.dataset : \\\"azure.springcloudlogs\\\" \",\"language\":\"kuery\"},\"index_pattern_ref_name\":\"metrics_0_index_pattern\"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-b4f3d030-f523-11eb-b9f3-73fa29f35762","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"metrics_0_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6620],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1ODEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Azure Spring Cloud Logs Overview Level [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Azure Spring Cloud Logs Overview Level [Logs Azure]\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"ccbe1aec-ac1e-4ec8-85af-24aa0b31530d\",\"type\":\"timeseries\",\"series\":[{\"id\":\"8f3fef78-506e-48d0-b365-2c2824d09876\",\"color\":\"#68BC00\",\"split_mode\":\"terms\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"48e32be1-95d1-41a0-89e4-ed62cc73a459\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"\",\"type\":\"timeseries\",\"terms_field\":\"log.level\"}],\"time_field\":\"\",\"use_kibana_indexes\":true,\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"drop_last_bucket\":0,\"isModelInvalid\":false,\"filter\":{\"query\":\"data_stream.dataset : \\\"azure.springcloudlogs\\\"\",\"language\":\"kuery\"},\"index_pattern_ref_name\":\"metrics_0_index_pattern\"}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-9d80c770-f530-11eb-b9f3-73fa29f35762","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"metrics_0_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6624],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1ODIsMV0="}
+{"attributes":{"description":"Logs Azure] Azure Spring Cloud logs Overview","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":7,\"h\":6,\"i\":\"5139d9b1-5d42-4157-8c19-9f5480da0741\"},\"panelIndex\":\"5139d9b1-5d42-4157-8c19-9f5480da0741\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"### Azure Spring Cloud Logs\\n\\n[**Overview**](#/dashboard/azure-41e84340-ec20-11e9-90ec-112a988266d5) | [System Logs](#/dashboard/azure-87095750-f05a-11e9-90ec-112a988266d5) | [Application Console Logs](#/dashboard/azure-0f559cc0-f0d5-11e9-90ec-112a988266d5) \"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":false,\"enhancements\":{},\"type\":\"visualization\"},\"title\":\"Navigation Azure Spring Cloud Logs\",\"panelRefName\":\"panel_5139d9b1-5d42-4157-8c19-9f5480da0741\"},{\"version\":\"7.14.0-SNAPSHOT\",\"type\":\"visualization\",\"gridData\":{\"x\":7,\"y\":0,\"w\":13,\"h\":6,\"i\":\"a71b2a03-663d-4897-a3c2-4a363a5cd13c\"},\"panelIndex\":\"a71b2a03-663d-4897-a3c2-4a363a5cd13c\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Subscription and Type Filter\",\"panelRefName\":\"panel_a71b2a03-663d-4897-a3c2-4a363a5cd13c\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"x\":20,\"y\":0,\"w\":28,\"h\":14,\"i\":\"c9d5c763-5ee4-4fa2-8694-5678a33ca7ab\"},\"panelIndex\":\"c9d5c763-5ee4-4fa2-8694-5678a33ca7ab\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"metrics\",\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"6e9eef83-a185-439a-984f-66145d3836a8\",\"type\":\"timeseries\",\"series\":[{\"id\":\"cde434f5-35d6-49e2-8730-ef347d66c57d\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"41bce31f-658c-4580-adfd-9fb86fe623db\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\"}],\"time_field\":\"\",\"use_kibana_indexes\":true,\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"drop_last_bucket\":0,\"isModelInvalid\":false,\"filter\":{\"query\":\"data_stream.dataset :\\\"azure.springcloudlogs\\\"\",\"language\":\"kuery\"}},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":false,\"enhancements\":{},\"type\":\"visualization\"},\"title\":\"Spring Cloud Logs Activity\",\"panelRefName\":\"panel_c9d5c763-5ee4-4fa2-8694-5678a33ca7ab\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":6,\"w\":20,\"h\":20,\"i\":\"8ed7ced5-a053-4d6c-99f0-09ec2c3d5933\"},\"panelIndex\":\"8ed7ced5-a053-4d6c-99f0-09ec2c3d5933\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{},\"style\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"},\"style\":{}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"interpolate\":\"linear\",\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true,\"circlesRadius\":3}],\"addTooltip\":true,\"detailedTooltip\":true,\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"radiusRatio\":0,\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"legendSize\":\"auto\"},\"uiState\":{},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"azure.resource.group\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"searchSource\":{\"index\":\"logs-*\",\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":false,\"enhancements\":{},\"type\":\"visualization\"},\"title\":\"Top Resource Groups\",\"panelRefName\":\"panel_8ed7ced5-a053-4d6c-99f0-09ec2c3d5933\"},{\"version\":\"7.14.0-SNAPSHOT\",\"type\":\"visualization\",\"gridData\":{\"x\":20,\"y\":14,\"w\":28,\"h\":15,\"i\":\"8a69029b-054e-4adc-b20b-b2052cdaed73\"},\"panelIndex\":\"8a69029b-054e-4adc-b20b-b2052cdaed73\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Services\",\"panelRefName\":\"panel_8a69029b-054e-4adc-b20b-b2052cdaed73\"},{\"version\":\"7.14.0-SNAPSHOT\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":26,\"w\":20,\"h\":19,\"i\":\"08b8beb6-9b26-461b-9a04-3560916952d0\"},\"panelIndex\":\"08b8beb6-9b26-461b-9a04-3560916952d0\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Top Resources\",\"panelRefName\":\"panel_08b8beb6-9b26-461b-9a04-3560916952d0\"},{\"version\":\"7.14.0-SNAPSHOT\",\"type\":\"visualization\",\"gridData\":{\"x\":20,\"y\":29,\"w\":28,\"h\":16,\"i\":\"e0d96ed1-5839-4e7a-bf04-8757614b8503\"},\"panelIndex\":\"e0d96ed1-5839-4e7a-bf04-8757614b8503\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Log Level\",\"panelRefName\":\"panel_e0d96ed1-5839-4e7a-bf04-8757614b8503\"}]","timeRestore":false,"title":"[Logs Azure] Azure Spring Cloud logs Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-5ad41d90-f50e-11eb-a831-732d3e9bbd43","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"azure-5f57bf00-f510-11eb-a831-732d3e9bbd43","name":"5139d9b1-5d42-4157-8c19-9f5480da0741:panel_5139d9b1-5d42-4157-8c19-9f5480da0741","type":"visualization"},{"id":"azure-f619df10-f50e-11eb-a831-732d3e9bbd43","name":"a71b2a03-663d-4897-a3c2-4a363a5cd13c:panel_a71b2a03-663d-4897-a3c2-4a363a5cd13c","type":"visualization"},{"id":"azure-bc8ef760-f510-11eb-a831-732d3e9bbd43","name":"c9d5c763-5ee4-4fa2-8694-5678a33ca7ab:panel_c9d5c763-5ee4-4fa2-8694-5678a33ca7ab","type":"visualization"},{"id":"azure-9d600690-f510-11eb-a831-732d3e9bbd43","name":"8ed7ced5-a053-4d6c-99f0-09ec2c3d5933:panel_8ed7ced5-a053-4d6c-99f0-09ec2c3d5933","type":"visualization"},{"id":"azure-b4f3d030-f523-11eb-b9f3-73fa29f35762","name":"8a69029b-054e-4adc-b20b-b2052cdaed73:panel_8a69029b-054e-4adc-b20b-b2052cdaed73","type":"visualization"},{"id":"azure-f080c110-f52f-11eb-b9f3-73fa29f35762","name":"08b8beb6-9b26-461b-9a04-3560916952d0:panel_08b8beb6-9b26-461b-9a04-3560916952d0","type":"lens"},{"id":"azure-9d80c770-f530-11eb-b9f3-73fa29f35762","name":"e0d96ed1-5839-4e7a-bf04-8757614b8503:panel_e0d96ed1-5839-4e7a-bf04-8757614b8503","type":"visualization"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6634],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1ODMsMV0="}
+{"attributes":{"columns":[],"description":"Lists risk users produced by the Azure AD Identity Protection service.","grid":{},"hideChart":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"azure.identityprotection.category : \\\"RiskyUsers\\\" \"}}"},"sort":[["@timestamp","desc"]],"title":"Identity Protection Risky Users [Azure Logs]"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-f7cc8d20-32e9-11ed-8fa6-3121b5e93ca0","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6638],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1ODQsMV0="}
+{"attributes":{"columns":[],"description":"Lists user risk event produced by the Azure AD Identity Protection service.","grid":{},"hideChart":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\" azure.identityprotection.category : \\\"UserRiskEvents\\\" \"}}"},"sort":[["@timestamp","desc"]],"title":"Identity Protection User Risk Events [Azure Logs]"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-813b8ba0-32eb-11ed-8fa6-3121b5e93ca0","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6642],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1ODUsMV0="}
+{"attributes":{"description":"Provide an overview and statistics of the provisioning activities on your enterprise applications.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":10,\"i\":\"0705b471-583f-4593-916e-46b213966691\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"0705b471-583f-4593-916e-46b213966691\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-2b0a18e6-25a6-40ef-ade8-5dddbd897856\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"2b0a18e6-25a6-40ef-ade8-5dddbd897856\":{\"columnOrder\":[\"a1c2991d-9586-4c81-893a-e29584070568\",\"bd75d029-b44e-4c22-b06e-df0e4da1e694\"],\"columns\":{\"a1c2991d-9586-4c81-893a-e29584070568\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Source\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"bd75d029-b44e-4c22-b06e-df0e4da1e694\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"azure.identityprotection.properties.source\"},\"bd75d029-b44e-4c22-b06e-df0e4da1e694\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"azure.identityprotection.category : \\\"UserRiskEvents\\\" \"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"2b0a18e6-25a6-40ef-ade8-5dddbd897856\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"legendSize\":\"auto\",\"primaryGroups\":[\"a1c2991d-9586-4c81-893a-e29584070568\"],\"metrics\":[\"bd75d029-b44e-4c22-b06e-df0e4da1e694\"]}],\"shape\":\"donut\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Detection Sources\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":10,\"i\":\"b5e5ace6-ace9-4c70-a6d2-60e2991a1d40\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"b5e5ace6-ace9-4c70-a6d2-60e2991a1d40\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-2b0a18e6-25a6-40ef-ade8-5dddbd897856\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"2b0a18e6-25a6-40ef-ade8-5dddbd897856\":{\"columnOrder\":[\"fab280b9-af2c-4256-a89f-19371827be79\",\"bd75d029-b44e-4c22-b06e-df0e4da1e694\"],\"columns\":{\"bd75d029-b44e-4c22-b06e-df0e4da1e694\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"fab280b9-af2c-4256-a89f-19371827be79\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Detected Risk Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"bd75d029-b44e-4c22-b06e-df0e4da1e694\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"azure.identityprotection.properties.risk_event_type\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"azure.identityprotection.category : \\\"UserRiskEvents\\\" \"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"2b0a18e6-25a6-40ef-ade8-5dddbd897856\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"legendSize\":\"auto\",\"primaryGroups\":[\"fab280b9-af2c-4256-a89f-19371827be79\"],\"metrics\":[\"bd75d029-b44e-4c22-b06e-df0e4da1e694\"]}],\"shape\":\"donut\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Detected Risk Type\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":10,\"i\":\"854eeccf-1660-4c42-b5c9-23fd59f8546e\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"854eeccf-1660-4c42-b5c9-23fd59f8546e\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-88e4665c-0d7e-4529-91b3-d4dd23b4c842\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"88e4665c-0d7e-4529-91b3-d4dd23b4c842\":{\"columnOrder\":[\"3756bebc-5376-45e4-a3b0-5d7d8aed12fb\",\"526f2da3-311e-491a-b0d2-46122d1582ee\",\"545a5a92-574f-445c-8fc8-c3414408702b\"],\"columns\":{\"3756bebc-5376-45e4-a3b0-5d7d8aed12fb\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Risk Type Event\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"545a5a92-574f-445c-8fc8-c3414408702b\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"azure.identityprotection.properties.risk_event_type\"},\"526f2da3-311e-491a-b0d2-46122d1582ee\":{\"customLabel\":true,\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"Detected Date\",\"operationType\":\"date_histogram\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true},\"scale\":\"interval\",\"sourceField\":\"azure.identityprotection.properties.detected_datetime\"},\"545a5a92-574f-445c-8fc8-c3414408702b\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"azure.identityprotection.category : \\\"UserRiskEvents\\\" \"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"545a5a92-574f-445c-8fc8-c3414408702b\"],\"layerId\":\"88e4665c-0d7e-4529-91b3-d4dd23b4c842\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"splitAccessor\":\"3756bebc-5376-45e4-a3b0-5d7d8aed12fb\",\"xAccessor\":\"526f2da3-311e-491a-b0d2-46122d1582ee\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"bar_stacked\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Detection Timeline\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"48157948-c755-4eee-9f28-aa5846bcc8c9\",\"w\":16,\"x\":0,\"y\":10},\"panelIndex\":\"48157948-c755-4eee-9f28-aa5846bcc8c9\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"aggregate\":\"concat\",\"customLabel\":\"Risk State\",\"field\":\"azure.identityprotection.properties.risk_state\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\"},\"schema\":\"metric\",\"type\":\"top_hits\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Name\",\"field\":\"azure.identityprotection.properties.user_display_name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":false,\"id\":\"4\",\"params\":{\"customLabel\":\"Level\",\"field\":\"azure.identityprotection.properties.risk_level\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":false,\"id\":\"5\",\"params\":{\"customLabel\":\"State\",\"field\":\"azure.identityprotection.properties.risk_state\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"savedSearchId\":\"azure-f7cc8d20-32e9-11ed-8fa6-3121b5e93ca0\",\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"autoFitRowToContent\":false,\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":false,\"showTotal\":false,\"totalFunc\":\"sum\"},\"title\":\"\",\"type\":\"table\",\"uiState\":{}},\"table\":null,\"vis\":{\"params\":{\"colWidth\":[{\"colIndex\":2,\"width\":188.75},{\"colIndex\":0,\"width\":431.08333333333337},{\"colIndex\":1,\"width\":160.08333333333331}]}},\"type\":\"visualization\"},\"title\":\"Risky Users\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"5d0136d7-0ba1-4054-95ce-218ad42e157e\",\"w\":32,\"x\":16,\"y\":10},\"panelIndex\":\"5d0136d7-0ba1-4054-95ce-218ad42e157e\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"aggregate\":\"concat\",\"customLabel\":\"Date\",\"field\":\"azure.identityprotection.properties.detected_datetime\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\"},\"schema\":\"metric\",\"type\":\"top_hits\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Name\",\"field\":\"azure.identityprotection.properties.user_display_name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"IP Address\",\"field\":\"azure.identityprotection.properties.ip_address\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Risk State\",\"field\":\"azure.identityprotection.properties.risk_state\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"5\",\"params\":{\"customLabel\":\"Risk Level\",\"field\":\"azure.identityprotection.properties.risk_level\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"6\",\"params\":{\"customLabel\":\"Detection Timing\",\"field\":\"azure.identityprotection.properties.detection_timing_type\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"savedSearchId\":\"azure-813b8ba0-32eb-11ed-8fa6-3121b5e93ca0\",\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"autoFitRowToContent\":false,\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":false,\"showTotal\":false,\"totalFunc\":\"sum\"},\"title\":\"\",\"type\":\"table\",\"uiState\":{}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}},\"type\":\"visualization\"},\"title\":\"Risky Sign-ins\"}]","timeRestore":false,"title":"[Logs Azure] Azure AD Identity Protection","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-5ee36c30-32dc-11ed-a2e6-916b60bbea71","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"0705b471-583f-4593-916e-46b213966691:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"0705b471-583f-4593-916e-46b213966691:indexpattern-datasource-layer-2b0a18e6-25a6-40ef-ade8-5dddbd897856","type":"index-pattern"},{"id":"logs-*","name":"b5e5ace6-ace9-4c70-a6d2-60e2991a1d40:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"b5e5ace6-ace9-4c70-a6d2-60e2991a1d40:indexpattern-datasource-layer-2b0a18e6-25a6-40ef-ade8-5dddbd897856","type":"index-pattern"},{"id":"logs-*","name":"854eeccf-1660-4c42-b5c9-23fd59f8546e:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"854eeccf-1660-4c42-b5c9-23fd59f8546e:indexpattern-datasource-layer-88e4665c-0d7e-4529-91b3-d4dd23b4c842","type":"index-pattern"},{"id":"azure-f7cc8d20-32e9-11ed-8fa6-3121b5e93ca0","name":"48157948-c755-4eee-9f28-aa5846bcc8c9:search_0","type":"search"},{"id":"azure-813b8ba0-32eb-11ed-8fa6-3121b5e93ca0","name":"5d0136d7-0ba1-4054-95ce-218ad42e157e:search_0","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6653],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1ODYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset :\\\"azure.activitylogs\\\" \"}}"},"title":"Caller IP [Logs Azure]","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Caller IP\",\"field\":\"source.ip\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"5\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Country\",\"field\":\"geo.country_name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"5\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Email\",\"field\":\"azure.activitylogs.identity.claims_initiated_by_user.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"5\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"}],\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":1,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":2,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metrics\":[{\"accessor\":3,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"title\":\"Caller IP [Logs Azure]\",\"type\":\"table\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-6ece76d0-f0cc-11e9-90ec-112a988266d5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6657],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1ODcsMV0="}
+{"attributes":{"columns":["observer.name","aws.firewall.flow.id","source.ip","source.port","destination.ip","destination.port","event.kind","event.type"],"description":"","grid":{},"hideChart":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"azure.firewall_logs\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"azure.firewall_logs\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"sort":[["@timestamp","desc"]],"title":"Firewall Network Rule Logs [Logs Azure]"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-70cbce40-f1a7-11ec-a5a8-bf965bcd5646","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6662],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1ODgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"title":"Navigation Users [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"fontSize\":10,\"markdown\":\"### Azure Monitoring\\n\\n[Overview](#/dashboard/azure-41e84340-ec20-11e9-90ec-112a988266d5) | [**Users**](#/dashboard/azure-87095750-f05a-11e9-90ec-112a988266d5) | [Alerts](#/dashboard/azure-0f559cc0-f0d5-11e9-90ec-112a988266d5) \",\"openLinksInNewTab\":false},\"title\":\"Navigation Users [Logs Azure]\",\"type\":\"markdown\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-c43855e0-f05a-11e9-90ec-112a988266d5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6665],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1ODksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"title":"User Filters [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"controls\":[{\"fieldName\":\"azure.subscription_id\",\"id\":\"1517598395667\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"Subscription\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":100,\"type\":\"terms\"},\"type\":\"list\"},{\"fieldName\":\"azure.activitylogs.identity.claims_initiated_by_user.name\",\"id\":\"1518843942322\",\"indexPatternRefName\":\"control_1_index_pattern\",\"label\":\"User Email\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":100,\"type\":\"terms\"},\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":true,\"useTimeFilter\":false},\"title\":\"User Filters [Logs Azure]\",\"type\":\"input_control_vis\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-b0471750-f05b-11e9-90ec-112a988266d5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6670],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1OTAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"User Activity Overview [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset :\\\"azure.activitylogs\\\" and azure.activitylogs.event_category :\\\"Administrative\\\" and azure.activitylogs.identity.claims_initiated_by_user.fullname :*\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"auto\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"bar\",\"color\":\"rgba(1,155,143,1)\",\"fill\":\"0.4\",\"filter\":\"\",\"formatter\":\"number\",\"hide_in_legend\":0,\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Actions\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_filters\":[{\"color\":\"rgba(244,78,59,1)\",\"filter\":{\"language\":\"lucene\",\"query\":\"_exists_:identity.claims.name\"},\"id\":\"a5302500-1399-11e8-a699-f390e75f4dd5\",\"label\":\"\"}],\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":0,\"time_field\":null,\"type\":\"timeseries\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"title\":\"User Activity Overview [Logs Azure]\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-e0203fc0-f05f-11e9-90ec-112a988266d5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6673],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1OTEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset :\\\"azure.activitylogs\\\" \"}}"},"title":"Resource Type Breakdown [Logs Azure]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"azure.resource.provider\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"addTooltip\":true,\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metric\":{\"accessor\":1,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}},\"isDonut\":false,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Resource Type Breakdown [Logs Azure]\",\"type\":\"pie\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-9ed46680-f0ce-11e9-90ec-112a988266d5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6677],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1OTIsMV0="}
+{"attributes":{"description":"This dashboard shows expanded user activity in Azure cloud.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"exists\":{\"field\":\"azure.activitylogs.identity.claims_initiated_by_user.fullname\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"azure.activitylogs.identity.claims_initiated_by_user.fullname\",\"negate\":false,\"type\":\"exists\",\"value\":\"exists\"}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"675f172f-dbec-44fe-b45c-fe854a967695\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"675f172f-dbec-44fe-b45c-fe854a967695\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Navigation Users\",\"panelRefName\":\"panel_675f172f-dbec-44fe-b45c-fe854a967695\"},{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"705596b5-db2e-4c45-875d-95d98bfb7ee8\",\"w\":16,\"x\":8,\"y\":0},\"panelIndex\":\"705596b5-db2e-4c45-875d-95d98bfb7ee8\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"User Filters\",\"panelRefName\":\"panel_705596b5-db2e-4c45-875d-95d98bfb7ee8\"},{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"ace19840-2084-45bd-bf86-9ab31b04a17b\",\"w\":24,\"x\":24,\"y\":0},\"panelIndex\":\"ace19840-2084-45bd-bf86-9ab31b04a17b\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"User Activity Overview\",\"panelRefName\":\"panel_ace19840-2084-45bd-bf86-9ab31b04a17b\"},{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"d4d708e1-d179-4688-8005-54e2162a82d2\",\"w\":11,\"x\":0,\"y\":4},\"panelIndex\":\"d4d708e1-d179-4688-8005-54e2162a82d2\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Users List\",\"panelRefName\":\"panel_d4d708e1-d179-4688-8005-54e2162a82d2\"},{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"5774219c-fb45-4480-bdfb-75a69bdc2cfe\",\"w\":13,\"x\":11,\"y\":4},\"panelIndex\":\"5774219c-fb45-4480-bdfb-75a69bdc2cfe\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Top Caller IPs\",\"panelRefName\":\"panel_5774219c-fb45-4480-bdfb-75a69bdc2cfe\"},{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"5deee186-fe00-4edc-9e5b-86d8d09f6550\",\"w\":24,\"x\":24,\"y\":9},\"panelIndex\":\"5deee186-fe00-4edc-9e5b-86d8d09f6550\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Authorization Activity User\",\"panelRefName\":\"panel_5deee186-fe00-4edc-9e5b-86d8d09f6550\"},{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"2fa13b32-c544-45f7-9132-620d09d121eb\",\"w\":16,\"x\":0,\"y\":19},\"panelIndex\":\"2fa13b32-c544-45f7-9132-620d09d121eb\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false},\"enhancements\":{}},\"title\":\"Top Resource Groups\",\"panelRefName\":\"panel_2fa13b32-c544-45f7-9132-620d09d121eb\"},{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"1a6dce1d-d039-4d18-87c7-1b700da676c2\",\"w\":17,\"x\":16,\"y\":19},\"panelIndex\":\"1a6dce1d-d039-4d18-87c7-1b700da676c2\",\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true},\"enhancements\":{}},\"title\":\"Resource Creations\",\"panelRefName\":\"panel_1a6dce1d-d039-4d18-87c7-1b700da676c2\"},{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"8fddd3bb-c1e6-4533-b075-1ab7361b3af0\",\"w\":17,\"x\":16,\"y\":26},\"panelIndex\":\"8fddd3bb-c1e6-4533-b075-1ab7361b3af0\",\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true},\"enhancements\":{}},\"title\":\"Resource Deletions\",\"panelRefName\":\"panel_8fddd3bb-c1e6-4533-b075-1ab7361b3af0\"},{\"version\":\"7.4.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"84583e62-1aad-4f03-a25a-c4f9eaace8c0\",\"w\":15,\"x\":33,\"y\":19},\"panelIndex\":\"84583e62-1aad-4f03-a25a-c4f9eaace8c0\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Top Resource Types\",\"panelRefName\":\"panel_84583e62-1aad-4f03-a25a-c4f9eaace8c0\"}]","timeRestore":false,"title":"[Logs Azure] User Activity","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-87095750-f05a-11e9-90ec-112a988266d5","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"azure-c43855e0-f05a-11e9-90ec-112a988266d5","name":"675f172f-dbec-44fe-b45c-fe854a967695:panel_675f172f-dbec-44fe-b45c-fe854a967695","type":"visualization"},{"id":"azure-b0471750-f05b-11e9-90ec-112a988266d5","name":"705596b5-db2e-4c45-875d-95d98bfb7ee8:panel_705596b5-db2e-4c45-875d-95d98bfb7ee8","type":"visualization"},{"id":"azure-e0203fc0-f05f-11e9-90ec-112a988266d5","name":"ace19840-2084-45bd-bf86-9ab31b04a17b:panel_ace19840-2084-45bd-bf86-9ab31b04a17b","type":"visualization"},{"id":"azure-52da1700-f05d-11e9-90ec-112a988266d5","name":"d4d708e1-d179-4688-8005-54e2162a82d2:panel_d4d708e1-d179-4688-8005-54e2162a82d2","type":"visualization"},{"id":"azure-6ece76d0-f0cc-11e9-90ec-112a988266d5","name":"5774219c-fb45-4480-bdfb-75a69bdc2cfe:panel_5774219c-fb45-4480-bdfb-75a69bdc2cfe","type":"visualization"},{"id":"azure-0dd135c0-f0cc-11e9-90ec-112a988266d5","name":"5deee186-fe00-4edc-9e5b-86d8d09f6550:panel_5deee186-fe00-4edc-9e5b-86d8d09f6550","type":"visualization"},{"id":"azure-71b62ca0-ec1a-11e9-90ec-112a988266d5","name":"2fa13b32-c544-45f7-9132-620d09d121eb:panel_2fa13b32-c544-45f7-9132-620d09d121eb","type":"visualization"},{"id":"azure-d91ce8d0-53e8-11ea-b1b7-7de801e1c297","name":"1a6dce1d-d039-4d18-87c7-1b700da676c2:panel_1a6dce1d-d039-4d18-87c7-1b700da676c2","type":"visualization"},{"id":"azure-6db84660-53e9-11ea-b1b7-7de801e1c297","name":"8fddd3bb-c1e6-4533-b075-1ab7361b3af0:panel_8fddd3bb-c1e6-4533-b075-1ab7361b3af0","type":"visualization"},{"id":"azure-9ed46680-f0ce-11e9-90ec-112a988266d5","name":"84583e62-1aad-4f03-a25a-c4f9eaace8c0:panel_84583e62-1aad-4f03-a25a-c4f9eaace8c0","type":"visualization"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6691],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1OTMsMV0="}
+{"attributes":{"description":"Dashboard providing statistics about alerts ingested from the Azure Firewall NAT Rule Log events.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"azure.firewall_logs\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"azure.firewall_logs\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"azure.firewall.operation_name\",\"negate\":false,\"params\":{\"query\":\"AzureFirewallNatRuleLog\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"azure.firewall.operation_name\":\"AzureFirewallNatRuleLog\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":14,\"i\":\"258f7245-5011-4f03-bcd3-cada0180dc7a\",\"w\":12,\"x\":0,\"y\":0},\"panelIndex\":\"258f7245-5011-4f03-bcd3-cada0180dc7a\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"**Navigation**\\n\\n[Overview](/app/dashboards#/view/azure-280493a0-f1a1-11ec-a5a8-bf965bcd5646)  \\n[Network Rule Logs](/app/dashboards#/view/azure-91224490-f1a6-11ec-a5a8-bf965bcd5646)      \\n**[Network NAT Rule Logs (This Page)](/app/dashboards#/view/azure-8731b980-f1aa-11ec-a5a8-bf965bcd5646)**  \\n[Application Rule Logs](/app/dashboards#/view/azure-1e5c9b50-f24a-11ec-a5a8-bf965bcd5646)  \\n[DNS Proxy Logs](/app/dashboards#/view/azure-cad82b40-f251-11ec-a5a8-bf965bcd5646)\\n\\n[Integrations Page](/app/integrations/detail/azure/overview?integration=firewall_logs)  \\n\\n**Overview**\\n\\nThis dashboard provides an overall view of Azure Firewall Network NAT Rule Log events.\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"7cbe886c-4cc4-4fec-beff-7336b0965067\",\"w\":36,\"x\":12,\"y\":0},\"panelIndex\":\"7cbe886c-4cc4-4fec-beff-7336b0965067\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloud.account.id\",\"id\":\"1637591016076\",\"indexPatternRefName\":\"control_7cbe886c-4cc4-4fec-beff-7336b0965067_0_index_pattern\",\"label\":\"Subscription ID\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"observer.name\",\"id\":\"1637591118622\",\"indexPatternRefName\":\"control_7cbe886c-4cc4-4fec-beff-7336b0965067_1_index_pattern\",\"label\":\"Firewall\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":false,\"useTimeFilter\":false},\"title\":\"Firewall Filters\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64\",\"w\":6,\"x\":12,\"y\":7},\"panelIndex\":\"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Source IPs\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(source.ip)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of unique_count(source.ip)\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"source.ip\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Source IPs\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"4c85d573-baea-49ca-bb9e-4013a0373da7\",\"w\":6,\"x\":18,\"y\":7},\"panelIndex\":\"4c85d573-baea-49ca-bb9e-4013a0373da7\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Destination IPs\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(destination.ip)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Unique Source IPs\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"destination.ip\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Destination IPs\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"b0b8c30c-2096-49ee-95b3-9adbf27808e5\",\"w\":6,\"x\":24,\"y\":7},\"panelIndex\":\"b0b8c30c-2096-49ee-95b3-9adbf27808e5\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Source Countries\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(source.geo.country_name)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Unique Source IPs\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"source.geo.country_name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Source Countries\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"e0be3094-1544-4c59-858c-05320b57c3a7\",\"w\":6,\"x\":30,\"y\":7},\"panelIndex\":\"e0be3094-1544-4c59-858c-05320b57c3a7\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Destination Countries\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(destination.geo.country_name)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Unique Source Countries\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"destination.geo.country_name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Destination Countries\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"673dd2b3-e271-4ad9-9b86-83e4e1070647\",\"w\":6,\"x\":36,\"y\":7},\"panelIndex\":\"673dd2b3-e271-4ad9-9b86-83e4e1070647\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Network Protocols\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(network.protocol)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Unique Rules\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"network.protocol\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Network Protocols\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"ce8caf3c-c830-4500-a4bf-66a9f354cd49\",\"w\":12,\"x\":0,\"y\":14},\"panelIndex\":\"ce8caf3c-c830-4500-a4bf-66a9f354cd49\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5c93c96-5038-49e1-acca-2e876257c059\":{\"columnOrder\":[\"b2d72986-1818-4a93-9155-2a66cd00eca4\",\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\"],\"columns\":{\"b2d72986-1818-4a93-9155-2a66cd00eca4\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Firewall\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"observer.name\"},\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"b2d72986-1818-4a93-9155-2a66cd00eca4\",\"isTransposed\":false},{\"columnId\":\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\",\"isTransposed\":false}],\"layerId\":\"a5c93c96-5038-49e1-acca-2e876257c059\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Event Generating Firewalls\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"2148efa5-f130-4751-909d-6a79eed2e16b\",\"w\":12,\"x\":12,\"y\":14},\"panelIndex\":\"2148efa5-f130-4751-909d-6a79eed2e16b\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"77c8c7dc-b073-4d7c-8403-b25ee4647152\":{\"columnOrder\":[\"f49ff962-9e8a-4170-a0d8-54cee9438651\",\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"],\"columns\":{\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"f49ff962-9e8a-4170-a0d8-54cee9438651\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of source.geo.country_name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"source.geo.country_name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"legendSize\":\"auto\",\"primaryGroups\":[\"f49ff962-9e8a-4170-a0d8-54cee9438651\"],\"metrics\":[\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Source Countries\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"6790d45f-4fa9-4a70-b0e1-a3e10682c852\",\"w\":12,\"x\":24,\"y\":14},\"panelIndex\":\"6790d45f-4fa9-4a70-b0e1-a3e10682c852\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"77c8c7dc-b073-4d7c-8403-b25ee4647152\":{\"columnOrder\":[\"f49ff962-9e8a-4170-a0d8-54cee9438651\",\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"],\"columns\":{\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"f49ff962-9e8a-4170-a0d8-54cee9438651\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of destination.geo.country_name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"destination.geo.country_name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"legendSize\":\"auto\",\"primaryGroups\":[\"f49ff962-9e8a-4170-a0d8-54cee9438651\"],\"metrics\":[\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Destination Countries\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"f7c1e866-ba0d-45af-95bf-2736901431dc\",\"w\":12,\"x\":36,\"y\":14},\"panelIndex\":\"f7c1e866-ba0d-45af-95bf-2736901431dc\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"77c8c7dc-b073-4d7c-8403-b25ee4647152\":{\"columnOrder\":[\"9367ad41-b48b-438e-b4d8-2c3f85aff052\",\"76f26815-f13c-4273-b52f-7c25247f2b0d\",\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"],\"columns\":{\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"76f26815-f13c-4273-b52f-7c25247f2b0d\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of network.protocol\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"network.protocol\"},\"9367ad41-b48b-438e-b4d8-2c3f85aff052\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of network.transport\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":3},\"scale\":\"ordinal\",\"sourceField\":\"network.transport\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"legendSize\":\"auto\",\"primaryGroups\":[\"76f26815-f13c-4273-b52f-7c25247f2b0d\",\"76f26815-f13c-4273-b52f-7c25247f2b0d\",\"9367ad41-b48b-438e-b4d8-2c3f85aff052\",\"76f26815-f13c-4273-b52f-7c25247f2b0d\",\"76f26815-f13c-4273-b52f-7c25247f2b0d\",\"76f26815-f13c-4273-b52f-7c25247f2b0d\"],\"metrics\":[\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"]}],\"shape\":\"donut\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Network Protocols and Applications\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"9609e04b-0043-4b3a-a31b-a2461c1e3dcb\",\"w\":12,\"x\":12,\"y\":29},\"panelIndex\":\"9609e04b-0043-4b3a-a31b-a2461c1e3dcb\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5c93c96-5038-49e1-acca-2e876257c059\":{\"columnOrder\":[\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"915adad5-4455-40d4-a9cd-0702da79189c\"],\"columns\":{\"63e483b4-0ce2-4f05-92a2-8e699650d64c\":{\"customLabel\":true,\"dataType\":\"ip\",\"isBucketed\":true,\"label\":\"Source IP\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"source.ip\"},\"915adad5-4455-40d4-a9cd-0702da79189c\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"isTransposed\":false},{\"columnId\":\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"isTransposed\":false}],\"layerId\":\"a5c93c96-5038-49e1-acca-2e876257c059\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Event Source IPs\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"8a1bd282-e360-473d-b26d-e73f2b470c81\",\"w\":12,\"x\":24,\"y\":29},\"panelIndex\":\"8a1bd282-e360-473d-b26d-e73f2b470c81\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5c93c96-5038-49e1-acca-2e876257c059\":{\"columnOrder\":[\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"915adad5-4455-40d4-a9cd-0702da79189c\"],\"columns\":{\"63e483b4-0ce2-4f05-92a2-8e699650d64c\":{\"customLabel\":true,\"dataType\":\"ip\",\"isBucketed\":true,\"label\":\"Destination IP\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"destination.ip\"},\"915adad5-4455-40d4-a9cd-0702da79189c\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"isTransposed\":false},{\"columnId\":\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"isTransposed\":false}],\"layerId\":\"a5c93c96-5038-49e1-acca-2e876257c059\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Event Destination IPs\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"3b9a2a5f-1226-415c-88d5-21496508d060\",\"w\":12,\"x\":36,\"y\":29},\"panelIndex\":\"3b9a2a5f-1226-415c-88d5-21496508d060\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5c93c96-5038-49e1-acca-2e876257c059\":{\"columnOrder\":[\"71a5a0d6-161e-4175-9a34-b25e8cfbf4c0\",\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\"],\"columns\":{\"71a5a0d6-161e-4175-9a34-b25e8cfbf4c0\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Network Protocol\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"network.protocol\"},\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"71a5a0d6-161e-4175-9a34-b25e8cfbf4c0\",\"isTransposed\":false},{\"columnId\":\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\",\"isTransposed\":false}],\"layerId\":\"a5c93c96-5038-49e1-acca-2e876257c059\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Network Protocols\"},{\"version\":\"7.16.0\",\"type\":\"search\",\"gridData\":{\"h\":18,\"i\":\"6923a967-09ff-4f14-ad5f-46a491efb566\",\"w\":48,\"x\":0,\"y\":40},\"panelIndex\":\"6923a967-09ff-4f14-ad5f-46a491efb566\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6923a967-09ff-4f14-ad5f-46a491efb566\"}]","timeRestore":false,"title":"[Logs Azure] Firewall Network NAT Rule Log","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-8731b980-f1aa-11ec-a5a8-bf965bcd5646","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"logs-*","name":"7cbe886c-4cc4-4fec-beff-7336b0965067:control_7cbe886c-4cc4-4fec-beff-7336b0965067_0_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7cbe886c-4cc4-4fec-beff-7336b0965067:control_7cbe886c-4cc4-4fec-beff-7336b0965067_1_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"4c85d573-baea-49ca-bb9e-4013a0373da7:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"4c85d573-baea-49ca-bb9e-4013a0373da7:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"b0b8c30c-2096-49ee-95b3-9adbf27808e5:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"b0b8c30c-2096-49ee-95b3-9adbf27808e5:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"e0be3094-1544-4c59-858c-05320b57c3a7:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"e0be3094-1544-4c59-858c-05320b57c3a7:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"673dd2b3-e271-4ad9-9b86-83e4e1070647:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"673dd2b3-e271-4ad9-9b86-83e4e1070647:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"ce8caf3c-c830-4500-a4bf-66a9f354cd49:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"ce8caf3c-c830-4500-a4bf-66a9f354cd49:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059","type":"index-pattern"},{"id":"logs-*","name":"2148efa5-f130-4751-909d-6a79eed2e16b:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"2148efa5-f130-4751-909d-6a79eed2e16b:indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152","type":"index-pattern"},{"id":"logs-*","name":"6790d45f-4fa9-4a70-b0e1-a3e10682c852:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"6790d45f-4fa9-4a70-b0e1-a3e10682c852:indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152","type":"index-pattern"},{"id":"logs-*","name":"f7c1e866-ba0d-45af-95bf-2736901431dc:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"f7c1e866-ba0d-45af-95bf-2736901431dc:indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152","type":"index-pattern"},{"id":"logs-*","name":"9609e04b-0043-4b3a-a31b-a2461c1e3dcb:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"9609e04b-0043-4b3a-a31b-a2461c1e3dcb:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059","type":"index-pattern"},{"id":"logs-*","name":"8a1bd282-e360-473d-b26d-e73f2b470c81:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"8a1bd282-e360-473d-b26d-e73f2b470c81:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059","type":"index-pattern"},{"id":"logs-*","name":"3b9a2a5f-1226-415c-88d5-21496508d060:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"3b9a2a5f-1226-415c-88d5-21496508d060:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059","type":"index-pattern"},{"id":"azure-252228a0-f1ab-11ec-a5a8-bf965bcd5646","name":"6923a967-09ff-4f14-ad5f-46a491efb566:panel_6923a967-09ff-4f14-ad5f-46a491efb566","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6723],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1OTQsMV0="}
+{"attributes":{"description":"Dashboard providing statistics about alerts ingested from the AWS Network Firewall integration.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"azure.firewall_logs\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"azure.firewall_logs\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"azure.firewall.operation_name\",\"negate\":false,\"params\":{\"query\":\"AzureFirewallNetworkRuleLog\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"azure.firewall.operation_name\":\"AzureFirewallNetworkRuleLog\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":14,\"i\":\"258f7245-5011-4f03-bcd3-cada0180dc7a\",\"w\":12,\"x\":0,\"y\":0},\"panelIndex\":\"258f7245-5011-4f03-bcd3-cada0180dc7a\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"**Navigation**\\n\\n[Overview](/app/dashboards#/view/azure-280493a0-f1a1-11ec-a5a8-bf965bcd5646)  \\n**[Network Rule Logs (This Page)](/app/dashboards#/view/azure-91224490-f1a6-11ec-a5a8-bf965bcd5646)**    \\n[Network NAT Rule Logs](/app/dashboards#/view/azure-8731b980-f1aa-11ec-a5a8-bf965bcd5646)  \\n[Application Rule Logs](/app/dashboards#/view/azure-1e5c9b50-f24a-11ec-a5a8-bf965bcd5646)  \\n[DNS Proxy Logs](/app/dashboards#/view/azure-cad82b40-f251-11ec-a5a8-bf965bcd5646)\\n\\n[Integrations Page](/app/integrations/detail/azure/overview?integration=firewall_logs) \\n\\n**Overview**\\n\\nThis dashboard provides an overall view of Azure Firewall Network Rule Log events.\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64\",\"w\":6,\"x\":12,\"y\":7},\"panelIndex\":\"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Source IPs\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(source.ip)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of unique_count(source.ip)\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"source.ip\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Source IPs\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"4c85d573-baea-49ca-bb9e-4013a0373da7\",\"w\":6,\"x\":18,\"y\":7},\"panelIndex\":\"4c85d573-baea-49ca-bb9e-4013a0373da7\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Destination IPs\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(destination.ip)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Unique Source IPs\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"destination.ip\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Destination IPs\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"b0b8c30c-2096-49ee-95b3-9adbf27808e5\",\"w\":6,\"x\":24,\"y\":7},\"panelIndex\":\"b0b8c30c-2096-49ee-95b3-9adbf27808e5\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Source Countries\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(source.geo.country_name)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Unique Source IPs\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"source.geo.country_name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Source Countries\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"e0be3094-1544-4c59-858c-05320b57c3a7\",\"w\":6,\"x\":30,\"y\":7},\"panelIndex\":\"e0be3094-1544-4c59-858c-05320b57c3a7\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Destination Countries\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(destination.geo.country_name)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Unique Source Countries\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"destination.geo.country_name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Destination Countries\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"673dd2b3-e271-4ad9-9b86-83e4e1070647\",\"w\":6,\"x\":36,\"y\":7},\"panelIndex\":\"673dd2b3-e271-4ad9-9b86-83e4e1070647\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Network Protocols\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(network.protocol)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Unique Rules\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"network.protocol\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Network Protocols\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"ce8caf3c-c830-4500-a4bf-66a9f354cd49\",\"w\":12,\"x\":0,\"y\":14},\"panelIndex\":\"ce8caf3c-c830-4500-a4bf-66a9f354cd49\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5c93c96-5038-49e1-acca-2e876257c059\":{\"columnOrder\":[\"b2d72986-1818-4a93-9155-2a66cd00eca4\",\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\"],\"columns\":{\"b2d72986-1818-4a93-9155-2a66cd00eca4\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Firewall\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"observer.name\"},\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"b2d72986-1818-4a93-9155-2a66cd00eca4\",\"isTransposed\":false},{\"columnId\":\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\",\"isTransposed\":false}],\"layerId\":\"a5c93c96-5038-49e1-acca-2e876257c059\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Event Generating Firewalls\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"2148efa5-f130-4751-909d-6a79eed2e16b\",\"w\":12,\"x\":12,\"y\":14},\"panelIndex\":\"2148efa5-f130-4751-909d-6a79eed2e16b\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"77c8c7dc-b073-4d7c-8403-b25ee4647152\":{\"columnOrder\":[\"f49ff962-9e8a-4170-a0d8-54cee9438651\",\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"],\"columns\":{\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"f49ff962-9e8a-4170-a0d8-54cee9438651\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of source.geo.country_name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"source.geo.country_name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"legendSize\":\"auto\",\"primaryGroups\":[\"f49ff962-9e8a-4170-a0d8-54cee9438651\"],\"metrics\":[\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Source Countries\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"6790d45f-4fa9-4a70-b0e1-a3e10682c852\",\"w\":12,\"x\":24,\"y\":14},\"panelIndex\":\"6790d45f-4fa9-4a70-b0e1-a3e10682c852\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"77c8c7dc-b073-4d7c-8403-b25ee4647152\":{\"columnOrder\":[\"f49ff962-9e8a-4170-a0d8-54cee9438651\",\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"],\"columns\":{\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"f49ff962-9e8a-4170-a0d8-54cee9438651\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of destination.geo.country_name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"destination.geo.country_name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"legendSize\":\"auto\",\"primaryGroups\":[\"f49ff962-9e8a-4170-a0d8-54cee9438651\"],\"metrics\":[\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Destination Countries\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"f7c1e866-ba0d-45af-95bf-2736901431dc\",\"w\":12,\"x\":36,\"y\":14},\"panelIndex\":\"f7c1e866-ba0d-45af-95bf-2736901431dc\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"77c8c7dc-b073-4d7c-8403-b25ee4647152\":{\"columnOrder\":[\"9367ad41-b48b-438e-b4d8-2c3f85aff052\",\"76f26815-f13c-4273-b52f-7c25247f2b0d\",\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"],\"columns\":{\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"76f26815-f13c-4273-b52f-7c25247f2b0d\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of network.protocol\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"network.protocol\"},\"9367ad41-b48b-438e-b4d8-2c3f85aff052\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of network.transport\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":3},\"scale\":\"ordinal\",\"sourceField\":\"network.transport\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"77c8c7dc-b073-4d7c-8403-b25ee4647152\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"legendSize\":\"auto\",\"primaryGroups\":[\"76f26815-f13c-4273-b52f-7c25247f2b0d\",\"76f26815-f13c-4273-b52f-7c25247f2b0d\",\"9367ad41-b48b-438e-b4d8-2c3f85aff052\",\"76f26815-f13c-4273-b52f-7c25247f2b0d\",\"76f26815-f13c-4273-b52f-7c25247f2b0d\",\"76f26815-f13c-4273-b52f-7c25247f2b0d\"],\"metrics\":[\"0e88e9b7-a2b1-4634-95c1-a7d38dce70a6\"]}],\"shape\":\"donut\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Network Protocols and Applications\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"9609e04b-0043-4b3a-a31b-a2461c1e3dcb\",\"w\":12,\"x\":12,\"y\":29},\"panelIndex\":\"9609e04b-0043-4b3a-a31b-a2461c1e3dcb\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5c93c96-5038-49e1-acca-2e876257c059\":{\"columnOrder\":[\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"915adad5-4455-40d4-a9cd-0702da79189c\"],\"columns\":{\"63e483b4-0ce2-4f05-92a2-8e699650d64c\":{\"customLabel\":true,\"dataType\":\"ip\",\"isBucketed\":true,\"label\":\"Source IP\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"source.ip\"},\"915adad5-4455-40d4-a9cd-0702da79189c\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"isTransposed\":false},{\"columnId\":\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"isTransposed\":false}],\"layerId\":\"a5c93c96-5038-49e1-acca-2e876257c059\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Event Source IPs\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"8a1bd282-e360-473d-b26d-e73f2b470c81\",\"w\":12,\"x\":24,\"y\":29},\"panelIndex\":\"8a1bd282-e360-473d-b26d-e73f2b470c81\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5c93c96-5038-49e1-acca-2e876257c059\":{\"columnOrder\":[\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"915adad5-4455-40d4-a9cd-0702da79189c\"],\"columns\":{\"63e483b4-0ce2-4f05-92a2-8e699650d64c\":{\"customLabel\":true,\"dataType\":\"ip\",\"isBucketed\":true,\"label\":\"Destination IP\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"destination.ip\"},\"915adad5-4455-40d4-a9cd-0702da79189c\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"isTransposed\":false},{\"columnId\":\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"isTransposed\":false}],\"layerId\":\"a5c93c96-5038-49e1-acca-2e876257c059\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Event Destination IPs\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"3b9a2a5f-1226-415c-88d5-21496508d060\",\"w\":12,\"x\":36,\"y\":29},\"panelIndex\":\"3b9a2a5f-1226-415c-88d5-21496508d060\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5c93c96-5038-49e1-acca-2e876257c059\":{\"columnOrder\":[\"71a5a0d6-161e-4175-9a34-b25e8cfbf4c0\",\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\"],\"columns\":{\"71a5a0d6-161e-4175-9a34-b25e8cfbf4c0\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Network Protocol\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"network.protocol\"},\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"71a5a0d6-161e-4175-9a34-b25e8cfbf4c0\",\"isTransposed\":false},{\"columnId\":\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\",\"isTransposed\":false}],\"layerId\":\"a5c93c96-5038-49e1-acca-2e876257c059\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Network Protocols\"},{\"version\":\"7.16.0\",\"type\":\"search\",\"gridData\":{\"h\":15,\"i\":\"c469c097-b5bf-4eb9-ba69-c4590ec183a7\",\"w\":48,\"x\":0,\"y\":40},\"panelIndex\":\"c469c097-b5bf-4eb9-ba69-c4590ec183a7\",\"embeddableConfig\":{\"columns\":[\"observer.name\",\"source.ip\",\"source.port\",\"destination.ip\",\"destination.port\",\"event.kind\",\"event.type\"],\"enhancements\":{}},\"panelRefName\":\"panel_c469c097-b5bf-4eb9-ba69-c4590ec183a7\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"7cbe886c-4cc4-4fec-beff-7336b0965067\",\"w\":36,\"x\":12,\"y\":0},\"panelIndex\":\"7cbe886c-4cc4-4fec-beff-7336b0965067\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloud.account.id\",\"id\":\"1637591016076\",\"indexPatternRefName\":\"control_7cbe886c-4cc4-4fec-beff-7336b0965067_0_index_pattern\",\"label\":\"Subscription ID\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"observer.name\",\"id\":\"1637591118622\",\"indexPatternRefName\":\"control_7cbe886c-4cc4-4fec-beff-7336b0965067_1_index_pattern\",\"label\":\"Firewall\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":false,\"useTimeFilter\":false},\"title\":\"Firewall Filters\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\"}}]","timeRestore":false,"title":"[Logs Azure] Firewall Network Rule Log","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-91224490-f1a6-11ec-a5a8-bf965bcd5646","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"logs-*","name":"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"4c85d573-baea-49ca-bb9e-4013a0373da7:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"4c85d573-baea-49ca-bb9e-4013a0373da7:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"b0b8c30c-2096-49ee-95b3-9adbf27808e5:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"b0b8c30c-2096-49ee-95b3-9adbf27808e5:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"e0be3094-1544-4c59-858c-05320b57c3a7:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"e0be3094-1544-4c59-858c-05320b57c3a7:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"673dd2b3-e271-4ad9-9b86-83e4e1070647:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"673dd2b3-e271-4ad9-9b86-83e4e1070647:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"ce8caf3c-c830-4500-a4bf-66a9f354cd49:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"ce8caf3c-c830-4500-a4bf-66a9f354cd49:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059","type":"index-pattern"},{"id":"logs-*","name":"2148efa5-f130-4751-909d-6a79eed2e16b:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"2148efa5-f130-4751-909d-6a79eed2e16b:indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152","type":"index-pattern"},{"id":"logs-*","name":"6790d45f-4fa9-4a70-b0e1-a3e10682c852:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"6790d45f-4fa9-4a70-b0e1-a3e10682c852:indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152","type":"index-pattern"},{"id":"logs-*","name":"f7c1e866-ba0d-45af-95bf-2736901431dc:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"f7c1e866-ba0d-45af-95bf-2736901431dc:indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152","type":"index-pattern"},{"id":"logs-*","name":"9609e04b-0043-4b3a-a31b-a2461c1e3dcb:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"9609e04b-0043-4b3a-a31b-a2461c1e3dcb:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059","type":"index-pattern"},{"id":"logs-*","name":"8a1bd282-e360-473d-b26d-e73f2b470c81:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"8a1bd282-e360-473d-b26d-e73f2b470c81:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059","type":"index-pattern"},{"id":"logs-*","name":"3b9a2a5f-1226-415c-88d5-21496508d060:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"3b9a2a5f-1226-415c-88d5-21496508d060:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059","type":"index-pattern"},{"id":"azure-70cbce40-f1a7-11ec-a5a8-bf965bcd5646","name":"c469c097-b5bf-4eb9-ba69-c4590ec183a7:panel_c469c097-b5bf-4eb9-ba69-c4590ec183a7","type":"search"},{"id":"logs-*","name":"7cbe886c-4cc4-4fec-beff-7336b0965067:control_7cbe886c-4cc4-4fec-beff-7336b0965067_0_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7cbe886c-4cc4-4fec-beff-7336b0965067:control_7cbe886c-4cc4-4fec-beff-7336b0965067_1_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6755],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1OTUsMV0="}
+{"attributes":{"description":"Dashboard providing statistics about logs ingested from the Azure Firewall DNS Proxy events.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"azure.firewall_logs\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"azure.firewall_logs\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"azure.firewall.operation_name\",\"negate\":false,\"params\":{\"query\":\"AzureFirewallDnsProxyLog\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"azure.firewall.operation_name\":\"AzureFirewallDnsProxyLog\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":14,\"i\":\"258f7245-5011-4f03-bcd3-cada0180dc7a\",\"w\":12,\"x\":0,\"y\":0},\"panelIndex\":\"258f7245-5011-4f03-bcd3-cada0180dc7a\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"**Navigation**\\n\\n[Overview](/app/dashboards#/view/azure-280493a0-f1a1-11ec-a5a8-bf965bcd5646)  \\n[Network Rule Logs](/app/dashboards#/view/azure-91224490-f1a6-11ec-a5a8-bf965bcd5646)  \\n[Network NAT Rule Logs](/app/dashboards#/view/azure-8731b980-f1aa-11ec-a5a8-bf965bcd5646)  \\n[Application Rule Logs)](/app/dashboards#/view/azure-1e5c9b50-f24a-11ec-a5a8-bf965bcd5646)  \\n**[DNS Proxy Logs (This Page)](/app/dashboards#/view/azure-cad82b40-f251-11ec-a5a8-bf965bcd5646)**\\n\\n[Integrations Page](/app/integrations/detail/azure/overview?integration=firewall_logs)  \\n\\n**Overview**\\n\\nThis dashboard provides an overall view of Azure Firewall DNS Proxy Log events.   \",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"7cbe886c-4cc4-4fec-beff-7336b0965067\",\"w\":36,\"x\":12,\"y\":0},\"panelIndex\":\"7cbe886c-4cc4-4fec-beff-7336b0965067\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloud.account.id\",\"id\":\"1637591016076\",\"indexPatternRefName\":\"control_7cbe886c-4cc4-4fec-beff-7336b0965067_0_index_pattern\",\"label\":\"Subscription ID\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"observer.name\",\"id\":\"1637591118622\",\"indexPatternRefName\":\"control_7cbe886c-4cc4-4fec-beff-7336b0965067_1_index_pattern\",\"label\":\"Firewall\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":false,\"useTimeFilter\":false},\"title\":\"Firewall Filters\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"8f1313ba-331f-478a-aa30-ea8e2845f86c\",\"w\":6,\"x\":12,\"y\":7},\"panelIndex\":\"8f1313ba-331f-478a-aa30-ea8e2845f86c\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-8fee795f-a453-4cfa-a819-be091462e0ee\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"8fee795f-a453-4cfa-a819-be091462e0ee\":{\"columnOrder\":[\"e5fe95be-c8fe-4066-8ea1-58e63682f94b\"],\"columns\":{\"e5fe95be-c8fe-4066-8ea1-58e63682f94b\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Total DNS Queries\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"e5fe95be-c8fe-4066-8ea1-58e63682f94b\",\"layerId\":\"8fee795f-a453-4cfa-a819-be091462e0ee\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total DNS Queries\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64\",\"w\":6,\"x\":18,\"y\":7},\"panelIndex\":\"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Source IPs\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(source.ip)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of unique_count(source.ip)\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"source.ip\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Source IPs\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"b0b8c30c-2096-49ee-95b3-9adbf27808e5\",\"w\":6,\"x\":24,\"y\":7},\"panelIndex\":\"b0b8c30c-2096-49ee-95b3-9adbf27808e5\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Source Countries\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(source.geo.country_name)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Unique Source IPs\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"source.geo.country_name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Source Countries\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"e0be3094-1544-4c59-858c-05320b57c3a7\",\"w\":6,\"x\":30,\"y\":7},\"panelIndex\":\"e0be3094-1544-4c59-858c-05320b57c3a7\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Domains\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(dns.question.name)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Unique DNS Names\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"dns.question.name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Domains\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"2c2c4900-3223-4061-aba7-6c7274441654\",\"w\":6,\"x\":36,\"y\":7},\"panelIndex\":\"2c2c4900-3223-4061-aba7-6c7274441654\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-8fee795f-a453-4cfa-a819-be091462e0ee\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"8fee795f-a453-4cfa-a819-be091462e0ee\":{\"columnOrder\":[\"e5fe95be-c8fe-4066-8ea1-58e63682f94b\",\"e5fe95be-c8fe-4066-8ea1-58e63682f94bX0\",\"e5fe95be-c8fe-4066-8ea1-58e63682f94bX1\",\"e5fe95be-c8fe-4066-8ea1-58e63682f94bX2\"],\"columns\":{\"e5fe95be-c8fe-4066-8ea1-58e63682f94b\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Total Bytes\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}},\"formula\":\"sum(source.bytes) + sum(destination.bytes)\",\"isFormulaBroken\":false},\"references\":[\"e5fe95be-c8fe-4066-8ea1-58e63682f94bX2\"],\"scale\":\"ratio\"},\"e5fe95be-c8fe-4066-8ea1-58e63682f94bX0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Total Source Bytes\",\"operationType\":\"sum\",\"scale\":\"ratio\",\"sourceField\":\"source.bytes\"},\"e5fe95be-c8fe-4066-8ea1-58e63682f94bX1\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Total Source Bytes\",\"operationType\":\"sum\",\"scale\":\"ratio\",\"sourceField\":\"destination.bytes\"},\"e5fe95be-c8fe-4066-8ea1-58e63682f94bX2\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Total Source Bytes\",\"operationType\":\"math\",\"params\":{\"tinymathAst\":{\"args\":[\"e5fe95be-c8fe-4066-8ea1-58e63682f94bX0\",\"e5fe95be-c8fe-4066-8ea1-58e63682f94bX1\"],\"location\":{\"max\":42,\"min\":0},\"name\":\"add\",\"text\":\"sum(source.bytes) + sum(destination.bytes)\",\"type\":\"function\"}},\"references\":[\"e5fe95be-c8fe-4066-8ea1-58e63682f94bX0\",\"e5fe95be-c8fe-4066-8ea1-58e63682f94bX1\"],\"scale\":\"ratio\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"e5fe95be-c8fe-4066-8ea1-58e63682f94b\",\"layerId\":\"8fee795f-a453-4cfa-a819-be091462e0ee\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Bytes\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"673dd2b3-e271-4ad9-9b86-83e4e1070647\",\"w\":6,\"x\":42,\"y\":7},\"panelIndex\":\"673dd2b3-e271-4ad9-9b86-83e4e1070647\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\":{\"columnOrder\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"columns\":{\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique Network Protocols\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(network.transport)\",\"isFormulaBroken\":false},\"references\":[\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\"],\"scale\":\"ratio\"},\"fe432a5c-5813-4a13-948e-ea6d83ec8c40X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Unique Network Protocols\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"network.transport\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"fe432a5c-5813-4a13-948e-ea6d83ec8c40\",\"layerId\":\"454630b2-cff5-45ab-9cfc-ec19c5aeb97a\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Unique Network Protocols\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"9609e04b-0043-4b3a-a31b-a2461c1e3dcb\",\"w\":12,\"x\":24,\"y\":14},\"panelIndex\":\"9609e04b-0043-4b3a-a31b-a2461c1e3dcb\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5c93c96-5038-49e1-acca-2e876257c059\":{\"columnOrder\":[\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"915adad5-4455-40d4-a9cd-0702da79189c\"],\"columns\":{\"63e483b4-0ce2-4f05-92a2-8e699650d64c\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Source Address\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"source.address\"},\"915adad5-4455-40d4-a9cd-0702da79189c\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"isTransposed\":false},{\"columnId\":\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"isTransposed\":false}],\"layerId\":\"a5c93c96-5038-49e1-acca-2e876257c059\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Event Source Addresses\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"ce8caf3c-c830-4500-a4bf-66a9f354cd49\",\"w\":12,\"x\":36,\"y\":14},\"panelIndex\":\"ce8caf3c-c830-4500-a4bf-66a9f354cd49\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5c93c96-5038-49e1-acca-2e876257c059\":{\"columnOrder\":[\"b2d72986-1818-4a93-9155-2a66cd00eca4\",\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\"],\"columns\":{\"b2d72986-1818-4a93-9155-2a66cd00eca4\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Firewall\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"observer.name\"},\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"b2d72986-1818-4a93-9155-2a66cd00eca4\",\"isTransposed\":false},{\"columnId\":\"e1f00395-a8a7-42c9-9ce1-a20ec14edf63\",\"isTransposed\":false}],\"layerId\":\"a5c93c96-5038-49e1-acca-2e876257c059\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Event Generating Firewalls\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"dc473cf3-3ff8-4c71-b465-1e9b819ddd94\",\"w\":24,\"x\":0,\"y\":14},\"panelIndex\":\"dc473cf3-3ff8-4c71-b465-1e9b819ddd94\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5c93c96-5038-49e1-acca-2e876257c059\":{\"columnOrder\":[\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"915adad5-4455-40d4-a9cd-0702da79189c\"],\"columns\":{\"63e483b4-0ce2-4f05-92a2-8e699650d64c\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Domains\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"dns.question.name\"},\"915adad5-4455-40d4-a9cd-0702da79189c\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"915adad5-4455-40d4-a9cd-0702da79189c\",\"isTransposed\":false},{\"columnId\":\"63e483b4-0ce2-4f05-92a2-8e699650d64c\",\"isTransposed\":false}],\"layerId\":\"a5c93c96-5038-49e1-acca-2e876257c059\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Domains\"},{\"version\":\"7.16.0\",\"type\":\"search\",\"gridData\":{\"h\":18,\"i\":\"49811546-e0b1-4814-82fe-e99715c85069\",\"w\":48,\"x\":0,\"y\":29},\"panelIndex\":\"49811546-e0b1-4814-82fe-e99715c85069\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_49811546-e0b1-4814-82fe-e99715c85069\"}]","timeRestore":false,"title":"[Logs Azure] Firewall DNS Proxy Log","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"azure-cad82b40-f251-11ec-a5a8-bf965bcd5646","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"logs-*","name":"7cbe886c-4cc4-4fec-beff-7336b0965067:control_7cbe886c-4cc4-4fec-beff-7336b0965067_0_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7cbe886c-4cc4-4fec-beff-7336b0965067:control_7cbe886c-4cc4-4fec-beff-7336b0965067_1_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"8f1313ba-331f-478a-aa30-ea8e2845f86c:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"8f1313ba-331f-478a-aa30-ea8e2845f86c:indexpattern-datasource-layer-8fee795f-a453-4cfa-a819-be091462e0ee","type":"index-pattern"},{"id":"logs-*","name":"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"b0b8c30c-2096-49ee-95b3-9adbf27808e5:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"b0b8c30c-2096-49ee-95b3-9adbf27808e5:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"e0be3094-1544-4c59-858c-05320b57c3a7:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"e0be3094-1544-4c59-858c-05320b57c3a7:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"2c2c4900-3223-4061-aba7-6c7274441654:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"2c2c4900-3223-4061-aba7-6c7274441654:indexpattern-datasource-layer-8fee795f-a453-4cfa-a819-be091462e0ee","type":"index-pattern"},{"id":"logs-*","name":"673dd2b3-e271-4ad9-9b86-83e4e1070647:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"673dd2b3-e271-4ad9-9b86-83e4e1070647:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a","type":"index-pattern"},{"id":"logs-*","name":"9609e04b-0043-4b3a-a31b-a2461c1e3dcb:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"9609e04b-0043-4b3a-a31b-a2461c1e3dcb:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059","type":"index-pattern"},{"id":"logs-*","name":"ce8caf3c-c830-4500-a4bf-66a9f354cd49:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"ce8caf3c-c830-4500-a4bf-66a9f354cd49:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059","type":"index-pattern"},{"id":"logs-*","name":"dc473cf3-3ff8-4c71-b465-1e9b819ddd94:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logs-*","name":"dc473cf3-3ff8-4c71-b465-1e9b819ddd94:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059","type":"index-pattern"},{"id":"azure-3d1466b0-f252-11ec-a5a8-bf965bcd5646","name":"49811546-e0b1-4814-82fe-e99715c85069:panel_49811546-e0b1-4814-82fe-e99715c85069","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-azure-default","name":"tag-ref-fleet-pkg-azure-default","type":"tag"}],"sort":[1688996741503,6781],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1OTYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RADIUS - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RADIUS - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"b0456970-6e1f-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"75545310-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,6783],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1OTcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DNP3 - IIN","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DNP3 - IIN\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"dnp3.iin: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dnp3.iin\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IIN\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"f991b6d0-75b8-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,6785],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1OTgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:dnp3\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"728d0151-5dc6-429d-9b14-b457ab73d3fd\"},\"panelIndex\":\"728d0151-5dc6-429d-9b14-b457ab73d3fd\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_728d0151-5dc6-429d-9b14-b457ab73d3fd\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":13,\"y\":0,\"w\":15,\"h\":8,\"i\":\"1b99097d-a957-4163-9810-263a0e653c18\"},\"panelIndex\":\"1b99097d-a957-4163-9810-263a0e653c18\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1b99097d-a957-4163-9810-263a0e653c18\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":20,\"h\":8,\"i\":\"43bb3cf4-ee4a-4eba-8eea-8e133957fd48\"},\"panelIndex\":\"43bb3cf4-ee4a-4eba-8eea-8e133957fd48\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_43bb3cf4-ee4a-4eba-8eea-8e133957fd48\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":8,\"w\":8,\"h\":19,\"i\":\"87f23747-38c9-4d15-a85b-8beff66abaf4\"},\"panelIndex\":\"87f23747-38c9-4d15-a85b-8beff66abaf4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_87f23747-38c9-4d15-a85b-8beff66abaf4\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":8,\"y\":8,\"w\":8,\"h\":19,\"i\":\"d10ae5ac-6400-4a2c-a376-e6e74ed529ad\"},\"panelIndex\":\"d10ae5ac-6400-4a2c-a376-e6e74ed529ad\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_d10ae5ac-6400-4a2c-a376-e6e74ed529ad\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":16,\"y\":8,\"w\":12,\"h\":19,\"i\":\"a9916c8f-c82b-413d-8561-64ce0d68d3b8\"},\"panelIndex\":\"a9916c8f-c82b-413d-8561-64ce0d68d3b8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a9916c8f-c82b-413d-8561-64ce0d68d3b8\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":19,\"i\":\"04426d00-3313-40eb-a0c9-2541a7ea99f3\"},\"panelIndex\":\"04426d00-3313-40eb-a0c9-2541a7ea99f3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_04426d00-3313-40eb-a0c9-2541a7ea99f3\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":28,\"i\":\"f36f0fec-ab1e-4aea-84ea-4cf0fedcfffc\"},\"panelIndex\":\"f36f0fec-ab1e-4aea-84ea-4cf0fedcfffc\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f36f0fec-ab1e-4aea-84ea-4cf0fedcfffc\"}]","timeRestore":false,"title":"Security Onion - DNP3","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"b1f52180-755a-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"728d0151-5dc6-429d-9b14-b457ab73d3fd:panel_728d0151-5dc6-429d-9b14-b457ab73d3fd","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"1b99097d-a957-4163-9810-263a0e653c18:panel_1b99097d-a957-4163-9810-263a0e653c18","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"43bb3cf4-ee4a-4eba-8eea-8e133957fd48:panel_43bb3cf4-ee4a-4eba-8eea-8e133957fd48","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"87f23747-38c9-4d15-a85b-8beff66abaf4:panel_87f23747-38c9-4d15-a85b-8beff66abaf4","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"d10ae5ac-6400-4a2c-a376-e6e74ed529ad:panel_d10ae5ac-6400-4a2c-a376-e6e74ed529ad","type":"visualization"},{"id":"f991b6d0-75b8-11ea-9565-7315f4ee5cac","name":"a9916c8f-c82b-413d-8561-64ce0d68d3b8:panel_a9916c8f-c82b-413d-8561-64ce0d68d3b8","type":"visualization"},{"id":"214793c0-75b9-11ea-9565-7315f4ee5cac","name":"04426d00-3313-40eb-a0c9-2541a7ea99f3:panel_04426d00-3313-40eb-a0c9-2541a7ea99f3","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"f36f0fec-ab1e-4aea-84ea-4cf0fedcfffc:panel_f36f0fec-ab1e-4aea-84ea-4cf0fedcfffc","type":"search"}],"sort":[1688996741503,6794],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ1OTksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RFB - Authentication Method","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - RFB - Authentication Method\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rfb.authentication.method.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rfb.authentication.method.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Method\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"b2053990-75c7-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,6796],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2MDAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:kerberos\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":9,\"i\":\"caa0aaa2-ed03-47b4-9a9f-c0f9b8d50da9\"},\"panelIndex\":\"caa0aaa2-ed03-47b4-9a9f-c0f9b8d50da9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_caa0aaa2-ed03-47b4-9a9f-c0f9b8d50da9\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":14,\"y\":0,\"w\":15,\"h\":9,\"i\":\"e0e4a50d-887b-472b-a790-302966fb6f49\"},\"panelIndex\":\"e0e4a50d-887b-472b-a790-302966fb6f49\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e0e4a50d-887b-472b-a790-302966fb6f49\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":9,\"i\":\"5cca2c4b-7299-4122-a3d5-3637ef23dc5d\"},\"panelIndex\":\"5cca2c4b-7299-4122-a3d5-3637ef23dc5d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5cca2c4b-7299-4122-a3d5-3637ef23dc5d\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":10,\"h\":19,\"i\":\"aa944a94-288e-490f-9e04-f5b3bc2cf19f\"},\"panelIndex\":\"aa944a94-288e-490f-9e04-f5b3bc2cf19f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_aa944a94-288e-490f-9e04-f5b3bc2cf19f\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":10,\"y\":9,\"w\":10,\"h\":19,\"i\":\"ebc359a7-3dce-4e7d-bd70-355cc8099437\"},\"panelIndex\":\"ebc359a7-3dce-4e7d-bd70-355cc8099437\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_ebc359a7-3dce-4e7d-bd70-355cc8099437\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":20,\"y\":9,\"w\":11,\"h\":19,\"i\":\"251dacac-b4c5-481a-9e41-8173e9bc27ab\"},\"panelIndex\":\"251dacac-b4c5-481a-9e41-8173e9bc27ab\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_251dacac-b4c5-481a-9e41-8173e9bc27ab\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":31,\"y\":9,\"w\":7,\"h\":19,\"i\":\"1a78a61c-7b0a-425f-ade8-bcbb302a2585\"},\"panelIndex\":\"1a78a61c-7b0a-425f-ade8-bcbb302a2585\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1a78a61c-7b0a-425f-ade8-bcbb302a2585\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":38,\"y\":9,\"w\":10,\"h\":19,\"i\":\"eba2e210-8b36-41a7-8ac5-7d63cfc022e1\"},\"panelIndex\":\"eba2e210-8b36-41a7-8ac5-7d63cfc022e1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_eba2e210-8b36-41a7-8ac5-7d63cfc022e1\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":28,\"w\":48,\"h\":29,\"i\":\"13a216e9-1e56-4069-a61a-238ff604a18b\"},\"panelIndex\":\"13a216e9-1e56-4069-a61a-238ff604a18b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_13a216e9-1e56-4069-a61a-238ff604a18b\"}]","timeRestore":false,"title":"Security Onion - Kerberos","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"b207ab90-75bc-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"caa0aaa2-ed03-47b4-9a9f-c0f9b8d50da9:panel_caa0aaa2-ed03-47b4-9a9f-c0f9b8d50da9","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"e0e4a50d-887b-472b-a790-302966fb6f49:panel_e0e4a50d-887b-472b-a790-302966fb6f49","type":"visualization"},{"id":"c879ad60-72a1-11ea-8dd2-9d8795a1200b","name":"5cca2c4b-7299-4122-a3d5-3637ef23dc5d:panel_5cca2c4b-7299-4122-a3d5-3637ef23dc5d","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"aa944a94-288e-490f-9e04-f5b3bc2cf19f:panel_aa944a94-288e-490f-9e04-f5b3bc2cf19f","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"ebc359a7-3dce-4e7d-bd70-355cc8099437:panel_ebc359a7-3dce-4e7d-bd70-355cc8099437","type":"visualization"},{"id":"0ecc7310-75bd-11ea-9565-7315f4ee5cac","name":"251dacac-b4c5-481a-9e41-8173e9bc27ab:panel_251dacac-b4c5-481a-9e41-8173e9bc27ab","type":"visualization"},{"id":"2d73e460-75bd-11ea-9565-7315f4ee5cac","name":"1a78a61c-7b0a-425f-ade8-bcbb302a2585:panel_1a78a61c-7b0a-425f-ade8-bcbb302a2585","type":"visualization"},{"id":"48331f00-75bd-11ea-9565-7315f4ee5cac","name":"eba2e210-8b36-41a7-8ac5-7d63cfc022e1:panel_eba2e210-8b36-41a7-8ac5-7d63cfc022e1","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"13a216e9-1e56-4069-a61a-238ff604a18b:panel_13a216e9-1e56-4069-a61a-238ff604a18b","type":"search"}],"sort":[1688996741503,6806],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2MDEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Kerberos - Success Status (Donut Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Kerberos - Success Status (Donut Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"kerberos_success.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"b31231c0-35bb-11e7-b9ee-834112670159","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,6808],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2MDIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RADIUS - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RADIUS - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"b48442b0-3808-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"75545310-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,6810],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2MDMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Responder Bytes","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Connections - Responder Bytes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"respond_bytes\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Responder Bytes\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"b50912f0-366f-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,6812],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2MDQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Tunnels - Type","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Tunnels - Type\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tunnel.type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Type\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"b6120810-75ef-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,6814],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2MDUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Source - Responder Bytes ( Tile Map)","uiStateJSON":"{\"mapZoom\":3,\"mapCenter\":[39.70718665682654,-44.912109375]}","version":1,"visState":"{\"title\":\"Connections - Source - Responder Bytes ( Tile Map)\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":0,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"respond_bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.location\",\"autoPrecision\":true,\"useGeocentroid\":true,\"precision\":2}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"f3bc9fa0-46cb-11e7-946f-1bfb1be7c36b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,6816],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2MDYsMV0="}
+{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.3.0\",\"gridData\":{\"w\":8,\"h\":44,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.3.0\",\"gridData\":{\"w\":40,\"h\":40,\"x\":8,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[24.84656534821976,0.17578125],\"mapZoom\":2,\"enhancements\":{}},\"panelRefName\":\"panel_1\"}]","timeRestore":false,"title":"Connections - Source - Responder Bytes","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"b65775e0-46cb-11e7-946f-1bfb1be7c36b","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"f3bc9fa0-46cb-11e7-946f-1bfb1be7c36b","name":"panel_1","type":"visualization"}],"sort":[1688996741503,6819],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2MDcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SSL - Validation Status","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - SSL - Validation Status\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ssl.validation_status.keyword: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ssl.validation_status.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Status\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"b8371250-75ec-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,6821],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2MDgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:radius\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":9,\"i\":\"005ac000-9db8-4310-97d5-4574cdaf0e49\"},\"panelIndex\":\"005ac000-9db8-4310-97d5-4574cdaf0e49\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_005ac000-9db8-4310-97d5-4574cdaf0e49\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":13,\"y\":0,\"w\":17,\"h\":9,\"i\":\"a65d1358-9fa9-4457-8a46-5790a748d1fa\"},\"panelIndex\":\"a65d1358-9fa9-4457-8a46-5790a748d1fa\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a65d1358-9fa9-4457-8a46-5790a748d1fa\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":9,\"i\":\"d38d991e-53e4-4b71-8e3f-c0d4b0d454da\"},\"panelIndex\":\"d38d991e-53e4-4b71-8e3f-c0d4b0d454da\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_d38d991e-53e4-4b71-8e3f-c0d4b0d454da\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":8,\"h\":19,\"i\":\"9304c1a2-e55f-4f51-bd04-d15892b754a4\"},\"panelIndex\":\"9304c1a2-e55f-4f51-bd04-d15892b754a4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9304c1a2-e55f-4f51-bd04-d15892b754a4\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":8,\"y\":9,\"w\":8,\"h\":19,\"i\":\"7075ea4f-e935-470c-9329-9a0b15202385\"},\"panelIndex\":\"7075ea4f-e935-470c-9329-9a0b15202385\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7075ea4f-e935-470c-9329-9a0b15202385\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":16,\"y\":9,\"w\":8,\"h\":19,\"i\":\"91a90e9d-71f7-484c-a561-6aef6a3b8f09\"},\"panelIndex\":\"91a90e9d-71f7-484c-a561-6aef6a3b8f09\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_91a90e9d-71f7-484c-a561-6aef6a3b8f09\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":9,\"w\":9,\"h\":19,\"i\":\"9058f9ee-39d1-4e2b-a99b-ed4c2fb26efd\"},\"panelIndex\":\"9058f9ee-39d1-4e2b-a99b-ed4c2fb26efd\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9058f9ee-39d1-4e2b-a99b-ed4c2fb26efd\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":33,\"y\":9,\"w\":15,\"h\":19,\"i\":\"766f8f9b-3f31-47d8-9734-442fc1fcff84\"},\"panelIndex\":\"766f8f9b-3f31-47d8-9734-442fc1fcff84\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_766f8f9b-3f31-47d8-9734-442fc1fcff84\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":28,\"w\":48,\"h\":29,\"i\":\"49fd1168-f7ab-4759-a92c-f2699389678e\"},\"panelIndex\":\"49fd1168-f7ab-4759-a92c-f2699389678e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_49fd1168-f7ab-4759-a92c-f2699389678e\"}]","timeRestore":false,"title":"Security Onion - RADIUS","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"b9769e60-75c4-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"005ac000-9db8-4310-97d5-4574cdaf0e49:panel_005ac000-9db8-4310-97d5-4574cdaf0e49","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"a65d1358-9fa9-4457-8a46-5790a748d1fa:panel_a65d1358-9fa9-4457-8a46-5790a748d1fa","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"d38d991e-53e4-4b71-8e3f-c0d4b0d454da:panel_d38d991e-53e4-4b71-8e3f-c0d4b0d454da","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"9304c1a2-e55f-4f51-bd04-d15892b754a4:panel_9304c1a2-e55f-4f51-bd04-d15892b754a4","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"7075ea4f-e935-470c-9329-9a0b15202385:panel_7075ea4f-e935-470c-9329-9a0b15202385","type":"visualization"},{"id":"767c89f0-af4c-11ea-b262-353d451b125b","name":"91a90e9d-71f7-484c-a561-6aef6a3b8f09:panel_91a90e9d-71f7-484c-a561-6aef6a3b8f09","type":"visualization"},{"id":"0ca071b0-75c5-11ea-9565-7315f4ee5cac","name":"9058f9ee-39d1-4e2b-a99b-ed4c2fb26efd:panel_9058f9ee-39d1-4e2b-a99b-ed4c2fb26efd","type":"visualization"},{"id":"27ab8260-75c5-11ea-9565-7315f4ee5cac","name":"766f8f9b-3f31-47d8-9734-442fc1fcff84:panel_766f8f9b-3f31-47d8-9734-442fc1fcff84","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"49fd1168-f7ab-4759-a92c-f2699389678e:panel_49fd1168-f7ab-4759-a92c-f2699389678e","type":"search"}],"sort":[1688996741503,6831],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2MDksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Intel - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Intel - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"ba2d3b10-399b-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,6833],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2MTAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NIDS Alerts - Severity (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"NIDS Alerts - Severity (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"priority.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Priority\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"ba60bcf0-3af5-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,6835],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2MTEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Kerberos - Renewable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Kerberos - Renewable\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"renewable.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Renewable\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"bb748470-6e1a-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,6837],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2MTIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RFB - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"bbbe5a80-6e21-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,6839],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2MTMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Connections - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Connections - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"bc7fbe00-4a44-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,6841],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2MTQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DNP3 - Function Reply","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNP3 - Function Reply\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"fc_reply.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Reply\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"bd5435f0-4a4d-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c2587840-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,6843],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2MTUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"RDP - Keyboard Layout (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"RDP - Keyboard Layout (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"keyboard_layout.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Keyboard Layout\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"be7637c0-371c-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,6845],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2MTYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Authentication Method","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RFB - Authentication Method\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"authentication_method.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Authentication Method\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"bf47f4c0-371e-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,6847],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2MTcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Autoruns - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Autoruns - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 seconds\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"bf5ab2d0-6d6b-11e7-ad64-15aa071374a6","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"dd700830-6d69-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688996741503,6849],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2MTgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.module:osquery*\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":7,\"h\":7,\"i\":\"7f9eaa30-b358-4027-a312-249defe273c4\"},\"panelIndex\":\"7f9eaa30-b358-4027-a312-249defe273c4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7f9eaa30-b358-4027-a312-249defe273c4\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":7,\"y\":0,\"w\":17,\"h\":7,\"i\":\"ca041a33-b29f-4ce6-8762-2dd86a9c27a2\"},\"panelIndex\":\"ca041a33-b29f-4ce6-8762-2dd86a9c27a2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_ca041a33-b29f-4ce6-8762-2dd86a9c27a2\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":7,\"i\":\"4e6cdaec-ad6d-46b2-abdc-7383382635c7\"},\"panelIndex\":\"4e6cdaec-ad6d-46b2-abdc-7383382635c7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4e6cdaec-ad6d-46b2-abdc-7383382635c7\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":7,\"w\":48,\"h\":16,\"i\":\"fae63e28-6a3c-4641-94fd-e5b033ac55b9\"},\"panelIndex\":\"fae63e28-6a3c-4641-94fd-e5b033ac55b9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_fae63e28-6a3c-4641-94fd-e5b033ac55b9\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":23,\"w\":48,\"h\":32,\"i\":\"ef13ab09-220a-443f-a703-c88af6a2026f\"},\"panelIndex\":\"ef13ab09-220a-443f-a703-c88af6a2026f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_ef13ab09-220a-443f-a703-c88af6a2026f\"}]","timeRestore":false,"title":"Security Onion - Osquery","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T16:53:33.699Z","id":"bf7cf8d0-7732-11ea-bee5-af7f7c7b8e05","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"df50eba0-6ec0-11ea-9266-1fd14ca6af34","name":"7f9eaa30-b358-4027-a312-249defe273c4:panel_7f9eaa30-b358-4027-a312-249defe273c4","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"ca041a33-b29f-4ce6-8762-2dd86a9c27a2:panel_ca041a33-b29f-4ce6-8762-2dd86a9c27a2","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"4e6cdaec-ad6d-46b2-abdc-7383382635c7:panel_4e6cdaec-ad6d-46b2-abdc-7383382635c7","type":"visualization"},{"id":"ab47a590-afcc-11ea-b262-353d451b125b","name":"fae63e28-6a3c-4641-94fd-e5b033ac55b9:panel_fae63e28-6a3c-4641-94fd-e5b033ac55b9","type":"visualization"},{"id":"ab2d93d0-1f36-11ee-8fae-052318508911","name":"ef13ab09-220a-443f-a703-c88af6a2026f:panel_ef13ab09-220a-443f-a703-c88af6a2026f","type":"search"}],"sort":[1689008013699,9783],"type":"dashboard","updated_at":"2023-07-10T16:53:33.699Z","version":"WzY4MzksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"IRC - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"IRC - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"bf959cb0-35b7-11e7-a994-c528746bc6e8","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"344c6010-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,6857],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2MjAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Bro - Notice - Message/Sub-Message","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Bro - Notice - Message/Sub-Message\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"msg.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Message\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sub_msg.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Sub-Message\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"bfeb6210-7bb9-11e7-90ec-cdd3dff73b38","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,6859],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2MjEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Top 50 - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Top 50 - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"c0de57b0-4948-11e8-9576-313be7c6b44b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,6861],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2MjIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NTLM - Server NetBIOS Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NTLM - Server NetBIOS Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server_nb_computer_name.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server NetBIOS Name\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"c23ea470-0edc-11e9-9846-59f545e7293f","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688996741503,6863],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2MjMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Authentication Method (Horizontal Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"RFB - Authentication Method (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"authentication_method.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Method\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"c24191f0-6e22-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,6865],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2MjQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_ssl AND _exists_:server_name_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"SSL - Certificate Server Name Frequency Analysis","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSL - Certificate Server Name Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"server_name_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server_name.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Server Name\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"c2e54c20-6f0b-11e7-9d31-23c0596994a7","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,6867],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2MjUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Connections - Protocol (Bar Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Connections - Protocol (Bar Chart)\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100,\"filter\":true},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Protocol\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\",\"circlesRadius\":1}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"protocol.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Protocol\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"c3152010-3673-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,6869],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2MjYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Firewall - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Firewall - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"c3a06740-6d75-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"37c16940-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688996741503,6871],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2MjcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - TLS (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SMTP - TLS (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tls.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"c3bb32c0-39a2-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,6873],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2MjgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - MySQL - Success","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - MySQL - Success\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"mysql.success\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"ec40c5e0-75c0-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,6875],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2MjksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:mysql\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":9,\"i\":\"b08e3120-b482-4817-b3e9-f521f5acd8f2\"},\"panelIndex\":\"b08e3120-b482-4817-b3e9-f521f5acd8f2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b08e3120-b482-4817-b3e9-f521f5acd8f2\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":13,\"y\":0,\"w\":16,\"h\":9,\"i\":\"e23b2681-5eae-4de6-8933-ba755508ec5b\"},\"panelIndex\":\"e23b2681-5eae-4de6-8933-ba755508ec5b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e23b2681-5eae-4de6-8933-ba755508ec5b\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":9,\"i\":\"53e06ed2-d64f-46dc-b864-5b884a8c53dc\"},\"panelIndex\":\"53e06ed2-d64f-46dc-b864-5b884a8c53dc\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_53e06ed2-d64f-46dc-b864-5b884a8c53dc\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":9,\"h\":18,\"i\":\"2bfa498b-d0a8-48ee-9a47-bcf288127d2a\"},\"panelIndex\":\"2bfa498b-d0a8-48ee-9a47-bcf288127d2a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2bfa498b-d0a8-48ee-9a47-bcf288127d2a\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":9,\"w\":9,\"h\":18,\"i\":\"e6a27aaf-ef8d-41a3-aebc-9c26ab2dc189\"},\"panelIndex\":\"e6a27aaf-ef8d-41a3-aebc-9c26ab2dc189\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e6a27aaf-ef8d-41a3-aebc-9c26ab2dc189\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":18,\"y\":9,\"w\":15,\"h\":18,\"i\":\"e2f6f286-c4ba-4642-b650-366aca2c3d2d\"},\"panelIndex\":\"e2f6f286-c4ba-4642-b650-366aca2c3d2d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e2f6f286-c4ba-4642-b650-366aca2c3d2d\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":33,\"y\":9,\"w\":15,\"h\":18,\"i\":\"f84a5dbd-d99c-4c24-895f-18f1d419af93\"},\"panelIndex\":\"f84a5dbd-d99c-4c24-895f-18f1d419af93\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f84a5dbd-d99c-4c24-895f-18f1d419af93\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":16,\"i\":\"3b2e66eb-aa46-4363-b8ad-efd564b95279\"},\"panelIndex\":\"3b2e66eb-aa46-4363-b8ad-efd564b95279\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3b2e66eb-aa46-4363-b8ad-efd564b95279\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":43,\"w\":48,\"h\":29,\"i\":\"fb7962e7-1108-429e-a623-8ece03931e4a\"},\"panelIndex\":\"fb7962e7-1108-429e-a623-8ece03931e4a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_fb7962e7-1108-429e-a623-8ece03931e4a\"}]","timeRestore":false,"title":"Security Onion - MySQL","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"c3ced6d0-75be-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"b08e3120-b482-4817-b3e9-f521f5acd8f2:panel_b08e3120-b482-4817-b3e9-f521f5acd8f2","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"e23b2681-5eae-4de6-8933-ba755508ec5b:panel_e23b2681-5eae-4de6-8933-ba755508ec5b","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"53e06ed2-d64f-46dc-b864-5b884a8c53dc:panel_53e06ed2-d64f-46dc-b864-5b884a8c53dc","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"2bfa498b-d0a8-48ee-9a47-bcf288127d2a:panel_2bfa498b-d0a8-48ee-9a47-bcf288127d2a","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"e6a27aaf-ef8d-41a3-aebc-9c26ab2dc189:panel_e6a27aaf-ef8d-41a3-aebc-9c26ab2dc189","type":"visualization"},{"id":"ec40c5e0-75c0-11ea-9565-7315f4ee5cac","name":"e2f6f286-c4ba-4642-b650-366aca2c3d2d:panel_e2f6f286-c4ba-4642-b650-366aca2c3d2d","type":"visualization"},{"id":"1f306f60-75c0-11ea-9565-7315f4ee5cac","name":"f84a5dbd-d99c-4c24-895f-18f1d419af93:panel_f84a5dbd-d99c-4c24-895f-18f1d419af93","type":"visualization"},{"id":"3af496e0-75c0-11ea-9565-7315f4ee5cac","name":"3b2e66eb-aa46-4363-b8ad-efd564b95279:panel_3b2e66eb-aa46-4363-b8ad-efd564b95279","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"fb7962e7-1108-429e-a623-8ece03931e4a:panel_fb7962e7-1108-429e-a623-8ece03931e4a","type":"search"}],"sort":[1688996741503,6885],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2MzAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_x509 AND _exists_:issuer_organization_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"X.509 - Certificate Issuer Organization Frequency Analysis","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"X.509 - Certificate Issuer Organization Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"issuer_organization_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"issuer_organization.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Issuer Organization\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"c3f244c0-6f0a-11e7-83d2-adea2f314dc5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,6887],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2MzEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - Subject","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMTP - Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"subject.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"SMTP\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"c47e2a10-39a1-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,6889],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2MzIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"MySQL - Success","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"MySQL - Success\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"mysql_success.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"c48925a0-4a58-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"5d624230-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,6891],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2MzMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"RDP - Result (Horizontal Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"RDP - Result (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"result.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Result\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"c4f37d70-6e20-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,6893],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2MzQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Autoruns - Hostname (Tag Cloud)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Autoruns - Hostname (Tag Cloud)\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":10,\"maxFontSize\":30,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"hostname.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"c5d58f60-6d78-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"dd700830-6d69-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688996741503,6895],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2MzUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - HTTP - Count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - HTTP - Count\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":false},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":40}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"c7484350-6eb1-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9ee33aa0-6eb1-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1688996741503,6897],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2MzYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NIDS - Alerts","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NIDS - Alerts\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"alert.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"c7eed4c0-3649-11e7-bf60-314364dd1cde","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,6899],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2MzcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Zeek - Notice Message","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Zeek - Notice Message\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"notice.message.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"notice.message.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Message\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"c8039090-7a84-11ea-9d13-57f5db13d1ed","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,6901],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2MzgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Intel - Matched","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Intel - Matched\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"matched.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type Matched\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"c8540380-399c-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,6903],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2MzksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RFB - Share Flag","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - RFB - Share Flag\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"rfb.share_flag\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"d5e72b20-75c7-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,6905],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2NDAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RFB - Desktop Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - RFB - Desktop Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rfb.desktop.name.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rfb.desktop.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Desktop Name\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"fe62c910-75c7-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,6907],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2NDEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:rfb\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"f64f888f-f9bb-4be1-ab75-80d2a11303ed\"},\"panelIndex\":\"f64f888f-f9bb-4be1-ab75-80d2a11303ed\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f64f888f-f9bb-4be1-ab75-80d2a11303ed\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":13,\"y\":0,\"w\":17,\"h\":8,\"i\":\"0e12fa96-b29d-4815-ae19-b6e894948597\"},\"panelIndex\":\"0e12fa96-b29d-4815-ae19-b6e894948597\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0e12fa96-b29d-4815-ae19-b6e894948597\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":8,\"i\":\"7c1a7e05-c37b-4f81-b6b6-b30cfa0897e2\"},\"panelIndex\":\"7c1a7e05-c37b-4f81-b6b6-b30cfa0897e2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7c1a7e05-c37b-4f81-b6b6-b30cfa0897e2\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":8,\"w\":9,\"h\":19,\"i\":\"c1bb39f4-4d9f-4154-a131-65e727fc0049\"},\"panelIndex\":\"c1bb39f4-4d9f-4154-a131-65e727fc0049\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_c1bb39f4-4d9f-4154-a131-65e727fc0049\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":8,\"w\":9,\"h\":19,\"i\":\"e51c88d1-a11a-4d5f-b5a7-f6ac79b23054\"},\"panelIndex\":\"e51c88d1-a11a-4d5f-b5a7-f6ac79b23054\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e51c88d1-a11a-4d5f-b5a7-f6ac79b23054\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":18,\"y\":8,\"w\":14,\"h\":19,\"i\":\"b9412112-bc5a-4b16-ba5e-ded11a0e299d\"},\"panelIndex\":\"b9412112-bc5a-4b16-ba5e-ded11a0e299d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b9412112-bc5a-4b16-ba5e-ded11a0e299d\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":32,\"y\":8,\"w\":16,\"h\":19,\"i\":\"edfbec77-b174-40ac-9f11-776da22fe82d\"},\"panelIndex\":\"edfbec77-b174-40ac-9f11-776da22fe82d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_edfbec77-b174-40ac-9f11-776da22fe82d\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":27,\"w\":24,\"h\":15,\"i\":\"d2d1ebcb-83a9-44ca-80f2-2f0fc2abcecf\"},\"panelIndex\":\"d2d1ebcb-83a9-44ca-80f2-2f0fc2abcecf\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_d2d1ebcb-83a9-44ca-80f2-2f0fc2abcecf\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":27,\"w\":12,\"h\":15,\"i\":\"aedad86f-ec5e-4330-bab0-468351eb8355\"},\"panelIndex\":\"aedad86f-ec5e-4330-bab0-468351eb8355\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_aedad86f-ec5e-4330-bab0-468351eb8355\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":27,\"w\":12,\"h\":15,\"i\":\"8092b313-2e40-47e4-96a2-51086f98e53f\"},\"panelIndex\":\"8092b313-2e40-47e4-96a2-51086f98e53f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8092b313-2e40-47e4-96a2-51086f98e53f\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":42,\"w\":48,\"h\":29,\"i\":\"630311aa-6915-4543-a10a-2677f3c2f96a\"},\"panelIndex\":\"630311aa-6915-4543-a10a-2677f3c2f96a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_630311aa-6915-4543-a10a-2677f3c2f96a\"}]","timeRestore":false,"title":"Security Onion - RFB","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"c8b3c360-75c6-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"f64f888f-f9bb-4be1-ab75-80d2a11303ed:panel_f64f888f-f9bb-4be1-ab75-80d2a11303ed","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"0e12fa96-b29d-4815-ae19-b6e894948597:panel_0e12fa96-b29d-4815-ae19-b6e894948597","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"7c1a7e05-c37b-4f81-b6b6-b30cfa0897e2:panel_7c1a7e05-c37b-4f81-b6b6-b30cfa0897e2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"c1bb39f4-4d9f-4154-a131-65e727fc0049:panel_c1bb39f4-4d9f-4154-a131-65e727fc0049","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"e51c88d1-a11a-4d5f-b5a7-f6ac79b23054:panel_e51c88d1-a11a-4d5f-b5a7-f6ac79b23054","type":"visualization"},{"id":"b2053990-75c7-11ea-9565-7315f4ee5cac","name":"b9412112-bc5a-4b16-ba5e-ded11a0e299d:panel_b9412112-bc5a-4b16-ba5e-ded11a0e299d","type":"visualization"},{"id":"d5e72b20-75c7-11ea-9565-7315f4ee5cac","name":"edfbec77-b174-40ac-9f11-776da22fe82d:panel_edfbec77-b174-40ac-9f11-776da22fe82d","type":"visualization"},{"id":"fe62c910-75c7-11ea-9565-7315f4ee5cac","name":"d2d1ebcb-83a9-44ca-80f2-2f0fc2abcecf:panel_d2d1ebcb-83a9-44ca-80f2-2f0fc2abcecf","type":"visualization"},{"id":"5dcf09e0-75c8-11ea-9565-7315f4ee5cac","name":"aedad86f-ec5e-4330-bab0-468351eb8355:panel_aedad86f-ec5e-4330-bab0-468351eb8355","type":"visualization"},{"id":"316e90a0-75c8-11ea-9565-7315f4ee5cac","name":"8092b313-2e40-47e4-96a2-51086f98e53f:panel_8092b313-2e40-47e4-96a2-51086f98e53f","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"630311aa-6915-4543-a10a-2677f3c2f96a:panel_630311aa-6915-4543-a10a-2677f3c2f96a","type":"search"}],"sort":[1688996741503,6919],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2NDIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Connection Count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Connection Count\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":40}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"c94e2aa0-6e9f-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1688996741503,6921],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2NDMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:tunnel\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"19aef080-5875-4182-81a8-2a6639c75489\"},\"panelIndex\":\"19aef080-5875-4182-81a8-2a6639c75489\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_19aef080-5875-4182-81a8-2a6639c75489\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":13,\"y\":0,\"w\":16,\"h\":8,\"i\":\"70939be7-5bb9-4d13-ab89-683b3eda7a98\"},\"panelIndex\":\"70939be7-5bb9-4d13-ab89-683b3eda7a98\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_70939be7-5bb9-4d13-ab89-683b3eda7a98\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":8,\"i\":\"21848a06-ca96-4869-b069-7524caf3ae06\"},\"panelIndex\":\"21848a06-ca96-4869-b069-7524caf3ae06\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_21848a06-ca96-4869-b069-7524caf3ae06\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":8,\"w\":10,\"h\":19,\"i\":\"8020a914-8f9f-4bd6-be32-1c6afa27f9e4\"},\"panelIndex\":\"8020a914-8f9f-4bd6-be32-1c6afa27f9e4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8020a914-8f9f-4bd6-be32-1c6afa27f9e4\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":10,\"y\":8,\"w\":10,\"h\":19,\"i\":\"9f72f316-c3a2-4658-8d03-932fa590e216\"},\"panelIndex\":\"9f72f316-c3a2-4658-8d03-932fa590e216\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9f72f316-c3a2-4658-8d03-932fa590e216\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":20,\"y\":8,\"w\":9,\"h\":19,\"i\":\"fa1bc43a-2be3-4699-97af-677bded82273\"},\"panelIndex\":\"fa1bc43a-2be3-4699-97af-677bded82273\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_fa1bc43a-2be3-4699-97af-677bded82273\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":29,\"y\":8,\"w\":19,\"h\":19,\"i\":\"7c522eab-36bc-4933-abea-29a4c4a4f918\"},\"panelIndex\":\"7c522eab-36bc-4933-abea-29a4c4a4f918\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7c522eab-36bc-4933-abea-29a4c4a4f918\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":29,\"i\":\"b7799f8a-60c5-4629-9acd-9bbe7ebbac2a\"},\"panelIndex\":\"b7799f8a-60c5-4629-9acd-9bbe7ebbac2a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b7799f8a-60c5-4629-9acd-9bbe7ebbac2a\"}]","timeRestore":false,"title":"Security Onion - Tunnels","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"c962dd60-75ed-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"19aef080-5875-4182-81a8-2a6639c75489:panel_19aef080-5875-4182-81a8-2a6639c75489","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"70939be7-5bb9-4d13-ab89-683b3eda7a98:panel_70939be7-5bb9-4d13-ab89-683b3eda7a98","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"21848a06-ca96-4869-b069-7524caf3ae06:panel_21848a06-ca96-4869-b069-7524caf3ae06","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"8020a914-8f9f-4bd6-be32-1c6afa27f9e4:panel_8020a914-8f9f-4bd6-be32-1c6afa27f9e4","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"9f72f316-c3a2-4658-8d03-932fa590e216:panel_9f72f316-c3a2-4658-8d03-932fa590e216","type":"visualization"},{"id":"f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b","name":"fa1bc43a-2be3-4699-97af-677bded82273:panel_fa1bc43a-2be3-4699-97af-677bded82273","type":"visualization"},{"id":"b6120810-75ef-11ea-9565-7315f4ee5cac","name":"7c522eab-36bc-4933-abea-29a4c4a4f918:panel_7c522eab-36bc-4933-abea-29a4c4a4f918","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"b7799f8a-60c5-4629-9acd-9bbe7ebbac2a:panel_b7799f8a-60c5-4629-9acd-9bbe7ebbac2a","type":"search"}],"sort":[1688996741503,6930],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2NDQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Kerberos - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Kerberos - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"c97cd4c0-35ba-11e7-b9ee-834112670159","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,6932],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2NDUsMV0="}
+{"attributes":{"fieldAttrs":"{}","fieldFormatMap":"{}","fields":"[]","name":"logs-osquery_manager.result*","runtimeFieldMap":"{}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"logs-osquery_manager.result*","typeMeta":"{}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"c9d70a3e-6bbc-4544-8b30-4a57521b8c8a","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"sort":[1688996741503,6933],"type":"index-pattern","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2NDYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_dns AND _exists_:parent_domain_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"DNS - Parent Domain Frequency Analysis","uiStateJSON":"{\n  \"vis\": {\n    \"params\": {\n      \"sort\": {\n        \"columnIndex\": null,\n        \"direction\": null\n      }\n    }\n  }\n}","version":1,"visState":"{\"title\":\"DNS - Parent Domain Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"parent_domain_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"highest_registered_domain.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Domain\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"c9f5d3a0-6f05-11e7-b253-211f64f37eda","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,6935],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2NDcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Weird - Summary","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"Weird - Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"name.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"ca3e57d0-4172-11e7-9850-b78558d0ac17","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"e32d0d50-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,6937],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2NDgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Bro - Syslog - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Bro - Syslog - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"ca9ffc10-76b5-11e7-94e1-3d2ec4e57ed9","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"269ca380-76b4-11e7-8c3e-cfcdd8c95d87","name":"search_0","type":"search"}],"sort":[1688996741503,6939],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2NDksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DNP3 - FC Reply","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DNP3 - FC Reply\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"dnp3.fc_reply.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dnp3.fc_reply.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"FC Reply\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"cb29fbe0-75b8-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,6941],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2NTAsMV0="}
+{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"*\",\"language\":\"lucene\"}}"},"optionsJSON":"{\"darkTheme\":true}","panelsJSON":"[{\"version\":\"7.3.0\",\"gridData\":{\"x\":12,\"y\":20,\"w\":24,\"h\":20,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}},\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.3.0\",\"gridData\":{\"x\":12,\"y\":0,\"w\":24,\"h\":20,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.3.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":40,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.3.0\",\"gridData\":{\"x\":0,\"y\":40,\"w\":48,\"h\":24,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_3\"}]","timeRestore":false,"title":"Connections - Top Source IPs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"cb367060-3b04-11e7-a83b-b1b4da7d15f4","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"8261cf00-366e-11e7-8c78-e3086faf385c","name":"panel_0","type":"visualization"},{"id":"28c27f80-3b05-11e7-a83b-b1b4da7d15f4","name":"panel_1","type":"visualization"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_2","type":"visualization"},{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"panel_3","type":"search"}],"sort":[1688996741503,6946],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2NTEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Files - Files By Size (Bytes)","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Files - Files By Size (Bytes)\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"seen_bytes\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Bytes Seen\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"cb3f3850-3585-11e7-8f28-2b291d0f6d86","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"e929e8a0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,6948],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2NTIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DCE/RPC - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"DCE/RPC - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 minutes\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"cbb67b00-3af2-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688996741503,6950],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2NTMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RADIUS - Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"RADIUS - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"ccb3e270-363f-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"75545310-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,6952],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2NTQsMV0="}
+{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.3.0\",\"gridData\":{\"w\":40,\"h\":40,\"x\":8,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"mapCenter\":[24.846565348219734,0.087890625],\"mapZoom\":2,\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.3.0\",\"gridData\":{\"w\":8,\"h\":44,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"}]","timeRestore":false,"title":"Connections - Destination - Sum of Total Bytes","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"ccfcc540-4638-11e7-a82e-d97152153689","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"1342e630-4632-11e7-9903-85f789353078","name":"panel_0","type":"visualization"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_1","type":"visualization"}],"sort":[1688996741503,6955],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2NTUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastAlert - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastAlert - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"match_body.destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"ce25b750-7dcf-11e7-a1a2-3be6827d22ce","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:elastalert_status*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,6957],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2NTYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DHCP - Domain Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DHCP - Domain Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"domain_name.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Domain Name\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"ce859b40-0edb-11e9-9846-59f545e7293f","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"ac1799d0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,6959],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2NTcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Strelka - File - Entropy","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"Strelka - File - Entropy\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"scan.entropy.entropy\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Entropy\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"ce9e03f0-772c-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,6961],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2NTgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RADIUS - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RADIUS - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"cea78b70-3808-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"75545310-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,6963],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2NTksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SIP - Warning","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SIP - Warning\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"sip.warning.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sip.warning.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Warning\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"cf56b070-75ca-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,6965],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2NjAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FTP - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"FTP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"cf9e5660-367a-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,6967],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2NjEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Autoruns - Launch String","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Autoruns - Launch String\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"launch_string.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Launch String\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"image_path.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Image\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"cfd94590-6d7a-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"dd700830-6d69-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688996741503,6969],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2NjIsMV0="}
+{"attributes":{"columns":[],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"cloudflare.logpull\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.logpull\"}}]}}}],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"version\":true}"},"sort":[],"title":"Discover [Cloudflare]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-cloudflare-default","name":"tag-ref-fleet-pkg-cloudflare-default","type":"tag"}],"sort":[1688996741503,6974],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2NjMsMV0="}
+{"attributes":{"description":"Get a quick overview of the most important metrics from your websites and applications on the Cloudflare network.\n","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}"},"optionsJSON":"{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"1\",\"w\":11,\"x\":1,\"y\":26},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"cloudflare.device_type\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"*\"}}},\"description\":\"\",\"params\":{\"addTooltip\":true,\"distinctColors\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"type\":\"pie\",\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Traffic Type [Cloudflare]\",\"type\":\"pie\",\"uiState\":{\"vis\":{\"legendOpen\":true}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"2\",\"w\":23,\"x\":1,\"y\":31},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"url.full\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":50},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"*\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Top Requested URI [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"3\",\"w\":18,\"x\":29,\"y\":13},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"source.geo.country_name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":50},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"*\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Top Traffic Countries [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"4\",\"w\":12,\"x\":12,\"y\":26},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"http.version\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"*\"}}},\"description\":\"\",\"params\":{\"addTooltip\":true,\"distinctColors\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"type\":\"pie\",\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"HTTP Protocols [Cloudflare]\",\"type\":\"pie\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"5\",\"w\":12,\"x\":35,\"y\":26},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"cloudflare.edge.response.content_type\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"*\"}}},\"description\":\"\",\"params\":{\"addTooltip\":true,\"distinctColors\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"type\":\"pie\",\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Content Type [Cloudflare]\",\"type\":\"pie\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"6\",\"w\":11,\"x\":24,\"y\":26},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"http.request.method\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"*\"}}},\"description\":\"\",\"params\":{\"addTooltip\":true,\"distinctColors\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"type\":\"pie\",\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Request Methods [Cloudflare]\",\"type\":\"pie\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"7\",\"w\":23,\"x\":24,\"y\":31},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"http.request.referrer\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":50},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"*\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Top Referrer [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"8\",\"w\":12,\"x\":1,\"y\":38},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"cloudflare.client.ip_class\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":50},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"*\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Top Traffic Type [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"9\",\"w\":16,\"x\":13,\"y\":38},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"client.ip\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":50},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"source.geo.country_name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":50},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"*\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Top Traffic IPs [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"10\",\"w\":18,\"x\":29,\"y\":38},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"user_agent.original\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":50},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"*\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Top User Agents [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"11\",\"w\":10,\"x\":1,\"y\":9},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"*\"}}},\"description\":\"\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":30,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Total Number of Requests [Cloudflare]\",\"type\":\"metric\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"12\",\"w\":13,\"x\":11,\"y\":9},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Total Bandwidth\",\"field\":\"destination.bytes\"},\"schema\":\"metric\",\"type\":\"sum\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"*\"}}},\"description\":\"\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":30,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Total Bandwidth [Cloudflare]\",\"type\":\"metric\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"13\",\"w\":11,\"x\":24,\"y\":9},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Cached Bandwidth\",\"field\":\"destination.bytes\"},\"schema\":\"metric\",\"type\":\"sum\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"cloudflare.cache.status\",\"negate\":false,\"params\":[\"hit\",\"stale\",\"updating\",\"ignored\",\"revalidated\"],\"type\":\"phrases\",\"value\":\"hit, stale, updating, ignored, revalidated\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"cloudflare.cache.status\":\"hit\"}},{\"match_phrase\":{\"cloudflare.cache.status\":\"stale\"}},{\"match_phrase\":{\"cloudflare.cache.status\":\"updating\"}},{\"match_phrase\":{\"cloudflare.cache.status\":\"ignored\"}},{\"match_phrase\":{\"cloudflare.cache.status\":\"revalidated\"}}]}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":30,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Cached Bandwidth [Cloudflare]\",\"type\":\"metric\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"15\",\"w\":12,\"x\":35,\"y\":9},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"_source\":{\"excludes\":[],\"includes\":[\"source.geo.region_name\",\"cloudflare.client.ip_class\",\"url.path\",\"cloudflare.client.request.protocol\",\"http.request.referrer\",\"url.full\",\"user_agent.original\",\"cloudflare.client.ssl.cipher\",\"cloudflare.client.ssl.protocol\",\"cloudflare.edge.rate_limit.action\",\"cloudflare.edge.response.content_type\",\"cloudflare.origin.response.http.expires\",\"cloudflare.origin.response.http.last_modified\",\"cloudflare.origin.ssl.protocol\",\"user_agent.os.full\",\"user_agent.name\",\"cloudflare.waf.action\",\"cloudflare.waf.flags\",\"cloudflare.waf.matched_var\",\"cloudflare.waf.profile\",\"cloudflare.waf.rule.id\",\"cloudflare.waf.rule.message\",\"cloudflare.worker.status\",\"message\",\"tags\"]},\"docvalue_fields\":[{\"field\":\"@timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"@version\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.response.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.response.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.tiered.fill\",\"format\":\"use_field_mapping\"},{\"field\":\"source.as.number\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_iso_code\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.device_type\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.city_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.continent_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_code2\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_code3\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.dma_code\",\"format\":\"use_field_mapping\"},{\"field\":\"client.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.latitude\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.longitude\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.postal_code\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.region_code\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.timezone\",\"format\":\"use_field_mapping\"},{\"field\":\"http.request.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"url.domain\",\"format\":\"use_field_mapping\"},{\"field\":\"http.request.method\",\"format\":\"use_field_mapping\"},{\"field\":\"client.port\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.colo.id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.end.timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"cloudflare.edge.pathing.op\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.pathing.src\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.pathing.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.rate_limit.id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.request.host\",\"format\":\"use_field_mapping\"},{\"field\":\"destination.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.response.compression_ratio\",\"format\":\"use_field_mapping\"},{\"field\":\"http.response.status_code\",\"format\":\"use_field_mapping\"},{\"field\":\"observer.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"@timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"destination.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"http.response.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.origin.response.status_code\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.origin.response.time\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.parent.ray_id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.ray_id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.security_level\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.build\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.device\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.major\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.minor\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.name\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.os_major\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.os_minor\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.patch\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.cpu_time\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.subrequest\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.subrequest_count\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.zone_id\",\"format\":\"use_field_mapping\"}],\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"size\",\"negate\":false,\"type\":\"custom\",\"value\":\"50\"},\"query\":{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"bic\"}}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"hot\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"hot\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ip\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"captchaFail\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"jschlFail\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"zl\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"us\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"rateLimit\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"filterBasedFirewall\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"filterBasedFirewall\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ctry\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ip\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"terms\":{\"boost\":1,\"cloudflare.edge.pathing.status\":[\"ipr16\",\"ipr24\",\"ip6\",\"ip6r64\",\"ip6r48\",\"ip6r32\"]}}]}}]}},\"size\":50,\"sort\":[{\"_doc\":{\"order\":\"asc\"}}]}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":30,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Threats Stopped [Cloudflare]\",\"type\":\"metric\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"16\",\"w\":7,\"x\":1,\"y\":0},\"panelIndex\":\"16\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"cloudflare.log*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.log*\"}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"![alt text](https://www.cloudflare.com/img/logo-cloudflare-dark.svg)\",\"openLinksInNewTab\":false},\"title\":\"Cloudflare logo [Cloudflare]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"17\",\"w\":39,\"x\":8,\"y\":0},\"panelIndex\":\"17\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"cloudflare.log*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.log*\"}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":16,\"markdown\":\"**Web Traffic Overview**\",\"openLinksInNewTab\":false},\"title\":\"Web Traffic Overview - text [Cloudflare]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"18\",\"w\":46,\"x\":1,\"y\":22},\"panelIndex\":\"18\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":16,\"markdown\":\"**Web Traffic Types -\\nGet insight into the various types of traffic and content**\",\"openLinksInNewTab\":false},\"title\":\"Web Traffic Types - Text [Cloudflare]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"19\",\"w\":46,\"x\":1,\"y\":4},\"panelIndex\":\"19\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"cloudflare.logpull\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.logpull\"}}]}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloudflare.device_type\",\"id\":\"1554899945457\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"Device Type\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"source.geo.country_name\",\"id\":\"1554900041526\",\"indexPatternRefName\":\"control_1_index_pattern\",\"label\":\"Country\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"url.domain\",\"id\":\"1554900064098\",\"indexPatternRefName\":\"control_2_index_pattern\",\"label\":\"Hostname\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"client.ip\",\"id\":\"1554900102344\",\"indexPatternRefName\":\"control_3_index_pattern\",\"label\":\"Client IP\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"user_agent.original\",\"id\":\"1554900136614\",\"indexPatternRefName\":\"control_4_index_pattern\",\"label\":\"User Agent\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"url.full\",\"id\":\"1554900159944\",\"indexPatternRefName\":\"control_5_index_pattern\",\"label\":\"Request URI\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"http.response.status_code\",\"id\":\"1554900185676\",\"indexPatternRefName\":\"control_6_index_pattern\",\"label\":\"Edge Response Status\",\"options\":{\"dynamicOptions\":false,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloudflare.origin.response.status_code\",\"id\":\"1554900211881\",\"indexPatternRefName\":\"control_7_index_pattern\",\"label\":\"Origin Response Status\",\"options\":{\"dynamicOptions\":false,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"destination.ip\",\"id\":\"1556549231725\",\"indexPatternRefName\":\"control_8_index_pattern\",\"label\":\"Origin IP\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloudflare.ray_id\",\"id\":\"1554900244300\",\"indexPatternRefName\":\"control_9_index_pattern\",\"label\":\"RayID\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloudflare.worker.subrequest\",\"id\":\"1554900268999\",\"indexPatternRefName\":\"control_10_index_pattern\",\"label\":\"Worker Subrequest\",\"options\":{\"dynamicOptions\":false,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"http.request.method\",\"id\":\"1554900324235\",\"indexPatternRefName\":\"control_11_index_pattern\",\"label\":\"Client Request Method\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":true,\"updateFiltersOnChange\":true,\"useTimeFilter\":false},\"title\":\"Filters [Cloudflare]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"map\",\"gridData\":{\"h\":9,\"i\":\"bdc0fa59-ea05-4976-983a-70567c1fd2d6\",\"w\":28,\"x\":1,\"y\":13},\"panelIndex\":\"bdc0fa59-ea05-4976-983a-70567c1fd2d6\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"layerListJSON\":\"[{\\\"sourceDescriptor\\\":{\\\"type\\\":\\\"EMS_TMS\\\",\\\"isAutoSelect\\\":true,\\\"lightModeDefault\\\":\\\"road_map_desaturated\\\"},\\\"id\\\":\\\"84e94c8e-19d9-4dfe-8e37-c43c004c3f05\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":1,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"TILE\\\"},\\\"includeInFitToBounds\\\":true,\\\"type\\\":\\\"EMS_VECTOR_TILE\\\"},{\\\"alpha\\\":0.75,\\\"id\\\":\\\"5f05840e-eb7e-45bd-9319-e6746cc4fa49\\\",\\\"includeInFitToBounds\\\":true,\\\"joins\\\":[],\\\"label\\\":\\\"Top Traffic Countries Map [Cloudflare]\\\",\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"sourceDescriptor\\\":{\\\"applyForceRefresh\\\":true,\\\"applyGlobalQuery\\\":true,\\\"applyGlobalTime\\\":true,\\\"geoField\\\":\\\"source.geo.location\\\",\\\"id\\\":\\\"0f8532d1-8c6a-4c1d-900e-8d6eb49112df\\\",\\\"metrics\\\":[{\\\"type\\\":\\\"count\\\"}],\\\"requestType\\\":\\\"point\\\",\\\"resolution\\\":\\\"MOST_FINE\\\",\\\"type\\\":\\\"ES_GEO_GRID\\\",\\\"indexPatternRefName\\\":\\\"layer_1_source_index_pattern\\\"},\\\"style\\\":{\\\"isTimeAware\\\":true,\\\"properties\\\":{\\\"fillColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"Yellow to Red\\\",\\\"colorCategory\\\":\\\"palette_0\\\",\\\"field\\\":{\\\"name\\\":\\\"doc_count\\\",\\\"origin\\\":\\\"source\\\"},\\\"fieldMetaOptions\\\":{\\\"isEnabled\\\":false,\\\"sigma\\\":3},\\\"type\\\":\\\"ORDINAL\\\"},\\\"type\\\":\\\"DYNAMIC\\\"},\\\"icon\\\":{\\\"options\\\":{\\\"value\\\":\\\"marker\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"iconOrientation\\\":{\\\"options\\\":{\\\"orientation\\\":0},\\\"type\\\":\\\"STATIC\\\"},\\\"iconSize\\\":{\\\"options\\\":{\\\"field\\\":{\\\"name\\\":\\\"doc_count\\\",\\\"origin\\\":\\\"source\\\"},\\\"fieldMetaOptions\\\":{\\\"isEnabled\\\":false,\\\"sigma\\\":3},\\\"maxSize\\\":18,\\\"minSize\\\":7},\\\"type\\\":\\\"DYNAMIC\\\"},\\\"labelBorderColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#FFFFFF\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"labelBorderSize\\\":{\\\"options\\\":{\\\"size\\\":\\\"SMALL\\\"}},\\\"labelColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#000000\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"labelSize\\\":{\\\"options\\\":{\\\"size\\\":14},\\\"type\\\":\\\"STATIC\\\"},\\\"labelText\\\":{\\\"options\\\":{\\\"value\\\":\\\"\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"lineColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#3d3d3d\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"lineWidth\\\":{\\\"options\\\":{\\\"size\\\":1},\\\"type\\\":\\\"STATIC\\\"},\\\"symbolizeAs\\\":{\\\"options\\\":{\\\"value\\\":\\\"circle\\\"}}},\\\"type\\\":\\\"VECTOR\\\"},\\\"type\\\":\\\"GEOJSON_VECTOR\\\",\\\"visible\\\":true}]\",\"mapStateJSON\":\"{\\\"zoom\\\":1.78,\\\"center\\\":{\\\"lon\\\":0,\\\"lat\\\":16.40767},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-24h\\\",\\\"to\\\":\\\"now\\\"},\\\"refreshConfig\\\":{\\\"isPaused\\\":true,\\\"interval\\\":0},\\\"query\\\":{\\\"language\\\":\\\"lucene\\\",\\\"query\\\":\\\"*\\\"},\\\"filters\\\":[],\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false,\\\"backgroundColor\\\":\\\"#ffffff\\\",\\\"disableInteractive\\\":false,\\\"disableTooltipControl\\\":false,\\\"hideToolbarOverlay\\\":false,\\\"hideLayerControl\\\":false,\\\"hideViewControl\\\":false,\\\"initialLocation\\\":\\\"LAST_SAVED_LOCATION\\\",\\\"fixedLocation\\\":{\\\"lat\\\":0,\\\"lon\\\":0,\\\"zoom\\\":2},\\\"browserLocation\\\":{\\\"zoom\\\":2},\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"showScaleControl\\\":false,\\\"showSpatialFilters\\\":true,\\\"showTimesliderToggleButton\\\":true,\\\"spatialFiltersAlpa\\\":0.3,\\\"spatialFiltersFillColor\\\":\\\"#DA8B45\\\",\\\"spatialFiltersLineColor\\\":\\\"#DA8B45\\\"}}\",\"references\":[],\"title\":\"Top Traffic Countries Map [Cloudflare]\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[]}\"},\"enhancements\":{},\"hiddenLayers\":[],\"isLayerTOCOpen\":true,\"mapBuffer\":{\"maxLat\":66.51326,\"maxLon\":90,\"minLat\":-66.51326,\"minLon\":-90},\"mapCenter\":{\"lat\":16.40767,\"lon\":0,\"zoom\":1.78},\"openTOCDetails\":[],\"type\":\"map\"}}]","timeRestore":false,"title":"Cloudflare - Snapshot","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"cloudflare-095f3a00-23d6-11e9-ba08-c19298cded24","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"bdc0fa59-ea05-4976-983a-70567c1fd2d6:layer_1_source_index_pattern","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"1:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"2:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"3:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"4:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"5:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"6:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"7:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"8:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"9:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"10:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"11:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"12:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"13:search_0","type":"search"},{"id":"logs-*","name":"13:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"15:search_0","type":"search"},{"id":"logs-*","name":"15:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"16:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"17:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"18:search_0","type":"search"},{"id":"logs-*","name":"19:control_0_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"19:control_1_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"19:control_2_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"19:control_3_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"19:control_4_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"19:control_5_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"19:control_6_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"19:control_7_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"19:control_8_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"19:control_9_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"19:control_10_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"19:control_11_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"19:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-cloudflare-default","name":"tag-ref-fleet-pkg-cloudflare-default","type":"tag"}],"sort":[1688996741503,7010],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2NjQsMV0="}
+{"attributes":{"description":"Get insights on threats to your websites and applications, including number of threats stopped, threats over time, top threat countries, and more.\n","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}"},"optionsJSON":"{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"1\",\"w\":16,\"x\":1,\"y\":9},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"*\"}}},\"description\":\"\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":30,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Total Number of Requests [Cloudflare]\",\"type\":\"metric\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"2\",\"w\":15,\"x\":17,\"y\":9},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"cloudflare.waf.action\",\"negate\":true,\"params\":{\"query\":\"unknown\"},\"type\":\"phrase\",\"value\":\"unknown\"},\"query\":{\"match\":{\"cloudflare.waf.action\":{\"query\":\"unknown\",\"type\":\"phrase\"}}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":30,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"WAF Events Triggered [Cloudflare]\",\"type\":\"metric\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"3\",\"w\":15,\"x\":32,\"y\":9},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"_source\":{\"excludes\":[],\"includes\":[\"source.geo.region_name\",\"cloudflare.client.ip_class\",\"url.path\",\"cloudflare.client.request.protocol\",\"http.request.referrer\",\"url.full\",\"user_agent.original\",\"cloudflare.client.ssl.cipher\",\"cloudflare.client.ssl.protocol\",\"cloudflare.edge.rate_limit.action\",\"cloudflare.edge.response.content_type\",\"cloudflare.origin.response.http.expires\",\"cloudflare.origin.response.http.last_modified\",\"cloudflare.origin.ssl.protocol\",\"user_agent.os.full\",\"user_agent.name\",\"cloudflare.waf.action\",\"cloudflare.waf.flags\",\"cloudflare.waf.matched_var\",\"cloudflare.waf.profile\",\"cloudflare.waf.rule.id\",\"cloudflare.waf.rule.message\",\"cloudflare.worker.status\",\"message\",\"tags\"]},\"docvalue_fields\":[{\"field\":\"@timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"@version\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.response.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.response.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.tiered.fill\",\"format\":\"use_field_mapping\"},{\"field\":\"source.as.number\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_iso_code\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.device_type\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.city_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.continent_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_code2\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_code3\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.dma_code\",\"format\":\"use_field_mapping\"},{\"field\":\"client.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.latitude\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.longitude\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.postal_code\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.region_code\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.timezone\",\"format\":\"use_field_mapping\"},{\"field\":\"http.request.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"url.domain\",\"format\":\"use_field_mapping\"},{\"field\":\"http.request.method\",\"format\":\"use_field_mapping\"},{\"field\":\"client.port\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.colo.id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.end.timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"cloudflare.edge.pathing.op\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.pathing.src\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.pathing.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.rate_limit.id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.request.host\",\"format\":\"use_field_mapping\"},{\"field\":\"destination.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.response.compression_ratio\",\"format\":\"use_field_mapping\"},{\"field\":\"http.response.status_code\",\"format\":\"use_field_mapping\"},{\"field\":\"observer.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"@timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"destination.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"http.response.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.origin.response.status_code\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.origin.response.time\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.parent.ray_id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.ray_id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.security_level\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.build\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.device\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.major\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.minor\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.name\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.os_major\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.os_minor\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.patch\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.cpu_time\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.subrequest\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.subrequest_count\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.zone_id\",\"format\":\"use_field_mapping\"}],\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"size\",\"negate\":false,\"type\":\"custom\",\"value\":\"50\"},\"query\":{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"bic\"}}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"hot\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"hot\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ip\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"captchaFail\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"jschlFail\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"zl\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"us\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"rateLimit\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"filterBasedFirewall\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"filterBasedFirewall\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ctry\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ip\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"terms\":{\"boost\":1,\"cloudflare.edge.pathing.status\":[\"ipr16\",\"ipr24\",\"ip6\",\"ip6r64\",\"ip6r48\",\"ip6r32\"]}}]}}]}},\"size\":50,\"sort\":[{\"_doc\":{\"order\":\"asc\"}}]}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":30,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Threats Stopped [Cloudflare]\",\"type\":\"metric\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"4\",\"w\":16,\"x\":31,\"y\":14},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"client.ip\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"source.geo.country_name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"_source\":{\"excludes\":[],\"includes\":[\"source.geo.region_name\",\"cloudflare.client.ip_class\",\"url.path\",\"cloudflare.client.request.protocol\",\"http.request.referrer\",\"url.full\",\"user_agent.original\",\"cloudflare.client.ssl.cipher\",\"cloudflare.client.ssl.protocol\",\"cloudflare.edge.rate_limit.action\",\"cloudflare.edge.response.content_type\",\"cloudflare.origin.response.http.expires\",\"cloudflare.origin.response.http.last_modified\",\"cloudflare.origin.ssl.protocol\",\"user_agent.os.full\",\"user_agent.name\",\"cloudflare.waf.action\",\"cloudflare.waf.flags\",\"cloudflare.waf.matched_var\",\"cloudflare.waf.profile\",\"cloudflare.waf.rule.id\",\"cloudflare.waf.rule.message\",\"cloudflare.worker.status\",\"message\",\"tags\"]},\"docvalue_fields\":[{\"field\":\"@timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"@version\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.response.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.response.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.tiered.fill\",\"format\":\"use_field_mapping\"},{\"field\":\"source.as.number\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_iso_code\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.device_type\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.city_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.continent_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_code2\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_code3\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.dma_code\",\"format\":\"use_field_mapping\"},{\"field\":\"client.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.latitude\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.longitude\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.postal_code\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.region_code\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.timezone\",\"format\":\"use_field_mapping\"},{\"field\":\"http.request.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"url.domain\",\"format\":\"use_field_mapping\"},{\"field\":\"http.request.method\",\"format\":\"use_field_mapping\"},{\"field\":\"client.port\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.colo.id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.end.timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"cloudflare.edge.pathing.op\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.pathing.src\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.pathing.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.rate_limit.id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.request.host\",\"format\":\"use_field_mapping\"},{\"field\":\"destination.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.response.compression_ratio\",\"format\":\"use_field_mapping\"},{\"field\":\"http.response.status_code\",\"format\":\"use_field_mapping\"},{\"field\":\"observer.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"@timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"destination.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"http.response.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.origin.response.status_code\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.origin.response.time\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.parent.ray_id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.ray_id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.security_level\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.build\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.device\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.major\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.minor\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.name\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.os_major\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.os_minor\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.patch\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.cpu_time\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.subrequest\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.subrequest_count\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.zone_id\",\"format\":\"use_field_mapping\"}],\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"size\",\"negate\":false,\"type\":\"custom\",\"value\":\"50\"},\"query\":{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"bic\"}}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"hot\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"hot\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ip\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"captchaFail\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"jschlFail\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"zl\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"us\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"rateLimit\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"filterBasedFirewall\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"filterBasedFirewall\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ctry\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ip\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"terms\":{\"boost\":1,\"cloudflare.edge.pathing.status\":[\"ipr16\",\"ipr24\",\"ip6\",\"ip6r64\",\"ip6r48\",\"ip6r32\"]}}]}}]}},\"size\":50,\"sort\":[{\"_doc\":{\"order\":\"asc\"}}]}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Top Threat Client IPs [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"6\",\"w\":17,\"x\":30,\"y\":32},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"url.full\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"_source\":{\"excludes\":[],\"includes\":[\"source.geo.region_name\",\"cloudflare.client.ip_class\",\"url.path\",\"http.version\",\"http.request.referrer\",\"url.full\",\"user_agent.original\",\"cloudflare.client.ssl.cipher\",\"cloudflare.client.ssl.protocol\",\"cloudflare.edge.rate_limit.action\",\"cloudflare.edge.response.content_type\",\"cloudflare.origin.response.http.expires\",\"cloudflare.origin.response.http.last_modified\",\"cloudflare.origin.ssl.protocol\",\"user_agent.os.full\",\"user_agent.os.name\",\"cloudflare.waf.action\",\"cloudflare.waf.flags\",\"cloudflare.waf.matched_var\",\"cloudflare.waf.profile\",\"cloudflare.waf.rule.id\",\"cloudflare.waf.rule.message\",\"cloudflare.worker.status\",\"message\",\"tags\"]},\"docvalue_fields\":[{\"field\":\"@timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"@version\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.response.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.response.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.tiered.fill\",\"format\":\"use_field_mapping\"},{\"field\":\"source.as.number\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_iso_code\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.device_type\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.city_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.continent_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_code2\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_code2\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.dma_code\",\"format\":\"use_field_mapping\"},{\"field\":\"client.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.latitude\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.longitude\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.postal_code\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.region_code\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.timezone\",\"format\":\"use_field_mapping\"},{\"field\":\"http.request.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"url.domain\",\"format\":\"use_field_mapping\"},{\"field\":\"http.request.method\",\"format\":\"use_field_mapping\"},{\"field\":\"client.port\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.colo.id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.end.timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"cloudflare.edge.pathing.op\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.pathing.src\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.pathing.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.rate_limit.id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.request.host\",\"format\":\"use_field_mapping\"},{\"field\":\"destination.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.response.compression_ratio\",\"format\":\"use_field_mapping\"},{\"field\":\"http.response.status_code\",\"format\":\"use_field_mapping\"},{\"field\":\"observer.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"@timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"destination.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"http.response.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.origin.response.status_code\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.origin.response.time\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.parent.ray_id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.ray_id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.security_level\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.build\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.device\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.major\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.minor\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.name\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.os_major\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.os_minor\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.patch\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.cpu_time\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.subrequest\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.subrequest_count\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.zone_id\",\"format\":\"use_field_mapping\"}],\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"size\",\"negate\":false,\"type\":\"custom\",\"value\":\"50\"},\"query\":{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"bic\"}}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"hot\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"hot\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ip\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"captchaFail\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"jschlFail\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"zl\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"us\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"rateLimit\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"filterBasedFirewall\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"filterBasedFirewall\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ctry\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ip\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"terms\":{\"boost\":1,\"cloudflare.edge.pathing.status\":[\"ipr16\",\"ipr24\",\"ip6\",\"ip6r64\",\"ip6r48\",\"ip6r32\"]}}]}}]}},\"size\":50,\"sort\":[{\"_doc\":{\"order\":\"asc\"}}]}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Top Threat Target URIs [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"7\",\"w\":29,\"x\":1,\"y\":32},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"user_agent.original\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"_source\":{\"excludes\":[],\"includes\":[\"source.geo.region_name\",\"cloudflare.client.ip_class\",\"url.path\",\"cloudflare.client.request.protocol\",\"http.request.referrer\",\"url.full\",\"user_agent.original\",\"cloudflare.client.ssl.cipher\",\"cloudflare.client.ssl.protocol\",\"cloudflare.edge.rate_limit.action\",\"cloudflare.edge.response.content_type\",\"cloudflare.origin.response.http.expires\",\"cloudflare.origin.response.http.last_modified\",\"cloudflare.origin.ssl.protocol\",\"user_agent.os.full\",\"user_agent.name\",\"cloudflare.waf.action\",\"cloudflare.waf.flags\",\"cloudflare.waf.matched_var\",\"cloudflare.waf.profile\",\"cloudflare.waf.rule.id\",\"cloudflare.waf.rule.message\",\"cloudflare.worker.status\",\"message\",\"tags\"]},\"docvalue_fields\":[{\"field\":\"@timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"@version\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.response.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.response.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.tiered.fill\",\"format\":\"use_field_mapping\"},{\"field\":\"source.as.number\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_iso_code\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.device_type\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.city_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.continent_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_code2\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_code3\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.dma_code\",\"format\":\"use_field_mapping\"},{\"field\":\"client.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.latitude\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.longitude\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.postal_code\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.region_code\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.timezone\",\"format\":\"use_field_mapping\"},{\"field\":\"http.request.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"url.domain\",\"format\":\"use_field_mapping\"},{\"field\":\"http.request.method\",\"format\":\"use_field_mapping\"},{\"field\":\"client.port\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.colo.id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.end.timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"cloudflare.edge.pathing.op\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.pathing.src\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.pathing.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.rate_limit.id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.request.host\",\"format\":\"use_field_mapping\"},{\"field\":\"destination.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.response.compression_ratio\",\"format\":\"use_field_mapping\"},{\"field\":\"http.response.status_code\",\"format\":\"use_field_mapping\"},{\"field\":\"observer.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"@timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"destination.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"http.response.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.origin.response.status_code\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.origin.response.time\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.parent.ray_id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.ray_id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.security_level\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.build\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.device\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.major\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.minor\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.name\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.os_major\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.os_minor\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.patch\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.cpu_time\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.subrequest\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.subrequest_count\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.zone_id\",\"format\":\"use_field_mapping\"}],\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"size\",\"negate\":false,\"type\":\"custom\",\"value\":\"50\"},\"query\":{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"bic\"}}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"hot\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"hot\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ip\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"captchaFail\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"jschlFail\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"zl\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"us\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"rateLimit\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"filterBasedFirewall\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"filterBasedFirewall\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ctry\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ip\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"terms\":{\"boost\":1,\"cloudflare.edge.pathing.status\":[\"ipr16\",\"ipr24\",\"ip6\",\"ip6r64\",\"ip6r48\",\"ip6r32\"]}}]}}]}},\"size\":50,\"sort\":[{\"_doc\":{\"order\":\"asc\"}}]}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Top Threat User Agents [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"8\",\"w\":46,\"x\":1,\"y\":40},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"cloudflare.edge.pathing.src\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":50},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"cloudflare.edge.pathing.op\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":50},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"field\":\"cloudflare.edge.pathing.status\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":50},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"},\"totalFunc\":\"sum\"},\"title\":\"Top Pathing Statuses [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"9\",\"w\":11,\"x\":20,\"y\":14},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"source.geo.country_name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"_source\":{\"excludes\":[],\"includes\":[\"source.geo.region_name\",\"cloudflare.client.ip_class\",\"url.path\",\"cloudflare.client.request.protocol\",\"http.request.referrer\",\"url.full\",\"user_agent.original\",\"cloudflare.client.ssl.cipher\",\"cloudflare.client.ssl.protocol\",\"cloudflare.edge.rate_limit.action\",\"cloudflare.edge.response.content_type\",\"cloudflare.origin.response.http.expires\",\"cloudflare.origin.response.http.last_modified\",\"cloudflare.origin.ssl.protocol\",\"user_agent.os.full\",\"user_agent.name\",\"cloudflare.waf.action\",\"cloudflare.waf.flags\",\"cloudflare.waf.matched_var\",\"cloudflare.waf.profile\",\"cloudflare.waf.rule.id\",\"cloudflare.waf.rule.message\",\"cloudflare.worker.status\",\"message\",\"tags\"]},\"docvalue_fields\":[{\"field\":\"@timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"@version\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.response.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.response.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.tiered.fill\",\"format\":\"use_field_mapping\"},{\"field\":\"source.as.number\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_iso_code\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.device_type\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.city_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.continent_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_code2\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_code3\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.dma_code\",\"format\":\"use_field_mapping\"},{\"field\":\"client.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.latitude\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.longitude\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.postal_code\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.region_code\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.timezone\",\"format\":\"use_field_mapping\"},{\"field\":\"http.request.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"url.domain\",\"format\":\"use_field_mapping\"},{\"field\":\"http.request.method\",\"format\":\"use_field_mapping\"},{\"field\":\"client.port\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.colo.id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.end.timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"cloudflare.edge.pathing.op\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.pathing.src\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.pathing.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.rate_limit.id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.request.host\",\"format\":\"use_field_mapping\"},{\"field\":\"destination.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.response.compression_ratio\",\"format\":\"use_field_mapping\"},{\"field\":\"http.response.status_code\",\"format\":\"use_field_mapping\"},{\"field\":\"observer.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"@timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"destination.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"http.response.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.origin.response.status_code\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.origin.response.time\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.parent.ray_id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.ray_id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.security_level\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.build\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.device\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.major\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.minor\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.name\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.os_major\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.os_minor\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.patch\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.cpu_time\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.subrequest\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.subrequest_count\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.zone_id\",\"format\":\"use_field_mapping\"}],\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"size\",\"negate\":false,\"type\":\"custom\",\"value\":\"50\"},\"query\":{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"bic\"}}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"hot\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"hot\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ip\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"captchaFail\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"jschlFail\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"zl\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"us\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"rateLimit\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"filterBasedFirewall\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"filterBasedFirewall\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ctry\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ip\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"terms\":{\"boost\":1,\"cloudflare.edge.pathing.status\":[\"ipr16\",\"ipr24\",\"ip6\",\"ip6r64\",\"ip6r48\",\"ip6r32\"]}}]}}]}},\"size\":50,\"sort\":[{\"_doc\":{\"order\":\"asc\"}}]}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Top Threat Countries [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"10\",\"w\":29,\"x\":1,\"y\":24},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"timeRange\":{\"from\":\"now-24h\",\"mode\":\"quick\",\"to\":\"now\"},\"useNormalizedEsInterval\":true},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"client.ip\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"group\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"_source\":{\"excludes\":[],\"includes\":[\"source.geo.region_name\",\"cloudflare.client.ip_class\",\"url.path\",\"cloudflare.client.request.protocol\",\"http.request.referrer\",\"url.full\",\"user_agent.original\",\"cloudflare.client.ssl.cipher\",\"cloudflare.client.ssl.protocol\",\"cloudflare.edge.rate_limit.action\",\"cloudflare.edge.response.content_type\",\"cloudflare.origin.response.http.expires\",\"cloudflare.origin.response.http.last_modified\",\"cloudflare.origin.ssl.protocol\",\"user_agent.os.full\",\"user_agent.name\",\"cloudflare.waf.action\",\"cloudflare.waf.flags\",\"cloudflare.waf.matched_var\",\"cloudflare.waf.profile\",\"cloudflare.waf.rule.id\",\"cloudflare.waf.rule.message\",\"cloudflare.worker.status\",\"message\",\"tags\"]},\"docvalue_fields\":[{\"field\":\"@timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"@version\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.response.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.response.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.tiered.fill\",\"format\":\"use_field_mapping\"},{\"field\":\"source.as.number\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_iso_code\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.device_type\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.city_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.continent_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_code2\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_code3\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.dma_code\",\"format\":\"use_field_mapping\"},{\"field\":\"client.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.latitude\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.longitude\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.postal_code\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.region_code\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.timezone\",\"format\":\"use_field_mapping\"},{\"field\":\"http.request.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"url.domain\",\"format\":\"use_field_mapping\"},{\"field\":\"http.request.method\",\"format\":\"use_field_mapping\"},{\"field\":\"client.port\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.colo.id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.end.timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"cloudflare.edge.pathing.op\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.pathing.src\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.pathing.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.rate_limit.id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.request.host\",\"format\":\"use_field_mapping\"},{\"field\":\"destination.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.response.compression_ratio\",\"format\":\"use_field_mapping\"},{\"field\":\"http.response.status_code\",\"format\":\"use_field_mapping\"},{\"field\":\"observer.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"@timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"destination.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"http.response.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.origin.response.status_code\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.origin.response.time\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.parent.ray_id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.ray_id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.security_level\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.build\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.device\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.major\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.minor\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.name\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.os_major\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.os_minor\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.patch\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.cpu_time\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.subrequest\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.subrequest_count\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.zone_id\",\"format\":\"use_field_mapping\"}],\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"size\",\"negate\":false,\"type\":\"custom\",\"value\":\"50\"},\"query\":{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"bic\"}}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"hot\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"hot\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ip\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"captchaFail\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"jschlFail\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"zl\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"us\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"rateLimit\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"filterBasedFirewall\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"filterBasedFirewall\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ctry\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ip\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"terms\":{\"boost\":1,\"cloudflare.edge.pathing.status\":[\"ipr16\",\"ipr24\",\"ip6\",\"ip6r64\",\"ip6r48\",\"ip6r32\"]}}]}}]}},\"size\":50,\"sort\":[{\"_doc\":{\"order\":\"asc\"}}]}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"isVislibVis\":true,\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"legendSize\":\"auto\"},\"title\":\"Threats Over Time [Cloudflare]\",\"type\":\"line\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"11\",\"w\":17,\"x\":30,\"y\":24},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"client.ip\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"_source\":{\"excludes\":[],\"includes\":[\"source.geo.region_name\",\"cloudflare.client.ip_class\",\"url.path\",\"cloudflare.client.request.protocol\",\"http.request.referrer\",\"url.full\",\"user_agent.original\",\"cloudflare.client.ssl.cipher\",\"cloudflare.client.ssl.protocol\",\"cloudflare.edge.rate_limit.action\",\"cloudflare.edge.response.content_type\",\"cloudflare.origin.response.http.expires\",\"cloudflare.origin.response.http.last_modified\",\"cloudflare.origin.ssl.protocol\",\"user_agent.os.full\",\"user_agent.name\",\"cloudflare.waf.action\",\"cloudflare.waf.flags\",\"cloudflare.waf.matched_var\",\"cloudflare.waf.profile\",\"cloudflare.waf.rule.id\",\"cloudflare.waf.rule.message\",\"cloudflare.worker.status\",\"message\",\"tags\"]},\"docvalue_fields\":[{\"field\":\"@timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"@version\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.response.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.response.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.tiered.fill\",\"format\":\"use_field_mapping\"},{\"field\":\"source.as.number\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_iso_code\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.device_type\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.city_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.continent_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_code2\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_code3\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.dma_code\",\"format\":\"use_field_mapping\"},{\"field\":\"client.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.latitude\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.longitude\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.postal_code\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.region_code\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.timezone\",\"format\":\"use_field_mapping\"},{\"field\":\"http.request.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"url.domain\",\"format\":\"use_field_mapping\"},{\"field\":\"http.request.method\",\"format\":\"use_field_mapping\"},{\"field\":\"client.port\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.colo.id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.end.timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"cloudflare.edge.pathing.op\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.pathing.src\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.pathing.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.rate_limit.id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.request.host\",\"format\":\"use_field_mapping\"},{\"field\":\"destination.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.response.compression_ratio\",\"format\":\"use_field_mapping\"},{\"field\":\"http.response.status_code\",\"format\":\"use_field_mapping\"},{\"field\":\"observer.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"@timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"destination.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"http.response.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.origin.response.status_code\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.origin.response.time\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.parent.ray_id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.ray_id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.security_level\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.build\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.device\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.major\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.minor\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.name\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.os_major\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.os_minor\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.patch\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.cpu_time\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.subrequest\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.subrequest_count\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.zone_id\",\"format\":\"use_field_mapping\"}],\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"size\",\"negate\":false,\"type\":\"custom\",\"value\":\"50\"},\"query\":{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"bic\"}}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"hot\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"hot\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ip\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"captchaFail\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"jschlFail\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"zl\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"us\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"rateLimit\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"filterBasedFirewall\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"filterBasedFirewall\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ctry\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ip\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"terms\":{\"boost\":1,\"cloudflare.edge.pathing.status\":[\"ipr16\",\"ipr24\",\"ip6\",\"ip6r64\",\"ip6r48\",\"ip6r32\"]}}]}}]}},\"size\":50,\"sort\":[{\"_doc\":{\"order\":\"asc\"}}]}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Top Threats Stopped [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"13\",\"w\":7,\"x\":1,\"y\":0},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"cloudflare.log*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.log*\"}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"![alt text](https://www.cloudflare.com/img/logo-cloudflare-dark.svg)\",\"openLinksInNewTab\":false},\"title\":\"Cloudflare logo [Cloudflare]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"14\",\"w\":39,\"x\":8,\"y\":0},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"cloudflare.log*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.log*\"}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":16,\"markdown\":\"**Threats - Review threat activity**\",\"openLinksInNewTab\":false},\"title\":\"Threats - Review threat activity - text [Cloudflare]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"15\",\"w\":46,\"x\":1,\"y\":4},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"cloudflare.logpull\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.logpull\"}}]}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloudflare.device_type\",\"id\":\"1554899945457\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"Device Type\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"source.geo.country_name\",\"id\":\"1554900041526\",\"indexPatternRefName\":\"control_1_index_pattern\",\"label\":\"Country\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"url.domain\",\"id\":\"1554900064098\",\"indexPatternRefName\":\"control_2_index_pattern\",\"label\":\"Hostname\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"client.ip\",\"id\":\"1554900102344\",\"indexPatternRefName\":\"control_3_index_pattern\",\"label\":\"Client IP\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"user_agent.original\",\"id\":\"1554900136614\",\"indexPatternRefName\":\"control_4_index_pattern\",\"label\":\"User Agent\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"url.full\",\"id\":\"1554900159944\",\"indexPatternRefName\":\"control_5_index_pattern\",\"label\":\"Request URI\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"http.response.status_code\",\"id\":\"1554900185676\",\"indexPatternRefName\":\"control_6_index_pattern\",\"label\":\"Edge Response Status\",\"options\":{\"dynamicOptions\":false,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloudflare.origin.response.status_code\",\"id\":\"1554900211881\",\"indexPatternRefName\":\"control_7_index_pattern\",\"label\":\"Origin Response Status\",\"options\":{\"dynamicOptions\":false,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"destination.ip\",\"id\":\"1556549231725\",\"indexPatternRefName\":\"control_8_index_pattern\",\"label\":\"Origin IP\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloudflare.ray_id\",\"id\":\"1554900244300\",\"indexPatternRefName\":\"control_9_index_pattern\",\"label\":\"RayID\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloudflare.worker.subrequest\",\"id\":\"1554900268999\",\"indexPatternRefName\":\"control_10_index_pattern\",\"label\":\"Worker Subrequest\",\"options\":{\"dynamicOptions\":false,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"http.request.method\",\"id\":\"1554900324235\",\"indexPatternRefName\":\"control_11_index_pattern\",\"label\":\"Client Request Method\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":true,\"updateFiltersOnChange\":true,\"useTimeFilter\":false},\"title\":\"Filters [Cloudflare]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"map\",\"gridData\":{\"h\":10,\"i\":\"240814e0-fc79-4c27-af94-fa9df006d441\",\"w\":19,\"x\":1,\"y\":14},\"panelIndex\":\"240814e0-fc79-4c27-af94-fa9df006d441\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"layerListJSON\":\"[{\\\"sourceDescriptor\\\":{\\\"type\\\":\\\"EMS_TMS\\\",\\\"isAutoSelect\\\":true,\\\"lightModeDefault\\\":\\\"road_map_desaturated\\\"},\\\"id\\\":\\\"573a3d3e-987d-41b5-a714-2344535c0ca9\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":1,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"TILE\\\"},\\\"includeInFitToBounds\\\":true,\\\"type\\\":\\\"EMS_VECTOR_TILE\\\"},{\\\"alpha\\\":0.75,\\\"id\\\":\\\"4d50c3a6-72f9-46f4-bb21-4d54fe1c9842\\\",\\\"includeInFitToBounds\\\":true,\\\"joins\\\":[],\\\"label\\\":\\\"Top Threat Countries Map [Cloudflare]\\\",\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"sourceDescriptor\\\":{\\\"applyForceRefresh\\\":true,\\\"applyGlobalQuery\\\":true,\\\"applyGlobalTime\\\":true,\\\"geoField\\\":\\\"source.geo.location\\\",\\\"id\\\":\\\"25e907ec-31fb-40fe-9a10-49f002b31bf0\\\",\\\"metrics\\\":[{\\\"type\\\":\\\"count\\\"}],\\\"requestType\\\":\\\"point\\\",\\\"resolution\\\":\\\"MOST_FINE\\\",\\\"type\\\":\\\"ES_GEO_GRID\\\",\\\"indexPatternRefName\\\":\\\"layer_1_source_index_pattern\\\"},\\\"style\\\":{\\\"isTimeAware\\\":true,\\\"properties\\\":{\\\"fillColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"Yellow to Red\\\",\\\"colorCategory\\\":\\\"palette_0\\\",\\\"field\\\":{\\\"name\\\":\\\"doc_count\\\",\\\"origin\\\":\\\"source\\\"},\\\"fieldMetaOptions\\\":{\\\"isEnabled\\\":false,\\\"sigma\\\":3},\\\"type\\\":\\\"ORDINAL\\\"},\\\"type\\\":\\\"DYNAMIC\\\"},\\\"icon\\\":{\\\"options\\\":{\\\"value\\\":\\\"marker\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"iconOrientation\\\":{\\\"options\\\":{\\\"orientation\\\":0},\\\"type\\\":\\\"STATIC\\\"},\\\"iconSize\\\":{\\\"options\\\":{\\\"field\\\":{\\\"name\\\":\\\"doc_count\\\",\\\"origin\\\":\\\"source\\\"},\\\"fieldMetaOptions\\\":{\\\"isEnabled\\\":false,\\\"sigma\\\":3},\\\"maxSize\\\":18,\\\"minSize\\\":7},\\\"type\\\":\\\"DYNAMIC\\\"},\\\"labelBorderColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#FFFFFF\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"labelBorderSize\\\":{\\\"options\\\":{\\\"size\\\":\\\"SMALL\\\"}},\\\"labelColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#000000\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"labelSize\\\":{\\\"options\\\":{\\\"size\\\":14},\\\"type\\\":\\\"STATIC\\\"},\\\"labelText\\\":{\\\"options\\\":{\\\"value\\\":\\\"\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"lineColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#3d3d3d\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"lineWidth\\\":{\\\"options\\\":{\\\"size\\\":1},\\\"type\\\":\\\"STATIC\\\"},\\\"symbolizeAs\\\":{\\\"options\\\":{\\\"value\\\":\\\"circle\\\"}}},\\\"type\\\":\\\"VECTOR\\\"},\\\"type\\\":\\\"GEOJSON_VECTOR\\\",\\\"visible\\\":true}]\",\"mapStateJSON\":\"{\\\"zoom\\\":1.78,\\\"center\\\":{\\\"lon\\\":0,\\\"lat\\\":16.40767},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-24h\\\",\\\"to\\\":\\\"now\\\"},\\\"refreshConfig\\\":{\\\"isPaused\\\":true,\\\"interval\\\":0},\\\"query\\\":{\\\"language\\\":\\\"lucene\\\",\\\"query\\\":\\\"\\\"},\\\"filters\\\":[{\\\"$state\\\":{\\\"store\\\":\\\"appState\\\"},\\\"meta\\\":{\\\"alias\\\":null,\\\"disabled\\\":false,\\\"key\\\":\\\"query\\\",\\\"negate\\\":false,\\\"type\\\":\\\"custom\\\",\\\"value\\\":\\\"{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"should\\\\\\\":[{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"should\\\\\\\":[{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"should\\\\\\\":[{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"should\\\\\\\":[{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"should\\\\\\\":[{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"should\\\\\\\":[{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"should\\\\\\\":[{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"should\\\\\\\":[{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"should\\\\\\\":[{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"should\\\\\\\":[{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"must\\\\\\\":[{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.op\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"ban\\\\\\\"}}},{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"should\\\\\\\":[{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"should\\\\\\\":[{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"should\\\\\\\":[{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.src\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"bic\\\\\\\"}}},{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"must\\\\\\\":[{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.src\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"hot\\\\\\\"}}},{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.status\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"unknown\\\\\\\"}}}]}}]}},{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"must\\\\\\\":[{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.src\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"hot\\\\\\\"}}},{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.status\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"ip\\\\\\\"}}}]}}]}},{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"must\\\\\\\":[{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.src\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"macro\\\\\\\"}}},{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.status\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"unknown\\\\\\\"}}}]}}]}}]}},{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"must\\\\\\\":[{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"must\\\\\\\":[{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.src\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"macro\\\\\\\"}}},{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.op\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"chl\\\\\\\"}}}]}},{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.status\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"captchaFail\\\\\\\"}}}]}}]}},{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"must\\\\\\\":[{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"must\\\\\\\":[{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.src\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"macro\\\\\\\"}}},{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.op\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"chl\\\\\\\"}}}]}},{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.status\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"jschlFail\\\\\\\"}}}]}}]}},{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"must\\\\\\\":[{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"must\\\\\\\":[{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.src\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"user\\\\\\\"}}},{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.op\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"ban\\\\\\\"}}}]}},{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.status\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"zl\\\\\\\"}}}]}}]}},{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"must\\\\\\\":[{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"must\\\\\\\":[{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.src\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"user\\\\\\\"}}},{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.op\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"ban\\\\\\\"}}}]}},{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.status\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"us\\\\\\\"}}}]}}]}},{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"must\\\\\\\":[{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"must\\\\\\\":[{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.src\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"user\\\\\\\"}}},{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.op\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"ban\\\\\\\"}}}]}},{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.status\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"rateLimit\\\\\\\"}}}]}}]}},{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"must\\\\\\\":[{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"must\\\\\\\":[{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.src\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"filterBasedFirewall\\\\\\\"}}},{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.op\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"ban\\\\\\\"}}}]}},{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.status\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"unknown\\\\\\\"}}}]}}]}},{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"must\\\\\\\":[{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.src\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"filterBasedFirewall\\\\\\\"}}},{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.op\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"chl\\\\\\\"}}}]}}]}},{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"must\\\\\\\":[{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"must\\\\\\\":[{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.src\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"user\\\\\\\"}}},{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.op\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"ban\\\\\\\"}}}]}},{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.status\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"ctry\\\\\\\"}}}]}}]}},{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"must\\\\\\\":[{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"must\\\\\\\":[{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.src\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"user\\\\\\\"}}},{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.op\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"ban\\\\\\\"}}}]}},{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.status\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"ip\\\\\\\"}}}]}}]}},{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"must\\\\\\\":[{\\\\\\\"bool\\\\\\\":{\\\\\\\"adjust_pure_negative\\\\\\\":true,\\\\\\\"boost\\\\\\\":1,\\\\\\\"must\\\\\\\":[{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.src\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"user\\\\\\\"}}},{\\\\\\\"term\\\\\\\":{\\\\\\\"cloudflare.edge.pathing.op\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"value\\\\\\\":\\\\\\\"ban\\\\\\\"}}}]}},{\\\\\\\"terms\\\\\\\":{\\\\\\\"boost\\\\\\\":1,\\\\\\\"cloudflare.edge.pathing.status\\\\\\\":[\\\\\\\"ipr16\\\\\\\",\\\\\\\"ipr24\\\\\\\",\\\\\\\"ip6\\\\\\\",\\\\\\\"ip6r64\\\\\\\",\\\\\\\"ip6r48\\\\\\\",\\\\\\\"ip6r32\\\\\\\"]}}]}}]},\\\\\\\"_source\\\\\\\":{\\\\\\\"excludes\\\\\\\":[],\\\\\\\"includes\\\\\\\":[\\\\\\\"source.geo.region_name\\\\\\\",\\\\\\\"cloudflare.client.ip_class\\\\\\\",\\\\\\\"url.path\\\\\\\",\\\\\\\"cloudflare.client.request.protocol\\\\\\\",\\\\\\\"http.request.referrer\\\\\\\",\\\\\\\"url.full\\\\\\\",\\\\\\\"user_agent.original\\\\\\\",\\\\\\\"cloudflare.client.ssl.cipher\\\\\\\",\\\\\\\"cloudflare.client.ssl.protocol\\\\\\\",\\\\\\\"cloudflare.edge.rate_limit.action\\\\\\\",\\\\\\\"cloudflare.edge.response.content_type\\\\\\\",\\\\\\\"cloudflare.origin.response.http.expires\\\\\\\",\\\\\\\"cloudflare.origin.response.http.last_modified\\\\\\\",\\\\\\\"cloudflare.origin.ssl.protocol\\\\\\\",\\\\\\\"user_agent.os.full\\\\\\\",\\\\\\\"user_agent.name\\\\\\\",\\\\\\\"cloudflare.waf.action\\\\\\\",\\\\\\\"cloudflare.waf.flags\\\\\\\",\\\\\\\"cloudflare.waf.matched_var\\\\\\\",\\\\\\\"cloudflare.waf.profile\\\\\\\",\\\\\\\"cloudflare.waf.rule.id\\\\\\\",\\\\\\\"cloudflare.waf.rule.message\\\\\\\",\\\\\\\"cloudflare.worker.status\\\\\\\",\\\\\\\"message\\\\\\\",\\\\\\\"tags\\\\\\\"]},\\\\\\\"docvalue_fields\\\\\\\":[{\\\\\\\"field\\\\\\\":\\\\\\\"@timestamp\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"epoch_millis\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"@version\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"cloudflare.cache.status\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"cloudflare.cache.response.bytes\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"cloudflare.cache.response.status\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"cloudflare.cache.tiered.fill\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"source.as.number\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"source.geo.country_iso_code\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"cloudflare.device_type\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"source.geo.city_name\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"source.geo.continent_name\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"source.geo.country_code2\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"source.geo.country_code3\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"source.geo.country_name\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"source.geo.dma_code\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"client.ip\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"source.geo.latitude\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"source.geo.longitude\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"source.geo.postal_code\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"source.geo.region_code\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"source.geo.timezone\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"http.request.bytes\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"url.domain\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"http.request.method\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"client.port\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"cloudflare.edge.colo.id\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"cloudflare.edge.end.timestamp\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"epoch_millis\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"cloudflare.edge.pathing.op\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"cloudflare.edge.pathing.src\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"cloudflare.edge.pathing.status\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"cloudflare.edge.rate_limit.id\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"cloudflare.edge.request.host\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"destination.bytes\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"cloudflare.edge.response.compression_ratio\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"http.response.status_code\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"observer.ip\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"@timestamp\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"epoch_millis\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"destination.ip\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"http.response.bytes\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"cloudflare.origin.response.status_code\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"cloudflare.origin.response.time\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"cloudflare.parent.ray_id\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"cloudflare.ray_id\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"cloudflare.security_level\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"user_agent.build\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"user_agent.device\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"user_agent.major\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"user_agent.minor\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"user_agent.name\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"user_agent.os_major\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"user_agent.os_minor\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"user_agent.patch\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"cloudflare.worker.cpu_time\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"cloudflare.worker.subrequest\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"cloudflare.worker.subrequest_count\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"},{\\\\\\\"field\\\\\\\":\\\\\\\"cloudflare.zone_id\\\\\\\",\\\\\\\"format\\\\\\\":\\\\\\\"use_field_mapping\\\\\\\"}],\\\\\\\"size\\\\\\\":50,\\\\\\\"sort\\\\\\\":[{\\\\\\\"_doc\\\\\\\":{\\\\\\\"order\\\\\\\":\\\\\\\"asc\\\\\\\"}}]}\\\",\\\"index\\\":\\\"logs-*\\\"},\\\"query\\\":{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ban\\\"}}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"bic\\\"}}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"hot\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"unknown\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"hot\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ip\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"macro\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"unknown\\\"}}}]}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"macro\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"chl\\\"}}}]}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"captchaFail\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"macro\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"chl\\\"}}}]}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"jschlFail\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"user\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ban\\\"}}}]}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"zl\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"user\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ban\\\"}}}]}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"us\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"user\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ban\\\"}}}]}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"rateLimit\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"filterBasedFirewall\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ban\\\"}}}]}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"unknown\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"filterBasedFirewall\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"chl\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"user\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ban\\\"}}}]}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ctry\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"user\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ban\\\"}}}]}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ip\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"user\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ban\\\"}}}]}},{\\\"terms\\\":{\\\"boost\\\":1,\\\"cloudflare.edge.pathing.status\\\":[\\\"ipr16\\\",\\\"ipr24\\\",\\\"ip6\\\",\\\"ip6r64\\\",\\\"ip6r48\\\",\\\"ip6r32\\\"]}}]}}]},\\\"_source\\\":{\\\"excludes\\\":[],\\\"includes\\\":[\\\"source.geo.region_name\\\",\\\"cloudflare.client.ip_class\\\",\\\"url.path\\\",\\\"cloudflare.client.request.protocol\\\",\\\"http.request.referrer\\\",\\\"url.full\\\",\\\"user_agent.original\\\",\\\"cloudflare.client.ssl.cipher\\\",\\\"cloudflare.client.ssl.protocol\\\",\\\"cloudflare.edge.rate_limit.action\\\",\\\"cloudflare.edge.response.content_type\\\",\\\"cloudflare.origin.response.http.expires\\\",\\\"cloudflare.origin.response.http.last_modified\\\",\\\"cloudflare.origin.ssl.protocol\\\",\\\"user_agent.os.full\\\",\\\"user_agent.name\\\",\\\"cloudflare.waf.action\\\",\\\"cloudflare.waf.flags\\\",\\\"cloudflare.waf.matched_var\\\",\\\"cloudflare.waf.profile\\\",\\\"cloudflare.waf.rule.id\\\",\\\"cloudflare.waf.rule.message\\\",\\\"cloudflare.worker.status\\\",\\\"message\\\",\\\"tags\\\"]},\\\"docvalue_fields\\\":[{\\\"field\\\":\\\"@timestamp\\\",\\\"format\\\":\\\"epoch_millis\\\"},{\\\"field\\\":\\\"@version\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.cache.status\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.cache.response.bytes\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.cache.response.status\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.cache.tiered.fill\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.as.number\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.country_iso_code\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.device_type\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.city_name\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.continent_name\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.country_code2\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.country_code3\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.country_name\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.dma_code\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"client.ip\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.latitude\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.longitude\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.postal_code\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.region_code\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.timezone\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"http.request.bytes\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"url.domain\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"http.request.method\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"client.port\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.edge.colo.id\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.edge.end.timestamp\\\",\\\"format\\\":\\\"epoch_millis\\\"},{\\\"field\\\":\\\"cloudflare.edge.pathing.op\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.edge.pathing.src\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.edge.pathing.status\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.edge.rate_limit.id\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.edge.request.host\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"destination.bytes\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.edge.response.compression_ratio\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"http.response.status_code\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"observer.ip\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"@timestamp\\\",\\\"format\\\":\\\"epoch_millis\\\"},{\\\"field\\\":\\\"destination.ip\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"http.response.bytes\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.origin.response.status_code\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.origin.response.time\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.parent.ray_id\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.ray_id\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.security_level\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"user_agent.build\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"user_agent.device\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"user_agent.major\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"user_agent.minor\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"user_agent.name\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"user_agent.os_major\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"user_agent.os_minor\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"user_agent.patch\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.worker.cpu_time\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.worker.subrequest\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.worker.subrequest_count\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.zone_id\\\",\\\"format\\\":\\\"use_field_mapping\\\"}],\\\"size\\\":50,\\\"sort\\\":[{\\\"_doc\\\":{\\\"order\\\":\\\"asc\\\"}}]}}],\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false,\\\"backgroundColor\\\":\\\"#ffffff\\\",\\\"disableInteractive\\\":false,\\\"disableTooltipControl\\\":false,\\\"hideToolbarOverlay\\\":false,\\\"hideLayerControl\\\":false,\\\"hideViewControl\\\":false,\\\"initialLocation\\\":\\\"LAST_SAVED_LOCATION\\\",\\\"fixedLocation\\\":{\\\"lat\\\":0,\\\"lon\\\":0,\\\"zoom\\\":2},\\\"browserLocation\\\":{\\\"zoom\\\":2},\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"showScaleControl\\\":false,\\\"showSpatialFilters\\\":true,\\\"showTimesliderToggleButton\\\":true,\\\"spatialFiltersAlpa\\\":0.3,\\\"spatialFiltersFillColor\\\":\\\"#DA8B45\\\",\\\"spatialFiltersLineColor\\\":\\\"#DA8B45\\\"}}\",\"references\":[],\"title\":\"Top Threat Countries Map [Cloudflare]\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[]}\"},\"enhancements\":{},\"hiddenLayers\":[],\"isLayerTOCOpen\":true,\"mapBuffer\":{\"maxLat\":66.51326,\"maxLon\":90,\"minLat\":-66.51326,\"minLon\":-90},\"mapCenter\":{\"lat\":16.40767,\"lon\":0,\"zoom\":1.78},\"openTOCDetails\":[],\"type\":\"map\"}}]","timeRestore":false,"title":"Cloudflare - Security (Overview)","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"cloudflare-532a64c0-293a-11e9-b959-4502c43b2e30","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"240814e0-fc79-4c27-af94-fa9df006d441:layer_1_source_index_pattern","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"1:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"2:search_0","type":"search"},{"id":"logs-*","name":"2:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"3:search_0","type":"search"},{"id":"logs-*","name":"3:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"4:search_0","type":"search"},{"id":"logs-*","name":"4:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"6:search_0","type":"search"},{"id":"logs-*","name":"6:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"7:search_0","type":"search"},{"id":"logs-*","name":"7:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"8:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"9:search_0","type":"search"},{"id":"logs-*","name":"9:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"10:search_0","type":"search"},{"id":"logs-*","name":"10:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"11:search_0","type":"search"},{"id":"logs-*","name":"11:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"13:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"14:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"15:control_0_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"15:control_1_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"15:control_2_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"15:control_3_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"15:control_4_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"15:control_5_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"15:control_6_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"15:control_7_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"15:control_8_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"15:control_9_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"15:control_10_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"15:control_11_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"15:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-cloudflare-default","name":"tag-ref-fleet-pkg-cloudflare-default","type":"tag"}],"sort":[1688996741503,7047],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2NjUsMV0="}
+{"attributes":{"description":"Get insights into your most popular hostnames, most requested content types, breakdown of request methods, and connection type.\n","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}"},"optionsJSON":"{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"1\",\"w\":46,\"x\":1,\"y\":21},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"timeRange\":{\"from\":\"now-24h\",\"mode\":\"quick\",\"to\":\"now\"},\"useNormalizedEsInterval\":true},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"cloudflare.edge.response.content_type\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10},\"schema\":\"group\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"isVislibVis\":true,\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"area\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"area\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"legendSize\":\"auto\"},\"title\":\"Client Requests by Content Type [Cloudflare]\",\"type\":\"area\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"2\",\"w\":46,\"x\":1,\"y\":33},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"useNormalizedEsInterval\":true},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"http.request.method\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10},\"schema\":\"group\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"isVislibVis\":true,\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"area\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"area\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"legendSize\":\"auto\"},\"title\":\"Client Requests Methods Over Time [Cloudflare]\",\"type\":\"area\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"3\",\"w\":46,\"x\":1,\"y\":44},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"timeRange\":{\"from\":\"now-24h\",\"mode\":\"quick\",\"to\":\"now\"},\"useNormalizedEsInterval\":true},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"cloudflare.client.ssl.protocol\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"group\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"isVislibVis\":true,\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"area\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"area\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"legendSize\":\"auto\"},\"title\":\"Client Requests by Connection Over Time [Cloudflare]\",\"type\":\"area\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"4\",\"w\":46,\"x\":1,\"y\":9},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"timeRange\":{\"from\":\"now-24h\",\"mode\":\"quick\",\"to\":\"now\"},\"useNormalizedEsInterval\":true},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"url.domain\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10},\"schema\":\"group\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"isVislibVis\":true,\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"area\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"area\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"legendSize\":\"auto\"},\"title\":\"Client Requests by Hostname Over Time [Cloudflare]\",\"type\":\"area\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"5\",\"w\":7,\"x\":1,\"y\":0},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"cloudflare.log*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.log*\"}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"![alt text](https://www.cloudflare.com/img/logo-cloudflare-dark.svg)\",\"openLinksInNewTab\":false},\"title\":\"Cloudflare logo [Cloudflare]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"6\",\"w\":46,\"x\":1,\"y\":4},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"cloudflare.logpull\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.logpull\"}}]}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloudflare.device_type\",\"id\":\"1554899945457\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"Device Type\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"source.geo.country_name\",\"id\":\"1554900041526\",\"indexPatternRefName\":\"control_1_index_pattern\",\"label\":\"Country\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"url.domain\",\"id\":\"1554900064098\",\"indexPatternRefName\":\"control_2_index_pattern\",\"label\":\"Hostname\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"client.ip\",\"id\":\"1554900102344\",\"indexPatternRefName\":\"control_3_index_pattern\",\"label\":\"Client IP\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"user_agent.original\",\"id\":\"1554900136614\",\"indexPatternRefName\":\"control_4_index_pattern\",\"label\":\"User Agent\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"url.full\",\"id\":\"1554900159944\",\"indexPatternRefName\":\"control_5_index_pattern\",\"label\":\"Request URI\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"http.response.status_code\",\"id\":\"1554900185676\",\"indexPatternRefName\":\"control_6_index_pattern\",\"label\":\"Edge Response Status\",\"options\":{\"dynamicOptions\":false,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloudflare.origin.response.status_code\",\"id\":\"1554900211881\",\"indexPatternRefName\":\"control_7_index_pattern\",\"label\":\"Origin Response Status\",\"options\":{\"dynamicOptions\":false,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"destination.ip\",\"id\":\"1556549231725\",\"indexPatternRefName\":\"control_8_index_pattern\",\"label\":\"Origin IP\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloudflare.ray_id\",\"id\":\"1554900244300\",\"indexPatternRefName\":\"control_9_index_pattern\",\"label\":\"RayID\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloudflare.worker.subrequest\",\"id\":\"1554900268999\",\"indexPatternRefName\":\"control_10_index_pattern\",\"label\":\"Worker Subrequest\",\"options\":{\"dynamicOptions\":false,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"http.request.method\",\"id\":\"1554900324235\",\"indexPatternRefName\":\"control_11_index_pattern\",\"label\":\"Client Request Method\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":true,\"updateFiltersOnChange\":true,\"useTimeFilter\":false},\"title\":\"Filters [Cloudflare]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"8\",\"w\":39,\"x\":8,\"y\":0},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"cloudflare.log*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.log*\"}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":16,\"markdown\":\"**Origin Requests By Hostname - Content Type - Request Methods - Connection Type**\",\"openLinksInNewTab\":false},\"title\":\"Origin Requests By Hostname - Content Type - Request Methods - Connection Type - text [Cloudflare]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}}]","timeRestore":false,"title":"Cloudflare - Performance (Hostname, Content Type, Request Methods, Connection Type)","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"cloudflare-5a5d6b80-49b9-11e9-bd1f-75f359ac0c3f","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"1:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"2:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"3:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"4:search_0","type":"search"},{"id":"logs-*","name":"5:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"6:control_0_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"6:control_1_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"6:control_2_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"6:control_3_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"6:control_4_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"6:control_5_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"6:control_6_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"6:control_7_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"6:control_8_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"6:control_9_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"6:control_10_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"6:control_11_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"6:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"8:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-cloudflare-default","name":"tag-ref-fleet-pkg-cloudflare-default","type":"tag"}],"sort":[1688996741503,7069],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2NjYsMV0="}
+{"attributes":{"description":"Identify and address performance issues and caching misconfigurations. Metrics include total vs. cached bandwidth, saved bandwidth, total requests, cache ratio, top uncached requests, and more.\n","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}"},"optionsJSON":"{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"1\",\"w\":10,\"x\":1,\"y\":12},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"*\"}}},\"description\":\"\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":30,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Total Number of Requests [Cloudflare]\",\"type\":\"metric\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"2\",\"w\":13,\"x\":11,\"y\":12},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"cloudflare.cache.status\",\"negate\":false,\"params\":[\"hit\",\"stale\",\"updating\",\"ignored\"],\"type\":\"phrases\",\"value\":\"hit, stale, updating, ignored\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"cloudflare.cache.status\":\"hit\"}},{\"match_phrase\":{\"cloudflare.cache.status\":\"stale\"}},{\"match_phrase\":{\"cloudflare.cache.status\":\"updating\"}},{\"match_phrase\":{\"cloudflare.cache.status\":\"ignored\"}}]}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":30,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Cached Requests [Cloudflare]\",\"type\":\"metric\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"3\",\"w\":13,\"x\":24,\"y\":12},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"cloudflare.cache.status\",\"negate\":true,\"params\":[\"hit\",\"stale\",\"updating\",\"ignored\"],\"type\":\"phrases\",\"value\":\"hit, stale, updating, ignored\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"cloudflare.cache.status\":\"hit\"}},{\"match_phrase\":{\"cloudflare.cache.status\":\"stale\"}},{\"match_phrase\":{\"cloudflare.cache.status\":\"updating\"}},{\"match_phrase\":{\"cloudflare.cache.status\":\"ignored\"}}]}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":30,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Uncached Requests [Cloudflare]\",\"type\":\"metric\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"4\",\"w\":14,\"x\":1,\"y\":28},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Total Bandwidth\",\"field\":\"destination.bytes\"},\"schema\":\"metric\",\"type\":\"sum\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"*\"}}},\"description\":\"\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":30,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Total Bandwidth [Cloudflare]\",\"type\":\"metric\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"5\",\"w\":14,\"x\":15,\"y\":28},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Cached Bandwidth\",\"field\":\"destination.bytes\"},\"schema\":\"metric\",\"type\":\"sum\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"cloudflare.cache.status\",\"negate\":false,\"params\":[\"hit\",\"stale\",\"updating\",\"ignored\",\"revalidated\"],\"type\":\"phrases\",\"value\":\"hit, stale, updating, ignored, revalidated\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"cloudflare.cache.status\":\"hit\"}},{\"match_phrase\":{\"cloudflare.cache.status\":\"stale\"}},{\"match_phrase\":{\"cloudflare.cache.status\":\"updating\"}},{\"match_phrase\":{\"cloudflare.cache.status\":\"ignored\"}},{\"match_phrase\":{\"cloudflare.cache.status\":\"revalidated\"}}]}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":30,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Cached Bandwidth [Cloudflare]\",\"type\":\"metric\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"6\",\"w\":18,\"x\":29,\"y\":28},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"field\":\"destination.bytes\"},\"schema\":\"metric\",\"type\":\"sum\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"cloudflare.cache.status\",\"negate\":true,\"params\":[\"hit\",\"stale\",\"updating\",\"ignored\",\"revalidated\"],\"type\":\"phrases\",\"value\":\"hit, stale, updating, ignored, revalidated\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"cloudflare.cache.status\":\"hit\"}},{\"match_phrase\":{\"cloudflare.cache.status\":\"stale\"}},{\"match_phrase\":{\"cloudflare.cache.status\":\"updating\"}},{\"match_phrase\":{\"cloudflare.cache.status\":\"ignored\"}},{\"match_phrase\":{\"cloudflare.cache.status\":\"revalidated\"}}]}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":30,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Uncached Bandwidth [Cloudflare]\",\"type\":\"metric\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":13,\"i\":\"7\",\"w\":25,\"x\":1,\"y\":44},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"useNormalizedEsInterval\":true},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"cloudflare.cache.status\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"group\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"isVislibVis\":true,\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"legendSize\":\"auto\"},\"title\":\"Cache status over time [Cloudflare]\",\"type\":\"line\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":6,\"i\":\"8\",\"w\":21,\"x\":26,\"y\":44},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"cloudflare.cache.status\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":15},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addTooltip\":true,\"distinctColors\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"type\":\"pie\",\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Cache Status Ratio [Cloudflare]\",\"type\":\"pie\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"9\",\"w\":21,\"x\":26,\"y\":50},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"url.full\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":30},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"cloudflare.cache.status\",\"negate\":false,\"params\":{\"query\":\"miss\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"miss\"},\"query\":{\"match\":{\"cloudflare.cache.status\":{\"query\":\"miss\",\"type\":\"phrase\"}}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Top URIs with Cache Status Miss [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"12\",\"w\":24,\"x\":1,\"y\":16},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"auto\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(104,204,202,1)\",\"fill\":0.5,\"filter\":{\"language\":\"lucene\",\"query\":\"data_stream.dataset : \\\"cloudflare.log\\\"\"},\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"total requests\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_filters\":[{\"color\":\"#68BC00\",\"filter\":{\"language\":\"lucene\",\"query\":\"metricset.name:cloudflare.cache.status\"},\"id\":\"e847cce0-4731-11e9-b6ee-0784825b4ddc\",\"label\":\"cached requests\"}],\"split_mode\":\"filter\",\"stacked\":\"none\",\"terms_field\":\"cloudflare.cache.status\",\"terms_order_by\":\"_term\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":{\"language\":\"lucene\",\"query\":\"data_stream.dataset : \\\"cloudflare.log\\\" AND cloudflare.cache.status:(hit OR stale OR updating OR ignored)\"},\"formatter\":\"number\",\"id\":\"0d45cce0-498f-11e9-b6ee-0784825b4ddc\",\"label\":\"cached requests\",\"line_width\":1,\"metrics\":[{\"id\":\"0d45cce1-498f-11e9-b6ee-0784825b4ddc\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_filters\":[{\"color\":\"#68BC00\",\"id\":\"14053f70-498f-11e9-b6ee-0784825b4ddc\"}],\"split_mode\":\"filter\",\"stacked\":\"none\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(244,78,59,1)\",\"fill\":0.5,\"filter\":{\"language\":\"lucene\",\"query\":\"data_stream.dataset : \\\"cloudflare.log\\\" AND cloudflare.cache.status:(-hit OR -stale OR -updating OR -ignored)\"},\"formatter\":\"number\",\"id\":\"3edf18b0-498f-11e9-b6ee-0784825b4ddc\",\"label\":\"uncached requests\",\"line_width\":1,\"metrics\":[{\"id\":\"3edf18b1-498f-11e9-b6ee-0784825b4ddc\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"filter\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"Total number of requests vs cached vs uncached over time [Cloudflare]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"13\",\"w\":22,\"x\":25,\"y\":16},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"auto\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(104,204,202,1)\",\"fill\":0.5,\"filter\":{\"language\":\"lucene\",\"query\":\"data_stream.dataset : \\\"cloudflare.log\\\"\"},\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"total requests\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"filter\",\"stacked\":\"none\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(253,161,255,1)\",\"fill\":0.5,\"filter\":{\"language\":\"lucene\",\"query\":\"data_stream.dataset : \\\"cloudflare.log\\\" AND cloudflare.origin.response.status_code:>0\"},\"formatter\":\"number\",\"id\":\"fca6dbb0-4991-11e9-b6ee-0784825b4ddc\",\"label\":\"origin requests\",\"line_width\":1,\"metrics\":[{\"id\":\"fca6dbb1-4991-11e9-b6ee-0784825b4ddc\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"filter\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"Total Requests vs. Origin Requests in rps last 24 hours [Cloudflare]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"14\",\"w\":25,\"x\":1,\"y\":32},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"auto\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":{\"language\":\"lucene\",\"query\":\"cloudflare.cache.status:(hit OR stale OR updating OR ignored OR revalidated)\"},\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"saved bandwidth\",\"line_width\":1,\"metrics\":[{\"field\":\"destination.bytes\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"filter\",\"stacked\":\"none\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(244,78,59,1)\",\"fill\":0.5,\"filter\":{\"language\":\"lucene\",\"query\":\"cloudflare.cache.status:(-hit OR -stale OR -updating OR -ignored OR -revalidated)\"},\"formatter\":\"bytes\",\"id\":\"73f43510-49a0-11e9-8499-d5aa4562b1c7\",\"label\":\"uncached bandwidth\",\"line_width\":1,\"metrics\":[{\"field\":\"destination.bytes\",\"id\":\"73f43511-49a0-11e9-8499-d5aa4562b1c7\",\"type\":\"sum\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"filter\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"Cached vs Uncached Bandwidth Over Time [Cloudflare]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"15\",\"w\":21,\"x\":26,\"y\":32},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"c520c1a0-1c6e-11ea-9387-9362a5ae410a\"}],\"bar_color_rules\":[{\"id\":\"c6258770-1c6e-11ea-9387-9362a5ae410a\"}],\"drop_last_bucket\":1,\"gauge_color_rules\":[{\"id\":\"c7b83560-1c6e-11ea-9387-9362a5ae410a\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"auto\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(104,204,202,1)\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"total bandwidth\",\"line_width\":1,\"metrics\":[{\"field\":\"destination.bytes\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"avg\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(253,161,255,1)\",\"fill\":0.5,\"filter\":{\"language\":\"lucene\",\"query\":\"cloudflare.origin.response.status_code:>0\"},\"formatter\":\"bytes\",\"id\":\"65f93df0-49a7-11e9-a870-03d340338f04\",\"label\":\"origin bandwidth\",\"line_width\":1,\"metrics\":[{\"field\":\"destination.bytes\",\"id\":\"65f93df1-49a7-11e9-a870-03d340338f04\",\"type\":\"avg\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"filter\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"Total Bandwidth vs Origin Bandwidth in Mbps last 24 hours - 7.x [Cloudflare]\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"16\",\"w\":7,\"x\":1,\"y\":0},\"panelIndex\":\"16\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"cloudflare.log*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.log*\"}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"![alt text](https://www.cloudflare.com/img/logo-cloudflare-dark.svg)\",\"openLinksInNewTab\":false},\"title\":\"Cloudflare logo [Cloudflare]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":3,\"i\":\"17\",\"w\":46,\"x\":1,\"y\":9},\"panelIndex\":\"17\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"cloudflare.log*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.log*\"}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":16,\"markdown\":\"**Requests**\",\"openLinksInNewTab\":false},\"title\":\"Requests - text [Cloudflare]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":3,\"i\":\"18\",\"w\":46,\"x\":1,\"y\":25},\"panelIndex\":\"18\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"cloudflare.log*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.log*\"}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":16,\"markdown\":\"**Bandwidth**\",\"openLinksInNewTab\":false},\"title\":\"Bandwidth - text [Cloudflare]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":3,\"i\":\"19\",\"w\":46,\"x\":1,\"y\":41},\"panelIndex\":\"19\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"cloudflare.log*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.log*\"}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":16,\"markdown\":\"**Cache**\",\"openLinksInNewTab\":false},\"title\":\"Cache - text [Cloudflare]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"20\",\"w\":46,\"x\":1,\"y\":4},\"panelIndex\":\"20\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"cloudflare.logpull\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.logpull\"}}]}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloudflare.device_type\",\"id\":\"1554899945457\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"Device Type\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"source.geo.country_name\",\"id\":\"1554900041526\",\"indexPatternRefName\":\"control_1_index_pattern\",\"label\":\"Country\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"url.domain\",\"id\":\"1554900064098\",\"indexPatternRefName\":\"control_2_index_pattern\",\"label\":\"Hostname\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"client.ip\",\"id\":\"1554900102344\",\"indexPatternRefName\":\"control_3_index_pattern\",\"label\":\"Client IP\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"user_agent.original\",\"id\":\"1554900136614\",\"indexPatternRefName\":\"control_4_index_pattern\",\"label\":\"User Agent\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"url.full\",\"id\":\"1554900159944\",\"indexPatternRefName\":\"control_5_index_pattern\",\"label\":\"Request URI\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"http.response.status_code\",\"id\":\"1554900185676\",\"indexPatternRefName\":\"control_6_index_pattern\",\"label\":\"Edge Response Status\",\"options\":{\"dynamicOptions\":false,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloudflare.origin.response.status_code\",\"id\":\"1554900211881\",\"indexPatternRefName\":\"control_7_index_pattern\",\"label\":\"Origin Response Status\",\"options\":{\"dynamicOptions\":false,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"destination.ip\",\"id\":\"1556549231725\",\"indexPatternRefName\":\"control_8_index_pattern\",\"label\":\"Origin IP\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloudflare.ray_id\",\"id\":\"1554900244300\",\"indexPatternRefName\":\"control_9_index_pattern\",\"label\":\"RayID\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloudflare.worker.subrequest\",\"id\":\"1554900268999\",\"indexPatternRefName\":\"control_10_index_pattern\",\"label\":\"Worker Subrequest\",\"options\":{\"dynamicOptions\":false,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"http.request.method\",\"id\":\"1554900324235\",\"indexPatternRefName\":\"control_11_index_pattern\",\"label\":\"Client Request Method\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":true,\"updateFiltersOnChange\":true,\"useTimeFilter\":false},\"title\":\"Filters [Cloudflare]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"21\",\"w\":39,\"x\":8,\"y\":0},\"panelIndex\":\"21\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"cloudflare.log*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.log*\"}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":16,\"markdown\":\"**Performance Overview**\",\"openLinksInNewTab\":false},\"title\":\"Performance Overview - text [Cloudflare]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}}]","timeRestore":false,"title":"Cloudflare - Performance (Requests, Bandwidth, Cache)","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"cloudflare-8d730ba0-3aa6-11e9-bd1f-75f359ac0c3f","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"1:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"2:search_0","type":"search"},{"id":"logs-*","name":"2:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"3:search_0","type":"search"},{"id":"logs-*","name":"3:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"4:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"5:search_0","type":"search"},{"id":"logs-*","name":"5:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"6:search_0","type":"search"},{"id":"logs-*","name":"6:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"7:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"8:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"9:search_0","type":"search"},{"id":"logs-*","name":"9:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"12:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"13:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"14:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"15:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"16:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"17:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"18:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"19:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"20:control_0_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"20:control_1_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"20:control_2_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"20:control_3_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"20:control_4_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"20:control_5_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"20:control_6_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"20:control_7_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"20:control_8_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"20:control_9_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"20:control_10_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"20:control_11_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"20:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"21:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-cloudflare-default","name":"tag-ref-fleet-pkg-cloudflare-default","type":"tag"}],"sort":[1688996741503,7108],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2NjcsMV0="}
+{"attributes":{"description":"Get insights on the availability of your websites and applications. Metrics include origin response error ratio, origin response status over time, percentage of 3xx/4xx/5xx errors over time, and more.\n","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}"},"optionsJSON":"{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"1\",\"w\":34,\"x\":1,\"y\":18},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"useNormalizedEsInterval\":true},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"http.response.status_code\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"group\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"isVislibVis\":true,\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"area\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"area\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"legendSize\":\"auto\"},\"title\":\"Edge Response Status Over Time [Cloudflare]\",\"type\":\"area\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"2\",\"w\":34,\"x\":1,\"y\":26},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"useNormalizedEsInterval\":true},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"cloudflare.origin.response.status_code\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"group\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"isVislibVis\":true,\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"area\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"area\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"legendSize\":\"auto\"},\"title\":\"Origin Response Status Over Time [Cloudflare]\",\"type\":\"area\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"3\",\"w\":15,\"x\":31,\"y\":9},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"exclude\":\"\",\"field\":\"client.ip\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":50},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"source.as.number\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":50},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Top Client IPs and AS Number - Reliability [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"4\",\"w\":17,\"x\":29,\"y\":37},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"source.geo.country_name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":50},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"http.response.status_code\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":50},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"totalFunc\":\"sum\"},\"title\":\"Top Countries - Reliability [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"6\",\"w\":28,\"x\":1,\"y\":37},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"url.full\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":50},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"http.response.status_code\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":50},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"totalFunc\":\"sum\"},\"title\":\"Top Requested URI - Reliability [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"7\",\"w\":28,\"x\":1,\"y\":46},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"user_agent.original\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":50},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"http.response.status_code\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":50},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"totalFunc\":\"sum\"},\"title\":\"Top User Agents - Reliability [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"8\",\"w\":17,\"x\":29,\"y\":46},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"url.domain\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":50},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"http.response.status_code\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":50},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"totalFunc\":\"sum\"},\"title\":\"Top Hostnames - Reliability [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"9\",\"w\":11,\"x\":35,\"y\":26},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"http.response.status_code\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addTooltip\":true,\"distinctColors\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"type\":\"pie\",\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Edge Response Error Ratio [Cloudflare]\",\"type\":\"pie\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"10\",\"w\":11,\"x\":35,\"y\":18},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"cloudflare.origin.response.status_code\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addTooltip\":true,\"distinctColors\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"type\":\"pie\",\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Origin Response Error Ratio [Cloudflare]\",\"type\":\"pie\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"11\",\"w\":30,\"x\":1,\"y\":9},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"http.response.status_code\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"group\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"gauge\":{\"alignment\":\"horizontal\",\"backStyle\":\"Full\",\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":50},{\"from\":50,\"to\":75},{\"from\":75,\"to\":100}],\"extendRange\":true,\"gaugeColorMode\":\"Labels\",\"gaugeStyle\":\"Full\",\"gaugeType\":\"Arc\",\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"orientation\":\"vertical\",\"percentageMode\":false,\"scale\":{\"color\":\"#333\",\"labels\":false,\"show\":true},\"style\":{\"bgColor\":false,\"bgFill\":\"#eee\",\"bgMask\":false,\"bgWidth\":0.9,\"fontSize\":60,\"labelColor\":true,\"mask\":false,\"maskBars\":50,\"subText\":\"\",\"width\":0.9},\"type\":\"meter\"},\"isDisplayWarning\":false,\"type\":\"gauge\"},\"title\":\"Errors Ratio (Edge) [Cloudflare]\",\"type\":\"gauge\",\"uiState\":{\"vis\":{\"defaultColors\":{\"0 - 50\":\"rgb(0,104,55)\",\"50 - 75\":\"rgb(255,255,190)\",\"75 - 100\":\"rgb(165,0,38)\"}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"12\",\"w\":45,\"x\":1,\"y\":4},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"cloudflare.logpull\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.logpull\"}}]}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloudflare.device_type\",\"id\":\"1554899945457\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"Device Type\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"source.geo.country_name\",\"id\":\"1554900041526\",\"indexPatternRefName\":\"control_1_index_pattern\",\"label\":\"Country\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"url.domain\",\"id\":\"1554900064098\",\"indexPatternRefName\":\"control_2_index_pattern\",\"label\":\"Hostname\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"client.ip\",\"id\":\"1554900102344\",\"indexPatternRefName\":\"control_3_index_pattern\",\"label\":\"Client IP\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"user_agent.original\",\"id\":\"1554900136614\",\"indexPatternRefName\":\"control_4_index_pattern\",\"label\":\"User Agent\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"url.full\",\"id\":\"1554900159944\",\"indexPatternRefName\":\"control_5_index_pattern\",\"label\":\"Request URI\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"http.response.status_code\",\"id\":\"1554900185676\",\"indexPatternRefName\":\"control_6_index_pattern\",\"label\":\"Edge Response Status\",\"options\":{\"dynamicOptions\":false,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloudflare.origin.response.status_code\",\"id\":\"1554900211881\",\"indexPatternRefName\":\"control_7_index_pattern\",\"label\":\"Origin Response Status\",\"options\":{\"dynamicOptions\":false,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"destination.ip\",\"id\":\"1556549231725\",\"indexPatternRefName\":\"control_8_index_pattern\",\"label\":\"Origin IP\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloudflare.ray_id\",\"id\":\"1554900244300\",\"indexPatternRefName\":\"control_9_index_pattern\",\"label\":\"RayID\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloudflare.worker.subrequest\",\"id\":\"1554900268999\",\"indexPatternRefName\":\"control_10_index_pattern\",\"label\":\"Worker Subrequest\",\"options\":{\"dynamicOptions\":false,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"http.request.method\",\"id\":\"1554900324235\",\"indexPatternRefName\":\"control_11_index_pattern\",\"label\":\"Client Request Method\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":true,\"updateFiltersOnChange\":true,\"useTimeFilter\":false},\"title\":\"Filters [Cloudflare]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"13\",\"w\":38,\"x\":8,\"y\":0},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"cloudflare.log*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.log*\"}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":16,\"markdown\":\"**Summary of Edge and Origin Response Status**\\n\\nGet an overview of the edge and origin response status codes\",\"openLinksInNewTab\":false},\"title\":\"Summary of Edge and Origin Response Status - text [Cloudflare]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"14\",\"w\":7,\"x\":1,\"y\":0},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"cloudflare.log*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.log*\"}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"![alt text](https://www.cloudflare.com/img/logo-cloudflare-dark.svg)\",\"openLinksInNewTab\":false},\"title\":\"Cloudflare logo [Cloudflare]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":3,\"i\":\"15\",\"w\":45,\"x\":1,\"y\":34},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"cloudflare.log*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.log*\"}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":14,\"markdown\":\"Detailed View\\nBreakdown of Origin Response Status Codes by Various Metrics\",\"openLinksInNewTab\":false},\"title\":\"Detailed View Breakdown of Origin Response Status Codes by Various Metrics - text [Cloudflare]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}}]","timeRestore":false,"title":"Cloudflare - Reliability","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"cloudflare-9c4c3100-39df-11e9-bd1f-75f359ac0c3f","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"1:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"2:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"3:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"4:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"6:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"7:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"8:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"9:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"10:search_0","type":"search"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"11:search_0","type":"search"},{"id":"logs-*","name":"12:control_0_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"12:control_1_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"12:control_2_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"12:control_3_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"12:control_4_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"12:control_5_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"12:control_6_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"12:control_7_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"12:control_8_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"12:control_9_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"12:control_10_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"12:control_11_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"12:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"13:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"14:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"15:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-cloudflare-default","name":"tag-ref-fleet-pkg-cloudflare-default","type":"tag"}],"sort":[1688996741503,7137],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2NjgsMV0="}
+{"attributes":{"description":"Get insights into the performance of your static and dynamic content, including slowest URLs.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}"},"optionsJSON":"{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"1\",\"w\":46,\"x\":1,\"y\":9},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"field\":\"cloudflare.origin.response.time\",\"percents\":[50,75,95]},\"schema\":\"metric\",\"type\":\"percentiles\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"timeRange\":{\"from\":\"now-60d\",\"to\":\"now\"},\"useNormalizedEsInterval\":true},\"schema\":\"segment\",\"type\":\"date_histogram\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"cloudflare.cache.status\",\"negate\":false,\"params\":[\"bypass\",\"unknown\"],\"type\":\"phrases\",\"value\":\"bypass, unknown\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"cloudflare.cache.status\":\"bypass\"}},{\"match_phrase\":{\"cloudflare.cache.status\":\"unknown\"}}]}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"isVislibVis\":true,\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Percentiles of cloudflare.origin.response.time\"},\"drawLinesBetweenPoints\":true,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Percentiles of OriginResponseTime\"},\"type\":\"value\"}],\"legendSize\":\"auto\"},\"title\":\"Origin time to first byte dynamic requests [Cloudflare]\",\"type\":\"line\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"2\",\"w\":46,\"x\":1,\"y\":19},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"field\":\"cloudflare.origin.response.time\",\"percents\":[50,75,95]},\"schema\":\"metric\",\"type\":\"percentiles\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"timeRange\":{\"from\":\"now-60d\",\"to\":\"now\"},\"useNormalizedEsInterval\":true},\"schema\":\"segment\",\"type\":\"date_histogram\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"cloudflare.cache.status\",\"negate\":true,\"params\":[\"bypass\",\"unknown\"],\"type\":\"phrases\",\"value\":\"bypass, unknown\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"cloudflare.cache.status\":\"bypass\"}},{\"match_phrase\":{\"cloudflare.cache.status\":\"unknown\"}}]}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"isVislibVis\":true,\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Percentiles of cloudflare.origin.response.time\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"cardinal\",\"lineWidth\":1.5,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Percentiles of OriginResponseTime\"},\"type\":\"value\"}],\"legendSize\":\"auto\"},\"title\":\"Origin time to first byte static requests [Cloudflare]\",\"type\":\"line\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":14,\"i\":\"3\",\"w\":46,\"x\":1,\"y\":28},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"6\",\"params\":{\"customLabel\":\"average_response_time\",\"field\":\"cloudflare.origin.response.time\"},\"schema\":\"metric\",\"type\":\"avg\"},{\"enabled\":true,\"id\":\"7\",\"params\":{\"customLabel\":\"wait_time\",\"field\":\"cloudflare.origin.response.time\"},\"schema\":\"metric\",\"type\":\"sum\"},{\"enabled\":true,\"id\":\"8\",\"params\":{\"field\":\"cloudflare.origin.response.time\",\"percents\":[99,99.9]},\"schema\":\"metric\",\"type\":\"percentiles\"},{\"enabled\":true,\"id\":\"9\",\"params\":{\"field\":\"url.full\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":50},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"cloudflare.cache.status\",\"negate\":false,\"params\":[\"bypass\",\"unknown\"],\"type\":\"phrases\",\"value\":\"bypass, unknown\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"cloudflare.cache.status\":\"bypass\"}},{\"match_phrase\":{\"cloudflare.cache.status\":\"unknown\"}}]}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Slowest URIs by cumulative time to first byte for dynamic requests [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":14,\"i\":\"4\",\"w\":46,\"x\":1,\"y\":42},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"average_response_time\",\"field\":\"cloudflare.origin.response.time\"},\"schema\":\"metric\",\"type\":\"avg\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"wait_time\",\"field\":\"cloudflare.origin.response.time\"},\"schema\":\"metric\",\"type\":\"sum\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"field\":\"cloudflare.origin.response.time\",\"percents\":[99,99.9]},\"schema\":\"metric\",\"type\":\"percentiles\"},{\"enabled\":true,\"id\":\"5\",\"params\":{\"field\":\"url.full\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":50},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"cloudflare.cache.status\",\"negate\":true,\"params\":[\"unknown\",\"bypass\"],\"type\":\"phrases\",\"value\":\"unknown, bypass\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"cloudflare.cache.status\":\"unknown\"}},{\"match_phrase\":{\"cloudflare.cache.status\":\"bypass\"}}]}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Slowest URIs by cumulative time to first byte for static requests [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"5\",\"w\":7,\"x\":1,\"y\":0},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"cloudflare.log*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.log*\"}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"![alt text](https://www.cloudflare.com/img/logo-cloudflare-dark.svg)\",\"openLinksInNewTab\":false},\"title\":\"Cloudflare logo [Cloudflare]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"6\",\"w\":39,\"x\":8,\"y\":0},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"cloudflare.log*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.log*\"}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":16,\"markdown\":\"**Static vs Dynamic Content**\",\"openLinksInNewTab\":false},\"title\":\"Static vs Dynamic Content - text [Cloudflare]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"7\",\"w\":46,\"x\":1,\"y\":4},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"cloudflare.logpull\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.logpull\"}}]}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloudflare.device_type\",\"id\":\"1554899945457\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"Device Type\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"source.geo.country_name\",\"id\":\"1554900041526\",\"indexPatternRefName\":\"control_1_index_pattern\",\"label\":\"Country\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"url.domain\",\"id\":\"1554900064098\",\"indexPatternRefName\":\"control_2_index_pattern\",\"label\":\"Hostname\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"client.ip\",\"id\":\"1554900102344\",\"indexPatternRefName\":\"control_3_index_pattern\",\"label\":\"Client IP\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"user_agent.original\",\"id\":\"1554900136614\",\"indexPatternRefName\":\"control_4_index_pattern\",\"label\":\"User Agent\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"url.full\",\"id\":\"1554900159944\",\"indexPatternRefName\":\"control_5_index_pattern\",\"label\":\"Request URI\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"http.response.status_code\",\"id\":\"1554900185676\",\"indexPatternRefName\":\"control_6_index_pattern\",\"label\":\"Edge Response Status\",\"options\":{\"dynamicOptions\":false,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloudflare.origin.response.status_code\",\"id\":\"1554900211881\",\"indexPatternRefName\":\"control_7_index_pattern\",\"label\":\"Origin Response Status\",\"options\":{\"dynamicOptions\":false,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"destination.ip\",\"id\":\"1556549231725\",\"indexPatternRefName\":\"control_8_index_pattern\",\"label\":\"Origin IP\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloudflare.ray_id\",\"id\":\"1554900244300\",\"indexPatternRefName\":\"control_9_index_pattern\",\"label\":\"RayID\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloudflare.worker.subrequest\",\"id\":\"1554900268999\",\"indexPatternRefName\":\"control_10_index_pattern\",\"label\":\"Worker Subrequest\",\"options\":{\"dynamicOptions\":false,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"http.request.method\",\"id\":\"1554900324235\",\"indexPatternRefName\":\"control_11_index_pattern\",\"label\":\"Client Request Method\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":true,\"updateFiltersOnChange\":true,\"useTimeFilter\":false},\"title\":\"Filters [Cloudflare]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\"}}]","timeRestore":false,"title":"Cloudflare - Performance (Static vs. Dynamic Content)","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"cloudflare-a35b4880-49a9-11e9-bd1f-75f359ac0c3f","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"1:search_0","type":"search"},{"id":"logs-*","name":"1:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"2:search_0","type":"search"},{"id":"logs-*","name":"2:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"3:search_0","type":"search"},{"id":"logs-*","name":"3:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"4:search_0","type":"search"},{"id":"logs-*","name":"4:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"5:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"6:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"7:control_0_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7:control_1_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7:control_2_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7:control_3_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7:control_4_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7:control_5_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7:control_6_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7:control_7_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7:control_8_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7:control_9_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7:control_10_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7:control_11_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-cloudflare-default","name":"tag-ref-fleet-pkg-cloudflare-default","type":"tag"}],"sort":[1688996741503,7163],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2NjksMV0="}
+{"attributes":{"description":"Get insights on rate limiting protection against denial-of-service attacks, brute-force login attempts, and other types of abusive behavior targeted at your websites or applications.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}"},"optionsJSON":"{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"1\",\"w\":46,\"x\":1,\"y\":9},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"timeRange\":{\"from\":\"now-6M\",\"to\":\"now\"},\"useNormalizedEsInterval\":true},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"cloudflare.edge.rate_limit.action\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10},\"schema\":\"group\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"cloudflare.edge.rate_limit.action\",\"negate\":false,\"params\":[\"ban\",\"simulate\",\"challenge\",\"jsChallenge\"],\"type\":\"phrases\",\"value\":\"ban, simulate, challenge, jsChallenge\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"cloudflare.edge.rate_limit.action\":\"ban\"}},{\"match_phrase\":{\"cloudflare.edge.rate_limit.action\":\"simulate\"}},{\"match_phrase\":{\"cloudflare.edge.rate_limit.action\":\"challenge\"}},{\"match_phrase\":{\"cloudflare.edge.rate_limit.action\":\"jsChallenge\"}}]}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"},\"valueAxis\":null},\"isVislibVis\":true,\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"lineWidth\":2.5,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"defaultYExtents\":true,\"mode\":\"normal\",\"setYExtents\":false,\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"legendSize\":\"auto\"},\"title\":\"Rate Limit Over Time [Cloudflare]\",\"type\":\"line\",\"uiState\":{\"vis\":{\"legendOpen\":true}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"2\",\"w\":23,\"x\":1,\"y\":16},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"cloudflare.edge.rate_limit.action\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"cloudflare.edge.rate_limit.id\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"cloudflare.edge.rate_limit.action\",\"negate\":false,\"params\":[\"ban\",\"simulate\",\"jsChallenge\",\"challenge\"],\"type\":\"phrases\",\"value\":\"ban, simulate, jsChallenge, challenge\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"cloudflare.edge.rate_limit.action\":\"ban\"}},{\"match_phrase\":{\"cloudflare.edge.rate_limit.action\":\"simulate\"}},{\"match_phrase\":{\"cloudflare.edge.rate_limit.action\":\"jsChallenge\"}},{\"match_phrase\":{\"cloudflare.edge.rate_limit.action\":\"challenge\"}}]}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Top Rate Limit Actions [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"3\",\"w\":46,\"x\":1,\"y\":25},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"cloudflare.edge.rate_limit.action\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"source.geo.country_iso_code\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"field\":\"url.domain\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"cloudflare.edge.rate_limit.action\",\"negate\":false,\"params\":[\"ban\",\"simulate\",\"jsChallenge\",\"challenge\"],\"type\":\"phrases\",\"value\":\"ban, simulate, jsChallenge, challenge\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"cloudflare.edge.rate_limit.action\":\"ban\"}},{\"match_phrase\":{\"cloudflare.edge.rate_limit.action\":\"simulate\"}},{\"match_phrase\":{\"cloudflare.edge.rate_limit.action\":\"jsChallenge\"}},{\"match_phrase\":{\"cloudflare.edge.rate_limit.action\":\"challenge\"}}]}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Top Rate Limit Countries [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"4\",\"w\":23,\"x\":24,\"y\":16},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"client.ip\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"url.domain\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"field\":\"url.full\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"cloudflare.edge.rate_limit.action\",\"negate\":false,\"params\":{\"query\":\"ban\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"ban\"},\"query\":{\"match\":{\"cloudflare.edge.rate_limit.action\":{\"query\":\"ban\",\"type\":\"phrase\"}}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Top Banned Client IPs [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"5\",\"w\":7,\"x\":1,\"y\":0},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"cloudflare.log*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.log*\"}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"![alt text](https://www.cloudflare.com/img/logo-cloudflare-dark.svg)\",\"openLinksInNewTab\":false},\"title\":\"Cloudflare logo [Cloudflare]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"6\",\"w\":39,\"x\":8,\"y\":0},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"cloudflare.log*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.log*\"}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":16,\"markdown\":\"**Rate Limiting - Get insights into rate limiting events and banned IPs and URIs**\",\"openLinksInNewTab\":false},\"title\":\"Rate Limiting Get insights into rate limiting events and banned IPs and URIs - text [Cloudflare]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"7\",\"w\":46,\"x\":1,\"y\":4},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"cloudflare.logpull\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.logpull\"}}]}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloudflare.device_type\",\"id\":\"1554899945457\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"Device Type\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"source.geo.country_name\",\"id\":\"1554900041526\",\"indexPatternRefName\":\"control_1_index_pattern\",\"label\":\"Country\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"url.domain\",\"id\":\"1554900064098\",\"indexPatternRefName\":\"control_2_index_pattern\",\"label\":\"Hostname\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"client.ip\",\"id\":\"1554900102344\",\"indexPatternRefName\":\"control_3_index_pattern\",\"label\":\"Client IP\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"user_agent.original\",\"id\":\"1554900136614\",\"indexPatternRefName\":\"control_4_index_pattern\",\"label\":\"User Agent\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"url.full\",\"id\":\"1554900159944\",\"indexPatternRefName\":\"control_5_index_pattern\",\"label\":\"Request URI\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"http.response.status_code\",\"id\":\"1554900185676\",\"indexPatternRefName\":\"control_6_index_pattern\",\"label\":\"Edge Response Status\",\"options\":{\"dynamicOptions\":false,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloudflare.origin.response.status_code\",\"id\":\"1554900211881\",\"indexPatternRefName\":\"control_7_index_pattern\",\"label\":\"Origin Response Status\",\"options\":{\"dynamicOptions\":false,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"destination.ip\",\"id\":\"1556549231725\",\"indexPatternRefName\":\"control_8_index_pattern\",\"label\":\"Origin IP\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloudflare.ray_id\",\"id\":\"1554900244300\",\"indexPatternRefName\":\"control_9_index_pattern\",\"label\":\"RayID\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloudflare.worker.subrequest\",\"id\":\"1554900268999\",\"indexPatternRefName\":\"control_10_index_pattern\",\"label\":\"Worker Subrequest\",\"options\":{\"dynamicOptions\":false,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"http.request.method\",\"id\":\"1554900324235\",\"indexPatternRefName\":\"control_11_index_pattern\",\"label\":\"Client Request Method\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":true,\"updateFiltersOnChange\":true,\"useTimeFilter\":false},\"title\":\"Filters [Cloudflare]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\"}}]","timeRestore":false,"title":"Cloudflare - Security (Rate Limiting)","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"cloudflare-b221c710-2963-11e9-b959-4502c43b2e30","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"1:search_0","type":"search"},{"id":"logs-*","name":"1:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"2:search_0","type":"search"},{"id":"logs-*","name":"2:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"3:search_0","type":"search"},{"id":"logs-*","name":"3:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"4:search_0","type":"search"},{"id":"logs-*","name":"4:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"5:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"6:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"7:control_0_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7:control_1_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7:control_2_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7:control_3_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7:control_4_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7:control_5_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7:control_6_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7:control_7_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7:control_8_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7:control_9_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7:control_10_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7:control_11_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"7:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-cloudflare-default","name":"tag-ref-fleet-pkg-cloudflare-default","type":"tag"}],"sort":[1688996741503,7189],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2NzAsMV0="}
+{"attributes":{"description":"Get insights on threat identification and mitigation by our Web Application Firewall, including events like SQL injections, XSS, and more. Use this data to fine tune the firewall to target obvious threats and prevent false positives.\n","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}"},"optionsJSON":"{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":14,\"i\":\"1\",\"w\":46,\"x\":1,\"y\":34},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"cloudflare.waf.rule.id\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"user_agent.original\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"cloudflare.waf.action\",\"negate\":true,\"params\":{\"query\":\"unknown\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"unknown\"},\"query\":{\"match\":{\"cloudflare.waf.action\":{\"query\":\"unknown\",\"type\":\"phrase\"}}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"WAF: Top User Agents [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"2\",\"w\":29,\"x\":18,\"y\":23},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"cloudflare.waf.rule.id\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"cloudflare.waf.rule.message\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"cloudflare.waf.action\",\"negate\":true,\"params\":{\"query\":\"unknown\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"unknown\"},\"query\":{\"match\":{\"cloudflare.waf.action\":{\"query\":\"unknown\",\"type\":\"phrase\"}}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Top WAF Rules Triggered [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"3\",\"w\":17,\"x\":1,\"y\":23},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"client.ip\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"cloudflare.waf.action\",\"negate\":true,\"params\":{\"query\":\"unknown\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"unknown\"},\"query\":{\"match\":{\"cloudflare.waf.action\":{\"query\":\"unknown\",\"type\":\"phrase\"}}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"WAF: Top Client IP [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":6,\"i\":\"4\",\"w\":18,\"x\":29,\"y\":9},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"url.domain\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"cloudflare.waf.action\",\"negate\":true,\"params\":{\"query\":\"unknown\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"unknown\"},\"query\":{\"match\":{\"cloudflare.waf.action\":{\"query\":\"unknown\",\"type\":\"phrase\"}}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"WAF: Top Hosts [Cloudflare]\",\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":6,\"i\":\"5\",\"w\":11,\"x\":18,\"y\":9},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"source.geo.country_iso_code\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":15},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"cloudflare.waf.action\",\"negate\":true,\"params\":{\"query\":\"unknown\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"unknown\"},\"query\":{\"match\":{\"cloudflare.waf.action\":{\"query\":\"unknown\",\"type\":\"phrase\"}}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addTooltip\":true,\"distinctColors\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"type\":\"pie\",\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"WAF: Top Countries [Cloudflare]\",\"type\":\"pie\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":6,\"i\":\"6\",\"w\":8,\"x\":10,\"y\":9},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"cloudflare.waf.action\",\"negate\":true,\"params\":{\"query\":\"unknown\"},\"type\":\"phrase\",\"value\":\"unknown\"},\"query\":{\"match\":{\"cloudflare.waf.action\":{\"query\":\"unknown\",\"type\":\"phrase\"}}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":30,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"WAF Events Triggered [Cloudflare]\",\"type\":\"metric\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"7\",\"w\":46,\"x\":1,\"y\":15},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"useNormalizedEsInterval\":true},\"schema\":\"segment\",\"type\":\"date_histogram\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"cloudflare.waf.action\",\"negate\":true,\"params\":{\"query\":\"unknown\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"unknown\"},\"query\":{\"match\":{\"cloudflare.waf.action\":{\"query\":\"unknown\",\"type\":\"phrase\"}}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"isVislibVis\":true,\"legendPosition\":\"right\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"legendSize\":\"auto\"},\"title\":\"WAF Events Over Time [Cloudflare]\",\"type\":\"line\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":6,\"i\":\"8\",\"w\":9,\"x\":1,\"y\":9},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"*\"}}},\"description\":\"\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":30,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Total Number of Requests [Cloudflare]\",\"type\":\"metric\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"9\",\"w\":7,\"x\":1,\"y\":0},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"cloudflare.log*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.log*\"}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"![alt text](https://www.cloudflare.com/img/logo-cloudflare-dark.svg)\",\"openLinksInNewTab\":false},\"title\":\"Cloudflare logo [Cloudflare]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"10\",\"w\":39,\"x\":8,\"y\":0},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"cloudflare.log*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.log*\"}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":16,\"markdown\":\"**WAF - Events triggered by the Web Application Firewall**\",\"openLinksInNewTab\":false},\"title\":\"WAF Events triggered by the Web Application Firewall - text [Cloudflare]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"11\",\"w\":46,\"x\":1,\"y\":4},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"cloudflare.logpull\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"cloudflare.logpull\"}}]}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"cloudflare.device_type\",\"id\":\"1554899945457\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"Device Type\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"source.geo.country_name\",\"id\":\"1554900041526\",\"indexPatternRefName\":\"control_1_index_pattern\",\"label\":\"Country\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"url.domain\",\"id\":\"1554900064098\",\"indexPatternRefName\":\"control_2_index_pattern\",\"label\":\"Hostname\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"client.ip\",\"id\":\"1554900102344\",\"indexPatternRefName\":\"control_3_index_pattern\",\"label\":\"Client IP\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"user_agent.original\",\"id\":\"1554900136614\",\"indexPatternRefName\":\"control_4_index_pattern\",\"label\":\"User Agent\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"url.full\",\"id\":\"1554900159944\",\"indexPatternRefName\":\"control_5_index_pattern\",\"label\":\"Request URI\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"http.response.status_code\",\"id\":\"1554900185676\",\"indexPatternRefName\":\"control_6_index_pattern\",\"label\":\"Edge Response Status\",\"options\":{\"dynamicOptions\":false,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloudflare.origin.response.status_code\",\"id\":\"1554900211881\",\"indexPatternRefName\":\"control_7_index_pattern\",\"label\":\"Origin Response Status\",\"options\":{\"dynamicOptions\":false,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"destination.ip\",\"id\":\"1556549231725\",\"indexPatternRefName\":\"control_8_index_pattern\",\"label\":\"Origin IP\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloudflare.ray_id\",\"id\":\"1554900244300\",\"indexPatternRefName\":\"control_9_index_pattern\",\"label\":\"RayID\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"cloudflare.worker.subrequest\",\"id\":\"1554900268999\",\"indexPatternRefName\":\"control_10_index_pattern\",\"label\":\"Worker Subrequest\",\"options\":{\"dynamicOptions\":false,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"http.request.method\",\"id\":\"1554900324235\",\"indexPatternRefName\":\"control_11_index_pattern\",\"label\":\"Client Request Method\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":true,\"updateFiltersOnChange\":true,\"useTimeFilter\":false},\"title\":\"Filters [Cloudflare]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\"}}]","timeRestore":false,"title":"Cloudflare - Security (WAF)","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"cloudflare-ded7e2c0-2955-11e9-b959-4502c43b2e30","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"1:search_0","type":"search"},{"id":"logs-*","name":"1:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"2:search_0","type":"search"},{"id":"logs-*","name":"2:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"3:search_0","type":"search"},{"id":"logs-*","name":"3:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"4:search_0","type":"search"},{"id":"logs-*","name":"4:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"5:search_0","type":"search"},{"id":"logs-*","name":"5:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"6:search_0","type":"search"},{"id":"logs-*","name":"6:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"7:search_0","type":"search"},{"id":"logs-*","name":"7:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3","name":"8:search_0","type":"search"},{"id":"logs-*","name":"9:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"10:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"11:control_0_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"11:control_1_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"11:control_2_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"11:control_3_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"11:control_4_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"11:control_5_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"11:control_6_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"11:control_7_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"11:control_8_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"11:control_9_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"11:control_10_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"11:control_11_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"11:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-cloudflare-default","name":"tag-ref-fleet-pkg-cloudflare-default","type":"tag"}],"sort":[1688996741503,7222],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2NzEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HTTP - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"HTTP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"d0f56da0-3648-11e7-bf60-314364dd1cde","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,7224],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2NzIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NTLM - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NTLM - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"d37b9330-3af1-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688996741503,7226],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2NzMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Endgame - All Logs (copy)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Endgame - All Logs\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"d43f0350-6347-11ec-864c-8b5450f97635","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1688996741503,7229],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2NzQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"FTP - Command","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"FTP - Command\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ftp_command.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Command\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"d5681260-4c8c-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,7231],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2NzUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NIDS - Alerts Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"NIDS - Alerts Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 minutes\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"d58ec1a0-34e4-11e7-9669-7f1d3242b798","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,7233],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2NzYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMTP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"d5aa6d00-6e29-11e7-8b76-75eee0095daa","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,7235],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2NzcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"NIDS - Classification","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NIDS - Classification\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"classification.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Classification\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"d66d54c0-4c89-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,7237],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2NzgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RFB - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"d6ec3570-6e21-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,7239],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2NzksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - User Agent","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMTP - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"useragent.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"d776e510-6e28-11e7-8b76-75eee0095daa","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,7241],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2ODAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event_type:bro_conn\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Connections - Service","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Connections - Service\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"service.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"d7d3dda0-54b9-11e9-a48f-b7dfb1d0f288","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,7243],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2ODEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NTLM - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NTLM - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"d7f162b0-6e1c-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688996741503,7245],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2ODIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Sensors/Devices and Services","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Sensors/Devices and Services\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sensor_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Sensor\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"service.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Service\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"d8214de0-4a3a-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,7247],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2ODMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DCE/RPC - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DCE/RPC - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"d979b0f0-4a45-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688996741503,7249],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2ODQsMV0="}
+{"attributes":{"fieldAttrs":"{}","fieldFormatMap":"{}","fields":"[]","name":"logs-osquery_manager.result*","runtimeFieldMap":"{}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"logs-osquery_manager.result*","typeMeta":"{}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"d9f9bbb8-c79a-4976-8209-7e7259142a99","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"sort":[1688996741503,7250],"type":"index-pattern","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2ODUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Software - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Software - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"da4cc2c0-3640-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"ba3d77e0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,7252],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2ODYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NIDS Alerts - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NIDS Alerts - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"db04aef0-399f-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,7254],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2ODcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SSL - Server Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SSL - Server Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ssl.server_name.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ssl.server_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server Name\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"db4dc4a0-75ec-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,7256],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2ODgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSL - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSL - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"db570800-365a-11e7-8bd0-1db2c55fb7a1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,7258],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2ODksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Network Datasets","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Network Datasets\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Dataset\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"event.module.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.dataset.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dataset\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.module.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Module\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"dbe4cc20-6ea7-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"387f44c0-6ea7-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1688996741503,7260],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2OTAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Weird - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Weird - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"dbfe2f00-6e35-11e7-9a19-a5996f8250c6","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"e32d0d50-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,7262],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2OTEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DNS - Queries","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNS - Queries\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"query.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"dcda5680-2927-11e8-b2a2-09f3986ae284","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,7264],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2OTIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSH - Authentication Success","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"SSH - Authentication Success\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Authentication Success\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"authentication_success.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Authentication Success\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"dcea2790-6e33-11e7-9a19-a5996f8250c6","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c33e7600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,7266],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2OTMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SIP - URI","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SIP - URI\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sip.uri.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"f63cba40-75ca-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,7268],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2OTQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:sip\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"1e84368a-ad74-4d57-9793-5c9ce813045b\"},\"panelIndex\":\"1e84368a-ad74-4d57-9793-5c9ce813045b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1e84368a-ad74-4d57-9793-5c9ce813045b\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":13,\"y\":0,\"w\":17,\"h\":8,\"i\":\"304e7cd2-dc4f-4bf4-b1fe-747091d61b67\"},\"panelIndex\":\"304e7cd2-dc4f-4bf4-b1fe-747091d61b67\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_304e7cd2-dc4f-4bf4-b1fe-747091d61b67\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":8,\"i\":\"e87052bf-935e-421b-8208-e798a37edf69\"},\"panelIndex\":\"e87052bf-935e-421b-8208-e798a37edf69\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e87052bf-935e-421b-8208-e798a37edf69\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":8,\"w\":9,\"h\":19,\"i\":\"b2055759-c7fd-43ab-8613-6031e8e148d3\"},\"panelIndex\":\"b2055759-c7fd-43ab-8613-6031e8e148d3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b2055759-c7fd-43ab-8613-6031e8e148d3\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":8,\"w\":9,\"h\":19,\"i\":\"a303da32-bd43-45a5-acbf-093478d734f9\"},\"panelIndex\":\"a303da32-bd43-45a5-acbf-093478d734f9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a303da32-bd43-45a5-acbf-093478d734f9\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":18,\"y\":8,\"w\":8,\"h\":19,\"i\":\"d8632aad-86f0-4290-9480-75ec477ae4cd\"},\"panelIndex\":\"d8632aad-86f0-4290-9480-75ec477ae4cd\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_d8632aad-86f0-4290-9480-75ec477ae4cd\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":26,\"y\":8,\"w\":8,\"h\":19,\"i\":\"ee3b0df5-4a03-470b-9d26-4eedf4f8b8d6\"},\"panelIndex\":\"ee3b0df5-4a03-470b-9d26-4eedf4f8b8d6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_ee3b0df5-4a03-470b-9d26-4eedf4f8b8d6\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":34,\"y\":8,\"w\":14,\"h\":19,\"i\":\"dbe534a3-1a06-4185-b78a-293d7ec848c4\"},\"panelIndex\":\"dbe534a3-1a06-4185-b78a-293d7ec848c4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_dbe534a3-1a06-4185-b78a-293d7ec848c4\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":27,\"w\":12,\"h\":17,\"i\":\"45de60a4-61ab-4b78-8cc7-5a783070c9be\"},\"panelIndex\":\"45de60a4-61ab-4b78-8cc7-5a783070c9be\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_45de60a4-61ab-4b78-8cc7-5a783070c9be\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":27,\"w\":12,\"h\":17,\"i\":\"9cb368f2-b652-4dc9-8427-b88a592e8361\"},\"panelIndex\":\"9cb368f2-b652-4dc9-8427-b88a592e8361\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9cb368f2-b652-4dc9-8427-b88a592e8361\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":27,\"w\":24,\"h\":17,\"i\":\"b78c61e2-61c3-4c43-94d9-c3971ee375be\"},\"panelIndex\":\"b78c61e2-61c3-4c43-94d9-c3971ee375be\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b78c61e2-61c3-4c43-94d9-c3971ee375be\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":44,\"w\":48,\"h\":29,\"i\":\"ba5c8087-cf68-4a4c-9800-05731dca2608\"},\"panelIndex\":\"ba5c8087-cf68-4a4c-9800-05731dca2608\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_ba5c8087-cf68-4a4c-9800-05731dca2608\"}]","timeRestore":false,"title":"Security Onion - SIP","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"dd98e260-75c6-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"1e84368a-ad74-4d57-9793-5c9ce813045b:panel_1e84368a-ad74-4d57-9793-5c9ce813045b","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"304e7cd2-dc4f-4bf4-b1fe-747091d61b67:panel_304e7cd2-dc4f-4bf4-b1fe-747091d61b67","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"e87052bf-935e-421b-8208-e798a37edf69:panel_e87052bf-935e-421b-8208-e798a37edf69","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"b2055759-c7fd-43ab-8613-6031e8e148d3:panel_b2055759-c7fd-43ab-8613-6031e8e148d3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"a303da32-bd43-45a5-acbf-093478d734f9:panel_a303da32-bd43-45a5-acbf-093478d734f9","type":"visualization"},{"id":"272b8ab0-75ca-11ea-9565-7315f4ee5cac","name":"d8632aad-86f0-4290-9480-75ec477ae4cd:panel_d8632aad-86f0-4290-9480-75ec477ae4cd","type":"visualization"},{"id":"9ff24600-75ca-11ea-9565-7315f4ee5cac","name":"ee3b0df5-4a03-470b-9d26-4eedf4f8b8d6:panel_ee3b0df5-4a03-470b-9d26-4eedf4f8b8d6","type":"visualization"},{"id":"f63cba40-75ca-11ea-9565-7315f4ee5cac","name":"dbe534a3-1a06-4185-b78a-293d7ec848c4:panel_dbe534a3-1a06-4185-b78a-293d7ec848c4","type":"visualization"},{"id":"49384710-75ca-11ea-9565-7315f4ee5cac","name":"45de60a4-61ab-4b78-8cc7-5a783070c9be:panel_45de60a4-61ab-4b78-8cc7-5a783070c9be","type":"visualization"},{"id":"81a1a740-75ca-11ea-9565-7315f4ee5cac","name":"9cb368f2-b652-4dc9-8427-b88a592e8361:panel_9cb368f2-b652-4dc9-8427-b88a592e8361","type":"visualization"},{"id":"cf56b070-75ca-11ea-9565-7315f4ee5cac","name":"b78c61e2-61c3-4c43-94d9-c3971ee375be:panel_b78c61e2-61c3-4c43-94d9-c3971ee375be","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"ba5c8087-cf68-4a4c-9800-05731dca2608:panel_ba5c8087-cf68-4a4c-9800-05731dca2608","type":"search"}],"sort":[1688996741503,7281],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2OTUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SIP - Request Path","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SIP - Request Path\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"request_path.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Request Path\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"dddb4430-3752-11e7-b74a-f5057991ccd2","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,7283],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2OTYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNP3 - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNP3 - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"dde8c8a0-3719-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c2587840-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,7285],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2OTcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Firewall - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Firewall - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"df06de60-6d75-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"37c16940-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688996741503,7287],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2OTgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Autoruns - Hostname","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Autoruns - Hostname\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"hostname.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Hostname\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"df5e9e80-6d79-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"dd700830-6d69-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688996741503,7289],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ2OTksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SIP - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SIP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"dfd1dc00-6e24-11e7-a261-55504638cf3b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,7291],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3MDAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SMTP  - Destination Country (Donut Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SMTP  - Destination Country (Donut Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"dfe23030-39a1-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,7293],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3MDEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Files - Source","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Files - Source\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"dff32860-4c8b-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"e929e8a0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,7295],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3MDIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_x509 AND _exists_:certificate_common_name_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"X.509 - Certificate Common Name Frequency Analysis","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"X.509 - Certificate Common Name Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"certificate_common_name_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"certificate_common_name.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Common Name\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"e03ba1d0-6f0a-11e7-83d2-adea2f314dc5","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,7297],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3MDMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Hash - SSDeep","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Hash - SSDeep\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Hash\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"hash.ssdeep.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"SSDeep\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"e087c7d0-772d-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,7299],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3MDQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Sysmon - Event ID (Horizontal Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Sysmon - Event ID (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"event_id\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Event Type\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"e09f6010-6d72-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688996741503,7301],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3MDUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FTP - Argument","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"FTP - Argument\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ftp_argument.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Argument\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"e1907430-35b6-11e7-a994-c528746bc6e8","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,7303],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3MDYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NTLM - Hostname","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NTLM - Hostname\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"hostname.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Hostname\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"e2c8e040-3ab0-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688996741503,7305],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3MDcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNS - Destination Port (Horizontal Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"DNS - Destination Port (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":false,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"e3717d80-6e0f-11e7-8624-1fb07dd76c6a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,7307],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3MDgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Kerberos - Cipher (Donut Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Kerberos - Cipher (Donut Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"cipher.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"e3fffae0-3635-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,7309],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3MDksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"HTTP - Destination Country (Vertical Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"HTTP - Destination Country (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"filter\":true},\"title\":{\"text\":\"Country\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"e41a0bd0-6e0a-11e7-84cc-b363f104b3c7","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,7311],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3MTAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"IRC - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"IRC - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"e4615200-35b7-11e7-a994-c528746bc6e8","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"344c6010-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,7313],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3MTEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SNMP - Session Duration","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SNMP - Session Duration\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"duration\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Duration\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"e47015d0-36b9-11e7-9786-41a1d72e15ad","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"b12150a0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,7315],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3MTIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SSH -Server","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSH -Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"e64833a0-4c7b-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c33e7600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,7317],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3MTMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Firewall - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Firewall - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 seconds\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"e76d2eb0-6d6b-11e7-ad64-15aa071374a6","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"37c16940-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688996741503,7319],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3MTQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Syslog - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Syslog - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"syslog-sourceip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"e7a99b10-76e5-11e7-ab14-e1a4c1bc11e0","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"5a86ffe0-76e3-11e7-ab14-e1a4c1bc11e0","name":"search_0","type":"search"}],"sort":[1688996741503,7321],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3MTUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Host - Domain","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Host - Domain\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"host.domain.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Domain\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"e80aa100-7375-11ea-a3da-cbdb4f8a90c0","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,7323],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3MTYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"RADIUS - Username","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RADIUS - Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"e827bab0-4a5a-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"75545310-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,7325],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3MTcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SNMP - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SNMP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"e8511600-36b8-11e7-9786-41a1d72e15ad","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"b12150a0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,7327],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3MTgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Notice - Destination Port (Vertical Bar Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Notice - Destination Port (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"filter\":true},\"title\":{\"text\":\"Port\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"e85e2150-6e0e-11e7-8624-1fb07dd76c6a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,7329],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3MTksMV0="}
+{"attributes":{"columns":["rule_name","matches","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"ElastAlert","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"e8840d40-7dcf-11e7-a1a2-3be6827d22ce","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:elastalert_status*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,7331],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3MjAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RFB - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"e8982270-6e21-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,7333],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3MjEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Tunnels - Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Tunnels - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"e89c9700-3641-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d26d5510-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,7335],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3MjIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNS - Query/Answer","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNS - Query/Answer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"query.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"answers.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Answer\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"e8e3b8a0-34c1-11e7-917c-af7a9d11771a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,7337],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3MjMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DHCP - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"DHCP - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"e9a7fe80-357b-11e7-ac34-8965f6420c51","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"ac1799d0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,7339],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3MjQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Bro - Syslog - Protocol","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Bro - Syslog - Protocol\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"protocol.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Protocol\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"e9d5ae30-76b6-11e7-94e1-3d2ec4e57ed9","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"269ca380-76b4-11e7-8c3e-cfcdd8c95d87","name":"search_0","type":"search"}],"sort":[1688996741503,7341],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3MjUsMV0="}
+{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.3.0\",\"gridData\":{\"w\":40,\"h\":40,\"x\":8,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"mapCenter\":[39.639537564366684,0.17578125],\"mapZoom\":2,\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.3.0\",\"gridData\":{\"w\":8,\"h\":44,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"}]","timeRestore":false,"title":"Connections - Destination - Top Connection Duration","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"ea211360-46c4-11e7-a82e-d97152153689","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f7492d0-46c4-11e7-a82e-d97152153689","name":"panel_0","type":"visualization"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_1","type":"visualization"}],"sort":[1688996741503,7344],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3MjYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SSL - Summary","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSL - Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server Name\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"certificate_common_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Common Name\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"validation_status.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Validation Status\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"version.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"TLS Version\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"ebec2ea0-4c7c-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,7346],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3MjcsMV0="}
+{"attributes":{"columns":["message"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:ossec_archive\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"OSSEC - Archive","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"ebf74e90-342f-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"8.0.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,7348],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3MjgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SMB - File System","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SMB - File System\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"smb.file_system.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"smb.file_system.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"File System\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"ed215680-75ef-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,7350],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3MjksMV0="}
+{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.3.0\",\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false},\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.3.0\",\"gridData\":{\"h\":51,\"i\":\"4\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.3.0\",\"gridData\":{\"h\":22,\"i\":\"6\",\"w\":48,\"x\":0,\"y\":51},\"panelIndex\":\"6\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.3.0\",\"gridData\":{\"h\":17,\"i\":\"12\",\"w\":20,\"x\":8,\"y\":34},\"panelIndex\":\"12\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"title\":\"NIDS Alert - Source Port\",\"panelRefName\":\"panel_3\"},{\"version\":\"7.3.0\",\"gridData\":{\"h\":8,\"i\":\"16\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"16\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}},\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.3.0\",\"gridData\":{\"h\":17,\"i\":\"18\",\"w\":20,\"x\":28,\"y\":34},\"panelIndex\":\"18\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"NIDS Alert  - Destination Port\",\"panelRefName\":\"panel_5\"},{\"version\":\"7.3.0\",\"gridData\":{\"h\":16,\"i\":\"19\",\"w\":40,\"x\":8,\"y\":18},\"panelIndex\":\"19\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"NIDS - Alert Summary \",\"panelRefName\":\"panel_6\"},{\"version\":\"7.3.0\",\"gridData\":{\"h\":10,\"i\":\"20\",\"w\":17,\"x\":8,\"y\":8},\"panelIndex\":\"20\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"NIDS - Alert Title\",\"panelRefName\":\"panel_7\"},{\"version\":\"7.3.0\",\"gridData\":{\"h\":10,\"i\":\"21\",\"w\":23,\"x\":25,\"y\":8},\"panelIndex\":\"21\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"NIDS - Rule Signature\",\"panelRefName\":\"panel_8\"}]","timeRestore":false,"title":"NIDS - SID Drilldown","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"ed6f7e20-e060-11e9-8f0c-2ddbf5ed9290","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"d58ec1a0-34e4-11e7-9669-7f1d3242b798","name":"panel_0","type":"visualization"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_1","type":"visualization"},{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"panel_2","type":"search"},{"id":"620283e0-3af5-11e7-a83b-b1b4da7d15f4","name":"panel_3","type":"visualization"},{"id":"AWDG3ym0xQT5EBNmq3mG","name":"panel_4","type":"visualization"},{"id":"3f040620-4a44-11e8-9b0a-f1d33346f773","name":"panel_5","type":"visualization"},{"id":"3a1b54b0-e061-11e9-8f0c-2ddbf5ed9290","name":"panel_6","type":"visualization"},{"id":"1b3faca0-e064-11e9-8f0c-2ddbf5ed9290","name":"panel_7","type":"visualization"},{"id":"6533dd40-e064-11e9-8f0c-2ddbf5ed9290","name":"panel_8","type":"visualization"}],"sort":[1688996741503,7360],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3MzAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - HTTP - Version","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - HTTP - Version\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.version.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"ede56800-6ed7-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9ee33aa0-6eb1-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1688996741503,7362],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3MzEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"OSSEC Alerts - Event Summary","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"OSSEC Alerts - Event Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"description.keyword\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Description\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"agent.name.keyword\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Agent\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"\",\"customLabel\":\"Username\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"ee0ba080-4a3d-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d9096bb0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,7364],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3MzIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NTLM - Server DNS Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NTLM - Server DNS Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server_dns_computer_name.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server DNS Name\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"ee6a03f0-0edc-11e9-9846-59f545e7293f","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688996741503,7366],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3MzMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FTP - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"FTP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"eead8540-6e14-11e7-8624-1fb07dd76c6a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,7368],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3MzQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"RDP - Encryption Level (Vertical Bar Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"RDP - Encryption Level (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0,\"filter\":true},\"title\":{\"text\":\"Encryption Level\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"encryption_level.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Encryption Level\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"ef307a70-6e20-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,7370],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3MzUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNP3 - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNP3 - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"ef7546c0-3719-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c2587840-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,7372],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3MzYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:ssl\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"7ba54e84-e774-489e-b4e5-156bff163007\"},\"panelIndex\":\"7ba54e84-e774-489e-b4e5-156bff163007\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7ba54e84-e774-489e-b4e5-156bff163007\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":13,\"y\":0,\"w\":16,\"h\":8,\"i\":\"83706228-debf-441c-ab7f-2e20c91ec132\"},\"panelIndex\":\"83706228-debf-441c-ab7f-2e20c91ec132\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_83706228-debf-441c-ab7f-2e20c91ec132\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":8,\"i\":\"e06b2a92-d78b-4d77-9948-40a96a630656\"},\"panelIndex\":\"e06b2a92-d78b-4d77-9948-40a96a630656\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e06b2a92-d78b-4d77-9948-40a96a630656\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":8,\"w\":9,\"h\":20,\"i\":\"6f2ba042-522e-43a3-8b9f-0d00e1b60070\"},\"panelIndex\":\"6f2ba042-522e-43a3-8b9f-0d00e1b60070\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6f2ba042-522e-43a3-8b9f-0d00e1b60070\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":8,\"w\":10,\"h\":20,\"i\":\"f9b0f61d-4ff7-4bfb-a210-61ac7c07407a\"},\"panelIndex\":\"f9b0f61d-4ff7-4bfb-a210-61ac7c07407a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f9b0f61d-4ff7-4bfb-a210-61ac7c07407a\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":19,\"y\":8,\"w\":11,\"h\":20,\"i\":\"19764782-13cb-4b14-b272-d30fbdead5a2\"},\"panelIndex\":\"19764782-13cb-4b14-b272-d30fbdead5a2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_19764782-13cb-4b14-b272-d30fbdead5a2\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":30,\"y\":8,\"w\":18,\"h\":20,\"i\":\"8e0caa58-2dba-4d73-bf54-2c5452b7e5ff\"},\"panelIndex\":\"8e0caa58-2dba-4d73-bf54-2c5452b7e5ff\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8e0caa58-2dba-4d73-bf54-2c5452b7e5ff\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":28,\"w\":48,\"h\":21,\"i\":\"a804d523-cf9b-47f1-85ca-4931defc69ce\"},\"panelIndex\":\"a804d523-cf9b-47f1-85ca-4931defc69ce\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a804d523-cf9b-47f1-85ca-4931defc69ce\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":49,\"w\":48,\"h\":21,\"i\":\"6ce88ef8-a636-4f1c-85e9-922ab70a500f\"},\"panelIndex\":\"6ce88ef8-a636-4f1c-85e9-922ab70a500f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6ce88ef8-a636-4f1c-85e9-922ab70a500f\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":70,\"w\":48,\"h\":29,\"i\":\"75b95d1d-98a0-4d86-b72b-1ecc6f5d7c5a\"},\"panelIndex\":\"75b95d1d-98a0-4d86-b72b-1ecc6f5d7c5a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_75b95d1d-98a0-4d86-b72b-1ecc6f5d7c5a\"}]","timeRestore":false,"title":"Security Onion - SSL","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"efae8de0-75eb-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"7ba54e84-e774-489e-b4e5-156bff163007:panel_7ba54e84-e774-489e-b4e5-156bff163007","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"83706228-debf-441c-ab7f-2e20c91ec132:panel_83706228-debf-441c-ab7f-2e20c91ec132","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"e06b2a92-d78b-4d77-9948-40a96a630656:panel_e06b2a92-d78b-4d77-9948-40a96a630656","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"6f2ba042-522e-43a3-8b9f-0d00e1b60070:panel_6f2ba042-522e-43a3-8b9f-0d00e1b60070","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"f9b0f61d-4ff7-4bfb-a210-61ac7c07407a:panel_f9b0f61d-4ff7-4bfb-a210-61ac7c07407a","type":"visualization"},{"id":"db4dc4a0-75ec-11ea-9565-7315f4ee5cac","name":"19764782-13cb-4b14-b272-d30fbdead5a2:panel_19764782-13cb-4b14-b272-d30fbdead5a2","type":"visualization"},{"id":"b8371250-75ec-11ea-9565-7315f4ee5cac","name":"8e0caa58-2dba-4d73-bf54-2c5452b7e5ff:panel_8e0caa58-2dba-4d73-bf54-2c5452b7e5ff","type":"visualization"},{"id":"4e8cbf80-75ec-11ea-9565-7315f4ee5cac","name":"a804d523-cf9b-47f1-85ca-4931defc69ce:panel_a804d523-cf9b-47f1-85ca-4931defc69ce","type":"visualization"},{"id":"6fccb600-75ec-11ea-9565-7315f4ee5cac","name":"6ce88ef8-a636-4f1c-85e9-922ab70a500f:panel_6ce88ef8-a636-4f1c-85e9-922ab70a500f","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"75b95d1d-98a0-4d86-b72b-1ecc6f5d7c5a:panel_75b95d1d-98a0-4d86-b72b-1ecc6f5d7c5a","type":"search"}],"sort":[1688996741503,7383],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3MzcsMV0="}
+{"attributes":{"columns":["data_stream.dataset","error.message"],"description":"","grid":{"columns":{"data_stream.dataset":{"width":171}}},"hideChart":true,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"event.kind: pipeline_error and error.message : * \"}}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"[Elastic Agent] Integration Errors","usesAdHocDataView":false},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"elastic_agent-462b68c0-b10b-11ed-957f-f1c897630287","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-elastic_agent-default","name":"tag-ref-fleet-pkg-elastic_agent-default","type":"tag"}],"sort":[1688996741503,7387],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3MzgsMV0="}
+{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{\"4a765eb5-fe8e-4ef3-9930-ef8f832a6832\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"data_stream.dataset\",\"title\":\"Integration Name\",\"id\":\"4a765eb5-fe8e-4ef3-9930-ef8f832a6832\",\"enhancements\":{},\"selectedOptions\":[]}},\"d5126805-1e20-4c32-8c7b-a9c0afee3215\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"agent.name\",\"title\":\"Agent Name\",\"id\":\"d5126805-1e20-4c32-8c7b-a9c0afee3215\",\"enhancements\":{}}}}"},"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":42,\"i\":\"f89ab83c-c65a-442f-9161-8459e71518cd\",\"w\":7,\"x\":0,\"y\":0},\"panelIndex\":\"f89ab83c-c65a-442f-9161-8459e71518cd\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"**Navigation**\\n\\n**Agent Health**  \\n\\n[Overview](/app/dashboards#/view/elastic_agent-a148dc70-6b3c-11ed-98de-67bdecd21824)  \\n[Agent Info](/app/dashboards#/view/elastic_agent-0600ffa0-6b5e-11ed-98de-67bdecd21824)  \\n[Agent Metrics](/app/dashboards#/view/elastic_agent-f47f18cc-9c7d-4278-b2ea-a6dee816d395)  \\n**[Integrations](/app/dashboards#/view/elastic_agent-1a4e7280-6b5e-11ed-98de-67bdecd21824)**  \\n\\n\\n**Overview**\\n\\nThis dashboards visualizes the statistics and overall health of all the active integrations.\\n\\n\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Table of Contents\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":14,\"i\":\"54f07979-6f4b-4535-b97b-0552bbeb9b39\",\"w\":12,\"x\":7,\"y\":0},\"panelIndex\":\"54f07979-6f4b-4535-b97b-0552bbeb9b39\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-d125ad67-b062-4e41-ae8b-1db28534246f\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"ec330081-de01-4c31-808f-3bfa4c01193b\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"d125ad67-b062-4e41-ae8b-1db28534246f\":{\"columnOrder\":[\"7fded190-da7d-4eb2-8a9b-0c21e50f699e\",\"0298e2d3-1fb8-4dad-a555-50089f811e70\"],\"columns\":{\"0298e2d3-1fb8-4dad-a555-50089f811e70\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"event.kind:\\\"pipeline_error\\\" \"},\"isBucketed\":false,\"label\":\"Errors\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":false,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}}},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"7fded190-da7d-4eb2-8a9b-0c21e50f699e\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Integrations\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"fallback\":false,\"type\":\"alphabetical\"},\"orderDirection\":\"asc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":100},\"scale\":\"ordinal\",\"sourceField\":\"data_stream.dataset\"}},\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"ec330081-de01-4c31-808f-3bfa4c01193b\",\"key\":\"data_stream.dataset\",\"negate\":true,\"params\":[\"elastic_agent.*\",\"elastic_agent\"],\"type\":\"phrases\",\"value\":[\"elastic_agent.*\",\"elastic_agent\"]},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"elastic_agent.*\"}},{\"match_phrase\":{\"data_stream.dataset\":\"elastic_agent\"}}]}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"colorMode\":\"cell\",\"columnId\":\"0298e2d3-1fb8-4dad-a555-50089f811e70\",\"isTransposed\":false,\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#54B399\",\"stop\":0},{\"color\":\"#CC5642\",\"stop\":1}],\"continuity\":\"above\",\"name\":\"custom\",\"rangeMax\":null,\"rangeMin\":0,\"rangeType\":\"number\",\"steps\":5,\"stops\":[{\"color\":\"#54B399\",\"stop\":1},{\"color\":\"#CC5642\",\"stop\":5}]},\"type\":\"palette\"},\"summaryLabel\":\"Total Errors\",\"summaryRow\":\"none\",\"width\":170},{\"columnId\":\"7fded190-da7d-4eb2-8a9b-0c21e50f699e\",\"isTransposed\":false,\"width\":429}],\"headerRowHeight\":\"single\",\"headerRowHeightLines\":1,\"layerId\":\"d125ad67-b062-4e41-ae8b-1db28534246f\",\"layerType\":\"data\",\"paging\":{\"enabled\":true,\"size\":10},\"rowHeight\":\"single\",\"rowHeightLines\":1,\"sorting\":{\"columnId\":\"0298e2d3-1fb8-4dad-a555-50089f811e70\",\"direction\":\"desc\"}}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"[Elastic Agent] Integration Errors Table\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":14,\"i\":\"e2b6fbdd-506f-4b42-bd11-01a33205f6da\",\"w\":29,\"x\":19,\"y\":0},\"panelIndex\":\"e2b6fbdd-506f-4b42-bd11-01a33205f6da\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-3eae8cc8-c7dd-4928-a680-2d184923881f\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"970463b2-ccd3-4298-8f57-17b6e8dbaef0\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"3eae8cc8-c7dd-4928-a680-2d184923881f\":{\"columnOrder\":[\"fe1ea7d3-8330-4e4f-ad33-d058cfc96007\",\"30a1bcb7-9331-4748-93d8-dd1a4e554d2c\",\"01d61a02-d08d-4149-a1c0-02744ac2467f\"],\"columns\":{\"01d61a02-d08d-4149-a1c0-02744ac2467f\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Events\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}}},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"30a1bcb7-9331-4748-93d8-dd1a4e554d2c\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":true,\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"fe1ea7d3-8330-4e4f-ad33-d058cfc96007\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Datasets\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"01d61a02-d08d-4149-a1c0-02744ac2467f\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"data_stream.dataset\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"970463b2-ccd3-4298-8f57-17b6e8dbaef0\",\"key\":\"data_stream.dataset\",\"negate\":true,\"params\":{\"query\":\"elastic_agent*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"elastic_agent*\"}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"01d61a02-d08d-4149-a1c0-02744ac2467f\"],\"layerId\":\"3eae8cc8-c7dd-4928-a680-2d184923881f\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"area_stacked\",\"showGridlines\":false,\"splitAccessor\":\"fe1ea7d3-8330-4e4f-ad33-d058cfc96007\",\"xAccessor\":\"30a1bcb7-9331-4748-93d8-dd1a4e554d2c\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"area_stacked\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"[Elastic Agent] Events per Integration\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":20,\"i\":\"91739766-1a6c-4e96-9ad8-c9be52c03ff6\",\"w\":41,\"x\":7,\"y\":14},\"panelIndex\":\"91739766-1a6c-4e96-9ad8-c9be52c03ff6\",\"panelRefName\":\"panel_91739766-1a6c-4e96-9ad8-c9be52c03ff6\",\"type\":\"search\",\"version\":\"8.6.1\"}]","timeRestore":false,"title":"[Elastic Agent] Integrations","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"elastic_agent-1a4e7280-6b5e-11ed-98de-67bdecd21824","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"54f07979-6f4b-4535-b97b-0552bbeb9b39:indexpattern-datasource-layer-d125ad67-b062-4e41-ae8b-1db28534246f","type":"index-pattern"},{"id":"logs-*","name":"54f07979-6f4b-4535-b97b-0552bbeb9b39:ec330081-de01-4c31-808f-3bfa4c01193b","type":"index-pattern"},{"id":"logs-*","name":"e2b6fbdd-506f-4b42-bd11-01a33205f6da:indexpattern-datasource-layer-3eae8cc8-c7dd-4928-a680-2d184923881f","type":"index-pattern"},{"id":"logs-*","name":"e2b6fbdd-506f-4b42-bd11-01a33205f6da:970463b2-ccd3-4298-8f57-17b6e8dbaef0","type":"index-pattern"},{"id":"elastic_agent-462b68c0-b10b-11ed-957f-f1c897630287","name":"91739766-1a6c-4e96-9ad8-c9be52c03ff6:panel_91739766-1a6c-4e96-9ad8-c9be52c03ff6","type":"search"},{"id":"logs-*","name":"controlGroup_4a765eb5-fe8e-4ef3-9930-ef8f832a6832:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_d5126805-1e20-4c32-8c7b-a9c0afee3215:optionsListDataView","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-elastic_agent-default","name":"tag-ref-fleet-pkg-elastic_agent-default","type":"tag"}],"sort":[1688996741503,7397],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3MzksMV0="}
+{"attributes":{"columns":["agent.name","message"],"description":"","grid":{"columns":{"agent.name":{"width":182}}},"hideChart":true,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"elastic_agent*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"elastic_agent*\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"log.level\",\"negate\":false,\"params\":{\"query\":\"error\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"log.level\":\"error\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"[Elastic Agent] Agent Errors","usesAdHocDataView":false},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"elastic_agent-522c9e20-ad53-11ed-957f-f1c897630287","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-elastic_agent-default","name":"tag-ref-fleet-pkg-elastic_agent-default","type":"tag"}],"sort":[1688996741503,7403],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3NDAsMV0="}
+{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{\"280071dd-16c7-4610-bae7-bc8f07cc6a1b\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"agent.name\",\"title\":\"Agent Hostname\",\"id\":\"280071dd-16c7-4610-bae7-bc8f07cc6a1b\",\"selectedOptions\":[],\"enhancements\":{}}},\"66670886-33b8-4cf9-95f3-fe4bff859fe9\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"data_stream.dataset\",\"title\":\"Integration Name\",\"id\":\"66670886-33b8-4cf9-95f3-fe4bff859fe9\",\"enhancements\":{}}},\"d6bc511d-a0f0-450c-b023-4d0295729dca\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"agent.version\",\"title\":\"Agent Version\",\"id\":\"d6bc511d-a0f0-450c-b023-4d0295729dca\",\"enhancements\":{}}}}"},"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":49,\"i\":\"10f18ea6-0bc4-4a96-ae2d-da7ed34c3c1a\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"10f18ea6-0bc4-4a96-ae2d-da7ed34c3c1a\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"**Navigation**\\n\\n**Agent Health**  \\n\\n[Overview](/app/dashboards#/view/elastic_agent-a148dc70-6b3c-11ed-98de-67bdecd21824)  \\n**[Agent Info](/app/dashboards#/view/elastic_agent-0600ffa0-6b5e-11ed-98de-67bdecd21824)**  \\n[Agent Metrics](/app/dashboards#/view/elastic_agent-f47f18cc-9c7d-4278-b2ea-a6dee816d395)  \\n[Integrations](/app/dashboards#/view/elastic_agent-1a4e7280-6b5e-11ed-98de-67bdecd21824)  \\n\\n**Overview**\\n\\nThis dashboards shows more detailed health information specifically related to running Elastic Agent instances.\\n\\n\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Table of Contents\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":14,\"i\":\"1fa17cb8-3a19-4fc7-9631-0f44ce8692b4\",\"w\":22,\"x\":8,\"y\":0},\"panelIndex\":\"1fa17cb8-3a19-4fc7-9631-0f44ce8692b4\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-299e2c43-13cd-477a-ba36-4c0f84bd32a4\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"ffe5b460-523c-4b2c-9403-4f6b7917c660\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"299e2c43-13cd-477a-ba36-4c0f84bd32a4\":{\"columnOrder\":[\"6188d370-f9d9-4ba3-aac8-5cc572219dcc\",\"022e5adc-bfb0-453a-ab84-37daa27b1d72\"],\"columns\":{\"022e5adc-bfb0-453a-ab84-37daa27b1d72\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Events\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"6188d370-f9d9-4ba3-aac8-5cc572219dcc\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Agents\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"022e5adc-bfb0-453a-ab84-37daa27b1d72\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":100},\"scale\":\"ordinal\",\"sourceField\":\"agent.name\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"ffe5b460-523c-4b2c-9403-4f6b7917c660\",\"key\":\"data_stream.dataset\",\"negate\":true,\"params\":[\"elastic_agent*\",\"apm.*\"],\"type\":\"phrases\",\"value\":[\"elastic_agent*\",\"apm.*\"]},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"elastic_agent*\"}},{\"match_phrase\":{\"data_stream.dataset\":\"apm.*\"}}]}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"Zero\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"hideEndzones\":false,\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"022e5adc-bfb0-453a-ab84-37daa27b1d72\"],\"layerId\":\"299e2c43-13cd-477a-ba36-4c0f84bd32a4\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar\",\"showGridlines\":false,\"splitAccessor\":\"6188d370-f9d9-4ba3-aac8-5cc572219dcc\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"showSingleSeries\":true},\"preferredSeriesType\":\"bar\",\"showCurrentTimeMarker\":false,\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"valuesInLegend\":true,\"xTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"[Elastic Agent] Most Active Agents\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":14,\"i\":\"36dd783f-4b32-41db-8d33-e2fb7b4d9365\",\"w\":18,\"x\":30,\"y\":0},\"panelIndex\":\"36dd783f-4b32-41db-8d33-e2fb7b4d9365\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-d2a77691-eb30-480e-b021-e323a1f67f07\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"79d7f2b4-c4d9-4b9b-9e3f-5b70226aebe0\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"d2a77691-eb30-480e-b021-e323a1f67f07\":{\"columnOrder\":[\"f82bd006-d5e8-42cf-975b-8c49ed8de2fe\",\"a9b13926-7e9f-4786-9372-af9a5aad1e4e\"],\"columns\":{\"a9b13926-7e9f-4786-9372-af9a5aad1e4e\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Agents\",\"operationType\":\"unique_count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"agent.name\"},\"f82bd006-d5e8-42cf-975b-8c49ed8de2fe\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Versions\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"a9b13926-7e9f-4786-9372-af9a5aad1e4e\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":9},\"scale\":\"ordinal\",\"sourceField\":\"agent.version\"}},\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"79d7f2b4-c4d9-4b9b-9e3f-5b70226aebe0\",\"key\":\"data_stream.dataset\",\"negate\":true,\"params\":{\"query\":\"apm.*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"apm.*\"}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"d2a77691-eb30-480e-b021-e323a1f67f07\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"metrics\":[\"a9b13926-7e9f-4786-9372-af9a5aad1e4e\"],\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"f82bd006-d5e8-42cf-975b-8c49ed8de2fe\"]}],\"shape\":\"donut\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"[Elastic Agent] Agent Versions\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":14,\"i\":\"5848c519-791c-45e2-b350-0740a12c3ace\",\"w\":22,\"x\":8,\"y\":14},\"panelIndex\":\"5848c519-791c-45e2-b350-0740a12c3ace\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-501c5bb4-5af0-46bf-99c1-e08ed2c31111\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"1f7f4c46-4a2f-4cf8-8509-dc41aab93385\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"501c5bb4-5af0-46bf-99c1-e08ed2c31111\":{\"columnOrder\":[\"a99f6081-4d6b-418d-92b5-28f77a248cbf\",\"97253ea0-c03f-4fc1-8512-c882a3018973\",\"97253ea0-c03f-4fc1-8512-c882a3018973X0\",\"97253ea0-c03f-4fc1-8512-c882a3018973X1\"],\"columns\":{\"97253ea0-c03f-4fc1-8512-c882a3018973\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Errors\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}},\"formula\":\"defaults(count(kql='log.level : \\\"error\\\" '), 0)\",\"isFormulaBroken\":false},\"references\":[\"97253ea0-c03f-4fc1-8512-c882a3018973X1\"],\"scale\":\"ratio\"},\"97253ea0-c03f-4fc1-8512-c882a3018973X0\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"log.level : \\\"error\\\" \"},\"isBucketed\":false,\"label\":\"Part of Errors\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"97253ea0-c03f-4fc1-8512-c882a3018973X1\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Errors\",\"operationType\":\"math\",\"params\":{\"tinymathAst\":{\"args\":[\"97253ea0-c03f-4fc1-8512-c882a3018973X0\",0],\"location\":{\"max\":46,\"min\":0},\"name\":\"defaults\",\"text\":\"defaults(count(kql='log.level : \\\"error\\\" '), 0)\",\"type\":\"function\"}},\"references\":[\"97253ea0-c03f-4fc1-8512-c882a3018973X0\"],\"scale\":\"ratio\"},\"a99f6081-4d6b-418d-92b5-28f77a248cbf\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Agents\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderAgg\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"orderBy\":{\"type\":\"custom\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":100},\"scale\":\"ordinal\",\"sourceField\":\"agent.name\"}},\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"1f7f4c46-4a2f-4cf8-8509-dc41aab93385\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"elastic_agent*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"elastic_agent*\"}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"a99f6081-4d6b-418d-92b5-28f77a248cbf\",\"isTransposed\":false},{\"colorMode\":\"cell\",\"columnId\":\"97253ea0-c03f-4fc1-8512-c882a3018973\",\"isTransposed\":false,\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#54B399\",\"stop\":0},{\"color\":\"#CC5642\",\"stop\":1}],\"continuity\":\"above\",\"name\":\"custom\",\"rangeMax\":null,\"rangeMin\":0,\"rangeType\":\"number\",\"steps\":5,\"stops\":[{\"color\":\"#54B399\",\"stop\":1},{\"color\":\"#CC5642\",\"stop\":2}]},\"type\":\"palette\"}}],\"layerId\":\"501c5bb4-5af0-46bf-99c1-e08ed2c31111\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"[Elastic Agent] Agents with Errors\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":14,\"i\":\"ea70f89b-accb-4972-9119-b04d1afae410\",\"w\":18,\"x\":30,\"y\":14},\"panelIndex\":\"ea70f89b-accb-4972-9119-b04d1afae410\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-2b14e40b-0f07-4713-b7fb-96b4df2c93aa\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"5aae4230-61df-4557-972b-cf52a1c78870\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"2b14e40b-0f07-4713-b7fb-96b4df2c93aa\":{\"columnOrder\":[\"0af06ae8-c199-4684-a132-a1a3d42acaec\",\"faf97258-224e-4050-9c05-3c4bb647a9f0\"],\"columns\":{\"0af06ae8-c199-4684-a132-a1a3d42acaec\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Agents\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"faf97258-224e-4050-9c05-3c4bb647a9f0\",\"type\":\"column\"},\"orderDirection\":\"asc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"agent.name\"},\"faf97258-224e-4050-9c05-3c4bb647a9f0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Number of Integrations\",\"operationType\":\"unique_count\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}}},\"scale\":\"ratio\",\"sourceField\":\"data_stream.dataset\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"5aae4230-61df-4557-972b-cf52a1c78870\",\"key\":\"data_stream.dataset\",\"negate\":true,\"params\":{\"query\":\"elastic_agent*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"elastic_agent*\"}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"2b14e40b-0f07-4713-b7fb-96b4df2c93aa\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"metrics\":[\"faf97258-224e-4050-9c05-3c4bb647a9f0\"],\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"0af06ae8-c199-4684-a132-a1a3d42acaec\"]}],\"shape\":\"donut\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"action\":{\"config\":{\"openInNewTab\":false,\"useCurrentDateRange\":true,\"useCurrentFilters\":false},\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"Integrations Dashboard\"},\"eventId\":\"f2edc3a8-5d50-4649-bb16-536aa103ed58\",\"triggers\":[\"FILTER_TRIGGER\"]}]}},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"[Elastic Agent] Integrations per Agent\"},{\"embeddableConfig\":{\"enhancements\":{},\"rowHeight\":-1},\"gridData\":{\"h\":21,\"i\":\"9604578e-7da2-4575-923e-f15e51bca436\",\"w\":40,\"x\":8,\"y\":28},\"panelIndex\":\"9604578e-7da2-4575-923e-f15e51bca436\",\"panelRefName\":\"panel_9604578e-7da2-4575-923e-f15e51bca436\",\"type\":\"search\",\"version\":\"8.6.1\"}]","timeRestore":false,"title":"[Elastic Agent] Agent Info","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"elastic_agent-0600ffa0-6b5e-11ed-98de-67bdecd21824","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"1fa17cb8-3a19-4fc7-9631-0f44ce8692b4:indexpattern-datasource-layer-299e2c43-13cd-477a-ba36-4c0f84bd32a4","type":"index-pattern"},{"id":"logs-*","name":"1fa17cb8-3a19-4fc7-9631-0f44ce8692b4:ffe5b460-523c-4b2c-9403-4f6b7917c660","type":"index-pattern"},{"id":"logs-*","name":"36dd783f-4b32-41db-8d33-e2fb7b4d9365:indexpattern-datasource-layer-d2a77691-eb30-480e-b021-e323a1f67f07","type":"index-pattern"},{"id":"logs-*","name":"36dd783f-4b32-41db-8d33-e2fb7b4d9365:79d7f2b4-c4d9-4b9b-9e3f-5b70226aebe0","type":"index-pattern"},{"id":"logs-*","name":"5848c519-791c-45e2-b350-0740a12c3ace:indexpattern-datasource-layer-501c5bb4-5af0-46bf-99c1-e08ed2c31111","type":"index-pattern"},{"id":"logs-*","name":"5848c519-791c-45e2-b350-0740a12c3ace:1f7f4c46-4a2f-4cf8-8509-dc41aab93385","type":"index-pattern"},{"id":"logs-*","name":"ea70f89b-accb-4972-9119-b04d1afae410:indexpattern-datasource-layer-2b14e40b-0f07-4713-b7fb-96b4df2c93aa","type":"index-pattern"},{"id":"logs-*","name":"ea70f89b-accb-4972-9119-b04d1afae410:5aae4230-61df-4557-972b-cf52a1c78870","type":"index-pattern"},{"id":"elastic_agent-1a4e7280-6b5e-11ed-98de-67bdecd21824","name":"ea70f89b-accb-4972-9119-b04d1afae410:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:f2edc3a8-5d50-4649-bb16-536aa103ed58:dashboardId","type":"dashboard"},{"id":"elastic_agent-522c9e20-ad53-11ed-957f-f1c897630287","name":"9604578e-7da2-4575-923e-f15e51bca436:panel_9604578e-7da2-4575-923e-f15e51bca436","type":"search"},{"id":"logs-*","name":"controlGroup_280071dd-16c7-4610-bae7-bc8f07cc6a1b:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_66670886-33b8-4cf9-95f3-fe4bff859fe9:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_d6bc511d-a0f0-450c-b023-4d0295729dca:optionsListDataView","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-elastic_agent-default","name":"tag-ref-fleet-pkg-elastic_agent-default","type":"tag"}],"sort":[1688996741503,7419],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3NDEsMV0="}
+{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"twoLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{}"},"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":32,\"i\":\"7ec831d9-fe10-44ae-8859-ac8ed50ef16f\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"7ec831d9-fe10-44ae-8859-ac8ed50ef16f\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"**Navigation**\\n\\n**Agent Health**  \\n\\n**[Overview](/app/dashboards#/view/elastic_agent-a148dc70-6b3c-11ed-98de-67bdecd21824)**  \\n[Agent Info](/app/dashboards#/view/elastic_agent-0600ffa0-6b5e-11ed-98de-67bdecd21824)  \\n[Agent Metrics](/app/dashboards#/view/elastic_agent-f47f18cc-9c7d-4278-b2ea-a6dee816d395)  \\n[Integrations](/app/dashboards#/view/elastic_agent-1a4e7280-6b5e-11ed-98de-67bdecd21824)  \\n\\n**Overview**\\n\\nThis dashboard gives an overview of the current overall state and health of all Agents and their related enabled Integrations.\\n\\n\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Table of Contents\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":4,\"i\":\"106d153c-b2ce-497f-92a2-a6e37f3fee48\",\"w\":10,\"x\":8,\"y\":0},\"panelIndex\":\"106d153c-b2ce-497f-92a2-a6e37f3fee48\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-7a3dc055-1f15-4a42-b451-90a79c11e49c\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"cb5da399-620a-4db3-91d2-13febb4e0811\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"7a3dc055-1f15-4a42-b451-90a79c11e49c\":{\"columnOrder\":[\"15e49cfd-4bd5-4d51-af12-0878e9597dfa\",\"15e49cfd-4bd5-4d51-af12-0878e9597dfaX0\",\"15e49cfd-4bd5-4d51-af12-0878e9597dfaX1\"],\"columns\":{\"15e49cfd-4bd5-4d51-af12-0878e9597dfa\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"isBucketed\":false,\"label\":\"Integrations Enabled\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"number\",\"params\":{\"decimals\":2}},\"formula\":\"defaults(unique_count(data_stream.dataset), 0)\",\"isFormulaBroken\":false},\"references\":[\"15e49cfd-4bd5-4d51-af12-0878e9597dfaX1\"],\"scale\":\"ratio\"},\"15e49cfd-4bd5-4d51-af12-0878e9597dfaX0\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"isBucketed\":false,\"label\":\"Part of defaults(unique_count(data_stream.dataset), 0)\",\"operationType\":\"unique_count\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"data_stream.dataset\"},\"15e49cfd-4bd5-4d51-af12-0878e9597dfaX1\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of defaults(unique_count(data_stream.dataset), 0)\",\"operationType\":\"math\",\"params\":{\"tinymathAst\":{\"args\":[\"15e49cfd-4bd5-4d51-af12-0878e9597dfaX0\",0],\"location\":{\"max\":46,\"min\":0},\"name\":\"defaults\",\"text\":\"defaults(unique_count(data_stream.dataset), 0)\",\"type\":\"function\"}},\"references\":[\"15e49cfd-4bd5-4d51-af12-0878e9597dfaX0\"],\"scale\":\"ratio\"}},\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"cb5da399-620a-4db3-91d2-13febb4e0811\",\"key\":\"data_stream.dataset\",\"negate\":true,\"params\":{\"query\":\"elastic_agent*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"elastic_agent*\"}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layerId\":\"7a3dc055-1f15-4a42-b451-90a79c11e49c\",\"layerType\":\"data\",\"metricAccessor\":\"15e49cfd-4bd5-4d51-af12-0878e9597dfa\",\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#cc5642\",\"stop\":null},{\"color\":\"#54B399\",\"stop\":1}],\"continuity\":\"all\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":null,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#cc5642\",\"stop\":1},{\"color\":\"#54B399\",\"stop\":20}]},\"type\":\"palette\"}}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\"},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"action\":{\"config\":{\"openInNewTab\":false,\"useCurrentDateRange\":true,\"useCurrentFilters\":true},\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"View Integrations Dashboard\"},\"eventId\":\"9ecd8fe7-916e-468c-a071-4ea76cf09520\",\"triggers\":[\"FILTER_TRIGGER\"]}]}},\"hidePanelTitles\":true,\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":4,\"i\":\"f7fb14c3-542a-4dcb-a141-ea6f57f7ec50\",\"w\":10,\"x\":18,\"y\":0},\"panelIndex\":\"f7fb14c3-542a-4dcb-a141-ea6f57f7ec50\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-87b97f29-3b44-4769-8c7c-469a4d9a906f\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"87b97f29-3b44-4769-8c7c-469a4d9a906f\":{\"columnOrder\":[\"ff7ba9db-cf33-4cda-be08-7ca4d3c4bcd2\",\"ff7ba9db-cf33-4cda-be08-7ca4d3c4bcd2X0\",\"ff7ba9db-cf33-4cda-be08-7ca4d3c4bcd2X1\"],\"columns\":{\"ff7ba9db-cf33-4cda-be08-7ca4d3c4bcd2\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Ingest Errors\",\"operationType\":\"formula\",\"params\":{\"formula\":\"defaults(count(event.kind, kql='event.kind: pipeline_error'), 0)\",\"isFormulaBroken\":false},\"references\":[\"ff7ba9db-cf33-4cda-be08-7ca4d3c4bcd2X1\"],\"scale\":\"ratio\"},\"ff7ba9db-cf33-4cda-be08-7ca4d3c4bcd2X0\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"event.kind: pipeline_error\"},\"isBucketed\":false,\"label\":\"Part of Ingest Errors\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"event.kind\"},\"ff7ba9db-cf33-4cda-be08-7ca4d3c4bcd2X1\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Ingest Errors\",\"operationType\":\"math\",\"params\":{\"tinymathAst\":{\"args\":[\"ff7ba9db-cf33-4cda-be08-7ca4d3c4bcd2X0\",0],\"location\":{\"max\":64,\"min\":0},\"name\":\"defaults\",\"text\":\"defaults(count(event.kind, kql='event.kind: pipeline_error'), 0)\",\"type\":\"function\"}},\"references\":[\"ff7ba9db-cf33-4cda-be08-7ca4d3c4bcd2X0\"],\"scale\":\"ratio\"}},\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layerId\":\"87b97f29-3b44-4769-8c7c-469a4d9a906f\",\"layerType\":\"data\",\"metricAccessor\":\"ff7ba9db-cf33-4cda-be08-7ca4d3c4bcd2\",\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#54B399\",\"stop\":null},{\"color\":\"#cc5642\",\"stop\":1}],\"continuity\":\"all\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":null,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#54B399\",\"stop\":1},{\"color\":\"#cc5642\",\"stop\":2}]},\"type\":\"palette\"}}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\"},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"action\":{\"config\":{\"openInNewTab\":false,\"useCurrentDateRange\":true,\"useCurrentFilters\":true},\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"View Integrations Dashboard\"},\"eventId\":\"34bc44f3-8bfe-424b-ada8-225ec0ca67a6\",\"triggers\":[\"FILTER_TRIGGER\"]}]}},\"hidePanelTitles\":true,\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":4,\"i\":\"d9875e32-dd5f-4084-81c5-262f7bd0ccba\",\"w\":10,\"x\":28,\"y\":0},\"panelIndex\":\"d9875e32-dd5f-4084-81c5-262f7bd0ccba\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-468dc136-5f5c-4cd1-8569-cc8529881e52\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"468dc136-5f5c-4cd1-8569-cc8529881e52\":{\"columnOrder\":[\"a829ad10-3d32-47f1-8652-6cc35ed80edf\",\"a829ad10-3d32-47f1-8652-6cc35ed80edfX0\",\"a829ad10-3d32-47f1-8652-6cc35ed80edfX1\"],\"columns\":{\"a829ad10-3d32-47f1-8652-6cc35ed80edf\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Agents Ingested Data\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"number\",\"params\":{\"decimals\":2}},\"formula\":\"defaults(unique_count(agent.id), 0)\",\"isFormulaBroken\":false},\"references\":[\"a829ad10-3d32-47f1-8652-6cc35ed80edfX1\"],\"scale\":\"ratio\"},\"a829ad10-3d32-47f1-8652-6cc35ed80edfX0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Current Active Agents\",\"operationType\":\"unique_count\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"agent.id\"},\"a829ad10-3d32-47f1-8652-6cc35ed80edfX1\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Current Active Agents\",\"operationType\":\"math\",\"params\":{\"tinymathAst\":{\"args\":[\"a829ad10-3d32-47f1-8652-6cc35ed80edfX0\",0],\"location\":{\"max\":35,\"min\":0},\"name\":\"defaults\",\"text\":\"defaults(unique_count(agent.id), 0)\",\"type\":\"function\"}},\"references\":[\"a829ad10-3d32-47f1-8652-6cc35ed80edfX0\"],\"scale\":\"ratio\"}},\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layerId\":\"468dc136-5f5c-4cd1-8569-cc8529881e52\",\"layerType\":\"data\",\"metricAccessor\":\"a829ad10-3d32-47f1-8652-6cc35ed80edf\",\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#cc5642\",\"stop\":null},{\"color\":\"#54B399\",\"stop\":1}],\"continuity\":\"all\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":null,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#cc5642\",\"stop\":1},{\"color\":\"#54B399\",\"stop\":2}]},\"type\":\"palette\"},\"showBar\":false,\"subtitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\"},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"action\":{\"config\":{\"openInNewTab\":false,\"useCurrentDateRange\":true,\"useCurrentFilters\":true},\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"View Agents Dashboard\"},\"eventId\":\"ff1c170b-d997-40ef-9093-ca8265c8c031\",\"triggers\":[\"FILTER_TRIGGER\"]}]}},\"hidePanelTitles\":true,\"type\":\"lens\"},\"title\":\"Current Active Agents\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":4,\"i\":\"e8be8d39-4557-4077-bf45-e8c481f90699\",\"w\":10,\"x\":38,\"y\":0},\"panelIndex\":\"e8be8d39-4557-4077-bf45-e8c481f90699\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-87b97f29-3b44-4769-8c7c-469a4d9a906f\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"3f0b51ab-5242-4904-8e6c-c8654c68bbec\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"87b97f29-3b44-4769-8c7c-469a4d9a906f\":{\"columnOrder\":[\"ff7ba9db-cf33-4cda-be08-7ca4d3c4bcd2\",\"ff7ba9db-cf33-4cda-be08-7ca4d3c4bcd2X0\",\"ff7ba9db-cf33-4cda-be08-7ca4d3c4bcd2X1\"],\"columns\":{\"ff7ba9db-cf33-4cda-be08-7ca4d3c4bcd2\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"isBucketed\":false,\"label\":\"Agent Errors\",\"operationType\":\"formula\",\"params\":{\"formula\":\"defaults(count(kql='log.level: error'), 0)\",\"isFormulaBroken\":false},\"references\":[\"ff7ba9db-cf33-4cda-be08-7ca4d3c4bcd2X1\"],\"scale\":\"ratio\"},\"ff7ba9db-cf33-4cda-be08-7ca4d3c4bcd2X0\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"log.level: error\"},\"isBucketed\":false,\"label\":\"Part of Agent Errors\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"ff7ba9db-cf33-4cda-be08-7ca4d3c4bcd2X1\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Agent Errors\",\"operationType\":\"math\",\"params\":{\"tinymathAst\":{\"args\":[\"ff7ba9db-cf33-4cda-be08-7ca4d3c4bcd2X0\",0],\"location\":{\"max\":42,\"min\":0},\"name\":\"defaults\",\"text\":\"defaults(count(kql='log.level: error'), 0)\",\"type\":\"function\"}},\"references\":[\"ff7ba9db-cf33-4cda-be08-7ca4d3c4bcd2X0\"],\"scale\":\"ratio\"}},\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"3f0b51ab-5242-4904-8e6c-c8654c68bbec\",\"key\":\"data_stream.dataset\",\"negate\":true,\"params\":{\"query\":\"elastic_agent*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"elastic_agent*\"}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layerId\":\"87b97f29-3b44-4769-8c7c-469a4d9a906f\",\"layerType\":\"data\",\"metricAccessor\":\"ff7ba9db-cf33-4cda-be08-7ca4d3c4bcd2\",\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#54B399\",\"stop\":null},{\"color\":\"#cc5642\",\"stop\":1}],\"continuity\":\"all\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":null,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#54B399\",\"stop\":1},{\"color\":\"#cc5642\",\"stop\":2}]},\"type\":\"palette\"}}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\"},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"action\":{\"config\":{\"openInNewTab\":false,\"useCurrentDateRange\":true,\"useCurrentFilters\":true},\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"View Agents Dashboard\"},\"eventId\":\"1c9c2911-505b-4aae-92d9-ae278ab4a378\",\"triggers\":[\"FILTER_TRIGGER\"]}]}},\"hidePanelTitles\":true,\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":14,\"i\":\"b197eb2e-ee86-490c-afe1-605ce8e2edc1\",\"w\":20,\"x\":8,\"y\":4},\"panelIndex\":\"b197eb2e-ee86-490c-afe1-605ce8e2edc1\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-6c39da5e-0bfa-4ac0-b52c-75491ad21e8a\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"fbb56fc8-f301-483f-8d45-f6b2203ed246\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"6c39da5e-0bfa-4ac0-b52c-75491ad21e8a\":{\"columnOrder\":[\"ab9c8cb3-f469-4791-b087-cc9f006d60ee\",\"b8e08b83-8208-4df0-b627-95b5704b94da\"],\"columns\":{\"ab9c8cb3-f469-4791-b087-cc9f006d60ee\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Most Active Agents\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"b8e08b83-8208-4df0-b627-95b5704b94da\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"agent.name\"},\"b8e08b83-8208-4df0-b627-95b5704b94da\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Events\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"fbb56fc8-f301-483f-8d45-f6b2203ed246\",\"key\":\"data_stream.dataset\",\"negate\":true,\"params\":{\"query\":\"elastic_agent*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"elastic_agent*\"}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"b8e08b83-8208-4df0-b627-95b5704b94da\"],\"layerId\":\"6c39da5e-0bfa-4ac0-b52c-75491ad21e8a\",\"layerType\":\"data\",\"seriesType\":\"bar\",\"splitAccessor\":\"ab9c8cb3-f469-4791-b087-cc9f006d60ee\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"valuesInLegend\":true}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"action\":{\"config\":{\"openInNewTab\":false,\"useCurrentDateRange\":true,\"useCurrentFilters\":false},\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"View Agent Dashboard\"},\"eventId\":\"8b6dea27-19d8-4cbd-bc1a-cc1f5dd63544\",\"triggers\":[\"FILTER_TRIGGER\"]}]}},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Most Active Agents\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":14,\"i\":\"6e1bf032-bd2e-45e3-804b-d630d460228a\",\"w\":40,\"x\":8,\"y\":18},\"panelIndex\":\"6e1bf032-bd2e-45e3-804b-d630d460228a\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-70d7d4e3-d581-41d1-81d1-834b8f5f3ab9\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"70d7d4e3-d581-41d1-81d1-834b8f5f3ab9\":{\"columnOrder\":[\"2e4f2692-fd32-4ab0-90cd-200dbd8356fd\",\"5f946118-7578-4dbc-a6e3-a7be2469e4de\",\"1f636603-62e0-4bf2-a7c1-0c84f88743ba\"],\"columns\":{\"1f636603-62e0-4bf2-a7c1-0c84f88743ba\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Events -24h\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"timeShift\":\"1d\"},\"2e4f2692-fd32-4ab0-90cd-200dbd8356fd\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":true,\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"5f946118-7578-4dbc-a6e3-a7be2469e4de\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Events\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"timeShift\":\"\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"5f946118-7578-4dbc-a6e3-a7be2469e4de\",\"1f636603-62e0-4bf2-a7c1-0c84f88743ba\"],\"layerId\":\"70d7d4e3-d581-41d1-81d1-834b8f5f3ab9\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"area\",\"showGridlines\":false,\"xAccessor\":\"2e4f2692-fd32-4ab0-90cd-200dbd8356fd\",\"yConfig\":[{\"axisMode\":\"auto\",\"forAccessor\":\"1f636603-62e0-4bf2-a7c1-0c84f88743ba\"}]}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"area\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"action\":{\"config\":{\"openInNewTab\":false,\"useCurrentDateRange\":true,\"useCurrentFilters\":false},\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"View Integrations Dashboard\"},\"eventId\":\"00799702-30ac-4ab1-9a3e-a82aa1f0d507\",\"triggers\":[\"FILTER_TRIGGER\"]}]}},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Ingest Rates\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":14,\"i\":\"9ea33099-240d-4f37-b154-216aaccb6f4a\",\"w\":20,\"x\":28,\"y\":4},\"panelIndex\":\"9ea33099-240d-4f37-b154-216aaccb6f4a\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-06e5675e-d8f9-45b5-ba57-bae75a6eab02\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"0769541a-e3f2-49c1-beb8-aaf9ecf101e2\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"06e5675e-d8f9-45b5-ba57-bae75a6eab02\":{\"columnOrder\":[\"e8cc2c73-3c70-4ca4-b651-cee619a24dee\",\"49a1a6af-5e02-4aa7-98f1-1cdca13b41d9\"],\"columns\":{\"49a1a6af-5e02-4aa7-98f1-1cdca13b41d9\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"e8cc2c73-3c70-4ca4-b651-cee619a24dee\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 15 values of data_stream.dataset\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"49a1a6af-5e02-4aa7-98f1-1cdca13b41d9\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":15},\"scale\":\"ordinal\",\"sourceField\":\"data_stream.dataset\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"0769541a-e3f2-49c1-beb8-aaf9ecf101e2\",\"key\":\"data_stream.dataset\",\"negate\":true,\"params\":{\"query\":\"elastic_agent*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"elastic_agent*\"}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"06e5675e-d8f9-45b5-ba57-bae75a6eab02\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"legendSize\":\"large\",\"metrics\":[\"49a1a6af-5e02-4aa7-98f1-1cdca13b41d9\"],\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"e8cc2c73-3c70-4ca4-b651-cee619a24dee\"],\"truncateLegend\":false}],\"shape\":\"donut\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"action\":{\"config\":{\"openInNewTab\":false,\"useCurrentDateRange\":true,\"useCurrentFilters\":false},\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"View Integrations Dashboard\"},\"eventId\":\"7c5aeb9a-d5d0-4e3a-89c0-98bb2f46e6cc\",\"triggers\":[\"FILTER_TRIGGER\"]}]}},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Most Active Integrations\"}]","timeRestore":false,"title":"[Elastic Agent] Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"elastic_agent-a148dc70-6b3c-11ed-98de-67bdecd21824","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"106d153c-b2ce-497f-92a2-a6e37f3fee48:indexpattern-datasource-layer-7a3dc055-1f15-4a42-b451-90a79c11e49c","type":"index-pattern"},{"id":"logs-*","name":"106d153c-b2ce-497f-92a2-a6e37f3fee48:cb5da399-620a-4db3-91d2-13febb4e0811","type":"index-pattern"},{"id":"elastic_agent-1a4e7280-6b5e-11ed-98de-67bdecd21824","name":"106d153c-b2ce-497f-92a2-a6e37f3fee48:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:9ecd8fe7-916e-468c-a071-4ea76cf09520:dashboardId","type":"dashboard"},{"id":"logs-*","name":"f7fb14c3-542a-4dcb-a141-ea6f57f7ec50:indexpattern-datasource-layer-87b97f29-3b44-4769-8c7c-469a4d9a906f","type":"index-pattern"},{"id":"elastic_agent-1a4e7280-6b5e-11ed-98de-67bdecd21824","name":"f7fb14c3-542a-4dcb-a141-ea6f57f7ec50:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:34bc44f3-8bfe-424b-ada8-225ec0ca67a6:dashboardId","type":"dashboard"},{"id":"logs-*","name":"d9875e32-dd5f-4084-81c5-262f7bd0ccba:indexpattern-datasource-layer-468dc136-5f5c-4cd1-8569-cc8529881e52","type":"index-pattern"},{"id":"elastic_agent-0600ffa0-6b5e-11ed-98de-67bdecd21824","name":"d9875e32-dd5f-4084-81c5-262f7bd0ccba:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:ff1c170b-d997-40ef-9093-ca8265c8c031:dashboardId","type":"dashboard"},{"id":"logs-*","name":"e8be8d39-4557-4077-bf45-e8c481f90699:indexpattern-datasource-layer-87b97f29-3b44-4769-8c7c-469a4d9a906f","type":"index-pattern"},{"id":"logs-*","name":"e8be8d39-4557-4077-bf45-e8c481f90699:3f0b51ab-5242-4904-8e6c-c8654c68bbec","type":"index-pattern"},{"id":"elastic_agent-0600ffa0-6b5e-11ed-98de-67bdecd21824","name":"e8be8d39-4557-4077-bf45-e8c481f90699:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:1c9c2911-505b-4aae-92d9-ae278ab4a378:dashboardId","type":"dashboard"},{"id":"logs-*","name":"b197eb2e-ee86-490c-afe1-605ce8e2edc1:indexpattern-datasource-layer-6c39da5e-0bfa-4ac0-b52c-75491ad21e8a","type":"index-pattern"},{"id":"logs-*","name":"b197eb2e-ee86-490c-afe1-605ce8e2edc1:fbb56fc8-f301-483f-8d45-f6b2203ed246","type":"index-pattern"},{"id":"elastic_agent-0600ffa0-6b5e-11ed-98de-67bdecd21824","name":"b197eb2e-ee86-490c-afe1-605ce8e2edc1:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:8b6dea27-19d8-4cbd-bc1a-cc1f5dd63544:dashboardId","type":"dashboard"},{"id":"logs-*","name":"6e1bf032-bd2e-45e3-804b-d630d460228a:indexpattern-datasource-layer-70d7d4e3-d581-41d1-81d1-834b8f5f3ab9","type":"index-pattern"},{"id":"elastic_agent-1a4e7280-6b5e-11ed-98de-67bdecd21824","name":"6e1bf032-bd2e-45e3-804b-d630d460228a:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:00799702-30ac-4ab1-9a3e-a82aa1f0d507:dashboardId","type":"dashboard"},{"id":"logs-*","name":"9ea33099-240d-4f37-b154-216aaccb6f4a:indexpattern-datasource-layer-06e5675e-d8f9-45b5-ba57-bae75a6eab02","type":"index-pattern"},{"id":"logs-*","name":"9ea33099-240d-4f37-b154-216aaccb6f4a:0769541a-e3f2-49c1-beb8-aaf9ecf101e2","type":"index-pattern"},{"id":"elastic_agent-1a4e7280-6b5e-11ed-98de-67bdecd21824","name":"9ea33099-240d-4f37-b154-216aaccb6f4a:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:7c5aeb9a-d5d0-4e3a-89c0-98bb2f46e6cc:dashboardId","type":"dashboard"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-elastic_agent-default","name":"tag-ref-fleet-pkg-elastic_agent-default","type":"tag"}],"sort":[1688996741503,7440],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3NDIsMV0="}
+{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{\"2678bf39-3def-453e-9f30-2904bc88efe9\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"agent.name\",\"title\":\"Agent Hostname\",\"id\":\"2678bf39-3def-453e-9f30-2904bc88efe9\",\"enhancements\":{},\"selectedOptions\":[]}}}"},"description":"Elastic Agent metrics dashboard","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":27,\"i\":\"443b1597-9d5f-4b9c-8848-643d0381b2f4\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"443b1597-9d5f-4b9c-8848-643d0381b2f4\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"**Navigation**\\n\\n**Agent Health**  \\n\\n[Overview](/app/dashboards#/view/elastic_agent-a148dc70-6b3c-11ed-98de-67bdecd21824)  \\n[Agent Info](/app/dashboards#/view/elastic_agent-0600ffa0-6b5e-11ed-98de-67bdecd21824)  \\n**[Agent Metrics](/app/dashboards#/view/elastic_agent-f47f18cc-9c7d-4278-b2ea-a6dee816d395)**  \\n[Integrations](/app/dashboards#/view/elastic_agent-1a4e7280-6b5e-11ed-98de-67bdecd21824)  \\n\\n**Overview**\\n\\nThis dashboard is used to show detailed metrics related to the specific agent used in the filter.\\n\\n\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Table of Contents\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":9,\"i\":\"59d829a2-c460-450d-b3f1-e24463ca8fbc\",\"w\":40,\"x\":8,\"y\":9},\"panelIndex\":\"59d829a2-c460-450d-b3f1-e24463ca8fbc\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-c8958799-403d-41b6-9b7a-836c6de65bb6\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"c8958799-403d-41b6-9b7a-836c6de65bb6\":{\"columnOrder\":[\"30880bcc-bda9-4cb3-b86c-e1ec9f01f4a5\",\"c59ea682-bc16-4391-a1db-366fe40591e4\",\"401c5798-78b4-40ea-8ff7-debce9f4dbeb\"],\"columns\":{\"30880bcc-bda9-4cb3-b86c-e1ec9f01f4a5\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 values of elastic_agent.process\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"401c5798-78b4-40ea-8ff7-debce9f4dbeb\",\"type\":\"column\"},\"orderDirection\":\"asc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"elastic_agent.process\"},\"401c5798-78b4-40ea-8ff7-debce9f4dbeb\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Memory Usage\",\"operationType\":\"max\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}},\"scale\":\"ratio\",\"sourceField\":\"system.process.memory.size\"},\"c59ea682-bc16-4391-a1db-366fe40591e4\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":true,\"includeEmptyRows\":false,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"401c5798-78b4-40ea-8ff7-debce9f4dbeb\"],\"layerId\":\"c8958799-403d-41b6-9b7a-836c6de65bb6\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"area_stacked\",\"showGridlines\":false,\"splitAccessor\":\"30880bcc-bda9-4cb3-b86c-e1ec9f01f4a5\",\"xAccessor\":\"c59ea682-bc16-4391-a1db-366fe40591e4\"}],\"legend\":{\"isInside\":false,\"isVisible\":true,\"legendSize\":\"large\",\"position\":\"right\",\"shouldTruncate\":true,\"showSingleSeries\":true},\"preferredSeriesType\":\"area_stacked\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"valuesInLegend\":true}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"[Elastic Agent] Memory Usage\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":9,\"i\":\"3f8fc111-60c1-4886-bb6d-3b83cdcf88c5\",\"w\":40,\"x\":8,\"y\":18},\"panelIndex\":\"3f8fc111-60c1-4886-bb6d-3b83cdcf88c5\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-46ce3b62-69c2-45c5-bfb2-8eadce526ad1\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"46ce3b62-69c2-45c5-bfb2-8eadce526ad1\":{\"columnOrder\":[\"089affc6-b838-4335-af8e-c8c6da056c5a\",\"1ccaf97b-1693-4ab1-824b-c364b73b901e\",\"2c4fab1b-eb92-4949-bcc2-225d2c0bdb24\"],\"columns\":{\"089affc6-b838-4335-af8e-c8c6da056c5a\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 values of elastic_agent.process\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"2c4fab1b-eb92-4949-bcc2-225d2c0bdb24\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"elastic_agent.process\"},\"1ccaf97b-1693-4ab1-824b-c364b73b901e\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":true,\"includeEmptyRows\":false,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"2c4fab1b-eb92-4949-bcc2-225d2c0bdb24\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Maximum of system.process.fd.open\",\"operationType\":\"max\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"system.process.fd.open\"}},\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"accessors\":[\"2c4fab1b-eb92-4949-bcc2-225d2c0bdb24\"],\"layerId\":\"46ce3b62-69c2-45c5-bfb2-8eadce526ad1\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"area_stacked\",\"showGridlines\":false,\"splitAccessor\":\"089affc6-b838-4335-af8e-c8c6da056c5a\",\"xAccessor\":\"1ccaf97b-1693-4ab1-824b-c364b73b901e\"}],\"legend\":{\"isVisible\":true,\"legendSize\":\"large\",\"position\":\"right\",\"shouldTruncate\":true,\"showSingleSeries\":true},\"preferredSeriesType\":\"area_stacked\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\",\"valuesInLegend\":true}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"[Elastic Agent] Open Handles\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":9,\"i\":\"6f1753a7-612d-4e25-a33f-8aa3542d3c39\",\"w\":24,\"x\":0,\"y\":27},\"panelIndex\":\"6f1753a7-612d-4e25-a33f-8aa3542d3c39\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-ad65be36-0be3-4937-8f41-ec9e48adfce6\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"1f53ae6d-f631-4ef1-8da4-e1918fd352af\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"ad65be36-0be3-4937-8f41-ec9e48adfce6\":{\"columnOrder\":[\"2e112c50-5bc4-4c0b-a69b-8c17e0f9fc0a\",\"49cd060d-6f21-4d81-ad6b-1c8462c97353\",\"e201a210-6e89-4d72-9d9c-a00b036fb0eb\",\"f5cbe487-2a43-425b-9cd1-40283e5e596c\"],\"columns\":{\"2e112c50-5bc4-4c0b-a69b-8c17e0f9fc0a\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of beat.type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"fallback\":true,\"type\":\"alphabetical\"},\"orderDirection\":\"asc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"beat.type\"},\"49cd060d-6f21-4d81-ad6b-1c8462c97353\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":true,\"includeEmptyRows\":false,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"e201a210-6e89-4d72-9d9c-a00b036fb0eb\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"elastic_agent.*\\\" \"},\"isBucketed\":false,\"label\":\"Events Rate /s\",\"operationType\":\"counter_rate\",\"references\":[\"f5cbe487-2a43-425b-9cd1-40283e5e596c\"],\"scale\":\"ratio\",\"timeScale\":\"s\"},\"f5cbe487-2a43-425b-9cd1-40283e5e596c\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Maximum of beat.stats.libbeat.output.events.total\",\"operationType\":\"max\",\"scale\":\"ratio\",\"sourceField\":\"beat.stats.libbeat.output.events.total\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"1f53ae6d-f631-4ef1-8da4-e1918fd352af\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"elastic_agent.*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"elastic_agent.*\"}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"e201a210-6e89-4d72-9d9c-a00b036fb0eb\"],\"layerId\":\"ad65be36-0be3-4937-8f41-ec9e48adfce6\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"2e112c50-5bc4-4c0b-a69b-8c17e0f9fc0a\",\"xAccessor\":\"49cd060d-6f21-4d81-ad6b-1c8462c97353\"}],\"legend\":{\"isVisible\":true,\"legendSize\":\"large\",\"position\":\"right\",\"showSingleSeries\":true},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"valuesInLegend\":true,\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"[Elastic Agent] Total events rate /s\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":9,\"i\":\"daff36f6-d0b5-45e8-b0d9-910bace3c15b\",\"w\":24,\"x\":24,\"y\":27},\"panelIndex\":\"daff36f6-d0b5-45e8-b0d9-910bace3c15b\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-47363713-6910-43c5-9f85-328b9ee18f0d\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"4984682b-b209-448b-a8bc-239d1858c0ae\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"47363713-6910-43c5-9f85-328b9ee18f0d\":{\"columnOrder\":[\"009f999d-bdb4-4b3f-a031-06d2a7173a57\",\"754d7a35-095e-4905-ad7d-23d89edaf74f\",\"c601246c-06f3-4f94-9d2a-a950eb4d499e\",\"672c59a5-1ad7-4f2b-89a5-cb3920d94e4b\"],\"columns\":{\"009f999d-bdb4-4b3f-a031-06d2a7173a57\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of beat.type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"fallback\":true,\"type\":\"alphabetical\"},\"orderDirection\":\"asc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"beat.type\"},\"672c59a5-1ad7-4f2b-89a5-cb3920d94e4b\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Maximum of beat.stats.libbeat.output.write.bytes\",\"operationType\":\"max\",\"scale\":\"ratio\",\"sourceField\":\"beat.stats.libbeat.output.write.bytes\"},\"754d7a35-095e-4905-ad7d-23d89edaf74f\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":true,\"includeEmptyRows\":false,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"c601246c-06f3-4f94-9d2a-a950eb4d499e\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"elastic_agent.*\\\" \"},\"isBucketed\":false,\"label\":\"Bytes sent/s\",\"operationType\":\"counter_rate\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}},\"references\":[\"672c59a5-1ad7-4f2b-89a5-cb3920d94e4b\"],\"scale\":\"ratio\",\"timeScale\":\"s\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"4984682b-b209-448b-a8bc-239d1858c0ae\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"elastic_agent.*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"elastic_agent.*\"}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"c601246c-06f3-4f94-9d2a-a950eb4d499e\"],\"layerId\":\"47363713-6910-43c5-9f85-328b9ee18f0d\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"009f999d-bdb4-4b3f-a031-06d2a7173a57\",\"xAccessor\":\"754d7a35-095e-4905-ad7d-23d89edaf74f\"}],\"legend\":{\"isVisible\":true,\"legendSize\":\"large\",\"position\":\"right\",\"showSingleSeries\":true},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"valuesInLegend\":true,\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"[Elastic Agent] Output write throughput\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":9,\"i\":\"0165de2d-694a-40f5-95e1-855ce4ebd03e\",\"w\":24,\"x\":0,\"y\":36},\"panelIndex\":\"0165de2d-694a-40f5-95e1-855ce4ebd03e\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-ad65be36-0be3-4937-8f41-ec9e48adfce6\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"9ef414bb-7c9f-40b2-a01f-da090834917a\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"ad65be36-0be3-4937-8f41-ec9e48adfce6\":{\"columnOrder\":[\"cb2f461c-587a-4f6a-8ad4-e4b0f61c9541\",\"49cd060d-6f21-4d81-ad6b-1c8462c97353\",\"e201a210-6e89-4d72-9d9c-a00b036fb0eb\",\"f5cbe487-2a43-425b-9cd1-40283e5e596c\"],\"columns\":{\"49cd060d-6f21-4d81-ad6b-1c8462c97353\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":true,\"includeEmptyRows\":false,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"cb2f461c-587a-4f6a-8ad4-e4b0f61c9541\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Beat types\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"fallback\":true,\"type\":\"alphabetical\"},\"orderDirection\":\"asc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"beat.type\"},\"e201a210-6e89-4d72-9d9c-a00b036fb0eb\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"elastic_agent.*\\\" \"},\"isBucketed\":false,\"label\":\"Output Errors\",\"operationType\":\"counter_rate\",\"references\":[\"f5cbe487-2a43-425b-9cd1-40283e5e596c\"],\"scale\":\"ratio\",\"timeScale\":\"s\"},\"f5cbe487-2a43-425b-9cd1-40283e5e596c\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Maximum of beat.stats.libbeat.output.write.errors\",\"operationType\":\"max\",\"scale\":\"ratio\",\"sourceField\":\"beat.stats.libbeat.output.write.errors\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"9ef414bb-7c9f-40b2-a01f-da090834917a\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"elastic_agent.*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"elastic_agent.*\"}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"e201a210-6e89-4d72-9d9c-a00b036fb0eb\"],\"layerId\":\"ad65be36-0be3-4937-8f41-ec9e48adfce6\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"cb2f461c-587a-4f6a-8ad4-e4b0f61c9541\",\"xAccessor\":\"49cd060d-6f21-4d81-ad6b-1c8462c97353\"}],\"legend\":{\"isVisible\":true,\"legendSize\":\"large\",\"position\":\"right\",\"showSingleSeries\":true},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"valuesInLegend\":true,\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"[Elastic Agent] Output write errors\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":9,\"i\":\"b1dcfde7-66f1-41fb-bc7d-d3deef840d4f\",\"w\":24,\"x\":24,\"y\":36},\"panelIndex\":\"b1dcfde7-66f1-41fb-bc7d-d3deef840d4f\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-ad65be36-0be3-4937-8f41-ec9e48adfce6\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"d8c4f995-b5b9-4da1-9c7c-32fd11cfbcee\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"ad65be36-0be3-4937-8f41-ec9e48adfce6\":{\"columnOrder\":[\"2e112c50-5bc4-4c0b-a69b-8c17e0f9fc0a\",\"49cd060d-6f21-4d81-ad6b-1c8462c97353\",\"e201a210-6e89-4d72-9d9c-a00b036fb0eb\",\"f5cbe487-2a43-425b-9cd1-40283e5e596c\"],\"columns\":{\"2e112c50-5bc4-4c0b-a69b-8c17e0f9fc0a\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of beat.type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"fallback\":true,\"type\":\"alphabetical\"},\"orderDirection\":\"asc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"beat.type\"},\"49cd060d-6f21-4d81-ad6b-1c8462c97353\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":true,\"includeEmptyRows\":false,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"e201a210-6e89-4d72-9d9c-a00b036fb0eb\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"elastic_agent.*\\\" \"},\"isBucketed\":false,\"label\":\"Events Rate /s\",\"operationType\":\"counter_rate\",\"references\":[\"f5cbe487-2a43-425b-9cd1-40283e5e596c\"],\"scale\":\"ratio\",\"timeScale\":\"s\"},\"f5cbe487-2a43-425b-9cd1-40283e5e596c\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Maximum of beat.stats.libbeat.output.events.acked\",\"operationType\":\"max\",\"scale\":\"ratio\",\"sourceField\":\"beat.stats.libbeat.output.events.acked\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"d8c4f995-b5b9-4da1-9c7c-32fd11cfbcee\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"elastic_agent.*\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"elastic_agent.*\"}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"e201a210-6e89-4d72-9d9c-a00b036fb0eb\"],\"layerId\":\"ad65be36-0be3-4937-8f41-ec9e48adfce6\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"2e112c50-5bc4-4c0b-a69b-8c17e0f9fc0a\",\"xAccessor\":\"49cd060d-6f21-4d81-ad6b-1c8462c97353\"}],\"legend\":{\"isVisible\":true,\"legendSize\":\"large\",\"position\":\"right\",\"showSingleSeries\":true},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"valuesInLegend\":true,\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"[Elastic Agent] Events acknowledged rate /s\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"42ec7297-eb0f-492b-bb18-d1301fa1ead7\",\"w\":24,\"x\":0,\"y\":45},\"panelIndex\":\"42ec7297-eb0f-492b-bb18-d1301fa1ead7\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"elastic_agent.elastic_agent\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"elastic_agent.elastic_agent\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"id\":\"f0383b91-4a09-4b03-a013-f5938add6bfa\",\"index_pattern_ref_name\":\"metrics_42ec7297-eb0f-492b-bb18-d1301fa1ead7_0_index_pattern\",\"interval\":\"\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"formatter\":\"number\",\"id\":\"a35c4256-5cee-4b6a-ae21-bdd0f0f6d4a2\",\"label\":\"Cgroup CPU usage\",\"line_width\":1,\"metrics\":[{\"field\":\"system.process.cgroup.cpuacct.total.ns\",\"id\":\"458710e3-e78d-4ebf-b9c7-3b1ca8bfc55a\",\"type\":\"max\"},{\"field\":\"system.process.cgroup.cpu.cfs.quota.us\",\"id\":\"5a08b810-fc31-11eb-9d3e-9d72967e3395\",\"type\":\"min\"},{\"field\":\"458710e3-e78d-4ebf-b9c7-3b1ca8bfc55a\",\"id\":\"391dc9f0-fc32-11eb-9d3e-9d72967e3395\",\"type\":\"derivative\",\"unit\":\"1s\"},{\"field\":\"90f31960-fc31-11eb-9d3e-9d72967e3395\",\"id\":\"4661f000-fc32-11eb-9d3e-9d72967e3395\",\"type\":\"derivative\",\"unit\":\"1s\"},{\"field\":\"system.process.cgroup.cpu.stats.periods\",\"id\":\"90f31960-fc31-11eb-9d3e-9d72967e3395\",\"type\":\"max\"},{\"id\":\"5c737680-fc31-11eb-9d3e-9d72967e3395\",\"script\":\"\\n      if (params.deltaUsageDerivNormalizedValue > 0 && params.periodsDerivNormalizedValue >0  && params.quota > 0) {\\n        // if throttling is configured\\n        double  factor = params.deltaUsageDerivNormalizedValue / (params.periodsDerivNormalizedValue * params.quota * 1000); \\n\\n        return factor * 100; \\n      }\\n\\n      return null;\",\"type\":\"calculation\",\"variables\":[{\"field\":\"391dc9f0-fc32-11eb-9d3e-9d72967e3395\",\"id\":\"60300950-fc31-11eb-9d3e-9d72967e3395\",\"name\":\"deltaUsageDerivNormalizedValue\"},{\"field\":\"4661f000-fc32-11eb-9d3e-9d72967e3395\",\"id\":\"d6060d50-fc31-11eb-9d3e-9d72967e3395\",\"name\":\"periodsDerivNormalizedValue\"},{\"field\":\"5a08b810-fc31-11eb-9d3e-9d72967e3395\",\"id\":\"e3368450-fc31-11eb-9d3e-9d72967e3395\",\"name\":\"quota\"}]}],\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"point_size\":1,\"separate_axis\":0,\"split_mode\":\"terms\",\"stacked\":\"stacked\",\"terms_field\":\"elastic_agent.process\",\"time_range_mode\":\"entire_time_range\",\"type\":\"timeseries\",\"value_template\":\"{{value}}%\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"timeseries\",\"use_kibana_indexes\":true},\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"[Elastic Agent] CGroup CPU Usage\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":9,\"i\":\"e651fb9f-763d-4c9d-80d7-7c56adb98883\",\"w\":24,\"x\":24,\"y\":45},\"panelIndex\":\"e651fb9f-763d-4c9d-80d7-7c56adb98883\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-fa212775-2294-4cb0-a671-eb76e6856d14\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-c7cc9cd8-585a-4078-a86f-8b0213c874fd\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"c7cc9cd8-585a-4078-a86f-8b0213c874fd\":{\"columnOrder\":[\"ba13a1db-763d-4a12-88c2-a5247a612c66\"],\"columns\":{\"ba13a1db-763d-4a12-88c2-a5247a612c66\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Container Limit\",\"operationType\":\"max\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"system.process.cgroup.memory.mem.limit.bytes\"}},\"incompleteColumns\":{},\"linkToLayers\":[],\"sampling\":1},\"fa212775-2294-4cb0-a671-eb76e6856d14\":{\"columnOrder\":[\"3495fd36-d74d-4daf-9dae-1e84e63bc31e\",\"a084070f-a15a-473c-abf4-d2e52e84c6ae\",\"90bc620d-c329-4607-90d4-5245a7cc7e69\"],\"columns\":{\"3495fd36-d74d-4daf-9dae-1e84e63bc31e\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 values of elastic_agent.process\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"90bc620d-c329-4607-90d4-5245a7cc7e69\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"elastic_agent.process\"},\"90bc620d-c329-4607-90d4-5245a7cc7e69\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Memory Usage\",\"operationType\":\"max\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}},\"scale\":\"ratio\",\"sourceField\":\"system.process.cgroup.memory.mem.usage.bytes\"},\"a084070f-a15a-473c-abf4-d2e52e84c6ae\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":true,\"includeEmptyRows\":false,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":false},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":false},\"layers\":[{\"accessors\":[\"90bc620d-c329-4607-90d4-5245a7cc7e69\"],\"layerId\":\"fa212775-2294-4cb0-a671-eb76e6856d14\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"area_stacked\",\"showGridlines\":false,\"splitAccessor\":\"3495fd36-d74d-4daf-9dae-1e84e63bc31e\",\"xAccessor\":\"a084070f-a15a-473c-abf4-d2e52e84c6ae\"},{\"accessors\":[\"ba13a1db-763d-4a12-88c2-a5247a612c66\"],\"layerId\":\"c7cc9cd8-585a-4078-a86f-8b0213c874fd\",\"layerType\":\"referenceLine\",\"yConfig\":[{\"axisMode\":\"left\",\"forAccessor\":\"ba13a1db-763d-4a12-88c2-a5247a612c66\"}]}],\"legend\":{\"isVisible\":true,\"legendSize\":\"large\",\"position\":\"right\",\"shouldTruncate\":true,\"showSingleSeries\":true},\"preferredSeriesType\":\"area_stacked\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":false},\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\",\"valuesInLegend\":true,\"yRightTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"[Elastic Agent] Cgroup Memory Usage\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"6b8f954e-e930-4830-b13d-7df1466ad92f\",\"w\":40,\"x\":8,\"y\":0},\"panelIndex\":\"6b8f954e-e930-4830-b13d-7df1466ad92f\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"elastic_agent.elastic_agent\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"elastic_agent.elastic_agent\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":0,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"formatter\":\"percent\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"CPU usage\",\"line_width\":1,\"metrics\":[{\"field\":\"system.process.cpu.total.value\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"max\"},{\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"id\":\"42fea6f0-3da7-11eb-a63c-0f13e40aab83\",\"type\":\"derivative\",\"unit\":\"\"},{\"id\":\"48fd6190-3da7-11eb-a63c-0f13e40aab83\",\"script\":\"if (params.cpu_total > 0) {\\n  return params.cpu_total / params._interval  \\n}\\n\\n\",\"type\":\"calculation\",\"variables\":[{\"field\":\"42fea6f0-3da7-11eb-a63c-0f13e40aab83\",\"id\":\"4b81c280-3da7-11eb-a63c-0f13e40aab83\",\"name\":\"cpu_total\"}]}],\"point_size\":1,\"separate_axis\":0,\"series_index_pattern\":\"\",\"split_color_mode\":\"kibana\",\"split_mode\":\"terms\",\"stacked\":\"stacked\",\"terms_field\":\"elastic_agent.process\",\"time_range_mode\":\"entire_time_range\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"[Elastic Agent] CPU Usage\"}]","timeRestore":false,"title":"[Elastic Agent] Agent metrics","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"elastic_agent-f47f18cc-9c7d-4278-b2ea-a6dee816d395","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"metrics-*","name":"59d829a2-c460-450d-b3f1-e24463ca8fbc:indexpattern-datasource-layer-c8958799-403d-41b6-9b7a-836c6de65bb6","type":"index-pattern"},{"id":"metrics-*","name":"3f8fc111-60c1-4886-bb6d-3b83cdcf88c5:indexpattern-datasource-layer-46ce3b62-69c2-45c5-bfb2-8eadce526ad1","type":"index-pattern"},{"id":"metrics-*","name":"6f1753a7-612d-4e25-a33f-8aa3542d3c39:indexpattern-datasource-layer-ad65be36-0be3-4937-8f41-ec9e48adfce6","type":"index-pattern"},{"id":"metrics-*","name":"6f1753a7-612d-4e25-a33f-8aa3542d3c39:1f53ae6d-f631-4ef1-8da4-e1918fd352af","type":"index-pattern"},{"id":"metrics-*","name":"daff36f6-d0b5-45e8-b0d9-910bace3c15b:indexpattern-datasource-layer-47363713-6910-43c5-9f85-328b9ee18f0d","type":"index-pattern"},{"id":"metrics-*","name":"daff36f6-d0b5-45e8-b0d9-910bace3c15b:4984682b-b209-448b-a8bc-239d1858c0ae","type":"index-pattern"},{"id":"metrics-*","name":"0165de2d-694a-40f5-95e1-855ce4ebd03e:indexpattern-datasource-layer-ad65be36-0be3-4937-8f41-ec9e48adfce6","type":"index-pattern"},{"id":"metrics-*","name":"0165de2d-694a-40f5-95e1-855ce4ebd03e:9ef414bb-7c9f-40b2-a01f-da090834917a","type":"index-pattern"},{"id":"metrics-*","name":"b1dcfde7-66f1-41fb-bc7d-d3deef840d4f:indexpattern-datasource-layer-ad65be36-0be3-4937-8f41-ec9e48adfce6","type":"index-pattern"},{"id":"metrics-*","name":"b1dcfde7-66f1-41fb-bc7d-d3deef840d4f:d8c4f995-b5b9-4da1-9c7c-32fd11cfbcee","type":"index-pattern"},{"id":"metrics-*","name":"42ec7297-eb0f-492b-bb18-d1301fa1ead7:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"42ec7297-eb0f-492b-bb18-d1301fa1ead7:metrics_42ec7297-eb0f-492b-bb18-d1301fa1ead7_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"e651fb9f-763d-4c9d-80d7-7c56adb98883:indexpattern-datasource-layer-fa212775-2294-4cb0-a671-eb76e6856d14","type":"index-pattern"},{"id":"metrics-*","name":"e651fb9f-763d-4c9d-80d7-7c56adb98883:indexpattern-datasource-layer-c7cc9cd8-585a-4078-a86f-8b0213c874fd","type":"index-pattern"},{"id":"metrics-*","name":"6b8f954e-e930-4830-b13d-7df1466ad92f:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"controlGroup_2678bf39-3def-453e-9f30-2904bc88efe9:optionsListDataView","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-elastic_agent-default","name":"tag-ref-fleet-pkg-elastic_agent-default","type":"tag"}],"sort":[1688996741503,7459],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3NDMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Kerberos - Server","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Kerberos - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"service.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"f0178840-35bb-11e7-b9ee-834112670159","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,7461],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3NDQsMV0="}
+{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.3.0\",\"gridData\":{\"w\":8,\"h\":44,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.3.0\",\"gridData\":{\"w\":40,\"h\":40,\"x\":8,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[24.84656534821976,0.17578125],\"mapZoom\":2,\"enhancements\":{}},\"panelRefName\":\"panel_1\"}]","timeRestore":false,"title":"Connections - Source - Sum of Total Bytes","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"f042ad60-46c6-11e7-946f-1bfb1be7c36b","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"1156b1e0-46c7-11e7-946f-1bfb1be7c36b","name":"panel_1","type":"visualization"}],"sort":[1688996741503,7464],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3NDUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSL - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSL - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"f0700840-365a-11e7-8bd0-1db2c55fb7a1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,7466],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3NDYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMTP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"f18a0480-3bd0-11e7-9c09-4f161b0766dd","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,7468],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3NDcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FTP - Destination Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"FTP - Destination Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"f1d3d070-367a-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,7470],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3NDgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:smb*\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"4f0e2e7d-aeee-4de8-82f0-9faffa596a05\"},\"panelIndex\":\"4f0e2e7d-aeee-4de8-82f0-9faffa596a05\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4f0e2e7d-aeee-4de8-82f0-9faffa596a05\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":13,\"y\":0,\"w\":16,\"h\":8,\"i\":\"efd2f5f0-c795-41e8-b0d7-7a3012e04d4d\"},\"panelIndex\":\"efd2f5f0-c795-41e8-b0d7-7a3012e04d4d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_efd2f5f0-c795-41e8-b0d7-7a3012e04d4d\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":8,\"i\":\"c4342fbe-e949-42d7-959c-c1ce6978033a\"},\"panelIndex\":\"c4342fbe-e949-42d7-959c-c1ce6978033a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_c4342fbe-e949-42d7-959c-c1ce6978033a\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":8,\"w\":9,\"h\":19,\"i\":\"f59a811c-5a72-4337-84bd-32a5d1dce308\"},\"panelIndex\":\"f59a811c-5a72-4337-84bd-32a5d1dce308\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f59a811c-5a72-4337-84bd-32a5d1dce308\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":8,\"w\":9,\"h\":19,\"i\":\"5bb49dfa-0703-448b-a249-6cebb45e101c\"},\"panelIndex\":\"5bb49dfa-0703-448b-a249-6cebb45e101c\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5bb49dfa-0703-448b-a249-6cebb45e101c\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":18,\"y\":8,\"w\":10,\"h\":19,\"i\":\"4f886675-43c8-46c9-a471-717010d40e67\"},\"panelIndex\":\"4f886675-43c8-46c9-a471-717010d40e67\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4f886675-43c8-46c9-a471-717010d40e67\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":8,\"w\":10,\"h\":19,\"i\":\"f00a4afd-cd5f-48a4-a8d3-bc80f7367285\"},\"panelIndex\":\"f00a4afd-cd5f-48a4-a8d3-bc80f7367285\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f00a4afd-cd5f-48a4-a8d3-bc80f7367285\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":38,\"y\":8,\"w\":10,\"h\":19,\"i\":\"c88f8f9f-c3d9-43c1-bfb1-bb2b7f64b92f\"},\"panelIndex\":\"c88f8f9f-c3d9-43c1-bfb1-bb2b7f64b92f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_c88f8f9f-c3d9-43c1-bfb1-bb2b7f64b92f\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":20,\"i\":\"d76e30ec-3114-4100-a806-2a77ba987bbe\"},\"panelIndex\":\"d76e30ec-3114-4100-a806-2a77ba987bbe\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_d76e30ec-3114-4100-a806-2a77ba987bbe\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":47,\"w\":48,\"h\":29,\"i\":\"b48f25cd-4353-46f1-ba89-12da381a65eb\"},\"panelIndex\":\"b48f25cd-4353-46f1-ba89-12da381a65eb\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b48f25cd-4353-46f1-ba89-12da381a65eb\"}]","timeRestore":false,"title":"Security Onion - SMB","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"f24d7b80-75c6-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"4f0e2e7d-aeee-4de8-82f0-9faffa596a05:panel_4f0e2e7d-aeee-4de8-82f0-9faffa596a05","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"efd2f5f0-c795-41e8-b0d7-7a3012e04d4d:panel_efd2f5f0-c795-41e8-b0d7-7a3012e04d4d","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"c4342fbe-e949-42d7-959c-c1ce6978033a:panel_c4342fbe-e949-42d7-959c-c1ce6978033a","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"f59a811c-5a72-4337-84bd-32a5d1dce308:panel_f59a811c-5a72-4337-84bd-32a5d1dce308","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"5bb49dfa-0703-448b-a249-6cebb45e101c:panel_5bb49dfa-0703-448b-a249-6cebb45e101c","type":"visualization"},{"id":"34762420-75f0-11ea-9565-7315f4ee5cac","name":"4f886675-43c8-46c9-a471-717010d40e67:panel_4f886675-43c8-46c9-a471-717010d40e67","type":"visualization"},{"id":"1c6567b0-75f0-11ea-9565-7315f4ee5cac","name":"f00a4afd-cd5f-48a4-a8d3-bc80f7367285:panel_f00a4afd-cd5f-48a4-a8d3-bc80f7367285","type":"visualization"},{"id":"ed215680-75ef-11ea-9565-7315f4ee5cac","name":"c88f8f9f-c3d9-43c1-bfb1-bb2b7f64b92f:panel_c88f8f9f-c3d9-43c1-bfb1-bb2b7f64b92f","type":"visualization"},{"id":"052df440-75f0-11ea-9565-7315f4ee5cac","name":"d76e30ec-3114-4100-a806-2a77ba987bbe:panel_d76e30ec-3114-4100-a806-2a77ba987bbe","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"b48f25cd-4353-46f1-ba89-12da381a65eb:panel_b48f25cd-4353-46f1-ba89-12da381a65eb","type":"search"}],"sort":[1688996741503,7481],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3NDksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DCE/RPC - Round Trip Time","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DCE/RPC - Round Trip Time\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rtt\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Round Trip Time\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"f275f490-3af3-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688996741503,7483],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3NTAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NTLM - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NTLM - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"f3a92f50-3af1-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688996741503,7485],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3NTEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:alert AND event.module:playbook\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":8,\"i\":\"c2172038-7740-458c-977a-98d139c438c2\"},\"panelIndex\":\"c2172038-7740-458c-977a-98d139c438c2\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security Onion - Alert Data\",\"panelRefName\":\"panel_c2172038-7740-458c-977a-98d139c438c2\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":8,\"y\":0,\"w\":18,\"h\":8,\"i\":\"b18f1671-c1a0-44c8-946b-71bc21e62482\"},\"panelIndex\":\"b18f1671-c1a0-44c8-946b-71bc21e62482\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b18f1671-c1a0-44c8-946b-71bc21e62482\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":26,\"y\":0,\"w\":22,\"h\":8,\"i\":\"b26faccc-11d5-4cc3-8fd2-484b5e3659bc\"},\"panelIndex\":\"b26faccc-11d5-4cc3-8fd2-484b5e3659bc\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b26faccc-11d5-4cc3-8fd2-484b5e3659bc\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":8,\"w\":26,\"h\":18,\"i\":\"1f88747a-06f5-4450-8d08-150d0cd37667\"},\"panelIndex\":\"1f88747a-06f5-4450-8d08-150d0cd37667\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1f88747a-06f5-4450-8d08-150d0cd37667\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":26,\"y\":8,\"w\":22,\"h\":18,\"i\":\"0b5a83d1-8f56-4616-b0aa-af25a1995379\"},\"panelIndex\":\"0b5a83d1-8f56-4616-b0aa-af25a1995379\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0b5a83d1-8f56-4616-b0aa-af25a1995379\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":26,\"w\":48,\"h\":21,\"i\":\"28431fa5-4ce9-40db-a190-541b3390f9d0\"},\"panelIndex\":\"28431fa5-4ce9-40db-a190-541b3390f9d0\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_28431fa5-4ce9-40db-a190-541b3390f9d0\"}]","timeRestore":false,"title":"Security Onion - Playbook","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"f449f0a0-c77c-11ea-bebb-37c5ab5894ea","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"30df00e0-7733-11ea-bee5-af7f7c7b8e05","name":"c2172038-7740-458c-977a-98d139c438c2:panel_c2172038-7740-458c-977a-98d139c438c2","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"b18f1671-c1a0-44c8-946b-71bc21e62482:panel_b18f1671-c1a0-44c8-946b-71bc21e62482","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"b26faccc-11d5-4cc3-8fd2-484b5e3659bc:panel_b26faccc-11d5-4cc3-8fd2-484b5e3659bc","type":"visualization"},{"id":"508fb520-72af-11ea-8dd2-9d8795a1200b","name":"1f88747a-06f5-4450-8d08-150d0cd37667:panel_1f88747a-06f5-4450-8d08-150d0cd37667","type":"visualization"},{"id":"f7e1d570-72ae-11ea-8dd2-9d8795a1200b","name":"0b5a83d1-8f56-4616-b0aa-af25a1995379:panel_0b5a83d1-8f56-4616-b0aa-af25a1995379","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"28431fa5-4ce9-40db-a190-541b3390f9d0:panel_28431fa5-4ce9-40db-a190-541b3390f9d0","type":"search"}],"sort":[1688996741503,7492],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3NTIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SIP - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SIP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"f5166880-374f-11e7-b74a-f5057991ccd2","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,7494],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3NTMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DCE/RPC - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DCE/RPC - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"f52f8bc0-3af2-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1688996741503,7496],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3NTQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Tunnels - Country","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Tunnels - Country\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Country\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"f60e0c40-6e34-11e7-9a19-a5996f8250c6","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d26d5510-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,7498],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3NTUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"IRC - Destination Country","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"IRC - Destination Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Country\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_geo.city_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination City\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"f625b7b0-4a56-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"344c6010-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,7500],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3NTYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastAlert - Alert Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastAlert - Alert Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"alert_info.type.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Alert Type\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"f7998d60-7dce-11e7-a1a2-3be6827d22ce","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"*:elastalert_status*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,7502],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3NTcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Kerberos - Service","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Kerberos - Service\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"service.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Service\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"f7c48a20-6e19-11e7-89e4-613b96f597e1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,7504],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3NTgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Logstash - Processing Performance","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Logstash - Processing Performance\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"rotate\":75,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Log Type\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Average processing time\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"},{\"data\":{\"id\":\"4\",\"label\":\"Standard Deviation of logstash_time\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"stacked\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"\"},\"type\":\"value\"}],\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"logstash_time\",\"customLabel\":\"Average processing time\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"event_type.keyword\",\"size\":20,\"orderAgg\":{\"id\":\"2-orderAgg\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"orderAgg\",\"params\":{\"field\":\"logstash_time\"}},\"order\":\"desc\",\"orderBy\":\"custom\",\"customLabel\":\"Log Type\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"std_dev\",\"schema\":\"metric\",\"params\":{\"field\":\"logstash_time\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"f86bc870-46ce-11e7-946f-1bfb1be7c36b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"aa05e920-3433-11e7-8867-29a39c0f86b2","name":"search_0","type":"search"}],"sort":[1688996741503,7506],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3NTksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Firewall - Protocol","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Firewall - Protocol\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"ipv4_protocol.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"f8f0dbc0-6d82-11e7-912f-0950e6d5c322","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"37c16940-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688996741503,7508],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3NjAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FTP - Username","uiStateJSON":"{\n  \"vis\": {\n    \"params\": {\n      \"sort\": {\n        \"columnIndex\": null,\n        \"direction\": null\n      }\n    }\n  }\n}","version":1,"visState":"{\"title\":\"FTP - Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"f9904390-3bff-11e7-be35-e7fc4052ff75","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,7510],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3NjEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RDP - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RDP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"f9a16c80-371b-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,7512],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3NjIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Zeek - Notice Action","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Zeek - Notice Action\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"notice.p: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"notice.action.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"fafba910-7a84-11ea-9d13-57f5db13d1ed","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,7514],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3NjMsMV0="}
+{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:notice AND event.module:zeek\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":8,\"i\":\"3c981b35-b930-4523-bef4-7f5193148816\"},\"panelIndex\":\"3c981b35-b930-4523-bef4-7f5193148816\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":16,\"h\":8,\"i\":\"eb1b234a-2d6b-46af-9afe-a420a389dad1\"},\"panelIndex\":\"eb1b234a-2d6b-46af-9afe-a420a389dad1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":8,\"i\":\"7d323b2f-3502-4397-93fd-b430d9011d92\"},\"panelIndex\":\"7d323b2f-3502-4397-93fd-b430d9011d92\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":8,\"w\":19,\"h\":18,\"i\":\"298b9cf4-5e54-45f5-805c-e04b31044401\"},\"panelIndex\":\"298b9cf4-5e54-45f5-805c-e04b31044401\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":19,\"y\":8,\"w\":29,\"h\":18,\"i\":\"1fa5b7c2-2680-4dd0-9c07-a714d8d8968a\"},\"panelIndex\":\"1fa5b7c2-2680-4dd0-9c07-a714d8d8968a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":26,\"w\":11,\"h\":23,\"i\":\"9056cf20-d882-4316-ba02-91ecbd1d4df9\"},\"panelIndex\":\"9056cf20-d882-4316-ba02-91ecbd1d4df9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":11,\"y\":26,\"w\":11,\"h\":23,\"i\":\"5f855acb-fec5-4155-b2ef-0961a6d9a89c\"},\"panelIndex\":\"5f855acb-fec5-4155-b2ef-0961a6d9a89c\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":22,\"y\":26,\"w\":10,\"h\":23,\"i\":\"208bc4b2-013a-4aab-b72c-45a618077791\"},\"panelIndex\":\"208bc4b2-013a-4aab-b72c-45a618077791\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":32,\"y\":26,\"w\":16,\"h\":23,\"i\":\"5429bbba-3d62-4a93-9932-4a2cc4369775\"},\"panelIndex\":\"5429bbba-3d62-4a93-9932-4a2cc4369775\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":49,\"w\":48,\"h\":20,\"i\":\"e08f3143-7e05-49ab-882f-d63e24e622bb\"},\"panelIndex\":\"e08f3143-7e05-49ab-882f-d63e24e622bb\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"}]","timeRestore":false,"title":"Security Onion - Zeek - Notices","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"fa9ed760-7734-11ea-bee5-af7f7c7b8e05","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"30df00e0-7733-11ea-bee5-af7f7c7b8e05","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"9c6ccff0-7a84-11ea-9d13-57f5db13d1ed","name":"panel_3","type":"visualization"},{"id":"c8039090-7a84-11ea-9d13-57f5db13d1ed","name":"panel_4","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_5","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_6","type":"visualization"},{"id":"f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_7","type":"visualization"},{"id":"fafba910-7a84-11ea-9d13-57f5db13d1ed","name":"panel_8","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_9","type":"search"}],"sort":[1688996741503,7525],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3NjQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.module.keyword\",\"negate\":true,\"params\":{\"query\":\"suricata\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"event.module.keyword\":\"suricata\"}}}]}"},"savedSearchRefName":"search_0","title":"Security Onion - Playbook - Rules","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.module.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Module\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rule.name.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"title\":\"Security Onion - Playbook - Rules\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"faaf66e0-c77d-11ea-bebb-37c5ab5894ea","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"5c3effd0-72ae-11ea-8dd2-9d8795a1200b","name":"search_0","type":"search"}],"sort":[1688996741503,7528],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3NjUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"X.509 - Certificate Subject","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"X.509 - Certificate Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"certificate_subject.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Subject\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"fab4b560-37d8-11e7-9efb-91e89505091f","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"f5038cc0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,7530],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3NjYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Syslog - Severity (Donut)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"syslog.severity_label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Severity\"}}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"syslog.severity_label: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Security Onion - Syslog - Severity (Donut)\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"fc8d41a0-777b-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1688996741503,7532],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3NjcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Firewall - Destination Port","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Firewall - Destination Port\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"fcf75bc0-6d75-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"37c16940-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1688996741503,7534],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3NjgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RDP - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"RDP - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"fd549d70-363f-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,7536],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3NjksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Connections - Top Source IPs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Connections - Top Source IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"source.ip: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"fd8b4640-6e9f-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1688996741503,7538],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3NzAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DNS - Answers","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNS - Answers\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"answers.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Answer\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"ff2af9b0-2927-11e8-b2a2-09f3986ae284","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1688996741503,7540],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3NzEsMV0="}
+{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.module:strelka\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":7,\"i\":\"a2e0a619-a5c5-40d9-8593-e60f13ae22bf\"},\"panelIndex\":\"a2e0a619-a5c5-40d9-8593-e60f13ae22bf\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":21,\"h\":7,\"i\":\"566a9d04-f2dc-4868-9625-97a19d985703\"},\"panelIndex\":\"566a9d04-f2dc-4868-9625-97a19d985703\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":7,\"i\":\"f247ec64-c278-4e05-ac4d-983bea9dfb7d\"},\"panelIndex\":\"f247ec64-c278-4e05-ac4d-983bea9dfb7d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":7,\"w\":12,\"h\":20,\"i\":\"6e80a142-ab0e-4fd3-891c-e495b78a1625\"},\"panelIndex\":\"6e80a142-ab0e-4fd3-891c-e495b78a1625\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":12,\"y\":7,\"w\":11,\"h\":20,\"i\":\"292cc879-6bc0-4541-ba92-3b3c5f4e3368\"},\"panelIndex\":\"292cc879-6bc0-4541-ba92-3b3c5f4e3368\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":23,\"y\":7,\"w\":14,\"h\":20,\"i\":\"66979b2c-e7c1-4291-91ac-16537b7f9ec3\"},\"panelIndex\":\"66979b2c-e7c1-4291-91ac-16537b7f9ec3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":37,\"y\":7,\"w\":11,\"h\":20,\"i\":\"8bb1cf98-0401-4a2d-9dd8-deca08205a22\"},\"panelIndex\":\"8bb1cf98-0401-4a2d-9dd8-deca08205a22\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":27,\"w\":8,\"h\":20,\"i\":\"393f3cec-3ee0-4275-b319-f307e7a260c6\"},\"panelIndex\":\"393f3cec-3ee0-4275-b319-f307e7a260c6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":27,\"w\":15,\"h\":20,\"i\":\"0e8800a9-a6f5-4a79-8370-61713f584886\"},\"panelIndex\":\"0e8800a9-a6f5-4a79-8370-61713f584886\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":23,\"y\":27,\"w\":25,\"h\":20,\"i\":\"be9a0a2a-d8c6-4d15-b5d7-d5599d0482a3\"},\"panelIndex\":\"be9a0a2a-d8c6-4d15-b5d7-d5599d0482a3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":47,\"w\":48,\"h\":27,\"i\":\"40296d2b-cb6f-423f-989c-3fdaa82d2aad\"},\"panelIndex\":\"40296d2b-cb6f-423f-989c-3fdaa82d2aad\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"}]","timeRestore":false,"title":"Security Onion - Strelka","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"ff689c50-75f3-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"8cfec8c0-6ec2-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"7a88adc0-75f0-11ea-9565-7315f4ee5cac","name":"panel_3","type":"visualization"},{"id":"49cfe850-772c-11ea-bee5-af7f7c7b8e05","name":"panel_4","type":"visualization"},{"id":"70243970-772c-11ea-bee5-af7f7c7b8e05","name":"panel_5","type":"visualization"},{"id":"ce9e03f0-772c-11ea-bee5-af7f7c7b8e05","name":"panel_6","type":"visualization"},{"id":"a7ebb450-772c-11ea-bee5-af7f7c7b8e05","name":"panel_7","type":"visualization"},{"id":"08c0b770-772e-11ea-bee5-af7f7c7b8e05","name":"panel_8","type":"visualization"},{"id":"e087c7d0-772d-11ea-bee5-af7f7c7b8e05","name":"panel_9","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_10","type":"search"}],"sort":[1688996741503,7552],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3NzIsMV0="}
+{"attributes":{"columns":["user.name","user.target.name","github.org","event.action"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.audit\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.audit\"}}},{\"$state\":{\"store\":\"appState\"},\"exists\":{\"field\":\"user.target.name\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"user.target.name\",\"negate\":false,\"type\":\"exists\",\"value\":\"exists\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"sort":[["@timestamp","desc"]],"title":"GitHub Audit Users","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"github-173f1050-20ae-11ec-8b10-11a4c5e322a0","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-github-default","name":"tag-ref-fleet-pkg-github-default","type":"tag"}],"sort":[1688996741503,7558],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3NzMsMV0="}
+{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{\"93a8183f-ab74-4636-9f63-9e30c35bfa6b\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.owner.login\",\"title\":\"Owner/Organization\",\"id\":\"93a8183f-ab74-4636-9f63-9e30c35bfa6b\",\"enhancements\":{}}},\"965171e3-e02b-49ff-a2f7-6ddfa5159eee\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.name\",\"title\":\"Repository\",\"id\":\"965171e3-e02b-49ff-a2f7-6ddfa5159eee\",\"enhancements\":{}}},\"8fb8d319-c120-4bcb-849d-6d45f3f5406a\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.state\",\"title\":\"State\",\"id\":\"8fb8d319-c120-4bcb-849d-6d45f3f5406a\",\"enhancements\":{}}},\"3d506940-8d8f-4f4f-8fa8-5ac070d1dc36\":{\"order\":3,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.severity\",\"title\":\"Severity\",\"id\":\"3d506940-8d8f-4f4f-8fa8-5ac070d1dc36\",\"enhancements\":{}}}}"},"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"Code Scanning\",\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.action\",\"negate\":false,\"params\":[\"code_scanning\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.action\":\"code_scanning\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":5,\"i\":\"dc15f49d-29b1-4e2e-8787-51ffbab5b4ac\",\"w\":14,\"x\":0,\"y\":0},\"panelIndex\":\"dc15f49d-29b1-4e2e-8787-51ffbab5b4ac\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"2c60b75b-1f6f-4bee-8a9c-6b7fdcbc905e\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"3f8b858f-a1ee-4d69-a100-d59282acd94d\":{\"columnOrder\":[\"ccdc8558-1d3f-4c8b-a31e-d59ac78d0212\"],\"columns\":{\"ccdc8558-1d3f-4c8b-a31e-d59ac78d0212\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Total Alerts\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"2c60b75b-1f6f-4bee-8a9c-6b7fdcbc905e\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.code_scanning\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"ccdc8558-1d3f-4c8b-a31e-d59ac78d0212\",\"layerId\":\"3f8b858f-a1ee-4d69-a100-d59282acd94d\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"top\"}},\"title\":\"Total Alerts Created [GitHub Code Scanning]\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":5,\"i\":\"85cbbb74-4d3c-44e0-98f6-be076e31aea3\",\"w\":14,\"x\":14,\"y\":0},\"panelIndex\":\"85cbbb74-4d3c-44e0-98f6-be076e31aea3\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"4fa3d8de-226f-4ff3-ab95-b9167e6ff115\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\":{\"columnOrder\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\",\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\",\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1\",\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2\"],\"columns\":{\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Alerts Found/Fixed Ratio\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"number\",\"params\":{\"decimals\":2}},\"formula\":\"count()/count(kql='github.state:dismissed')\",\"isFormulaBroken\":false},\"references\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2\"],\"scale\":\"ratio\"},\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Resolved/Dismissed Alerts\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"github.state:dismissed\"},\"isBucketed\":false,\"label\":\"Part of Resolved/Dismissed Alerts\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Resolved/Dismissed Alerts\",\"operationType\":\"math\",\"params\":{\"tinymathAst\":{\"args\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\",\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1\"],\"location\":{\"max\":43,\"min\":0},\"name\":\"divide\",\"text\":\"count()/count(kql='github.state:dismissed')\",\"type\":\"function\"}},\"references\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\",\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1\"],\"scale\":\"ratio\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"4fa3d8de-226f-4ff3-ab95-b9167e6ff115\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.code_scanning\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\",\"colorMode\":\"None\",\"layerId\":\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"layerType\":\"data\",\"textAlign\":\"center\"}},\"title\":\"Alerts Found/Fixed Ratio [GitHub Code Scanning]\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"1b501988-f932-4d80-8625-d2a1c8cd7321\",\"w\":20,\"x\":28,\"y\":0},\"panelIndex\":\"1b501988-f932-4d80-8625-d2a1c8cd7321\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-cbc5557e-f6b9-4140-90b2-3100f33083c4\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"5b02c858-e981-4dc4-a3bc-1d563549180a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"cbc5557e-f6b9-4140-90b2-3100f33083c4\":{\"columnOrder\":[\"3ef214a7-820c-42e3-b2b0-5daa7566fedc\",\"4525c4ae-5f82-4b4d-9867-48e4aba462fd\"],\"columns\":{\"3ef214a7-820c-42e3-b2b0-5daa7566fedc\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Open vs Resolved\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"4525c4ae-5f82-4b4d-9867-48e4aba462fd\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.code_scanning.most_recent_instance.state\"},\"4525c4ae-5f82-4b4d-9867-48e4aba462fd\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"5b02c858-e981-4dc4-a3bc-1d563549180a\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.code_scanning\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"emptySizeRatio\":0.54,\"layerId\":\"cbc5557e-f6b9-4140-90b2-3100f33083c4\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"legendPosition\":\"right\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":true,\"primaryGroups\":[\"3ef214a7-820c-42e3-b2b0-5daa7566fedc\"],\"metrics\":[\"4525c4ae-5f82-4b4d-9867-48e4aba462fd\"]}],\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"shape\":\"donut\"}},\"title\":\"Open vs Resolved/Dismissed [GitHub Code Scanning]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":5,\"i\":\"12c18b92-9f7b-4832-b85f-aad64720ea87\",\"w\":14,\"x\":0,\"y\":5},\"panelIndex\":\"12c18b92-9f7b-4832-b85f-aad64720ea87\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"5d417c98-6b80-42b4-9183-15bf539c9c46\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"c10f8d54-f8a4-45cf-8c17-527a0b914e14\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\":{\"columnOrder\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\"],\"columns\":{\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Open Alerts\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}}},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"5d417c98-6b80-42b4-9183-15bf539c9c46\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.code_scanning\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"c10f8d54-f8a4-45cf-8c17-527a0b914e14\",\"key\":\"github.code_scanning.state\",\"negate\":false,\"params\":{\"query\":\"open\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"github.code_scanning.state\":\"open\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\",\"colorMode\":\"Labels\",\"layerId\":\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"layerType\":\"data\",\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#209280\",\"stop\":0},{\"color\":\"#d6bf57\",\"stop\":1},{\"color\":\"#cc5642\",\"stop\":1000}],\"continuity\":\"above\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":0,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#209280\",\"stop\":1},{\"color\":\"#d6bf57\",\"stop\":1000},{\"color\":\"#cc5642\",\"stop\":1001}]},\"type\":\"palette\"},\"textAlign\":\"center\"}},\"title\":\"Open Alerts Count [GitHub Code Scanning]\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":5,\"i\":\"7131e4d3-c168-480d-9496-1463ceaaa97a\",\"w\":14,\"x\":14,\"y\":5},\"panelIndex\":\"7131e4d3-c168-480d-9496-1463ceaaa97a\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"1d49d476-9ca6-44e0-8501-35c7f63ed984\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"a0505379-6e67-41c4-b3c8-b7e6bd3efa7d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\":{\"columnOrder\":[\"e33d2853-5b3d-4be9-9312-2d8da64d9523\"],\"columns\":{\"e33d2853-5b3d-4be9-9312-2d8da64d9523\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Mean time to resolve an alert\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"github.code_scanning.time_to_resolution.sec\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"1d49d476-9ca6-44e0-8501-35c7f63ed984\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.code_scanning\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"a0505379-6e67-41c4-b3c8-b7e6bd3efa7d\",\"key\":\"github.code_scanning.time_to_resolution.sec\",\"negate\":false,\"type\":\"exists\",\"value\":\"exists\"},\"query\":{\"exists\":{\"field\":\"github.code_scanning.time_to_resolution.sec\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"e33d2853-5b3d-4be9-9312-2d8da64d9523\",\"colorMode\":\"None\",\"layerId\":\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"layerType\":\"data\",\"textAlign\":\"center\"}},\"title\":\"Mean Time to Resolution [GitHub Code Scanning]\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Mean Time To Resolution [GitHub Code Scanning]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":5,\"i\":\"c3e8ea64-b6f9-470c-9004-02f8909672eb\",\"w\":14,\"x\":0,\"y\":10},\"panelIndex\":\"c3e8ea64-b6f9-470c-9004-02f8909672eb\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"bff2e3f5-8f9b-49f4-ba88-b0e937089c2f\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"960abe90-416f-4075-aaef-2cc0a3af1707\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\":{\"columnOrder\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\",\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\"],\"columns\":{\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Resolved/Dismissed Alerts\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}},\"formula\":\"count()\",\"isFormulaBroken\":false},\"references\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\"],\"scale\":\"ratio\"},\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Dismissed Alerts\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"bff2e3f5-8f9b-49f4-ba88-b0e937089c2f\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.code_scanning\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"960abe90-416f-4075-aaef-2cc0a3af1707\",\"key\":\"github.state\",\"negate\":false,\"params\":[\"dismissed\",\"resolved\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"github.state\":\"dismissed\"}},{\"match_phrase\":{\"github.state\":\"resolved\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\",\"colorMode\":\"Labels\",\"layerId\":\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"layerType\":\"data\",\"palette\":{\"name\":\"positive\",\"params\":{\"continuity\":\"above\",\"maxSteps\":5,\"name\":\"positive\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":0,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#bbdad3\",\"stop\":0},{\"color\":\"#77b6a8\",\"stop\":8},{\"color\":\"#209280\",\"stop\":16}]},\"type\":\"palette\"},\"textAlign\":\"center\"}},\"title\":\"Resolved/Dismissed Alerts Count [GitHub Code Scanning]\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":5,\"i\":\"46dc58eb-4994-442d-a6b4-4b3699b74bf1\",\"w\":14,\"x\":14,\"y\":10},\"panelIndex\":\"46dc58eb-4994-442d-a6b4-4b3699b74bf1\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-d8a21374-4117-4796-96e2-ecd47f2babd2\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"2ce8a419-debd-4a37-85e6-c7b49e61604f\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"d8a21374-4117-4796-96e2-ecd47f2babd2\":{\"columnOrder\":[\"c96796ed-ded2-4cb6-9e7d-4ffbc1def264\",\"c96796ed-ded2-4cb6-9e7d-4ffbc1def264X0\",\"c96796ed-ded2-4cb6-9e7d-4ffbc1def264X1\",\"c96796ed-ded2-4cb6-9e7d-4ffbc1def264X2\"],\"columns\":{\"c96796ed-ded2-4cb6-9e7d-4ffbc1def264\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Ratio between the alerts generated and the number of commits\",\"operationType\":\"formula\",\"params\":{\"formula\":\"count()/unique_count(github.code_scanning.most_recent_instance.commit_sha)\",\"isFormulaBroken\":false},\"references\":[\"c96796ed-ded2-4cb6-9e7d-4ffbc1def264X2\"],\"scale\":\"ratio\"},\"c96796ed-ded2-4cb6-9e7d-4ffbc1def264X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Ratio between the alerts and the number of commits generated\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"c96796ed-ded2-4cb6-9e7d-4ffbc1def264X1\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Ratio between the alerts and the number of commits generated\",\"operationType\":\"unique_count\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"github.code_scanning.most_recent_instance.commit_sha\"},\"c96796ed-ded2-4cb6-9e7d-4ffbc1def264X2\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Ratio between the alerts and the number of commits generated\",\"operationType\":\"math\",\"params\":{\"tinymathAst\":{\"args\":[\"c96796ed-ded2-4cb6-9e7d-4ffbc1def264X0\",\"c96796ed-ded2-4cb6-9e7d-4ffbc1def264X1\"],\"location\":{\"max\":74,\"min\":0},\"name\":\"divide\",\"text\":\"count()/unique_count(github.code_scanning.most_recent_instance.commit_sha)\",\"type\":\"function\"}},\"references\":[\"c96796ed-ded2-4cb6-9e7d-4ffbc1def264X0\",\"c96796ed-ded2-4cb6-9e7d-4ffbc1def264X1\"],\"scale\":\"ratio\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"2ce8a419-debd-4a37-85e6-c7b49e61604f\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.code_scanning\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"c96796ed-ded2-4cb6-9e7d-4ffbc1def264\",\"layerId\":\"d8a21374-4117-4796-96e2-ecd47f2babd2\",\"layerType\":\"data\",\"textAlign\":\"center\"}},\"title\":\"Alert/Commit Ratio [GitHub Code Scanning]\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":12,\"i\":\"9a3577e8-d452-46cc-b2dd-9424ec80c871\",\"w\":25,\"x\":0,\"y\":15},\"panelIndex\":\"9a3577e8-d452-46cc-b2dd-9424ec80c871\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"1d50dadb-a088-4e8b-842f-8d84e6378658\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"2592c6ef-cf07-4080-b4fe-014cc142e3c8\":{\"columnOrder\":[\"1e393f28-24a9-40af-830b-654785bf6236\",\"727c7778-d3ac-48b4-a1e9-fd2308ad7bf2\",\"2e911c1d-57e0-4dab-b9f2-3e8660f1527c\",\"2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0\"],\"columns\":{\"1e393f28-24a9-40af-830b-654785bf6236\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Owner\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"fallback\":true,\"type\":\"alphabetical\"},\"orderDirection\":\"asc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":20},\"scale\":\"ordinal\",\"sourceField\":\"github.repository.owner.login\"},\"2e911c1d-57e0-4dab-b9f2-3e8660f1527c\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Alerts count by repository\",\"operationType\":\"formula\",\"params\":{\"formula\":\"count()\",\"isFormulaBroken\":false},\"references\":[\"2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0\"],\"scale\":\"ratio\"},\"2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Alerts count \",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"727c7778-d3ac-48b4-a1e9-fd2308ad7bf2\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of github.repository.owner.login + 1 other\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"fallback\":true,\"type\":\"alphabetical\"},\"orderDirection\":\"asc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"multi_terms\"},\"secondaryFields\":[\"github.repository.name\"],\"size\":50},\"scale\":\"ordinal\",\"sourceField\":\"github.repository.owner.login\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"1d50dadb-a088-4e8b-842f-8d84e6378658\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.code_scanning\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"2e911c1d-57e0-4dab-b9f2-3e8660f1527c\"],\"layerId\":\"2592c6ef-cf07-4080-b4fe-014cc142e3c8\",\"layerType\":\"data\",\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"seriesType\":\"bar\",\"splitAccessor\":\"727c7778-d3ac-48b4-a1e9-fd2308ad7bf2\",\"xAccessor\":\"1e393f28-24a9-40af-830b-654785bf6236\"}],\"legend\":{\"isVisible\":true,\"maxLines\":5,\"position\":\"right\",\"shouldTruncate\":true,\"showSingleSeries\":true},\"preferredSeriesType\":\"bar\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"Alerts count by owner and by repository [GitHub Code Scanning]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":12,\"i\":\"ae814e70-2e8e-43df-b62e-e32d1c26f676\",\"w\":23,\"x\":25,\"y\":15},\"panelIndex\":\"ae814e70-2e8e-43df-b62e-e32d1c26f676\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"63aad513-3506-45e9-8c13-d2ee49f689ab\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"91e1a389-34e8-4332-9dbb-bd883d71dd85\":{\"columnOrder\":[\"894fb0b1-f0bd-4dbe-885b-0b41c339e84f\",\"8cca4d83-a822-4b67-97cd-27649e1d7c68\",\"c53bee8d-06ca-4728-b6bc-2761d77a9ef5\"],\"columns\":{\"894fb0b1-f0bd-4dbe-885b-0b41c339e84f\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top repositories contributing to alerts by owner\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"c53bee8d-06ca-4728-b6bc-2761d77a9ef5\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":20},\"scale\":\"ordinal\",\"sourceField\":\"github.repository.owner.login\"},\"8cca4d83-a822-4b67-97cd-27649e1d7c68\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 values of github.repository.name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"c53bee8d-06ca-4728-b6bc-2761d77a9ef5\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.repository.name\"},\"c53bee8d-06ca-4728-b6bc-2761d77a9ef5\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"63aad513-3506-45e9-8c13-d2ee49f689ab\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.code_scanning\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"91e1a389-34e8-4332-9dbb-bd883d71dd85\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"894fb0b1-f0bd-4dbe-885b-0b41c339e84f\",\"8cca4d83-a822-4b67-97cd-27649e1d7c68\"],\"metrics\":[\"c53bee8d-06ca-4728-b6bc-2761d77a9ef5\"]}],\"shape\":\"pie\"}},\"title\":\"Aerts % by owner and by repository [GitHub Code Scanning]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Alerts % by owner and by repository [GitHub Code Scanning]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":13,\"i\":\"4e77167a-4642-4cbb-8430-2197e2f31666\",\"w\":14,\"x\":0,\"y\":27},\"panelIndex\":\"4e77167a-4642-4cbb-8430-2197e2f31666\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"14d80078-f238-406f-9a34-bae0f8616bc0\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"631035e6-8678-47ee-9a8c-c6a87f6c1757\":{\"columnOrder\":[\"257a7d8d-1315-4775-97d9-e679c0f3aa79\",\"e1d8072b-7268-444a-864e-ef1117b17b65\"],\"columns\":{\"257a7d8d-1315-4775-97d9-e679c0f3aa79\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Tool\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e1d8072b-7268-444a-864e-ef1117b17b65\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.code_scanning.tool.name\"},\"e1d8072b-7268-444a-864e-ef1117b17b65\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Alert count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"14d80078-f238-406f-9a34-bae0f8616bc0\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.code_scanning\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"e1d8072b-7268-444a-864e-ef1117b17b65\"],\"layerId\":\"631035e6-8678-47ee-9a8c-c6a87f6c1757\",\"layerType\":\"data\",\"seriesType\":\"bar\",\"xAccessor\":\"257a7d8d-1315-4775-97d9-e679c0f3aa79\",\"yConfig\":[{\"color\":\"#6dc9cd\",\"forAccessor\":\"e1d8072b-7268-444a-864e-ef1117b17b65\"}]}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"Tool Contribution Count [GitHub Code Scanning]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Tool Contribution [GitHub Code Scanning]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":13,\"i\":\"5135da2a-0093-4b71-a35a-c2b8877d22dd\",\"w\":11,\"x\":14,\"y\":27},\"panelIndex\":\"5135da2a-0093-4b71-a35a-c2b8877d22dd\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"e696efc1-4a91-44d3-ad68-618f00d80703\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"631035e6-8678-47ee-9a8c-c6a87f6c1757\":{\"columnOrder\":[\"257a7d8d-1315-4775-97d9-e679c0f3aa79\",\"e1d8072b-7268-444a-864e-ef1117b17b65\"],\"columns\":{\"257a7d8d-1315-4775-97d9-e679c0f3aa79\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 5 values of github.code_scanning.tool.name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e1d8072b-7268-444a-864e-ef1117b17b65\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"github.code_scanning.tool.name\"},\"e1d8072b-7268-444a-864e-ef1117b17b65\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"e696efc1-4a91-44d3-ad68-618f00d80703\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.code_scanning\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"emptySizeRatio\":0.3,\"layerId\":\"631035e6-8678-47ee-9a8c-c6a87f6c1757\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"legendMaxLines\":2,\"legendPosition\":\"right\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":true,\"primaryGroups\":[\"257a7d8d-1315-4775-97d9-e679c0f3aa79\"],\"metrics\":[\"e1d8072b-7268-444a-864e-ef1117b17b65\"]}],\"shape\":\"donut\"}},\"title\":\"Tool Contribution [GitHub Code Scanning]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":13,\"i\":\"7a3f8c53-407b-4862-9dc3-10dccfe06426\",\"w\":23,\"x\":25,\"y\":27},\"panelIndex\":\"7a3f8c53-407b-4862-9dc3-10dccfe06426\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"a9c37a5a-574a-411d-9420-2e53045288f3\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"631035e6-8678-47ee-9a8c-c6a87f6c1757\":{\"columnOrder\":[\"00866684-5176-499e-9517-eff9e9102155\",\"257a7d8d-1315-4775-97d9-e679c0f3aa79\",\"e1d8072b-7268-444a-864e-ef1117b17b65\"],\"columns\":{\"00866684-5176-499e-9517-eff9e9102155\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 values of github.code_scanning.tool.name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e1d8072b-7268-444a-864e-ef1117b17b65\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.code_scanning.tool.name\"},\"257a7d8d-1315-4775-97d9-e679c0f3aa79\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":false,\"interval\":\"d\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"e1d8072b-7268-444a-864e-ef1117b17b65\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Alert count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"a9c37a5a-574a-411d-9420-2e53045288f3\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.code_scanning\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"e1d8072b-7268-444a-864e-ef1117b17b65\"],\"layerId\":\"631035e6-8678-47ee-9a8c-c6a87f6c1757\",\"layerType\":\"data\",\"seriesType\":\"bar\",\"splitAccessor\":\"00866684-5176-499e-9517-eff9e9102155\",\"xAccessor\":\"257a7d8d-1315-4775-97d9-e679c0f3aa79\",\"yConfig\":[{\"color\":\"#6dc9cd\",\"forAccessor\":\"e1d8072b-7268-444a-864e-ef1117b17b65\"}]}],\"legend\":{\"isVisible\":true,\"maxLines\":5,\"position\":\"right\"},\"preferredSeriesType\":\"bar\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"Daily Tool Contribution [GitHub Code Scanning]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":13,\"i\":\"9653b170-7606-461f-9ac4-bf58547f30db\",\"w\":14,\"x\":0,\"y\":40},\"panelIndex\":\"9653b170-7606-461f-9ac4-bf58547f30db\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"c1f5c308-cb41-49d7-9d2b-034ddea6eec8\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"04d54e71-2f6e-462a-8858-74d8668335df\":{\"columnOrder\":[\"713d9fda-d630-485d-b2af-f6aa22ea7a71\",\"21ef31d9-60e5-4fe1-8767-950697790bab\"],\"columns\":{\"21ef31d9-60e5-4fe1-8767-950697790bab\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Alerts Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"713d9fda-d630-485d-b2af-f6aa22ea7a71\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Severity\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"21ef31d9-60e5-4fe1-8767-950697790bab\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.severity\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"c1f5c308-cb41-49d7-9d2b-034ddea6eec8\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.code_scanning\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"21ef31d9-60e5-4fe1-8767-950697790bab\"],\"layerId\":\"04d54e71-2f6e-462a-8858-74d8668335df\",\"layerType\":\"data\",\"seriesType\":\"bar\",\"xAccessor\":\"713d9fda-d630-485d-b2af-f6aa22ea7a71\",\"yConfig\":[{\"axisMode\":\"auto\",\"color\":\"#b9a888\",\"forAccessor\":\"21ef31d9-60e5-4fe1-8767-950697790bab\"}]}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"showSingleSeries\":false},\"preferredSeriesType\":\"bar\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"show\"}},\"title\":\"Alert Severity Count [GitHub Code Scanning]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":13,\"i\":\"563a073c-7de0-4095-b0ac-127caed562f2\",\"w\":11,\"x\":14,\"y\":40},\"panelIndex\":\"563a073c-7de0-4095-b0ac-127caed562f2\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"3ad0255d-c017-4880-b3dd-d60cb17375c1\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"04d54e71-2f6e-462a-8858-74d8668335df\":{\"columnOrder\":[\"713d9fda-d630-485d-b2af-f6aa22ea7a71\",\"21ef31d9-60e5-4fe1-8767-950697790bab\"],\"columns\":{\"21ef31d9-60e5-4fe1-8767-950697790bab\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Alerts Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"713d9fda-d630-485d-b2af-f6aa22ea7a71\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Severity\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"21ef31d9-60e5-4fe1-8767-950697790bab\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.severity\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"3ad0255d-c017-4880-b3dd-d60cb17375c1\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.code_scanning\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"emptySizeRatio\":0.3,\"layerId\":\"04d54e71-2f6e-462a-8858-74d8668335df\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"legendMaxLines\":1,\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"713d9fda-d630-485d-b2af-f6aa22ea7a71\"],\"metrics\":[\"21ef31d9-60e5-4fe1-8767-950697790bab\"]}],\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"shape\":\"donut\"}},\"title\":\"Alert Severity % [GitHub Code Scanning]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":13,\"i\":\"d5326dec-bbfa-4a0c-b820-f6d915d5a9c5\",\"w\":23,\"x\":25,\"y\":40},\"panelIndex\":\"d5326dec-bbfa-4a0c-b820-f6d915d5a9c5\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"8a760085-cbc8-4b89-8401-4eb7f686cc80\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"631035e6-8678-47ee-9a8c-c6a87f6c1757\":{\"columnOrder\":[\"00866684-5176-499e-9517-eff9e9102155\",\"257a7d8d-1315-4775-97d9-e679c0f3aa79\",\"e1d8072b-7268-444a-864e-ef1117b17b65\"],\"columns\":{\"00866684-5176-499e-9517-eff9e9102155\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 values of github.severity\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e1d8072b-7268-444a-864e-ef1117b17b65\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.severity\"},\"257a7d8d-1315-4775-97d9-e679c0f3aa79\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":false,\"interval\":\"d\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"e1d8072b-7268-444a-864e-ef1117b17b65\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Alert count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"8a760085-cbc8-4b89-8401-4eb7f686cc80\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.code_scanning\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"e1d8072b-7268-444a-864e-ef1117b17b65\"],\"layerId\":\"631035e6-8678-47ee-9a8c-c6a87f6c1757\",\"layerType\":\"data\",\"seriesType\":\"bar\",\"splitAccessor\":\"00866684-5176-499e-9517-eff9e9102155\",\"xAccessor\":\"257a7d8d-1315-4775-97d9-e679c0f3aa79\",\"yConfig\":[{\"color\":\"#6dc9cd\",\"forAccessor\":\"e1d8072b-7268-444a-864e-ef1117b17b65\"}]}],\"legend\":{\"isVisible\":true,\"maxLines\":5,\"position\":\"right\"},\"preferredSeriesType\":\"bar\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"Daily Alerts Count by Severity [GitHub Code Scanning]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":13,\"i\":\"c8b71fb6-3611-4788-a05f-fc9336b277f5\",\"w\":14,\"x\":0,\"y\":53},\"panelIndex\":\"c8b71fb6-3611-4788-a05f-fc9336b277f5\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"d3c21fb5-7785-4c13-b684-0eebfa9a8ea9\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"04d54e71-2f6e-462a-8858-74d8668335df\":{\"columnOrder\":[\"713d9fda-d630-485d-b2af-f6aa22ea7a71\",\"21ef31d9-60e5-4fe1-8767-950697790bab\"],\"columns\":{\"21ef31d9-60e5-4fe1-8767-950697790bab\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Alerts Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"713d9fda-d630-485d-b2af-f6aa22ea7a71\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Severity\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"21ef31d9-60e5-4fe1-8767-950697790bab\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.code_scanning.rule.severity\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"d3c21fb5-7785-4c13-b684-0eebfa9a8ea9\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.code_scanning\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"21ef31d9-60e5-4fe1-8767-950697790bab\"],\"layerId\":\"04d54e71-2f6e-462a-8858-74d8668335df\",\"layerType\":\"data\",\"seriesType\":\"bar\",\"xAccessor\":\"713d9fda-d630-485d-b2af-f6aa22ea7a71\",\"yConfig\":[{\"axisMode\":\"auto\",\"color\":\"#f1ceb0\",\"forAccessor\":\"21ef31d9-60e5-4fe1-8767-950697790bab\"}]}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"showSingleSeries\":false},\"preferredSeriesType\":\"bar\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"show\"}},\"title\":\"Rule Severity [GitHub Code Scanning]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":13,\"i\":\"26c79a62-100e-4eb4-b878-621e2be8570d\",\"w\":34,\"x\":14,\"y\":53},\"panelIndex\":\"26c79a62-100e-4eb4-b878-621e2be8570d\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a5a3e567-da48-48df-902a-28bb45019016\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"68463b79-453f-4a36-a9a5-e747691dbbc9\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a5a3e567-da48-48df-902a-28bb45019016\":{\"columnOrder\":[\"df4b45ce-a7f4-4e1c-a5e5-92fd8dbd329b\",\"9797f885-5bd5-4511-8dba-7867ef8fd09a\"],\"columns\":{\"9797f885-5bd5-4511-8dba-7867ef8fd09a\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Alert Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"df4b45ce-a7f4-4e1c-a5e5-92fd8dbd329b\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 Rules\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"9797f885-5bd5-4511-8dba-7867ef8fd09a\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"rule.name\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"68463b79-453f-4a36-a9a5-e747691dbbc9\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.code_scanning\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"9797f885-5bd5-4511-8dba-7867ef8fd09a\"],\"layerId\":\"a5a3e567-da48-48df-902a-28bb45019016\",\"layerType\":\"data\",\"seriesType\":\"bar_horizontal\",\"xAccessor\":\"df4b45ce-a7f4-4e1c-a5e5-92fd8dbd329b\"}],\"legend\":{\"floatingColumns\":1,\"horizontalAlignment\":\"right\",\"isInside\":true,\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":true,\"showSingleSeries\":false,\"verticalAlignment\":\"top\"},\"preferredSeriesType\":\"bar_horizontal\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"Top Rules [GitHub Code Scanning]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"41578b87-d820-42df-92d5-69af2643d793\",\"w\":36,\"x\":0,\"y\":66},\"panelIndex\":\"41578b87-d820-42df-92d5-69af2643d793\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-17dc082e-1cb5-4483-901a-9c220d911bac\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"1fdc2685-af71-4ebd-ad31-9a9f0aa8a12f\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"17dc082e-1cb5-4483-901a-9c220d911bac\":{\"columnOrder\":[\"576f9e4c-0341-4fae-b2f9-2fa4dd4ce6f5\",\"b907d8f2-1395-4737-a7db-25bd080be94d\"],\"columns\":{\"576f9e4c-0341-4fae-b2f9-2fa4dd4ce6f5\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top files responsible for alerts\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"b907d8f2-1395-4737-a7db-25bd080be94d\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.code_scanning.most_recent_instance.location.path\"},\"b907d8f2-1395-4737-a7db-25bd080be94d\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Alert Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"1fdc2685-af71-4ebd-ad31-9a9f0aa8a12f\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.code_scanning\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"b907d8f2-1395-4737-a7db-25bd080be94d\"],\"layerId\":\"17dc082e-1cb5-4483-901a-9c220d911bac\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"xAccessor\":\"576f9e4c-0341-4fae-b2f9-2fa4dd4ce6f5\"}],\"legend\":{\"isInside\":false,\"isVisible\":true,\"position\":\"right\",\"showSingleSeries\":false},\"preferredSeriesType\":\"bar_horizontal\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"Top files [GitHub Code Scanning]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"4f4ecefc-738e-4b86-8013-4b78bcb6d79b\",\"w\":12,\"x\":36,\"y\":66},\"panelIndex\":\"4f4ecefc-738e-4b86-8013-4b78bcb6d79b\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-2321cd3f-039b-44be-90a5-03028195d49e\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"eeb76646-d085-43fb-bad2-e7e78e3470fa\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"2321cd3f-039b-44be-90a5-03028195d49e\":{\"columnOrder\":[\"37a962c0-4797-484d-b2e6-00a280b3edc2\",\"871b560f-f208-41a2-978b-b97664f99807\"],\"columns\":{\"37a962c0-4797-484d-b2e6-00a280b3edc2\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"User\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"871b560f-f208-41a2-978b-b97664f99807\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.code_scanning.dismissed_by.login\"},\"871b560f-f208-41a2-978b-b97664f99807\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Alerts count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"eeb76646-d085-43fb-bad2-e7e78e3470fa\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.code_scanning\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"871b560f-f208-41a2-978b-b97664f99807\"],\"layerId\":\"2321cd3f-039b-44be-90a5-03028195d49e\",\"layerType\":\"data\",\"seriesType\":\"bar_horizontal\",\"xAccessor\":\"37a962c0-4797-484d-b2e6-00a280b3edc2\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_horizontal\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"Top users dismissing alerts [GitHub Code Scanning]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":12,\"i\":\"234754b7-9ffa-44b0-b7f7-7ed6ec6a6d32\",\"w\":48,\"x\":0,\"y\":81},\"panelIndex\":\"234754b7-9ffa-44b0-b7f7-7ed6ec6a6d32\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-ebd4f001-671a-4772-a2c4-b07f94e34845\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"deab5558-7fec-4cfa-b152-24203a046301\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"ebd4f001-671a-4772-a2c4-b07f94e34845\":{\"columnOrder\":[\"fc40a758-e2ae-45db-88c1-439660cb7f66\",\"5caf7916-eab1-42d2-b591-41039ee8ed72\"],\"columns\":{\"5caf7916-eab1-42d2-b591-41039ee8ed72\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"fc40a758-e2ae-45db-88c1-439660cb7f66\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"deab5558-7fec-4cfa-b152-24203a046301\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.code_scanning\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"5caf7916-eab1-42d2-b591-41039ee8ed72\"],\"layerId\":\"ebd4f001-671a-4772-a2c4-b07f94e34845\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"xAccessor\":\"fc40a758-e2ae-45db-88c1-439660cb7f66\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"Events Timeline [GitHub Code Scanning]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"}}]","timeRestore":false,"title":"[GitHub] Code Scanning Alerts","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"github-4da91aa0-12fc-11ed-af77-016e1a977d80","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"dc15f49d-29b1-4e2e-8787-51ffbab5b4ac:indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d","type":"index-pattern"},{"id":"logs-*","name":"dc15f49d-29b1-4e2e-8787-51ffbab5b4ac:2c60b75b-1f6f-4bee-8a9c-6b7fdcbc905e","type":"index-pattern"},{"id":"logs-*","name":"85cbbb74-4d3c-44e0-98f6-be076e31aea3:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95","type":"index-pattern"},{"id":"logs-*","name":"85cbbb74-4d3c-44e0-98f6-be076e31aea3:4fa3d8de-226f-4ff3-ab95-b9167e6ff115","type":"index-pattern"},{"id":"logs-*","name":"1b501988-f932-4d80-8625-d2a1c8cd7321:indexpattern-datasource-layer-cbc5557e-f6b9-4140-90b2-3100f33083c4","type":"index-pattern"},{"id":"logs-*","name":"1b501988-f932-4d80-8625-d2a1c8cd7321:5b02c858-e981-4dc4-a3bc-1d563549180a","type":"index-pattern"},{"id":"logs-*","name":"12c18b92-9f7b-4832-b85f-aad64720ea87:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95","type":"index-pattern"},{"id":"logs-*","name":"12c18b92-9f7b-4832-b85f-aad64720ea87:5d417c98-6b80-42b4-9183-15bf539c9c46","type":"index-pattern"},{"id":"logs-*","name":"12c18b92-9f7b-4832-b85f-aad64720ea87:c10f8d54-f8a4-45cf-8c17-527a0b914e14","type":"index-pattern"},{"id":"logs-*","name":"7131e4d3-c168-480d-9496-1463ceaaa97a:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95","type":"index-pattern"},{"id":"logs-*","name":"7131e4d3-c168-480d-9496-1463ceaaa97a:1d49d476-9ca6-44e0-8501-35c7f63ed984","type":"index-pattern"},{"id":"logs-*","name":"7131e4d3-c168-480d-9496-1463ceaaa97a:a0505379-6e67-41c4-b3c8-b7e6bd3efa7d","type":"index-pattern"},{"id":"logs-*","name":"c3e8ea64-b6f9-470c-9004-02f8909672eb:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95","type":"index-pattern"},{"id":"logs-*","name":"c3e8ea64-b6f9-470c-9004-02f8909672eb:bff2e3f5-8f9b-49f4-ba88-b0e937089c2f","type":"index-pattern"},{"id":"logs-*","name":"c3e8ea64-b6f9-470c-9004-02f8909672eb:960abe90-416f-4075-aaef-2cc0a3af1707","type":"index-pattern"},{"id":"logs-*","name":"46dc58eb-4994-442d-a6b4-4b3699b74bf1:indexpattern-datasource-layer-d8a21374-4117-4796-96e2-ecd47f2babd2","type":"index-pattern"},{"id":"logs-*","name":"46dc58eb-4994-442d-a6b4-4b3699b74bf1:2ce8a419-debd-4a37-85e6-c7b49e61604f","type":"index-pattern"},{"id":"logs-*","name":"9a3577e8-d452-46cc-b2dd-9424ec80c871:indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8","type":"index-pattern"},{"id":"logs-*","name":"9a3577e8-d452-46cc-b2dd-9424ec80c871:1d50dadb-a088-4e8b-842f-8d84e6378658","type":"index-pattern"},{"id":"logs-*","name":"ae814e70-2e8e-43df-b62e-e32d1c26f676:indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85","type":"index-pattern"},{"id":"logs-*","name":"ae814e70-2e8e-43df-b62e-e32d1c26f676:63aad513-3506-45e9-8c13-d2ee49f689ab","type":"index-pattern"},{"id":"logs-*","name":"4e77167a-4642-4cbb-8430-2197e2f31666:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757","type":"index-pattern"},{"id":"logs-*","name":"4e77167a-4642-4cbb-8430-2197e2f31666:14d80078-f238-406f-9a34-bae0f8616bc0","type":"index-pattern"},{"id":"logs-*","name":"5135da2a-0093-4b71-a35a-c2b8877d22dd:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757","type":"index-pattern"},{"id":"logs-*","name":"5135da2a-0093-4b71-a35a-c2b8877d22dd:e696efc1-4a91-44d3-ad68-618f00d80703","type":"index-pattern"},{"id":"logs-*","name":"7a3f8c53-407b-4862-9dc3-10dccfe06426:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757","type":"index-pattern"},{"id":"logs-*","name":"7a3f8c53-407b-4862-9dc3-10dccfe06426:a9c37a5a-574a-411d-9420-2e53045288f3","type":"index-pattern"},{"id":"logs-*","name":"9653b170-7606-461f-9ac4-bf58547f30db:indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df","type":"index-pattern"},{"id":"logs-*","name":"9653b170-7606-461f-9ac4-bf58547f30db:c1f5c308-cb41-49d7-9d2b-034ddea6eec8","type":"index-pattern"},{"id":"logs-*","name":"563a073c-7de0-4095-b0ac-127caed562f2:indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df","type":"index-pattern"},{"id":"logs-*","name":"563a073c-7de0-4095-b0ac-127caed562f2:3ad0255d-c017-4880-b3dd-d60cb17375c1","type":"index-pattern"},{"id":"logs-*","name":"d5326dec-bbfa-4a0c-b820-f6d915d5a9c5:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757","type":"index-pattern"},{"id":"logs-*","name":"d5326dec-bbfa-4a0c-b820-f6d915d5a9c5:8a760085-cbc8-4b89-8401-4eb7f686cc80","type":"index-pattern"},{"id":"logs-*","name":"c8b71fb6-3611-4788-a05f-fc9336b277f5:indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df","type":"index-pattern"},{"id":"logs-*","name":"c8b71fb6-3611-4788-a05f-fc9336b277f5:d3c21fb5-7785-4c13-b684-0eebfa9a8ea9","type":"index-pattern"},{"id":"logs-*","name":"26c79a62-100e-4eb4-b878-621e2be8570d:indexpattern-datasource-layer-a5a3e567-da48-48df-902a-28bb45019016","type":"index-pattern"},{"id":"logs-*","name":"26c79a62-100e-4eb4-b878-621e2be8570d:68463b79-453f-4a36-a9a5-e747691dbbc9","type":"index-pattern"},{"id":"logs-*","name":"41578b87-d820-42df-92d5-69af2643d793:indexpattern-datasource-layer-17dc082e-1cb5-4483-901a-9c220d911bac","type":"index-pattern"},{"id":"logs-*","name":"41578b87-d820-42df-92d5-69af2643d793:1fdc2685-af71-4ebd-ad31-9a9f0aa8a12f","type":"index-pattern"},{"id":"logs-*","name":"4f4ecefc-738e-4b86-8013-4b78bcb6d79b:indexpattern-datasource-layer-2321cd3f-039b-44be-90a5-03028195d49e","type":"index-pattern"},{"id":"logs-*","name":"4f4ecefc-738e-4b86-8013-4b78bcb6d79b:eeb76646-d085-43fb-bad2-e7e78e3470fa","type":"index-pattern"},{"id":"logs-*","name":"234754b7-9ffa-44b0-b7f7-7ed6ec6a6d32:indexpattern-datasource-layer-ebd4f001-671a-4772-a2c4-b07f94e34845","type":"index-pattern"},{"id":"logs-*","name":"234754b7-9ffa-44b0-b7f7-7ed6ec6a6d32:deab5558-7fec-4cfa-b152-24203a046301","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_93a8183f-ab74-4636-9f63-9e30c35bfa6b:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_965171e3-e02b-49ff-a2f7-6ddfa5159eee:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_8fb8d319-c120-4bcb-849d-6d45f3f5406a:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_3d506940-8d8f-4f4f-8fa8-5ac070d1dc36:optionsListDataView","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-github-default","name":"tag-ref-fleet-pkg-github-default","type":"tag"}],"sort":[1688996741503,7609],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3NzQsMV0="}
+{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{\"66d2324e-be32-41be-b685-54ba2cc58c2b\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.owner.login\",\"title\":\"Owner/Organization\",\"id\":\"66d2324e-be32-41be-b685-54ba2cc58c2b\",\"enhancements\":{}}},\"54e33c68-ad08-412f-852a-f669391018b0\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.name\",\"title\":\"Repository\",\"id\":\"54e33c68-ad08-412f-852a-f669391018b0\",\"enhancements\":{}}},\"9fd25971-d168-4a50-985f-9e1bb266c93e\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.state\",\"title\":\"State\",\"id\":\"9fd25971-d168-4a50-985f-9e1bb266c93e\",\"enhancements\":{}}},\"bcb03b9e-5278-4d66-a4da-762d41ec13cd\":{\"order\":3,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.severity\",\"title\":\"Severity\",\"id\":\"bcb03b9e-5278-4d66-a4da-762d41ec13cd\",\"enhancements\":{}}}}"},"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"Secret Scanning\",\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.action\",\"negate\":false,\"params\":[\"secret_scanning\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.action\":\"secret_scanning\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":5,\"i\":\"77e597be-8cdc-4fa3-9dee-4e4ed1103e55\",\"w\":14,\"x\":0,\"y\":0},\"panelIndex\":\"77e597be-8cdc-4fa3-9dee-4e4ed1103e55\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"a27a9357-b353-46a3-9116-530f354b09b9\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"3f8b858f-a1ee-4d69-a100-d59282acd94d\":{\"columnOrder\":[\"ccdc8558-1d3f-4c8b-a31e-d59ac78d0212\"],\"columns\":{\"ccdc8558-1d3f-4c8b-a31e-d59ac78d0212\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Total Secrets Found\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"a27a9357-b353-46a3-9116-530f354b09b9\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.secret_scanning\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.secret_scanning\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"ccdc8558-1d3f-4c8b-a31e-d59ac78d0212\",\"layerId\":\"3f8b858f-a1ee-4d69-a100-d59282acd94d\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"top\"}},\"title\":\"Total Secrets Found [GitHub Secret Scanning]\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":5,\"i\":\"277a4af7-61c6-40d9-80a6-2d73df097618\",\"w\":14,\"x\":14,\"y\":0},\"panelIndex\":\"277a4af7-61c6-40d9-80a6-2d73df097618\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"ef2a4614-151f-42d0-8707-257d009298ea\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\":{\"columnOrder\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\",\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\",\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1\",\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2\"],\"columns\":{\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Secrets Found/Fixed Ratio\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"number\",\"params\":{\"decimals\":2}},\"formula\":\"count()/count(kql='github.state:dismissed or github.state:resolved')\",\"isFormulaBroken\":false},\"references\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2\"],\"scale\":\"ratio\"},\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Secrets Found/Fixed Ratio\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"github.state:dismissed or github.state:resolved\"},\"isBucketed\":false,\"label\":\"Part of Secrets Found/Fixed Ratio\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Secrets Found/Fixed Ratio\",\"operationType\":\"math\",\"params\":{\"tinymathAst\":{\"args\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\",\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1\"],\"location\":{\"max\":68,\"min\":0},\"name\":\"divide\",\"text\":\"count()/count(kql='github.state:dismissed or github.state:resolved')\",\"type\":\"function\"}},\"references\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\",\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1\"],\"scale\":\"ratio\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"ef2a4614-151f-42d0-8707-257d009298ea\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.secret_scanning\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.secret_scanning\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\",\"colorMode\":\"None\",\"layerId\":\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"layerType\":\"data\",\"textAlign\":\"center\"}},\"title\":\"Secrets Found/Fixed Ratio [GitHub Secret Scanning]\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"51a087d0-9c56-4047-9404-b4b7b37497b0\",\"w\":20,\"x\":28,\"y\":0},\"panelIndex\":\"51a087d0-9c56-4047-9404-b4b7b37497b0\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-cbc5557e-f6b9-4140-90b2-3100f33083c4\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"d7c9ae82-adc1-4169-a1ac-2fea90204f25\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"cbc5557e-f6b9-4140-90b2-3100f33083c4\":{\"columnOrder\":[\"3ef214a7-820c-42e3-b2b0-5daa7566fedc\",\"4525c4ae-5f82-4b4d-9867-48e4aba462fd\"],\"columns\":{\"3ef214a7-820c-42e3-b2b0-5daa7566fedc\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Open vs Resolved\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"4525c4ae-5f82-4b4d-9867-48e4aba462fd\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.state\"},\"4525c4ae-5f82-4b4d-9867-48e4aba462fd\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"d7c9ae82-adc1-4169-a1ac-2fea90204f25\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.secret_scanning\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.secret_scanning\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"emptySizeRatio\":0.3,\"layerId\":\"cbc5557e-f6b9-4140-90b2-3100f33083c4\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"legendPosition\":\"right\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":true,\"primaryGroups\":[\"3ef214a7-820c-42e3-b2b0-5daa7566fedc\"],\"metrics\":[\"4525c4ae-5f82-4b4d-9867-48e4aba462fd\"]}],\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"shape\":\"donut\"}},\"title\":\"Open vs Fixed/Resolved Secrets[GitHub Secret Scanning]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":5,\"i\":\"3c9e482b-4cd2-43e2-a1aa-5a6d66050c16\",\"w\":14,\"x\":0,\"y\":5},\"panelIndex\":\"3c9e482b-4cd2-43e2-a1aa-5a6d66050c16\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"b2d41cbe-238c-4c90-994d-d8e8f1668a44\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"d4cc48c0-fb83-4b1d-9c91-369a087165c4\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\":{\"columnOrder\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\"],\"columns\":{\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Open Alerts\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}}},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"b2d41cbe-238c-4c90-994d-d8e8f1668a44\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.secret_scanning\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.secret_scanning\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"d4cc48c0-fb83-4b1d-9c91-369a087165c4\",\"key\":\"github.state\",\"negate\":false,\"params\":{\"query\":\"open\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"github.state\":\"open\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\",\"colorMode\":\"Labels\",\"layerId\":\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"layerType\":\"data\",\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#209280\",\"stop\":0},{\"color\":\"#d6bf57\",\"stop\":1},{\"color\":\"#cc5642\",\"stop\":1000}],\"continuity\":\"above\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":0,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#209280\",\"stop\":1},{\"color\":\"#d6bf57\",\"stop\":1000},{\"color\":\"#cc5642\",\"stop\":1001}]},\"type\":\"palette\"},\"textAlign\":\"center\"}},\"title\":\"Open Secrets Count [GitHub Secret Scanning]\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":10,\"i\":\"e6cb0087-c5ba-49f2-8ae9-b206d2346609\",\"w\":14,\"x\":14,\"y\":5},\"panelIndex\":\"e6cb0087-c5ba-49f2-8ae9-b206d2346609\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"9c0d6963-bc22-4d2d-9028-20e603d307e7\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"dac33af7-8640-4326-8c95-afddf6194657\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\":{\"columnOrder\":[\"e33d2853-5b3d-4be9-9312-2d8da64d9523\"],\"columns\":{\"e33d2853-5b3d-4be9-9312-2d8da64d9523\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Mean time to resolve an alert\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"github.secret_scanning.time_to_resolution.sec\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"9c0d6963-bc22-4d2d-9028-20e603d307e7\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.secret_scanning\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.secret_scanning\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"dac33af7-8640-4326-8c95-afddf6194657\",\"key\":\"github.secret_scanning.time_to_resolution.sec\",\"negate\":false,\"type\":\"exists\",\"value\":\"exists\"},\"query\":{\"exists\":{\"field\":\"github.secret_scanning.time_to_resolution.sec\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"e33d2853-5b3d-4be9-9312-2d8da64d9523\",\"colorMode\":\"None\",\"layerId\":\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"layerType\":\"data\",\"textAlign\":\"center\"}},\"title\":\"Mean Time to Resolution [GitHub Secret Scanning]\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":5,\"i\":\"892ed6dd-afe7-4685-bebb-5f1a70b44692\",\"w\":14,\"x\":0,\"y\":10},\"panelIndex\":\"892ed6dd-afe7-4685-bebb-5f1a70b44692\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"e9f91f71-3727-4bf1-9d0a-2742347e223f\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"f34d1f77-a34c-4ac9-ab7a-6892d9505a80\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\":{\"columnOrder\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\",\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\"],\"columns\":{\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Resolved/Dismissed Alerts\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}},\"formula\":\"count()\",\"isFormulaBroken\":false},\"references\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\"],\"scale\":\"ratio\"},\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Dismissed Alerts\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"e9f91f71-3727-4bf1-9d0a-2742347e223f\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.secret_scanning\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.secret_scanning\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"f34d1f77-a34c-4ac9-ab7a-6892d9505a80\",\"key\":\"github.state\",\"negate\":false,\"params\":[\"dismissed\",\"resolved\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"github.state\":\"dismissed\"}},{\"match_phrase\":{\"github.state\":\"resolved\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\",\"colorMode\":\"Labels\",\"layerId\":\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"layerType\":\"data\",\"palette\":{\"name\":\"positive\",\"params\":{\"continuity\":\"above\",\"maxSteps\":5,\"name\":\"positive\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":0,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#bbdad3\",\"stop\":0},{\"color\":\"#77b6a8\",\"stop\":8},{\"color\":\"#209280\",\"stop\":16}]},\"type\":\"palette\"},\"textAlign\":\"center\"}},\"title\":\"Fixed Secrets Count [GitHub Secret Scanning]\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":12,\"i\":\"429f2ded-1aca-42cd-9190-9afddb03eabf\",\"w\":24,\"x\":0,\"y\":15},\"panelIndex\":\"429f2ded-1aca-42cd-9190-9afddb03eabf\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"89debdad-d323-4640-918b-2c38d061e212\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"2592c6ef-cf07-4080-b4fe-014cc142e3c8\":{\"columnOrder\":[\"1e393f28-24a9-40af-830b-654785bf6236\",\"727c7778-d3ac-48b4-a1e9-fd2308ad7bf2\",\"2e911c1d-57e0-4dab-b9f2-3e8660f1527c\",\"2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0\"],\"columns\":{\"1e393f28-24a9-40af-830b-654785bf6236\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Owner\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"fallback\":true,\"type\":\"alphabetical\"},\"orderDirection\":\"asc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":20},\"scale\":\"ordinal\",\"sourceField\":\"github.repository.owner.login\"},\"2e911c1d-57e0-4dab-b9f2-3e8660f1527c\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Found Secrets by repository\",\"operationType\":\"formula\",\"params\":{\"formula\":\"count()\",\"isFormulaBroken\":false},\"references\":[\"2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0\"],\"scale\":\"ratio\"},\"2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Alerts count by repository\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"727c7778-d3ac-48b4-a1e9-fd2308ad7bf2\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of github.repository.owner.login + 1 other\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"fallback\":true,\"type\":\"alphabetical\"},\"orderDirection\":\"asc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"multi_terms\"},\"secondaryFields\":[\"github.repository.name\"],\"size\":50},\"scale\":\"ordinal\",\"sourceField\":\"github.repository.owner.login\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"89debdad-d323-4640-918b-2c38d061e212\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.secret_scanning\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.secret_scanning\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"2e911c1d-57e0-4dab-b9f2-3e8660f1527c\"],\"layerId\":\"2592c6ef-cf07-4080-b4fe-014cc142e3c8\",\"layerType\":\"data\",\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"seriesType\":\"bar\",\"splitAccessor\":\"727c7778-d3ac-48b4-a1e9-fd2308ad7bf2\",\"xAccessor\":\"1e393f28-24a9-40af-830b-654785bf6236\"}],\"legend\":{\"isVisible\":true,\"maxLines\":5,\"position\":\"right\",\"shouldTruncate\":true,\"showSingleSeries\":true},\"preferredSeriesType\":\"bar\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"Found Secrets count by owner and by repository [GitHub Secret Scanning]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":12,\"i\":\"a7adc099-113f-4113-b592-24b5ceff484e\",\"w\":24,\"x\":24,\"y\":15},\"panelIndex\":\"a7adc099-113f-4113-b592-24b5ceff484e\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"11287d36-4d96-447c-b336-56ae03fcbc16\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"91e1a389-34e8-4332-9dbb-bd883d71dd85\":{\"columnOrder\":[\"894fb0b1-f0bd-4dbe-885b-0b41c339e84f\",\"8cca4d83-a822-4b67-97cd-27649e1d7c68\",\"c53bee8d-06ca-4728-b6bc-2761d77a9ef5\"],\"columns\":{\"894fb0b1-f0bd-4dbe-885b-0b41c339e84f\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top repositories contributing to alerts by owner\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"c53bee8d-06ca-4728-b6bc-2761d77a9ef5\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":20},\"scale\":\"ordinal\",\"sourceField\":\"github.repository.owner.login\"},\"8cca4d83-a822-4b67-97cd-27649e1d7c68\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 values of github.repository.name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"c53bee8d-06ca-4728-b6bc-2761d77a9ef5\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.repository.name\"},\"c53bee8d-06ca-4728-b6bc-2761d77a9ef5\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"11287d36-4d96-447c-b336-56ae03fcbc16\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.secret_scanning\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.secret_scanning\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"91e1a389-34e8-4332-9dbb-bd883d71dd85\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"894fb0b1-f0bd-4dbe-885b-0b41c339e84f\",\"8cca4d83-a822-4b67-97cd-27649e1d7c68\"],\"metrics\":[\"c53bee8d-06ca-4728-b6bc-2761d77a9ef5\"]}],\"shape\":\"pie\"}},\"title\":\"Found Secrets % by owner and by repository [GitHub Secret Scanning]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":13,\"i\":\"883397dd-0064-48f2-b257-c8ed4295b0b9\",\"w\":24,\"x\":0,\"y\":27},\"panelIndex\":\"883397dd-0064-48f2-b257-c8ed4295b0b9\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"25c2db0c-d286-407e-9c0b-55252a2ad165\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"82cbb0d6-87ad-47e3-bed4-84e8d7f812d1\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"631035e6-8678-47ee-9a8c-c6a87f6c1757\":{\"columnOrder\":[\"257a7d8d-1315-4775-97d9-e679c0f3aa79\",\"e1d8072b-7268-444a-864e-ef1117b17b65\"],\"columns\":{\"257a7d8d-1315-4775-97d9-e679c0f3aa79\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Secret Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e1d8072b-7268-444a-864e-ef1117b17b65\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.secret_scanning.secret_type_display_name\"},\"e1d8072b-7268-444a-864e-ef1117b17b65\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Found Secrets\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"25c2db0c-d286-407e-9c0b-55252a2ad165\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.secret_scanning\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.secret_scanning\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"82cbb0d6-87ad-47e3-bed4-84e8d7f812d1\",\"key\":\"github.state\",\"negate\":false,\"params\":{\"query\":\"open\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"github.state\":\"open\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"e1d8072b-7268-444a-864e-ef1117b17b65\"],\"layerId\":\"631035e6-8678-47ee-9a8c-c6a87f6c1757\",\"layerType\":\"data\",\"seriesType\":\"bar_horizontal\",\"xAccessor\":\"257a7d8d-1315-4775-97d9-e679c0f3aa79\",\"yConfig\":[{\"color\":\"#6dc9cd\",\"forAccessor\":\"e1d8072b-7268-444a-864e-ef1117b17b65\"}]}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_horizontal\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"Open Secrets Count by Type [GitHub Secret Scanning]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":13,\"i\":\"d0ec4a50-b9da-4775-9f64-5389f898aee3\",\"w\":24,\"x\":24,\"y\":27},\"panelIndex\":\"d0ec4a50-b9da-4775-9f64-5389f898aee3\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"acfd1c9a-be16-4275-ae7d-0ad42b060de0\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"42fcf4b5-0905-4d97-baa9-c08a61bc3b7a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"631035e6-8678-47ee-9a8c-c6a87f6c1757\":{\"columnOrder\":[\"257a7d8d-1315-4775-97d9-e679c0f3aa79\",\"e1d8072b-7268-444a-864e-ef1117b17b65\"],\"columns\":{\"257a7d8d-1315-4775-97d9-e679c0f3aa79\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Secrets by Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e1d8072b-7268-444a-864e-ef1117b17b65\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.secret_scanning.secret_type_display_name\"},\"e1d8072b-7268-444a-864e-ef1117b17b65\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"acfd1c9a-be16-4275-ae7d-0ad42b060de0\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.secret_scanning\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.secret_scanning\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"42fcf4b5-0905-4d97-baa9-c08a61bc3b7a\",\"key\":\"github.state\",\"negate\":false,\"params\":{\"query\":\"open\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"github.state\":\"open\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"emptySizeRatio\":0.3,\"layerId\":\"631035e6-8678-47ee-9a8c-c6a87f6c1757\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"legendMaxLines\":5,\"legendPosition\":\"right\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":true,\"primaryGroups\":[\"257a7d8d-1315-4775-97d9-e679c0f3aa79\"],\"metrics\":[\"e1d8072b-7268-444a-864e-ef1117b17b65\"]}],\"shape\":\"donut\"}},\"title\":\"Open Secrets % by Type [GitHub Secret Scanning]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"7cccdf3a-7c20-4bb6-8adb-3b2d83c7a0b8\",\"w\":48,\"x\":0,\"y\":40},\"panelIndex\":\"7cccdf3a-7c20-4bb6-8adb-3b2d83c7a0b8\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-725aa594-f41c-4b3e-a6cf-8c115b602f57\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"c26ebed6-b942-43ed-9f00-ccf3c5842f5f\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"54bf50e3-8882-4a5e-a4ad-e4d684c3abaa\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"725aa594-f41c-4b3e-a6cf-8c115b602f57\":{\"columnOrder\":[\"98acffa4-7380-4b18-9f9a-4025ca8ac0c6\",\"197c6dc3-cb49-4482-8381-a89e27cc960f\",\"e81fb515-1196-411c-818d-8f4d837ce000\",\"2059204b-f8ae-4a1f-911e-c7ed705f2ba9\",\"753cfcd3-a745-4003-9d55-c19e0ffbd43f\",\"5cf0999f-989a-465c-a12d-3549cad8584a\",\"308e4990-dd31-471d-a467-d9c8a775476d\",\"432976f9-4218-49dc-9922-f7dc093cbaa1\"],\"columns\":{\"197c6dc3-cb49-4482-8381-a89e27cc960f\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Owner/Organization\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"308e4990-dd31-471d-a467-d9c8a775476d\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":1},\"scale\":\"ordinal\",\"sourceField\":\"github.repository.owner.login\"},\"2059204b-f8ae-4a1f-911e-c7ed705f2ba9\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"308e4990-dd31-471d-a467-d9c8a775476d\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":1},\"scale\":\"ordinal\",\"sourceField\":\"github.secret_scanning.secret_type_display_name\"},\"308e4990-dd31-471d-a467-d9c8a775476d\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"432976f9-4218-49dc-9922-f7dc093cbaa1\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"github.secret_scanning.time_to_resolution.sec: *\"},\"isBucketed\":false,\"label\":\"Time To Resolution\",\"operationType\":\"last_value\",\"params\":{\"sortField\":\"@timestamp\"},\"scale\":\"ratio\",\"sourceField\":\"github.secret_scanning.time_to_resolution.sec\"},\"5cf0999f-989a-465c-a12d-3549cad8584a\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Resolved By User\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"308e4990-dd31-471d-a467-d9c8a775476d\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":1},\"scale\":\"ordinal\",\"sourceField\":\"github.secret_scanning.resolved_by.login\"},\"753cfcd3-a745-4003-9d55-c19e0ffbd43f\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Resolution\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"308e4990-dd31-471d-a467-d9c8a775476d\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":1},\"scale\":\"ordinal\",\"sourceField\":\"github.secret_scanning.resolution\"},\"98acffa4-7380-4b18-9f9a-4025ca8ac0c6\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Fixed Secret\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"308e4990-dd31-471d-a467-d9c8a775476d\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":1000},\"scale\":\"ordinal\",\"sourceField\":\"github.secret_scanning.secret\"},\"e81fb515-1196-411c-818d-8f4d837ce000\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Repository\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"308e4990-dd31-471d-a467-d9c8a775476d\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":1},\"scale\":\"ordinal\",\"sourceField\":\"github.repository.name\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"c26ebed6-b942-43ed-9f00-ccf3c5842f5f\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.secret_scanning\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.secret_scanning\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"54bf50e3-8882-4a5e-a4ad-e4d684c3abaa\",\"key\":\"github.state\",\"negate\":false,\"params\":[\"dismissed\",\"resolved\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"github.state\":\"dismissed\"}},{\"match_phrase\":{\"github.state\":\"resolved\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"alignment\":\"left\",\"columnId\":\"98acffa4-7380-4b18-9f9a-4025ca8ac0c6\",\"hidden\":false,\"isTransposed\":false,\"width\":242.75},{\"columnId\":\"197c6dc3-cb49-4482-8381-a89e27cc960f\",\"isTransposed\":false},{\"columnId\":\"e81fb515-1196-411c-818d-8f4d837ce000\",\"isTransposed\":false},{\"columnId\":\"753cfcd3-a745-4003-9d55-c19e0ffbd43f\",\"isTransposed\":false},{\"columnId\":\"5cf0999f-989a-465c-a12d-3549cad8584a\",\"isTransposed\":false},{\"columnId\":\"2059204b-f8ae-4a1f-911e-c7ed705f2ba9\",\"isTransposed\":false},{\"columnId\":\"308e4990-dd31-471d-a467-d9c8a775476d\",\"hidden\":true,\"isTransposed\":false},{\"columnId\":\"432976f9-4218-49dc-9922-f7dc093cbaa1\",\"isTransposed\":false}],\"layerId\":\"725aa594-f41c-4b3e-a6cf-8c115b602f57\",\"layerType\":\"data\"}},\"title\":\"Fixed Secrets [GitHub Secret Scanning]\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"991aa388-e5d6-469b-911a-1cbcd1b84417\",\"w\":48,\"x\":0,\"y\":55},\"panelIndex\":\"991aa388-e5d6-469b-911a-1cbcd1b84417\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-725aa594-f41c-4b3e-a6cf-8c115b602f57\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"ee8e512a-72ec-4ab7-9c01-8bc987dc2b42\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"94bf6c5a-a948-40c1-95a7-52d11ef68bad\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"725aa594-f41c-4b3e-a6cf-8c115b602f57\":{\"columnOrder\":[\"98acffa4-7380-4b18-9f9a-4025ca8ac0c6\",\"197c6dc3-cb49-4482-8381-a89e27cc960f\",\"e81fb515-1196-411c-818d-8f4d837ce000\",\"4b29a17b-d4c4-4d29-a120-296f69b2875e\",\"3b3eb320-881a-4786-bcb3-d2400e38a3d3\",\"308e4990-dd31-471d-a467-d9c8a775476d\"],\"columns\":{\"197c6dc3-cb49-4482-8381-a89e27cc960f\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Owner/Organization\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"308e4990-dd31-471d-a467-d9c8a775476d\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":1},\"scale\":\"ordinal\",\"sourceField\":\"github.repository.owner.login\"},\"308e4990-dd31-471d-a467-d9c8a775476d\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"3b3eb320-881a-4786-bcb3-d2400e38a3d3\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Alert URL\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"308e4990-dd31-471d-a467-d9c8a775476d\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":1},\"scale\":\"ordinal\",\"sourceField\":\"github.secret_scanning.url\"},\"4b29a17b-d4c4-4d29-a120-296f69b2875e\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"308e4990-dd31-471d-a467-d9c8a775476d\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":1},\"scale\":\"ordinal\",\"sourceField\":\"github.secret_scanning.secret_type_display_name\"},\"98acffa4-7380-4b18-9f9a-4025ca8ac0c6\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Found Secret\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"308e4990-dd31-471d-a467-d9c8a775476d\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":1000},\"scale\":\"ordinal\",\"sourceField\":\"github.secret_scanning.secret\"},\"e81fb515-1196-411c-818d-8f4d837ce000\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Repository\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"308e4990-dd31-471d-a467-d9c8a775476d\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":1},\"scale\":\"ordinal\",\"sourceField\":\"github.repository.name\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"ee8e512a-72ec-4ab7-9c01-8bc987dc2b42\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.secret_scanning\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.secret_scanning\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"94bf6c5a-a948-40c1-95a7-52d11ef68bad\",\"key\":\"github.state\",\"negate\":false,\"params\":[\"open\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"github.state\":\"open\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"alignment\":\"left\",\"columnId\":\"98acffa4-7380-4b18-9f9a-4025ca8ac0c6\",\"hidden\":false,\"isTransposed\":false,\"width\":242.75},{\"columnId\":\"197c6dc3-cb49-4482-8381-a89e27cc960f\",\"isTransposed\":false},{\"columnId\":\"e81fb515-1196-411c-818d-8f4d837ce000\",\"isTransposed\":false},{\"columnId\":\"3b3eb320-881a-4786-bcb3-d2400e38a3d3\",\"isTransposed\":false},{\"columnId\":\"4b29a17b-d4c4-4d29-a120-296f69b2875e\",\"isTransposed\":false},{\"columnId\":\"308e4990-dd31-471d-a467-d9c8a775476d\",\"hidden\":true,\"isTransposed\":false}],\"layerId\":\"725aa594-f41c-4b3e-a6cf-8c115b602f57\",\"layerType\":\"data\",\"paging\":{\"enabled\":true,\"size\":10},\"rowHeight\":\"custom\",\"rowHeightLines\":2}},\"title\":\"Found Secrets [GitHub Secret Scanning]\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"ff2747ad-ec9c-44a5-b8f9-9347be86c98b\",\"w\":15,\"x\":33,\"y\":70},\"panelIndex\":\"ff2747ad-ec9c-44a5-b8f9-9347be86c98b\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-2321cd3f-039b-44be-90a5-03028195d49e\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"8908ff94-5bd3-4a76-b219-1ba7128998c6\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"2321cd3f-039b-44be-90a5-03028195d49e\":{\"columnOrder\":[\"37a962c0-4797-484d-b2e6-00a280b3edc2\",\"871b560f-f208-41a2-978b-b97664f99807\"],\"columns\":{\"37a962c0-4797-484d-b2e6-00a280b3edc2\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"User\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"871b560f-f208-41a2-978b-b97664f99807\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.secret_scanning.resolved_by.login\"},\"871b560f-f208-41a2-978b-b97664f99807\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Fixed Secrets Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"8908ff94-5bd3-4a76-b219-1ba7128998c6\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.secret_scanning\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.secret_scanning\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"871b560f-f208-41a2-978b-b97664f99807\"],\"layerId\":\"2321cd3f-039b-44be-90a5-03028195d49e\",\"layerType\":\"data\",\"seriesType\":\"bar_horizontal\",\"xAccessor\":\"37a962c0-4797-484d-b2e6-00a280b3edc2\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_horizontal\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"Top users resolving secrets [GitHub Secret Scanning]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"36cee00b-70b3-4bb5-a4b3-2448061135f8\",\"w\":33,\"x\":0,\"y\":70},\"panelIndex\":\"36cee00b-70b3-4bb5-a4b3-2448061135f8\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-ebd4f001-671a-4772-a2c4-b07f94e34845\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"6a77e887-9ac6-4cc2-90b9-9013fb2bf30a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"ebd4f001-671a-4772-a2c4-b07f94e34845\":{\"columnOrder\":[\"fc40a758-e2ae-45db-88c1-439660cb7f66\",\"5caf7916-eab1-42d2-b591-41039ee8ed72\"],\"columns\":{\"5caf7916-eab1-42d2-b591-41039ee8ed72\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"fc40a758-e2ae-45db-88c1-439660cb7f66\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"6a77e887-9ac6-4cc2-90b9-9013fb2bf30a\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.secret_scanning\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.secret_scanning\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"5caf7916-eab1-42d2-b591-41039ee8ed72\"],\"layerId\":\"ebd4f001-671a-4772-a2c4-b07f94e34845\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"xAccessor\":\"fc40a758-e2ae-45db-88c1-439660cb7f66\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"Events Timeline [GitHub Secret Scanning]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"}}]","timeRestore":false,"title":"[GitHub] Secret Scanning Alerts","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"github-591d69e0-17b6-11ed-809a-7b4be950fe9c","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"991aa388-e5d6-469b-911a-1cbcd1b84417:indexpattern-datasource-layer-725aa594-f41c-4b3e-a6cf-8c115b602f57","type":"index-pattern"},{"id":"logs-*","name":"991aa388-e5d6-469b-911a-1cbcd1b84417:99882a8f-757f-4692-b7dd-56e561a7a5ac","type":"index-pattern"},{"id":"logs-*","name":"991aa388-e5d6-469b-911a-1cbcd1b84417:fac9d156-24f2-409d-9f1b-200dbd5a9b5a","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_66d2324e-be32-41be-b685-54ba2cc58c2b:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_54e33c68-ad08-412f-852a-f669391018b0:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_9fd25971-d168-4a50-985f-9e1bb266c93e:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_bcb03b9e-5278-4d66-a4da-762d41ec13cd:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"77e597be-8cdc-4fa3-9dee-4e4ed1103e55:indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d","type":"index-pattern"},{"id":"logs-*","name":"77e597be-8cdc-4fa3-9dee-4e4ed1103e55:a27a9357-b353-46a3-9116-530f354b09b9","type":"index-pattern"},{"id":"logs-*","name":"277a4af7-61c6-40d9-80a6-2d73df097618:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95","type":"index-pattern"},{"id":"logs-*","name":"277a4af7-61c6-40d9-80a6-2d73df097618:ef2a4614-151f-42d0-8707-257d009298ea","type":"index-pattern"},{"id":"logs-*","name":"51a087d0-9c56-4047-9404-b4b7b37497b0:indexpattern-datasource-layer-cbc5557e-f6b9-4140-90b2-3100f33083c4","type":"index-pattern"},{"id":"logs-*","name":"51a087d0-9c56-4047-9404-b4b7b37497b0:d7c9ae82-adc1-4169-a1ac-2fea90204f25","type":"index-pattern"},{"id":"logs-*","name":"3c9e482b-4cd2-43e2-a1aa-5a6d66050c16:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95","type":"index-pattern"},{"id":"logs-*","name":"3c9e482b-4cd2-43e2-a1aa-5a6d66050c16:b2d41cbe-238c-4c90-994d-d8e8f1668a44","type":"index-pattern"},{"id":"logs-*","name":"3c9e482b-4cd2-43e2-a1aa-5a6d66050c16:d4cc48c0-fb83-4b1d-9c91-369a087165c4","type":"index-pattern"},{"id":"logs-*","name":"e6cb0087-c5ba-49f2-8ae9-b206d2346609:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95","type":"index-pattern"},{"id":"logs-*","name":"e6cb0087-c5ba-49f2-8ae9-b206d2346609:9c0d6963-bc22-4d2d-9028-20e603d307e7","type":"index-pattern"},{"id":"logs-*","name":"e6cb0087-c5ba-49f2-8ae9-b206d2346609:dac33af7-8640-4326-8c95-afddf6194657","type":"index-pattern"},{"id":"logs-*","name":"892ed6dd-afe7-4685-bebb-5f1a70b44692:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95","type":"index-pattern"},{"id":"logs-*","name":"892ed6dd-afe7-4685-bebb-5f1a70b44692:e9f91f71-3727-4bf1-9d0a-2742347e223f","type":"index-pattern"},{"id":"logs-*","name":"892ed6dd-afe7-4685-bebb-5f1a70b44692:f34d1f77-a34c-4ac9-ab7a-6892d9505a80","type":"index-pattern"},{"id":"logs-*","name":"429f2ded-1aca-42cd-9190-9afddb03eabf:indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8","type":"index-pattern"},{"id":"logs-*","name":"429f2ded-1aca-42cd-9190-9afddb03eabf:89debdad-d323-4640-918b-2c38d061e212","type":"index-pattern"},{"id":"logs-*","name":"a7adc099-113f-4113-b592-24b5ceff484e:indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85","type":"index-pattern"},{"id":"logs-*","name":"a7adc099-113f-4113-b592-24b5ceff484e:11287d36-4d96-447c-b336-56ae03fcbc16","type":"index-pattern"},{"id":"logs-*","name":"883397dd-0064-48f2-b257-c8ed4295b0b9:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757","type":"index-pattern"},{"id":"logs-*","name":"883397dd-0064-48f2-b257-c8ed4295b0b9:25c2db0c-d286-407e-9c0b-55252a2ad165","type":"index-pattern"},{"id":"logs-*","name":"883397dd-0064-48f2-b257-c8ed4295b0b9:82cbb0d6-87ad-47e3-bed4-84e8d7f812d1","type":"index-pattern"},{"id":"logs-*","name":"d0ec4a50-b9da-4775-9f64-5389f898aee3:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757","type":"index-pattern"},{"id":"logs-*","name":"d0ec4a50-b9da-4775-9f64-5389f898aee3:acfd1c9a-be16-4275-ae7d-0ad42b060de0","type":"index-pattern"},{"id":"logs-*","name":"d0ec4a50-b9da-4775-9f64-5389f898aee3:42fcf4b5-0905-4d97-baa9-c08a61bc3b7a","type":"index-pattern"},{"id":"logs-*","name":"7cccdf3a-7c20-4bb6-8adb-3b2d83c7a0b8:indexpattern-datasource-layer-725aa594-f41c-4b3e-a6cf-8c115b602f57","type":"index-pattern"},{"id":"logs-*","name":"7cccdf3a-7c20-4bb6-8adb-3b2d83c7a0b8:c26ebed6-b942-43ed-9f00-ccf3c5842f5f","type":"index-pattern"},{"id":"logs-*","name":"7cccdf3a-7c20-4bb6-8adb-3b2d83c7a0b8:54bf50e3-8882-4a5e-a4ad-e4d684c3abaa","type":"index-pattern"},{"id":"logs-*","name":"991aa388-e5d6-469b-911a-1cbcd1b84417:indexpattern-datasource-layer-725aa594-f41c-4b3e-a6cf-8c115b602f57","type":"index-pattern"},{"id":"logs-*","name":"991aa388-e5d6-469b-911a-1cbcd1b84417:ee8e512a-72ec-4ab7-9c01-8bc987dc2b42","type":"index-pattern"},{"id":"logs-*","name":"991aa388-e5d6-469b-911a-1cbcd1b84417:94bf6c5a-a948-40c1-95a7-52d11ef68bad","type":"index-pattern"},{"id":"logs-*","name":"ff2747ad-ec9c-44a5-b8f9-9347be86c98b:indexpattern-datasource-layer-2321cd3f-039b-44be-90a5-03028195d49e","type":"index-pattern"},{"id":"logs-*","name":"ff2747ad-ec9c-44a5-b8f9-9347be86c98b:8908ff94-5bd3-4a76-b219-1ba7128998c6","type":"index-pattern"},{"id":"logs-*","name":"36cee00b-70b3-4bb5-a4b3-2448061135f8:indexpattern-datasource-layer-ebd4f001-671a-4772-a2c4-b07f94e34845","type":"index-pattern"},{"id":"logs-*","name":"36cee00b-70b3-4bb5-a4b3-2448061135f8:6a77e887-9ac6-4cc2-90b9-9013fb2bf30a","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-github-default","name":"tag-ref-fleet-pkg-github-default","type":"tag"}],"sort":[1688996741503,7655],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3NzUsMV0="}
+{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{\"2132f9ab-9cce-423a-beed-e02e6d4d5ed9\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.state\",\"title\":\"State\",\"id\":\"2132f9ab-9cce-423a-beed-e02e6d4d5ed9\",\"enhancements\":{},\"selectedOptions\":[]}},\"2f1b6c0b-96fc-479a-b7ef-145c84df585e\":{\"order\":3,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.severity\",\"title\":\"Severity\",\"id\":\"2f1b6c0b-96fc-479a-b7ef-145c84df585e\",\"enhancements\":{},\"selectedOptions\":[]}},\"91415c25-696a-4928-92e3-2c578e14c7a3\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.owner.login\",\"title\":\"Owner/Organization\",\"id\":\"91415c25-696a-4928-92e3-2c578e14c7a3\",\"enhancements\":{}}},\"a1e7b5ed-b636-4db8-87e1-779863061f45\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.name\",\"title\":\"Repository\",\"id\":\"a1e7b5ed-b636-4db8-87e1-779863061f45\",\"enhancements\":{},\"selectedOptions\":[]}}}"},"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"Dependabot\",\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.action\",\"negate\":false,\"params\":[\"dependabot\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.action\":\"dependabot\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":5,\"i\":\"a7d99fc1-400a-4e55-8bbb-76d9aad7eedc\",\"w\":14,\"x\":0,\"y\":0},\"panelIndex\":\"a7d99fc1-400a-4e55-8bbb-76d9aad7eedc\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"85aacdea-d37b-4e6a-ae32-81077ddccb60\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"3f8b858f-a1ee-4d69-a100-d59282acd94d\":{\"columnOrder\":[\"ccdc8558-1d3f-4c8b-a31e-d59ac78d0212\"],\"columns\":{\"ccdc8558-1d3f-4c8b-a31e-d59ac78d0212\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Total Alerts\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"85aacdea-d37b-4e6a-ae32-81077ddccb60\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.dependabot\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.dependabot\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"ccdc8558-1d3f-4c8b-a31e-d59ac78d0212\",\"layerId\":\"3f8b858f-a1ee-4d69-a100-d59282acd94d\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"top\"}},\"title\":\"Total Alerts Created [GitHub Dependabot]\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"85cbbb74-4d3c-44e0-98f6-be076e31aea3\",\"w\":14,\"x\":14,\"y\":0},\"panelIndex\":\"85cbbb74-4d3c-44e0-98f6-be076e31aea3\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"a849fd8c-6f48-4f51-9f6f-ab6e7862171c\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\":{\"columnOrder\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\",\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\",\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1\",\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2\"],\"columns\":{\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Alerts Found/Fixed Ratio\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"number\",\"params\":{\"decimals\":2}},\"formula\":\"count()/count(kql='github.state:dismissed')\",\"isFormulaBroken\":false},\"references\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2\"],\"scale\":\"ratio\"},\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Resolved/Dismissed Alerts\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"github.state:dismissed\"},\"isBucketed\":false,\"label\":\"Part of Resolved/Dismissed Alerts\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Resolved/Dismissed Alerts\",\"operationType\":\"math\",\"params\":{\"tinymathAst\":{\"args\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\",\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1\"],\"location\":{\"max\":43,\"min\":0},\"name\":\"divide\",\"text\":\"count()/count(kql='github.state:dismissed')\",\"type\":\"function\"}},\"references\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\",\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1\"],\"scale\":\"ratio\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"a849fd8c-6f48-4f51-9f6f-ab6e7862171c\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.dependabot\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.dependabot\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\",\"colorMode\":\"None\",\"layerId\":\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"layerType\":\"data\",\"textAlign\":\"center\"}},\"title\":\"Alerts Found/Fixed Ratio [GitHub Dependabot]\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"1b501988-f932-4d80-8625-d2a1c8cd7321\",\"w\":20,\"x\":28,\"y\":0},\"panelIndex\":\"1b501988-f932-4d80-8625-d2a1c8cd7321\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-cbc5557e-f6b9-4140-90b2-3100f33083c4\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"ee0d69d7-f2ce-4a24-aaae-9d8934f3368e\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"cbc5557e-f6b9-4140-90b2-3100f33083c4\":{\"columnOrder\":[\"3ef214a7-820c-42e3-b2b0-5daa7566fedc\",\"4525c4ae-5f82-4b4d-9867-48e4aba462fd\"],\"columns\":{\"3ef214a7-820c-42e3-b2b0-5daa7566fedc\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Open vs Resolved\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"4525c4ae-5f82-4b4d-9867-48e4aba462fd\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.state\"},\"4525c4ae-5f82-4b4d-9867-48e4aba462fd\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"ee0d69d7-f2ce-4a24-aaae-9d8934f3368e\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.dependabot\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.dependabot\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"emptySizeRatio\":0.54,\"layerId\":\"cbc5557e-f6b9-4140-90b2-3100f33083c4\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"legendPosition\":\"right\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":true,\"primaryGroups\":[\"3ef214a7-820c-42e3-b2b0-5daa7566fedc\"],\"metrics\":[\"4525c4ae-5f82-4b4d-9867-48e4aba462fd\"]}],\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"shape\":\"donut\"}},\"title\":\"Open vs Resolved/Dismissed [GitHub Dependabot]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":5,\"i\":\"12c18b92-9f7b-4832-b85f-aad64720ea87\",\"w\":14,\"x\":0,\"y\":5},\"panelIndex\":\"12c18b92-9f7b-4832-b85f-aad64720ea87\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"9e8fb4bd-1d35-4c80-80cc-d52bef7f7771\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"bbb4d277-741b-49c1-bc79-77a6ee15e94d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\":{\"columnOrder\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\"],\"columns\":{\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Open Alerts\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}}},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"9e8fb4bd-1d35-4c80-80cc-d52bef7f7771\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.dependabot\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.dependabot\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"bbb4d277-741b-49c1-bc79-77a6ee15e94d\",\"key\":\"github.state\",\"negate\":false,\"params\":[\"open\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"github.state\":\"open\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\",\"colorMode\":\"Labels\",\"layerId\":\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"layerType\":\"data\",\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#209280\",\"stop\":0},{\"color\":\"#d6bf57\",\"stop\":1},{\"color\":\"#cc5642\",\"stop\":1000}],\"continuity\":\"above\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":0,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#209280\",\"stop\":1},{\"color\":\"#d6bf57\",\"stop\":1000},{\"color\":\"#cc5642\",\"stop\":1001}]},\"type\":\"palette\"},\"textAlign\":\"center\"}},\"title\":\"Open Alerts Count [GitHub Dependabot]\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":5,\"i\":\"c3e8ea64-b6f9-470c-9004-02f8909672eb\",\"w\":14,\"x\":0,\"y\":10},\"panelIndex\":\"c3e8ea64-b6f9-470c-9004-02f8909672eb\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"7196f033-fe4d-41cb-b3c7-4c45300d6a68\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"8977fa6e-37e6-4a2b-a032-d181646ef8cf\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\":{\"columnOrder\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\",\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\"],\"columns\":{\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Resolved/Dismissed Alerts\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}},\"formula\":\"count()\",\"isFormulaBroken\":false},\"references\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\"],\"scale\":\"ratio\"},\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Dismissed Alerts\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"7196f033-fe4d-41cb-b3c7-4c45300d6a68\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.dependabot\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.dependabot\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"8977fa6e-37e6-4a2b-a032-d181646ef8cf\",\"key\":\"github.state\",\"negate\":false,\"params\":[\"dismissed\",\"resolved\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"github.state\":\"dismissed\"}},{\"match_phrase\":{\"github.state\":\"resolved\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\",\"colorMode\":\"Labels\",\"layerId\":\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"layerType\":\"data\",\"palette\":{\"name\":\"positive\",\"params\":{\"continuity\":\"above\",\"maxSteps\":5,\"name\":\"positive\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":0,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#bbdad3\",\"stop\":0},{\"color\":\"#77b6a8\",\"stop\":8},{\"color\":\"#209280\",\"stop\":16}]},\"type\":\"palette\"},\"textAlign\":\"center\"}},\"title\":\"Resolved/Dismissed Alerts Count [GitHub Dependabot]\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"7131e4d3-c168-480d-9496-1463ceaaa97a\",\"w\":14,\"x\":14,\"y\":8},\"panelIndex\":\"7131e4d3-c168-480d-9496-1463ceaaa97a\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"03a792fe-87d1-4d81-8a7c-0c9d22b41a1b\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"006ef10a-8064-4e48-8ff1-413c550d6204\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\":{\"columnOrder\":[\"e33d2853-5b3d-4be9-9312-2d8da64d9523\"],\"columns\":{\"e33d2853-5b3d-4be9-9312-2d8da64d9523\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Mean time to resolve an alert\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"event.duration\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"03a792fe-87d1-4d81-8a7c-0c9d22b41a1b\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.dependabot\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.dependabot\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"006ef10a-8064-4e48-8ff1-413c550d6204\",\"key\":\"event.duration\",\"negate\":false,\"type\":\"exists\",\"value\":\"exists\"},\"query\":{\"exists\":{\"field\":\"event.duration\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"e33d2853-5b3d-4be9-9312-2d8da64d9523\",\"colorMode\":\"None\",\"layerId\":\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"layerType\":\"data\",\"textAlign\":\"center\"}},\"title\":\"Mean Time to Resolution [GitHub Dependabot]\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Mean Time To Resolution [GitHub Dependabot]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":12,\"i\":\"9a3577e8-d452-46cc-b2dd-9424ec80c871\",\"w\":25,\"x\":0,\"y\":15},\"panelIndex\":\"9a3577e8-d452-46cc-b2dd-9424ec80c871\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"d3e8e716-b6e8-4db6-8948-87e49827aebb\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"2592c6ef-cf07-4080-b4fe-014cc142e3c8\":{\"columnOrder\":[\"1e393f28-24a9-40af-830b-654785bf6236\",\"727c7778-d3ac-48b4-a1e9-fd2308ad7bf2\",\"2e911c1d-57e0-4dab-b9f2-3e8660f1527c\",\"2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0\"],\"columns\":{\"1e393f28-24a9-40af-830b-654785bf6236\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Owner\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"fallback\":true,\"type\":\"alphabetical\"},\"orderDirection\":\"asc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":20},\"scale\":\"ordinal\",\"sourceField\":\"github.repository.owner.login\"},\"2e911c1d-57e0-4dab-b9f2-3e8660f1527c\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Alerts count by repository\",\"operationType\":\"formula\",\"params\":{\"formula\":\"count()\",\"isFormulaBroken\":false},\"references\":[\"2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0\"],\"scale\":\"ratio\"},\"2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Alerts count by repository\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"727c7778-d3ac-48b4-a1e9-fd2308ad7bf2\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of github.repository.owner.login + 1 other\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"fallback\":true,\"type\":\"alphabetical\"},\"orderDirection\":\"asc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"multi_terms\"},\"secondaryFields\":[\"github.repository.name\"],\"size\":50},\"scale\":\"ordinal\",\"sourceField\":\"github.repository.owner.login\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"d3e8e716-b6e8-4db6-8948-87e49827aebb\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.dependabot\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.dependabot\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"2e911c1d-57e0-4dab-b9f2-3e8660f1527c\"],\"layerId\":\"2592c6ef-cf07-4080-b4fe-014cc142e3c8\",\"layerType\":\"data\",\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"seriesType\":\"bar\",\"splitAccessor\":\"727c7778-d3ac-48b4-a1e9-fd2308ad7bf2\",\"xAccessor\":\"1e393f28-24a9-40af-830b-654785bf6236\"}],\"legend\":{\"isVisible\":true,\"maxLines\":5,\"position\":\"right\",\"shouldTruncate\":true,\"showSingleSeries\":true},\"preferredSeriesType\":\"bar\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"Alerts count by owner and by repository [GitHub Dependabot]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":12,\"i\":\"ae814e70-2e8e-43df-b62e-e32d1c26f676\",\"w\":23,\"x\":25,\"y\":15},\"panelIndex\":\"ae814e70-2e8e-43df-b62e-e32d1c26f676\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"badbb3b4-d90f-44b5-bf22-2e47716a3e09\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"91e1a389-34e8-4332-9dbb-bd883d71dd85\":{\"columnOrder\":[\"894fb0b1-f0bd-4dbe-885b-0b41c339e84f\",\"8cca4d83-a822-4b67-97cd-27649e1d7c68\",\"c53bee8d-06ca-4728-b6bc-2761d77a9ef5\"],\"columns\":{\"894fb0b1-f0bd-4dbe-885b-0b41c339e84f\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top repositories contributing to alerts by owner\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"c53bee8d-06ca-4728-b6bc-2761d77a9ef5\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":20},\"scale\":\"ordinal\",\"sourceField\":\"github.repository.owner.login\"},\"8cca4d83-a822-4b67-97cd-27649e1d7c68\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 values of github.repository.name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"c53bee8d-06ca-4728-b6bc-2761d77a9ef5\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.repository.name\"},\"c53bee8d-06ca-4728-b6bc-2761d77a9ef5\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"badbb3b4-d90f-44b5-bf22-2e47716a3e09\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.dependabot\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.dependabot\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"91e1a389-34e8-4332-9dbb-bd883d71dd85\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"894fb0b1-f0bd-4dbe-885b-0b41c339e84f\",\"8cca4d83-a822-4b67-97cd-27649e1d7c68\"],\"metrics\":[\"c53bee8d-06ca-4728-b6bc-2761d77a9ef5\"]}],\"shape\":\"pie\"}},\"title\":\"Aerts % by owner and by repository [GitHub Dependabot]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":13,\"i\":\"9653b170-7606-461f-9ac4-bf58547f30db\",\"w\":14,\"x\":0,\"y\":27},\"panelIndex\":\"9653b170-7606-461f-9ac4-bf58547f30db\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"fc66a292-57a3-4510-b6f8-681eeb768e10\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"04d54e71-2f6e-462a-8858-74d8668335df\":{\"columnOrder\":[\"713d9fda-d630-485d-b2af-f6aa22ea7a71\",\"21ef31d9-60e5-4fe1-8767-950697790bab\"],\"columns\":{\"21ef31d9-60e5-4fe1-8767-950697790bab\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Alerts Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"713d9fda-d630-485d-b2af-f6aa22ea7a71\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Severity\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"21ef31d9-60e5-4fe1-8767-950697790bab\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.severity\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"fc66a292-57a3-4510-b6f8-681eeb768e10\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.dependabot\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.dependabot\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"21ef31d9-60e5-4fe1-8767-950697790bab\"],\"layerId\":\"04d54e71-2f6e-462a-8858-74d8668335df\",\"layerType\":\"data\",\"seriesType\":\"bar\",\"xAccessor\":\"713d9fda-d630-485d-b2af-f6aa22ea7a71\",\"yConfig\":[{\"axisMode\":\"auto\",\"color\":\"#b9a888\",\"forAccessor\":\"21ef31d9-60e5-4fe1-8767-950697790bab\"}]}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"showSingleSeries\":false},\"preferredSeriesType\":\"bar\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"show\"}},\"title\":\"Alert Severity Count [GitHub Dependabot]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":13,\"i\":\"563a073c-7de0-4095-b0ac-127caed562f2\",\"w\":11,\"x\":14,\"y\":27},\"panelIndex\":\"563a073c-7de0-4095-b0ac-127caed562f2\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"d7218e2e-18ae-4710-8364-1a4cbfee519c\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"04d54e71-2f6e-462a-8858-74d8668335df\":{\"columnOrder\":[\"713d9fda-d630-485d-b2af-f6aa22ea7a71\",\"21ef31d9-60e5-4fe1-8767-950697790bab\"],\"columns\":{\"21ef31d9-60e5-4fe1-8767-950697790bab\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Alerts Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"713d9fda-d630-485d-b2af-f6aa22ea7a71\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Severity\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"21ef31d9-60e5-4fe1-8767-950697790bab\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.severity\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"d7218e2e-18ae-4710-8364-1a4cbfee519c\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.dependabot\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.dependabot\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"emptySizeRatio\":0.3,\"layerId\":\"04d54e71-2f6e-462a-8858-74d8668335df\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"legendMaxLines\":1,\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"713d9fda-d630-485d-b2af-f6aa22ea7a71\"],\"metrics\":[\"21ef31d9-60e5-4fe1-8767-950697790bab\"]}],\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"shape\":\"donut\"}},\"title\":\"Alert Severity % [GitHub Dependabot]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":13,\"i\":\"d5326dec-bbfa-4a0c-b820-f6d915d5a9c5\",\"w\":23,\"x\":25,\"y\":27},\"panelIndex\":\"d5326dec-bbfa-4a0c-b820-f6d915d5a9c5\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"1f3f8544-c39b-4384-985e-d45107d279fb\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"631035e6-8678-47ee-9a8c-c6a87f6c1757\":{\"columnOrder\":[\"00866684-5176-499e-9517-eff9e9102155\",\"257a7d8d-1315-4775-97d9-e679c0f3aa79\",\"e1d8072b-7268-444a-864e-ef1117b17b65\"],\"columns\":{\"00866684-5176-499e-9517-eff9e9102155\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 values of github.severity\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e1d8072b-7268-444a-864e-ef1117b17b65\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.severity\"},\"257a7d8d-1315-4775-97d9-e679c0f3aa79\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":false,\"interval\":\"d\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"e1d8072b-7268-444a-864e-ef1117b17b65\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Alert count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"1f3f8544-c39b-4384-985e-d45107d279fb\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.dependabot\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.dependabot\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"e1d8072b-7268-444a-864e-ef1117b17b65\"],\"layerId\":\"631035e6-8678-47ee-9a8c-c6a87f6c1757\",\"layerType\":\"data\",\"seriesType\":\"bar\",\"splitAccessor\":\"00866684-5176-499e-9517-eff9e9102155\",\"xAccessor\":\"257a7d8d-1315-4775-97d9-e679c0f3aa79\",\"yConfig\":[{\"color\":\"#6dc9cd\",\"forAccessor\":\"e1d8072b-7268-444a-864e-ef1117b17b65\"}]}],\"legend\":{\"isVisible\":true,\"maxLines\":5,\"position\":\"right\"},\"preferredSeriesType\":\"bar\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"Daily Alerts Count by Severity [GitHub Dependabot]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"41578b87-d820-42df-92d5-69af2643d793\",\"w\":36,\"x\":0,\"y\":40},\"panelIndex\":\"41578b87-d820-42df-92d5-69af2643d793\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-17dc082e-1cb5-4483-901a-9c220d911bac\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"09303186-e13c-4afb-b6f1-bf3eeb7d1423\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"17dc082e-1cb5-4483-901a-9c220d911bac\":{\"columnOrder\":[\"576f9e4c-0341-4fae-b2f9-2fa4dd4ce6f5\",\"b907d8f2-1395-4737-a7db-25bd080be94d\"],\"columns\":{\"576f9e4c-0341-4fae-b2f9-2fa4dd4ce6f5\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top files responsible for alerts\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"b907d8f2-1395-4737-a7db-25bd080be94d\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.dependabot.vulnerable_manifest_path\"},\"b907d8f2-1395-4737-a7db-25bd080be94d\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Alert Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"09303186-e13c-4afb-b6f1-bf3eeb7d1423\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.dependabot\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.dependabot\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"b907d8f2-1395-4737-a7db-25bd080be94d\"],\"layerId\":\"17dc082e-1cb5-4483-901a-9c220d911bac\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"xAccessor\":\"576f9e4c-0341-4fae-b2f9-2fa4dd4ce6f5\"}],\"legend\":{\"isInside\":false,\"isVisible\":true,\"position\":\"right\",\"showSingleSeries\":false},\"preferredSeriesType\":\"bar_horizontal\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"Top files [GitHub Dependabot]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"4f4ecefc-738e-4b86-8013-4b78bcb6d79b\",\"w\":12,\"x\":36,\"y\":40},\"panelIndex\":\"4f4ecefc-738e-4b86-8013-4b78bcb6d79b\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-2321cd3f-039b-44be-90a5-03028195d49e\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"2074f8e1-7a11-4232-9ac4-09bfe773beb8\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"2321cd3f-039b-44be-90a5-03028195d49e\":{\"columnOrder\":[\"37a962c0-4797-484d-b2e6-00a280b3edc2\",\"871b560f-f208-41a2-978b-b97664f99807\"],\"columns\":{\"37a962c0-4797-484d-b2e6-00a280b3edc2\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"User\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"871b560f-f208-41a2-978b-b97664f99807\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.dependabot.dismisser.login\"},\"871b560f-f208-41a2-978b-b97664f99807\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Alerts count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"2074f8e1-7a11-4232-9ac4-09bfe773beb8\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.dependabot\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.dependabot\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"871b560f-f208-41a2-978b-b97664f99807\"],\"layerId\":\"2321cd3f-039b-44be-90a5-03028195d49e\",\"layerType\":\"data\",\"seriesType\":\"bar_horizontal\",\"xAccessor\":\"37a962c0-4797-484d-b2e6-00a280b3edc2\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_horizontal\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"Top users dismissing alerts [GitHub Dependabot]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"12673c47-9148-47a4-a8ab-07a7f06304c7\",\"w\":48,\"x\":0,\"y\":55},\"panelIndex\":\"12673c47-9148-47a4-a8ab-07a7f06304c7\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-ebd4f001-671a-4772-a2c4-b07f94e34845\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"349014a7-1097-4c4b-9805-13b39d46d0bd\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"ebd4f001-671a-4772-a2c4-b07f94e34845\":{\"columnOrder\":[\"fc40a758-e2ae-45db-88c1-439660cb7f66\",\"5caf7916-eab1-42d2-b591-41039ee8ed72\"],\"columns\":{\"5caf7916-eab1-42d2-b591-41039ee8ed72\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"fc40a758-e2ae-45db-88c1-439660cb7f66\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"349014a7-1097-4c4b-9805-13b39d46d0bd\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.dependabot\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.dependabot\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"5caf7916-eab1-42d2-b591-41039ee8ed72\"],\"layerId\":\"ebd4f001-671a-4772-a2c4-b07f94e34845\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"xAccessor\":\"fc40a758-e2ae-45db-88c1-439660cb7f66\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"Events Timeline [GitHub Dependabot]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"}}]","timeRestore":false,"title":"[GitHub] Dependabot Alerts","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"github-6197be80-220c-11ed-88c4-e3caca48250a","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"85cbbb74-4d3c-44e0-98f6-be076e31aea3:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95","type":"index-pattern"},{"id":"logs-*","name":"85cbbb74-4d3c-44e0-98f6-be076e31aea3:bff2e3f5-8f9b-49f4-ba88-b0e937089c2f","type":"index-pattern"},{"id":"logs-*","name":"85cbbb74-4d3c-44e0-98f6-be076e31aea3:960abe90-416f-4075-aaef-2cc0a3af1707","type":"index-pattern"},{"id":"logs-*","name":"c3e8ea64-b6f9-470c-9004-02f8909672eb:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95","type":"index-pattern"},{"id":"logs-*","name":"c3e8ea64-b6f9-470c-9004-02f8909672eb:17e2088a-3bc2-4868-bc76-7cf83644301c","type":"index-pattern"},{"id":"logs-*","name":"c3e8ea64-b6f9-470c-9004-02f8909672eb:ba32e691-eaea-469b-8dd5-3aeb2fbc2cd7","type":"index-pattern"},{"id":"logs-*","name":"7131e4d3-c168-480d-9496-1463ceaaa97a:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95","type":"index-pattern"},{"id":"logs-*","name":"7131e4d3-c168-480d-9496-1463ceaaa97a:dd40a269-9585-4d63-ad58-7a70f2bf3cfc","type":"index-pattern"},{"id":"logs-*","name":"7131e4d3-c168-480d-9496-1463ceaaa97a:0922f2e7-6ee9-45a2-baa6-42dde24c181d","type":"index-pattern"},{"id":"logs-*","name":"9a3577e8-d452-46cc-b2dd-9424ec80c871:indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8","type":"index-pattern"},{"id":"logs-*","name":"ae814e70-2e8e-43df-b62e-e32d1c26f676:indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85","type":"index-pattern"},{"id":"logs-*","name":"9653b170-7606-461f-9ac4-bf58547f30db:indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df","type":"index-pattern"},{"id":"logs-*","name":"9653b170-7606-461f-9ac4-bf58547f30db:6ff40899-6691-449c-afa9-e266b9f272f6","type":"index-pattern"},{"id":"logs-*","name":"563a073c-7de0-4095-b0ac-127caed562f2:indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df","type":"index-pattern"},{"id":"logs-*","name":"563a073c-7de0-4095-b0ac-127caed562f2:351f20af-163e-47d3-831f-f02b469287b3","type":"index-pattern"},{"id":"logs-*","name":"d5326dec-bbfa-4a0c-b820-f6d915d5a9c5:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757","type":"index-pattern"},{"id":"logs-*","name":"d5326dec-bbfa-4a0c-b820-f6d915d5a9c5:a9c37a5a-574a-411d-9420-2e53045288f3","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_2132f9ab-9cce-423a-beed-e02e6d4d5ed9:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_2f1b6c0b-96fc-479a-b7ef-145c84df585e:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_91415c25-696a-4928-92e3-2c578e14c7a3:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_a1e7b5ed-b636-4db8-87e1-779863061f45:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"a7d99fc1-400a-4e55-8bbb-76d9aad7eedc:indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d","type":"index-pattern"},{"id":"logs-*","name":"a7d99fc1-400a-4e55-8bbb-76d9aad7eedc:85aacdea-d37b-4e6a-ae32-81077ddccb60","type":"index-pattern"},{"id":"logs-*","name":"85cbbb74-4d3c-44e0-98f6-be076e31aea3:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95","type":"index-pattern"},{"id":"logs-*","name":"85cbbb74-4d3c-44e0-98f6-be076e31aea3:a849fd8c-6f48-4f51-9f6f-ab6e7862171c","type":"index-pattern"},{"id":"logs-*","name":"1b501988-f932-4d80-8625-d2a1c8cd7321:indexpattern-datasource-layer-cbc5557e-f6b9-4140-90b2-3100f33083c4","type":"index-pattern"},{"id":"logs-*","name":"1b501988-f932-4d80-8625-d2a1c8cd7321:ee0d69d7-f2ce-4a24-aaae-9d8934f3368e","type":"index-pattern"},{"id":"logs-*","name":"12c18b92-9f7b-4832-b85f-aad64720ea87:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95","type":"index-pattern"},{"id":"logs-*","name":"12c18b92-9f7b-4832-b85f-aad64720ea87:9e8fb4bd-1d35-4c80-80cc-d52bef7f7771","type":"index-pattern"},{"id":"logs-*","name":"12c18b92-9f7b-4832-b85f-aad64720ea87:bbb4d277-741b-49c1-bc79-77a6ee15e94d","type":"index-pattern"},{"id":"logs-*","name":"c3e8ea64-b6f9-470c-9004-02f8909672eb:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95","type":"index-pattern"},{"id":"logs-*","name":"c3e8ea64-b6f9-470c-9004-02f8909672eb:7196f033-fe4d-41cb-b3c7-4c45300d6a68","type":"index-pattern"},{"id":"logs-*","name":"c3e8ea64-b6f9-470c-9004-02f8909672eb:8977fa6e-37e6-4a2b-a032-d181646ef8cf","type":"index-pattern"},{"id":"logs-*","name":"7131e4d3-c168-480d-9496-1463ceaaa97a:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95","type":"index-pattern"},{"id":"logs-*","name":"7131e4d3-c168-480d-9496-1463ceaaa97a:03a792fe-87d1-4d81-8a7c-0c9d22b41a1b","type":"index-pattern"},{"id":"logs-*","name":"7131e4d3-c168-480d-9496-1463ceaaa97a:006ef10a-8064-4e48-8ff1-413c550d6204","type":"index-pattern"},{"id":"logs-*","name":"9a3577e8-d452-46cc-b2dd-9424ec80c871:indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8","type":"index-pattern"},{"id":"logs-*","name":"9a3577e8-d452-46cc-b2dd-9424ec80c871:d3e8e716-b6e8-4db6-8948-87e49827aebb","type":"index-pattern"},{"id":"logs-*","name":"ae814e70-2e8e-43df-b62e-e32d1c26f676:indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85","type":"index-pattern"},{"id":"logs-*","name":"ae814e70-2e8e-43df-b62e-e32d1c26f676:badbb3b4-d90f-44b5-bf22-2e47716a3e09","type":"index-pattern"},{"id":"logs-*","name":"9653b170-7606-461f-9ac4-bf58547f30db:indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df","type":"index-pattern"},{"id":"logs-*","name":"9653b170-7606-461f-9ac4-bf58547f30db:fc66a292-57a3-4510-b6f8-681eeb768e10","type":"index-pattern"},{"id":"logs-*","name":"563a073c-7de0-4095-b0ac-127caed562f2:indexpattern-datasource-layer-04d54e71-2f6e-462a-8858-74d8668335df","type":"index-pattern"},{"id":"logs-*","name":"563a073c-7de0-4095-b0ac-127caed562f2:d7218e2e-18ae-4710-8364-1a4cbfee519c","type":"index-pattern"},{"id":"logs-*","name":"d5326dec-bbfa-4a0c-b820-f6d915d5a9c5:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757","type":"index-pattern"},{"id":"logs-*","name":"d5326dec-bbfa-4a0c-b820-f6d915d5a9c5:1f3f8544-c39b-4384-985e-d45107d279fb","type":"index-pattern"},{"id":"logs-*","name":"41578b87-d820-42df-92d5-69af2643d793:indexpattern-datasource-layer-17dc082e-1cb5-4483-901a-9c220d911bac","type":"index-pattern"},{"id":"logs-*","name":"41578b87-d820-42df-92d5-69af2643d793:09303186-e13c-4afb-b6f1-bf3eeb7d1423","type":"index-pattern"},{"id":"logs-*","name":"4f4ecefc-738e-4b86-8013-4b78bcb6d79b:indexpattern-datasource-layer-2321cd3f-039b-44be-90a5-03028195d49e","type":"index-pattern"},{"id":"logs-*","name":"4f4ecefc-738e-4b86-8013-4b78bcb6d79b:2074f8e1-7a11-4232-9ac4-09bfe773beb8","type":"index-pattern"},{"id":"logs-*","name":"12673c47-9148-47a4-a8ab-07a7f06304c7:indexpattern-datasource-layer-ebd4f001-671a-4772-a2c4-b07f94e34845","type":"index-pattern"},{"id":"logs-*","name":"12673c47-9148-47a4-a8ab-07a7f06304c7:349014a7-1097-4c4b-9805-13b39d46d0bd","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-github-default","name":"tag-ref-fleet-pkg-github-default","type":"tag"}],"sort":[1688996741503,7711],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3NzYsMV0="}
+{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{\"2b7c10cd-1a6d-4dff-8cf9-848904b101d7\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.owner.login\",\"title\":\"Owner/ Organization\",\"id\":\"2b7c10cd-1a6d-4dff-8cf9-848904b101d7\",\"enhancements\":{},\"selectedOptions\":[]}},\"05d7ed66-221a-437a-9e07-5094ce9d57e0\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.name\",\"title\":\"Repository\",\"id\":\"05d7ed66-221a-437a-9e07-5094ce9d57e0\",\"enhancements\":{}}},\"b1a338bb-89af-425e-91eb-1c8a32641422\":{\"order\":3,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.state\",\"title\":\"State\",\"id\":\"b1a338bb-89af-425e-91eb-1c8a32641422\",\"selectedOptions\":[],\"enhancements\":{}}},\"5c430006-8043-4e34-96dd-34b596dcba61\":{\"order\":4,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.severity\",\"title\":\"Severity\",\"id\":\"5c430006-8043-4e34-96dd-34b596dcba61\",\"enhancements\":{},\"selectedOptions\":[]}},\"81297eab-88c0-477b-8132-39cbb430b6c7\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"event.action\",\"title\":\"Alert Type\",\"id\":\"81297eab-88c0-477b-8132-39cbb430b6c7\",\"selectedOptions\":[],\"enhancements\":{}}}}"},"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":5,\"i\":\"908a8fcb-8a78-41ae-bb14-c0fba31aa562\",\"w\":14,\"x\":0,\"y\":0},\"panelIndex\":\"908a8fcb-8a78-41ae-bb14-c0fba31aa562\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"efd3c729-3f58-4e1f-b05f-4178051021ee\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"3f8b858f-a1ee-4d69-a100-d59282acd94d\":{\"columnOrder\":[\"ccdc8558-1d3f-4c8b-a31e-d59ac78d0212\"],\"columns\":{\"ccdc8558-1d3f-4c8b-a31e-d59ac78d0212\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Total Alerts\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"efd3c729-3f58-4e1f-b05f-4178051021ee\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.code_scanning\",\"github.secret_scanning\",\"github.dependabot\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}},{\"match_phrase\":{\"data_stream.dataset\":\"github.secret_scanning\"}},{\"match_phrase\":{\"data_stream.dataset\":\"github.dependabot\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"ccdc8558-1d3f-4c8b-a31e-d59ac78d0212\",\"layerId\":\"3f8b858f-a1ee-4d69-a100-d59282acd94d\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"top\"}},\"title\":\"Total Alerts Count [GitHub Advanced Security]\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"84209174-8b73-47ed-9324-45e7713370d0\",\"w\":16,\"x\":14,\"y\":0},\"panelIndex\":\"84209174-8b73-47ed-9324-45e7713370d0\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-e125b149-a8ea-47b7-914c-508a7972c074\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"68c402d4-a28c-4161-9f6c-663cd4930df6\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"e125b149-a8ea-47b7-914c-508a7972c074\":{\"columnOrder\":[\"25824925-c28e-4f16-b354-5e6e25ecea6a\",\"aaa67d72-aba4-4af4-a4f5-66e37fffed84\"],\"columns\":{\"25824925-c28e-4f16-b354-5e6e25ecea6a\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Severity\",\"operationType\":\"filters\",\"params\":{\"filters\":[{\"input\":{\"language\":\"kuery\",\"query\":\"github.severity : \\\"critical\\\" \"},\"label\":\"Critical\"},{\"input\":{\"language\":\"kuery\",\"query\":\"github.severity : \\\"high\\\" \"},\"label\":\"High\"},{\"input\":{\"language\":\"kuery\",\"query\":\"github.severity : \\\"medium\\\" \"},\"label\":\"Medium\"},{\"input\":{\"language\":\"kuery\",\"query\":\"github.severity : \\\"low\\\"\"},\"label\":\"Low\"},{\"input\":{\"language\":\"kuery\",\"query\":\"github.severity : \\\"undefined\\\"  \"},\"label\":\"Undefined\"}]},\"scale\":\"ordinal\"},\"aaa67d72-aba4-4af4-a4f5-66e37fffed84\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Alerts Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"68c402d4-a28c-4161-9f6c-663cd4930df6\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.code_scanning\",\"github.secret_scanning\",\"github.dependabot\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}},{\"match_phrase\":{\"data_stream.dataset\":\"github.secret_scanning\"}},{\"match_phrase\":{\"data_stream.dataset\":\"github.dependabot\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"aaa67d72-aba4-4af4-a4f5-66e37fffed84\"],\"layerId\":\"e125b149-a8ea-47b7-914c-508a7972c074\",\"layerType\":\"data\",\"seriesType\":\"bar_stacked\",\"xAccessor\":\"25824925-c28e-4f16-b354-5e6e25ecea6a\",\"yConfig\":[{\"color\":\"#ca8eae\",\"forAccessor\":\"aaa67d72-aba4-4af4-a4f5-66e37fffed84\"}]}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"Open Alerts Count by Severity [GitHub Advanced Security]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"5ef67f15-a8c1-4ce5-a676-3a27f61fa7dd\",\"w\":18,\"x\":30,\"y\":0},\"panelIndex\":\"5ef67f15-a8c1-4ce5-a676-3a27f61fa7dd\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-e125b149-a8ea-47b7-914c-508a7972c074\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"408457e7-219e-4fb4-9352-7dc82c8d514c\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"e125b149-a8ea-47b7-914c-508a7972c074\":{\"columnOrder\":[\"25824925-c28e-4f16-b354-5e6e25ecea6a\",\"aaa67d72-aba4-4af4-a4f5-66e37fffed84\"],\"columns\":{\"25824925-c28e-4f16-b354-5e6e25ecea6a\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Severity\",\"operationType\":\"filters\",\"params\":{\"filters\":[{\"input\":{\"language\":\"kuery\",\"query\":\"github.severity : \\\"critical\\\" \"},\"label\":\"Critical\"},{\"input\":{\"language\":\"kuery\",\"query\":\"github.severity : \\\"high\\\" \"},\"label\":\"High\"},{\"input\":{\"language\":\"kuery\",\"query\":\"github.severity : \\\"medium\\\" \"},\"label\":\"Medium\"},{\"input\":{\"language\":\"kuery\",\"query\":\"github.severity : \\\"low\\\"\"},\"label\":\"Low\"},{\"input\":{\"language\":\"kuery\",\"query\":\"github.severity : \\\"undefined\\\"  \"},\"label\":\"Undefined\"}]},\"scale\":\"ordinal\"},\"aaa67d72-aba4-4af4-a4f5-66e37fffed84\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Alerts Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"408457e7-219e-4fb4-9352-7dc82c8d514c\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.code_scanning\",\"github.secret_scanning\",\"github.dependabot\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}},{\"match_phrase\":{\"data_stream.dataset\":\"github.secret_scanning\"}},{\"match_phrase\":{\"data_stream.dataset\":\"github.dependabot\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"emptySizeRatio\":0.3,\"layerId\":\"e125b149-a8ea-47b7-914c-508a7972c074\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"percentDecimals\":1,\"primaryGroups\":[\"25824925-c28e-4f16-b354-5e6e25ecea6a\"],\"metrics\":[\"aaa67d72-aba4-4af4-a4f5-66e37fffed84\"]}],\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"shape\":\"donut\"}},\"title\":\"Open Alerts % by Severity [GitHub Advanced Security]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":5,\"i\":\"c5e57455-3945-4457-973f-7b6a1e5579d8\",\"w\":14,\"x\":0,\"y\":5},\"panelIndex\":\"c5e57455-3945-4457-973f-7b6a1e5579d8\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"ab223632-68bc-4417-a2d3-0c3cd145a537\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"8676bd1a-86f1-4fac-ab02-6c382be33410\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\":{\"columnOrder\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\"],\"columns\":{\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Open Alerts\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}}},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"ab223632-68bc-4417-a2d3-0c3cd145a537\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.code_scanning\",\"github.secret_scanning\",\"github.dependabot\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}},{\"match_phrase\":{\"data_stream.dataset\":\"github.secret_scanning\"}},{\"match_phrase\":{\"data_stream.dataset\":\"github.dependabot\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"8676bd1a-86f1-4fac-ab02-6c382be33410\",\"key\":\"github.state\",\"negate\":false,\"params\":[\"open\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"github.state\":\"open\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\",\"colorMode\":\"Labels\",\"layerId\":\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"layerType\":\"data\",\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#209280\",\"stop\":0},{\"color\":\"#d6bf57\",\"stop\":1},{\"color\":\"#cc5642\",\"stop\":1000}],\"continuity\":\"above\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":0,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#209280\",\"stop\":1},{\"color\":\"#d6bf57\",\"stop\":1000},{\"color\":\"#cc5642\",\"stop\":1001}]},\"type\":\"palette\"},\"textAlign\":\"center\"}},\"title\":\"Open Alerts Count [GitHub Advanced Security]\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":5,\"i\":\"c15d5d40-d18a-4960-8b6d-d47da3611f99\",\"w\":14,\"x\":0,\"y\":10},\"panelIndex\":\"c15d5d40-d18a-4960-8b6d-d47da3611f99\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"45e7ae11-a8b3-4f60-a280-de442326d1ec\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"0753d483-b32c-441f-87dc-bb862221e11c\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\":{\"columnOrder\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\",\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\"],\"columns\":{\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Resolved/Dismissed Alerts\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}},\"formula\":\"count()\",\"isFormulaBroken\":false},\"references\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\"],\"scale\":\"ratio\"},\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Dismissed Alerts\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"45e7ae11-a8b3-4f60-a280-de442326d1ec\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.code_scanning\",\"github.secret_scanning\",\"github.dependabot\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}},{\"match_phrase\":{\"data_stream.dataset\":\"github.secret_scanning\"}},{\"match_phrase\":{\"data_stream.dataset\":\"github.dependabot\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"0753d483-b32c-441f-87dc-bb862221e11c\",\"key\":\"github.state\",\"negate\":false,\"params\":[\"dismissed\",\"resolved\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"github.state\":\"dismissed\"}},{\"match_phrase\":{\"github.state\":\"resolved\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\",\"colorMode\":\"Labels\",\"layerId\":\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"layerType\":\"data\",\"palette\":{\"name\":\"positive\",\"params\":{\"continuity\":\"above\",\"maxSteps\":5,\"name\":\"positive\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":0,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#bbdad3\",\"stop\":0},{\"color\":\"#77b6a8\",\"stop\":8},{\"color\":\"#209280\",\"stop\":16}]},\"type\":\"palette\"},\"textAlign\":\"center\"}},\"title\":\"Resolved/Dismissed Alerts Count [GitHub Advanced Security]\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"5f8d7b7b-c370-4e38-ae2a-80f1495598fe\",\"w\":24,\"x\":0,\"y\":15},\"panelIndex\":\"5f8d7b7b-c370-4e38-ae2a-80f1495598fe\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"656c4d05-b350-45a5-aa87-f83fbdbf2f26\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"a3e44335-794f-455e-9e40-c22201daaa1c\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"2592c6ef-cf07-4080-b4fe-014cc142e3c8\":{\"columnOrder\":[\"1e393f28-24a9-40af-830b-654785bf6236\",\"727c7778-d3ac-48b4-a1e9-fd2308ad7bf2\",\"2e911c1d-57e0-4dab-b9f2-3e8660f1527c\",\"2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0\"],\"columns\":{\"1e393f28-24a9-40af-830b-654785bf6236\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Owner\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"fallback\":true,\"type\":\"alphabetical\"},\"orderDirection\":\"asc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":20},\"scale\":\"ordinal\",\"sourceField\":\"github.repository.owner.login\"},\"2e911c1d-57e0-4dab-b9f2-3e8660f1527c\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Alerts count by repository\",\"operationType\":\"formula\",\"params\":{\"formula\":\"count()\",\"isFormulaBroken\":false},\"references\":[\"2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0\"],\"scale\":\"ratio\"},\"2e911c1d-57e0-4dab-b9f2-3e8660f1527cX0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Alerts count by repository\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"727c7778-d3ac-48b4-a1e9-fd2308ad7bf2\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top values of github.repository.owner.login + 1 other\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"fallback\":true,\"type\":\"alphabetical\"},\"orderDirection\":\"asc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"multi_terms\"},\"secondaryFields\":[\"github.repository.name\"],\"size\":50},\"scale\":\"ordinal\",\"sourceField\":\"github.repository.owner.login\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"656c4d05-b350-45a5-aa87-f83fbdbf2f26\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.code_scanning\",\"github.secret_scanning\",\"github.dependabot\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}},{\"match_phrase\":{\"data_stream.dataset\":\"github.secret_scanning\"}},{\"match_phrase\":{\"data_stream.dataset\":\"github.dependabot\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"a3e44335-794f-455e-9e40-c22201daaa1c\",\"key\":\"github.state\",\"negate\":false,\"params\":{\"query\":\"open\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"github.state\":\"open\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"2e911c1d-57e0-4dab-b9f2-3e8660f1527c\"],\"layerId\":\"2592c6ef-cf07-4080-b4fe-014cc142e3c8\",\"layerType\":\"data\",\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"seriesType\":\"bar\",\"splitAccessor\":\"727c7778-d3ac-48b4-a1e9-fd2308ad7bf2\",\"xAccessor\":\"1e393f28-24a9-40af-830b-654785bf6236\"}],\"legend\":{\"isVisible\":true,\"maxLines\":5,\"position\":\"right\",\"shouldTruncate\":true,\"showSingleSeries\":true},\"preferredSeriesType\":\"bar\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"Open Alerts count by owner and by repository [GitHub Advanced Security]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"35bcc34c-a0d8-40fd-aa9d-52f0df0ebc5a\",\"w\":24,\"x\":24,\"y\":15},\"panelIndex\":\"35bcc34c-a0d8-40fd-aa9d-52f0df0ebc5a\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"e8ef33ad-82e2-4282-ae42-1ee5b478bde8\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"69dd980b-29ae-4a8c-b2e9-f4566786f5d3\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"91e1a389-34e8-4332-9dbb-bd883d71dd85\":{\"columnOrder\":[\"894fb0b1-f0bd-4dbe-885b-0b41c339e84f\",\"e0343042-35ac-4a43-9fe5-639da6a8ee6e\",\"c53bee8d-06ca-4728-b6bc-2761d77a9ef5\"],\"columns\":{\"894fb0b1-f0bd-4dbe-885b-0b41c339e84f\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Owner\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"c53bee8d-06ca-4728-b6bc-2761d77a9ef5\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.repository.owner.login\"},\"c53bee8d-06ca-4728-b6bc-2761d77a9ef5\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Alerts Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"e0343042-35ac-4a43-9fe5-639da6a8ee6e\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Repository\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"c53bee8d-06ca-4728-b6bc-2761d77a9ef5\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.repository.name\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"e8ef33ad-82e2-4282-ae42-1ee5b478bde8\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.code_scanning\",\"github.secret_scanning\",\"github.dependabot\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}},{\"match_phrase\":{\"data_stream.dataset\":\"github.secret_scanning\"}},{\"match_phrase\":{\"data_stream.dataset\":\"github.dependabot\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"69dd980b-29ae-4a8c-b2e9-f4566786f5d3\",\"key\":\"github.state\",\"negate\":false,\"params\":{\"query\":\"open\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"github.state\":\"open\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"91e1a389-34e8-4332-9dbb-bd883d71dd85\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"894fb0b1-f0bd-4dbe-885b-0b41c339e84f\",\"e0343042-35ac-4a43-9fe5-639da6a8ee6e\"],\"metrics\":[\"c53bee8d-06ca-4728-b6bc-2761d77a9ef5\"]}],\"shape\":\"pie\"}},\"title\":\"Open Alerts % by owner and by repository [GitHub Advanced Security]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"54ab8e3f-ba53-4cf0-8769-745688302f45\",\"w\":24,\"x\":0,\"y\":30},\"panelIndex\":\"54ab8e3f-ba53-4cf0-8769-745688302f45\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a1e90df6-e435-44e9-b298-d77ce349f33b\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"bbb675c9-c535-483e-9337-69a2a81eb2da\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"288f00c3-3a7a-4b8a-bb49-75818491a337\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a1e90df6-e435-44e9-b298-d77ce349f33b\":{\"columnOrder\":[\"2d80e2e5-e516-4746-9f9a-113f2c4ef2cb\",\"155686d5-4e87-48a3-b7d2-540deed5a270\"],\"columns\":{\"155686d5-4e87-48a3-b7d2-540deed5a270\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Alerts Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"2d80e2e5-e516-4746-9f9a-113f2c4ef2cb\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Alert Type\",\"operationType\":\"filters\",\"params\":{\"filters\":[{\"input\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"github.code_scanning\\\" \"},\"label\":\"Code Scanning\"},{\"input\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"github.secret_scanning\\\" \"},\"label\":\"Secret Scanning\"},{\"input\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"github.dependabot\\\" \"},\"label\":\"Dependabot\"}]},\"scale\":\"ordinal\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"bbb675c9-c535-483e-9337-69a2a81eb2da\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.code_scanning\",\"github.secret_scanning\",\"github.dependabot\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}},{\"match_phrase\":{\"data_stream.dataset\":\"github.secret_scanning\"}},{\"match_phrase\":{\"data_stream.dataset\":\"github.dependabot\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"288f00c3-3a7a-4b8a-bb49-75818491a337\",\"key\":\"github.state\",\"negate\":false,\"params\":{\"query\":\"open\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"github.state\":\"open\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"accessors\":[\"155686d5-4e87-48a3-b7d2-540deed5a270\"],\"layerId\":\"a1e90df6-e435-44e9-b298-d77ce349f33b\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"2d80e2e5-e516-4746-9f9a-113f2c4ef2cb\",\"yConfig\":[{\"color\":\"#e9b78b\",\"forAccessor\":\"155686d5-4e87-48a3-b7d2-540deed5a270\"}]}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\"}},\"title\":\"Open Alerts by Type [GitHub Advanced Security]\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"96fbd44d-b93e-4605-86ef-d5c3dd36660f\",\"w\":24,\"x\":24,\"y\":30},\"panelIndex\":\"96fbd44d-b93e-4605-86ef-d5c3dd36660f\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"34b1f197-92c5-4838-ae73-3ba9e9260015\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"14e0ee55-38aa-4727-a0a5-a9af42b8b0ca\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"91e1a389-34e8-4332-9dbb-bd883d71dd85\":{\"columnOrder\":[\"894fb0b1-f0bd-4dbe-885b-0b41c339e84f\",\"c53bee8d-06ca-4728-b6bc-2761d77a9ef5\"],\"columns\":{\"894fb0b1-f0bd-4dbe-885b-0b41c339e84f\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Filters\",\"operationType\":\"filters\",\"params\":{\"filters\":[{\"input\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"github.code_scanning\\\" \"},\"label\":\"Code Scanning\"},{\"input\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"github.secret_scanning\\\" \"},\"label\":\"Secret Scanning\"},{\"input\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"github.dependabot\\\" \"},\"label\":\"Dependabot\"}]},\"scale\":\"ordinal\"},\"c53bee8d-06ca-4728-b6bc-2761d77a9ef5\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Alerts Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"34b1f197-92c5-4838-ae73-3ba9e9260015\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.code_scanning\",\"github.secret_scanning\",\"github.dependabot\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.code_scanning\"}},{\"match_phrase\":{\"data_stream.dataset\":\"github.secret_scanning\"}},{\"match_phrase\":{\"data_stream.dataset\":\"github.dependabot\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"14e0ee55-38aa-4727-a0a5-a9af42b8b0ca\",\"key\":\"github.state\",\"negate\":false,\"params\":{\"query\":\"open\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"github.state\":\"open\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"emptySizeRatio\":0.3,\"layerId\":\"91e1a389-34e8-4332-9dbb-bd883d71dd85\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"legendMaxLines\":5,\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"percentDecimals\":1,\"primaryGroups\":[\"894fb0b1-f0bd-4dbe-885b-0b41c339e84f\"],\"metrics\":[\"c53bee8d-06ca-4728-b6bc-2761d77a9ef5\"]}],\"shape\":\"donut\"}},\"title\":\"Open Alerts % by Type [GitHub Advanced Security]\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"}}]","timeRestore":false,"title":"[GitHub] Advanced Security Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"github-6a6d7c40-17ab-11ed-809a-7b4be950fe9c","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"96fbd44d-b93e-4605-86ef-d5c3dd36660f:indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85","type":"index-pattern"},{"id":"logs-*","name":"96fbd44d-b93e-4605-86ef-d5c3dd36660f:7593b627-5a3f-46a0-a8f9-33e6b6acc9a5","type":"index-pattern"},{"id":"logs-*","name":"96fbd44d-b93e-4605-86ef-d5c3dd36660f:3aea78d1-4e8f-47cb-a54b-11acf0506c06","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_2b7c10cd-1a6d-4dff-8cf9-848904b101d7:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_05d7ed66-221a-437a-9e07-5094ce9d57e0:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_b1a338bb-89af-425e-91eb-1c8a32641422:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_5c430006-8043-4e34-96dd-34b596dcba61:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_81297eab-88c0-477b-8132-39cbb430b6c7:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"908a8fcb-8a78-41ae-bb14-c0fba31aa562:indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d","type":"index-pattern"},{"id":"logs-*","name":"908a8fcb-8a78-41ae-bb14-c0fba31aa562:efd3c729-3f58-4e1f-b05f-4178051021ee","type":"index-pattern"},{"id":"logs-*","name":"84209174-8b73-47ed-9324-45e7713370d0:indexpattern-datasource-layer-e125b149-a8ea-47b7-914c-508a7972c074","type":"index-pattern"},{"id":"logs-*","name":"84209174-8b73-47ed-9324-45e7713370d0:68c402d4-a28c-4161-9f6c-663cd4930df6","type":"index-pattern"},{"id":"logs-*","name":"5ef67f15-a8c1-4ce5-a676-3a27f61fa7dd:indexpattern-datasource-layer-e125b149-a8ea-47b7-914c-508a7972c074","type":"index-pattern"},{"id":"logs-*","name":"5ef67f15-a8c1-4ce5-a676-3a27f61fa7dd:408457e7-219e-4fb4-9352-7dc82c8d514c","type":"index-pattern"},{"id":"logs-*","name":"c5e57455-3945-4457-973f-7b6a1e5579d8:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95","type":"index-pattern"},{"id":"logs-*","name":"c5e57455-3945-4457-973f-7b6a1e5579d8:ab223632-68bc-4417-a2d3-0c3cd145a537","type":"index-pattern"},{"id":"logs-*","name":"c5e57455-3945-4457-973f-7b6a1e5579d8:8676bd1a-86f1-4fac-ab02-6c382be33410","type":"index-pattern"},{"id":"logs-*","name":"c15d5d40-d18a-4960-8b6d-d47da3611f99:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95","type":"index-pattern"},{"id":"logs-*","name":"c15d5d40-d18a-4960-8b6d-d47da3611f99:45e7ae11-a8b3-4f60-a280-de442326d1ec","type":"index-pattern"},{"id":"logs-*","name":"c15d5d40-d18a-4960-8b6d-d47da3611f99:0753d483-b32c-441f-87dc-bb862221e11c","type":"index-pattern"},{"id":"logs-*","name":"5f8d7b7b-c370-4e38-ae2a-80f1495598fe:indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8","type":"index-pattern"},{"id":"logs-*","name":"5f8d7b7b-c370-4e38-ae2a-80f1495598fe:656c4d05-b350-45a5-aa87-f83fbdbf2f26","type":"index-pattern"},{"id":"logs-*","name":"5f8d7b7b-c370-4e38-ae2a-80f1495598fe:a3e44335-794f-455e-9e40-c22201daaa1c","type":"index-pattern"},{"id":"logs-*","name":"35bcc34c-a0d8-40fd-aa9d-52f0df0ebc5a:indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85","type":"index-pattern"},{"id":"logs-*","name":"35bcc34c-a0d8-40fd-aa9d-52f0df0ebc5a:e8ef33ad-82e2-4282-ae42-1ee5b478bde8","type":"index-pattern"},{"id":"logs-*","name":"35bcc34c-a0d8-40fd-aa9d-52f0df0ebc5a:69dd980b-29ae-4a8c-b2e9-f4566786f5d3","type":"index-pattern"},{"id":"logs-*","name":"54ab8e3f-ba53-4cf0-8769-745688302f45:indexpattern-datasource-layer-a1e90df6-e435-44e9-b298-d77ce349f33b","type":"index-pattern"},{"id":"logs-*","name":"54ab8e3f-ba53-4cf0-8769-745688302f45:bbb675c9-c535-483e-9337-69a2a81eb2da","type":"index-pattern"},{"id":"logs-*","name":"54ab8e3f-ba53-4cf0-8769-745688302f45:288f00c3-3a7a-4b8a-bb49-75818491a337","type":"index-pattern"},{"id":"logs-*","name":"96fbd44d-b93e-4605-86ef-d5c3dd36660f:indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85","type":"index-pattern"},{"id":"logs-*","name":"96fbd44d-b93e-4605-86ef-d5c3dd36660f:34b1f197-92c5-4838-ae73-3ba9e9260015","type":"index-pattern"},{"id":"logs-*","name":"96fbd44d-b93e-4605-86ef-d5c3dd36660f:14e0ee55-38aa-4727-a0a5-a9af42b8b0ca","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-github-default","name":"tag-ref-fleet-pkg-github-default","type":"tag"}],"sort":[1688996741503,7746],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3NzcsMV0="}
+{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"af01806a-78b1-4068-8d69-fa2ca952f365\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"af01806a-78b1-4068-8d69-fa2ca952f365\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.audit\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.audit\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"github.org\",\"id\":\"1632831213212\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"Organization\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"github.repo\",\"id\":\"1632831234336\",\"indexPatternRefName\":\"control_1_index_pattern\",\"label\":\"Repository\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"user.name\",\"id\":\"1632872599896\",\"indexPatternRefName\":\"control_2_index_pattern\",\"label\":\"Actor\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"user.target.name\",\"id\":\"1632872564349\",\"indexPatternRefName\":\"control_3_index_pattern\",\"label\":\"Users\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"event.action\",\"id\":\"1632874177516\",\"indexPatternRefName\":\"control_4_index_pattern\",\"label\":\"Action\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":false,\"useTimeFilter\":false},\"title\":\"Controls Audit [GitHub]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"7d42442c-83c9-420d-8ef4-883eeb150687\",\"w\":24,\"x\":0,\"y\":7},\"panelIndex\":\"7d42442c-83c9-420d-8ef4-883eeb150687\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"event.action\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":1000},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addTooltip\":true,\"distinctColors\":false,\"isDonut\":false,\"labels\":{\"last_level\":false,\"percentDecimals\":0,\"position\":\"default\",\"show\":true,\"truncate\":100,\"values\":true,\"valuesFormat\":\"value\"},\"legendDisplay\":\"hide\",\"legendPosition\":\"right\",\"legendSize\":\"auto\",\"maxLegendLines\":1,\"nestedLegend\":false,\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"truncateLegend\":true,\"type\":\"pie\"},\"title\":\"User Changes [GitHub]\",\"type\":\"pie\",\"uiState\":{}},\"vis\":{\"legendOpen\":false},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"76db3a0d-7562-4436-acd5-3cbfd4f6d044\",\"w\":24,\"x\":24,\"y\":7},\"panelIndex\":\"76db3a0d-7562-4436-acd5-3cbfd4f6d044\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"scaleMetricValues\":false,\"timeRange\":{\"from\":\"now-18M\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"used_interval\":\"1w\"},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"event.action\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":1000},\"schema\":\"group\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"detailedTooltip\":true,\"grid\":{\"categoryLines\":false},\"labels\":{\"show\":false},\"legendPosition\":\"right\",\"legendSize\":\"auto\",\"maxLegendLines\":1,\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"radiusRatio\":0,\"seriesParams\":[{\"circlesRadius\":3,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"stacked\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"truncateLegend\":true,\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}]},\"title\":\"User Change Timeline [GitHub]\",\"type\":\"histogram\",\"uiState\":{}},\"type\":\"visualization\"}},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":15,\"i\":\"1e435c96-c37f-4eb5-a4e5-2d446b2bf464\",\"w\":48,\"x\":0,\"y\":22},\"panelIndex\":\"1e435c96-c37f-4eb5-a4e5-2d446b2bf464\",\"panelRefName\":\"panel_1e435c96-c37f-4eb5-a4e5-2d446b2bf464\",\"type\":\"search\",\"version\":\"7.16.0\"}]","timeRestore":false,"title":"[GitHub] User Change Audit","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"github-8bfd8310-205c-11ec-8b10-11a4c5e322a0","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"github-173f1050-20ae-11ec-8b10-11a4c5e322a0","name":"1e435c96-c37f-4eb5-a4e5-2d446b2bf464:panel_1e435c96-c37f-4eb5-a4e5-2d446b2bf464","type":"search"},{"id":"logs-*","name":"af01806a-78b1-4068-8d69-fa2ca952f365:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"af01806a-78b1-4068-8d69-fa2ca952f365:control_0_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"af01806a-78b1-4068-8d69-fa2ca952f365:control_1_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"af01806a-78b1-4068-8d69-fa2ca952f365:control_2_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"af01806a-78b1-4068-8d69-fa2ca952f365:control_3_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"af01806a-78b1-4068-8d69-fa2ca952f365:control_4_index_pattern","type":"index-pattern"},{"id":"github-173f1050-20ae-11ec-8b10-11a4c5e322a0","name":"7d42442c-83c9-420d-8ef4-883eeb150687:search_0","type":"search"},{"id":"github-173f1050-20ae-11ec-8b10-11a4c5e322a0","name":"76db3a0d-7562-4436-acd5-3cbfd4f6d044:search_0","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-github-default","name":"tag-ref-fleet-pkg-github-default","type":"tag"}],"sort":[1688996741503,7758],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3NzgsMV0="}
+{"attributes":{"columns":[],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.audit\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.audit\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"sort":[["@timestamp","desc"]],"title":"GitHub Audit","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"github-a5f3d9b0-20af-11ec-8b10-11a4c5e322a0","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-github-default","name":"tag-ref-fleet-pkg-github-default","type":"tag"}],"sort":[1688996741503,7763],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3NzksMV0="}
+{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"63210180-c999-4d93-8d7a-f2fcb810ad1b\",\"w\":41,\"x\":0,\"y\":0},\"panelIndex\":\"63210180-c999-4d93-8d7a-f2fcb810ad1b\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.audit\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.audit\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"github.org\",\"id\":\"1632831213212\",\"indexPatternRefName\":\"control_0_index_pattern\",\"label\":\"Organization\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"github.repo\",\"id\":\"1632831234336\",\"indexPatternRefName\":\"control_1_index_pattern\",\"label\":\"Repository\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"user.name\",\"id\":\"1632872599896\",\"indexPatternRefName\":\"control_2_index_pattern\",\"label\":\"Actor\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"user.target.name\",\"id\":\"1632872564349\",\"indexPatternRefName\":\"control_3_index_pattern\",\"label\":\"Users\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"},{\"fieldName\":\"event.action\",\"id\":\"1632874177516\",\"indexPatternRefName\":\"control_4_index_pattern\",\"label\":\"Action\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":false,\"useTimeFilter\":false},\"title\":\"Controls Audit [GitHub]\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"b37e0c71-2cc3-4895-b839-383ce53561a8\",\"w\":7,\"x\":41,\"y\":0},\"panelIndex\":\"b37e0c71-2cc3-4895-b839-383ce53561a8\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\" \"},\"schema\":\"metric\",\"type\":\"count\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Total Events [GitHub]\",\"type\":\"metric\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":19,\"i\":\"fb1ebb7a-c8bf-419d-be8f-ff5d2a741cc9\",\"w\":48,\"x\":0,\"y\":7},\"panelIndex\":\"fb1ebb7a-c8bf-419d-be8f-ff5d2a741cc9\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"scaleMetricValues\":false,\"timeRange\":{\"from\":\"now-18M\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"used_interval\":\"1w\"},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"event.action\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":1000},\"schema\":\"group\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"detailedTooltip\":true,\"grid\":{\"categoryLines\":false},\"labels\":{\"show\":false},\"legendPosition\":\"right\",\"legendSize\":\"auto\",\"maxLegendLines\":1,\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"radiusRatio\":0,\"seriesParams\":[{\"circlesRadius\":3,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"stacked\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"truncateLegend\":true,\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}]},\"title\":\"Events over time [GitHub]\",\"type\":\"histogram\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"map\",\"gridData\":{\"h\":18,\"i\":\"88887e58-b192-4c9b-85c7-14d18a6c1c0d\",\"w\":37,\"x\":0,\"y\":26},\"panelIndex\":\"88887e58-b192-4c9b-85c7-14d18a6c1c0d\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"layerListJSON\":\"[{\\\"alpha\\\":0.75,\\\"id\\\":\\\"a427cb7d-077b-4c8a-8741-74f8f03283e2\\\",\\\"includeInFitToBounds\\\":true,\\\"joins\\\":[],\\\"label\\\":null,\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"sourceDescriptor\\\":{\\\"id\\\":\\\"world_countries\\\",\\\"tooltipProperties\\\":[\\\"name\\\"],\\\"type\\\":\\\"EMS_FILE\\\"},\\\"style\\\":{\\\"isTimeAware\\\":true,\\\"properties\\\":{\\\"fillColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#6092C0\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"icon\\\":{\\\"options\\\":{\\\"value\\\":\\\"marker\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"iconOrientation\\\":{\\\"options\\\":{\\\"orientation\\\":0},\\\"type\\\":\\\"STATIC\\\"},\\\"iconSize\\\":{\\\"options\\\":{\\\"size\\\":6},\\\"type\\\":\\\"STATIC\\\"},\\\"labelBorderColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#FFFFFF\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"labelBorderSize\\\":{\\\"options\\\":{\\\"size\\\":\\\"SMALL\\\"}},\\\"labelColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#000000\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"labelSize\\\":{\\\"options\\\":{\\\"size\\\":14},\\\"type\\\":\\\"STATIC\\\"},\\\"labelText\\\":{\\\"options\\\":{\\\"value\\\":\\\"\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"lineColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#4379aa\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"lineWidth\\\":{\\\"options\\\":{\\\"size\\\":1},\\\"type\\\":\\\"STATIC\\\"},\\\"symbolizeAs\\\":{\\\"options\\\":{\\\"value\\\":\\\"circle\\\"}}},\\\"type\\\":\\\"VECTOR\\\"},\\\"type\\\":\\\"GEOJSON_VECTOR\\\",\\\"visible\\\":true},{\\\"alpha\\\":0.75,\\\"id\\\":\\\"a0ea096b-e0eb-43dd-8f75-c0d8c0e4ac9a\\\",\\\"includeInFitToBounds\\\":true,\\\"joins\\\":[{\\\"leftField\\\":\\\"iso2\\\",\\\"right\\\":{\\\"applyGlobalQuery\\\":true,\\\"applyGlobalTime\\\":true,\\\"id\\\":\\\"167d9148-ad58-4fa1-99eb-c3e75fc75f96\\\",\\\"indexPatternRefName\\\":\\\"layer_1_join_0_index_pattern\\\",\\\"indexPatternTitle\\\":\\\"logs-*\\\",\\\"term\\\":\\\"client.geo.country_iso_code\\\",\\\"type\\\":\\\"ES_TERM_SOURCE\\\"}}],\\\"label\\\":\\\"Events by Country\\\",\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"sourceDescriptor\\\":{\\\"id\\\":\\\"world_countries\\\",\\\"tooltipProperties\\\":[\\\"name\\\"],\\\"type\\\":\\\"EMS_FILE\\\"},\\\"style\\\":{\\\"isTimeAware\\\":true,\\\"properties\\\":{\\\"fillColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#54B399\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"icon\\\":{\\\"options\\\":{\\\"value\\\":\\\"marker\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"iconOrientation\\\":{\\\"options\\\":{\\\"orientation\\\":0},\\\"type\\\":\\\"STATIC\\\"},\\\"iconSize\\\":{\\\"options\\\":{\\\"size\\\":6},\\\"type\\\":\\\"STATIC\\\"},\\\"labelBorderColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#FFFFFF\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"labelBorderSize\\\":{\\\"options\\\":{\\\"size\\\":\\\"SMALL\\\"}},\\\"labelColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#000000\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"labelSize\\\":{\\\"options\\\":{\\\"size\\\":14},\\\"type\\\":\\\"STATIC\\\"},\\\"labelText\\\":{\\\"options\\\":{\\\"value\\\":\\\"\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"lineColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#41937c\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"lineWidth\\\":{\\\"options\\\":{\\\"size\\\":1},\\\"type\\\":\\\"STATIC\\\"},\\\"symbolizeAs\\\":{\\\"options\\\":{\\\"value\\\":\\\"circle\\\"}}},\\\"type\\\":\\\"VECTOR\\\"},\\\"type\\\":\\\"GEOJSON_VECTOR\\\",\\\"visible\\\":true}]\",\"mapStateJSON\":\"{\\\"center\\\":{\\\"lat\\\":0,\\\"lon\\\":-29.82486},\\\"filters\\\":[{\\\"$state\\\":{\\\"store\\\":\\\"appState\\\"},\\\"meta\\\":{\\\"alias\\\":null,\\\"disabled\\\":false,\\\"index\\\":\\\"logs-*\\\",\\\"key\\\":\\\"data_stream.dataset\\\",\\\"negate\\\":false,\\\"params\\\":{\\\"query\\\":\\\"github.audit\\\"},\\\"type\\\":\\\"phrase\\\"},\\\"query\\\":{\\\"match_phrase\\\":{\\\"data_stream.dataset\\\":\\\"github.audit\\\"}}}],\\\"query\\\":{\\\"language\\\":\\\"kuery\\\",\\\"query\\\":\\\"\\\"},\\\"refreshConfig\\\":{\\\"interval\\\":0,\\\"isPaused\\\":true},\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false,\\\"backgroundColor\\\":\\\"#ffffff\\\",\\\"browserLocation\\\":{\\\"zoom\\\":2},\\\"disableInteractive\\\":false,\\\"disableTooltipControl\\\":false,\\\"fixedLocation\\\":{\\\"lat\\\":0,\\\"lon\\\":0,\\\"zoom\\\":2},\\\"hideLayerControl\\\":false,\\\"hideToolbarOverlay\\\":false,\\\"hideViewControl\\\":false,\\\"initialLocation\\\":\\\"LAST_SAVED_LOCATION\\\",\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"showScaleControl\\\":false,\\\"showSpatialFilters\\\":true,\\\"showTimesliderToggleButton\\\":true,\\\"spatialFiltersAlpa\\\":0.3,\\\"spatialFiltersFillColor\\\":\\\"#DA8B45\\\",\\\"spatialFiltersLineColor\\\":\\\"#DA8B45\\\"},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-18M\\\",\\\"to\\\":\\\"now\\\"},\\\"zoom\\\":0.56}\",\"title\":\"Activity Map by Actor Location [GitHub]\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[]}\"},\"enhancements\":{},\"hiddenLayers\":[],\"isLayerTOCOpen\":false,\"mapBuffer\":{\"maxLat\":85.05113,\"maxLon\":360,\"minLat\":-85.05113,\"minLon\":-540},\"mapCenter\":{\"lat\":27.08856,\"lon\":-30.5613,\"zoom\":1},\"openTOCDetails\":[],\"type\":\"map\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":18,\"i\":\"0c469087-fb3f-46d3-8962-c49d2e50f70c\",\"w\":11,\"x\":37,\"y\":26},\"panelIndex\":\"0c469087-fb3f-46d3-8962-c49d2e50f70c\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"github.org\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10000},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addTooltip\":true,\"distinctColors\":false,\"isDonut\":false,\"labels\":{\"last_level\":false,\"percentDecimals\":2,\"position\":\"default\",\"show\":true,\"truncate\":100,\"values\":true,\"valuesFormat\":\"value\"},\"legendDisplay\":\"hide\",\"legendPosition\":\"right\",\"legendSize\":\"auto\",\"maxLegendLines\":1,\"nestedLegend\":false,\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"truncateLegend\":true,\"type\":\"pie\"},\"title\":\"Events per Organization [GitHub]\",\"type\":\"pie\",\"uiState\":{}},\"vis\":{\"legendOpen\":false},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":19,\"i\":\"108cd1b7-ce79-4558-ae38-5f1bb93961fe\",\"w\":25,\"x\":0,\"y\":44},\"panelIndex\":\"108cd1b7-ce79-4558-ae38-5f1bb93961fe\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"\"},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"\",\"field\":\"event.action\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":200},\"position\":\"left\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"detailedTooltip\":true,\"grid\":{\"categoryLines\":false},\"labels\":{},\"legendPosition\":\"right\",\"legendSize\":\"auto\",\"maxLegendLines\":1,\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"radiusRatio\":0,\"seriesParams\":[{\"circlesRadius\":3,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"truncateLegend\":true,\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":true,\"rotate\":75,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"bottom\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}]},\"title\":\"Top 5 Event Types [GitHub]\",\"type\":\"horizontal_bar\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":19,\"i\":\"9ed1cfce-9337-4813-8df5-14a1280bb351\",\"w\":23,\"x\":25,\"y\":44},\"panelIndex\":\"9ed1cfce-9337-4813-8df5-14a1280bb351\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"user.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":200},\"position\":\"left\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"detailedTooltip\":true,\"grid\":{\"categoryLines\":false},\"labels\":{},\"legendPosition\":\"right\",\"legendSize\":\"auto\",\"maxLegendLines\":1,\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"radiusRatio\":0,\"seriesParams\":[{\"circlesRadius\":3,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"truncateLegend\":true,\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":true,\"rotate\":75,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"bottom\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}]},\"title\":\"Top 5 Active Users [GitHub]\",\"type\":\"horizontal_bar\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":17,\"i\":\"d48a66a5-50e7-4cab-9b16-767bfa427860\",\"w\":48,\"x\":0,\"y\":63},\"panelIndex\":\"d48a66a5-50e7-4cab-9b16-767bfa427860\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Repository\",\"field\":\"github.repo\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"rotate\":0,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"detailedTooltip\":true,\"grid\":{\"categoryLines\":false},\"labels\":{\"show\":false},\"legendPosition\":\"right\",\"legendSize\":\"auto\",\"maxLegendLines\":1,\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"radiusRatio\":0,\"seriesParams\":[{\"circlesRadius\":3,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"stacked\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"truncateLegend\":true,\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}]},\"title\":\"Top 10 Active Repositories [GitHub]\",\"type\":\"histogram\",\"uiState\":{}},\"type\":\"visualization\"}}]","timeRestore":false,"title":"[GitHub] Audit Log Activity","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"github-dcee84c0-2059-11ec-8b10-11a4c5e322a0","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"63210180-c999-4d93-8d7a-f2fcb810ad1b:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"63210180-c999-4d93-8d7a-f2fcb810ad1b:control_0_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"63210180-c999-4d93-8d7a-f2fcb810ad1b:control_1_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"63210180-c999-4d93-8d7a-f2fcb810ad1b:control_2_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"63210180-c999-4d93-8d7a-f2fcb810ad1b:control_3_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"63210180-c999-4d93-8d7a-f2fcb810ad1b:control_4_index_pattern","type":"index-pattern"},{"id":"github-a5f3d9b0-20af-11ec-8b10-11a4c5e322a0","name":"b37e0c71-2cc3-4895-b839-383ce53561a8:search_0","type":"search"},{"id":"github-a5f3d9b0-20af-11ec-8b10-11a4c5e322a0","name":"fb1ebb7a-c8bf-419d-be8f-ff5d2a741cc9:search_0","type":"search"},{"id":"logs-*","name":"88887e58-b192-4c9b-85c7-14d18a6c1c0d:layer_1_join_0_index_pattern","type":"index-pattern"},{"id":"github-a5f3d9b0-20af-11ec-8b10-11a4c5e322a0","name":"0c469087-fb3f-46d3-8962-c49d2e50f70c:search_0","type":"search"},{"id":"github-a5f3d9b0-20af-11ec-8b10-11a4c5e322a0","name":"108cd1b7-ce79-4558-ae38-5f1bb93961fe:search_0","type":"search"},{"id":"github-a5f3d9b0-20af-11ec-8b10-11a4c5e322a0","name":"9ed1cfce-9337-4813-8df5-14a1280bb351:search_0","type":"search"},{"id":"github-a5f3d9b0-20af-11ec-8b10-11a4c5e322a0","name":"d48a66a5-50e7-4cab-9b16-767bfa427860:search_0","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-github-default","name":"tag-ref-fleet-pkg-github-default","type":"tag"}],"sort":[1688996741503,7779],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3ODAsMV0="}
+{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{\"93a8183f-ab74-4636-9f63-9e30c35bfa6b\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.owner.login\",\"title\":\"Owner/Organization\",\"id\":\"93a8183f-ab74-4636-9f63-9e30c35bfa6b\",\"enhancements\":{}}},\"965171e3-e02b-49ff-a2f7-6ddfa5159eee\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.name\",\"title\":\"Repository\",\"id\":\"965171e3-e02b-49ff-a2f7-6ddfa5159eee\",\"enhancements\":{}}},\"8fb8d319-c120-4bcb-849d-6d45f3f5406a\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.state\",\"title\":\"State\",\"id\":\"8fb8d319-c120-4bcb-849d-6d45f3f5406a\",\"enhancements\":{},\"selectedOptions\":[]}}}"},"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"Github Issues\",\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.issues\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.issues\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":5,\"i\":\"dc15f49d-29b1-4e2e-8787-51ffbab5b4ac\",\"w\":14,\"x\":0,\"y\":0},\"panelIndex\":\"dc15f49d-29b1-4e2e-8787-51ffbab5b4ac\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"5c48f008-d4c0-4386-a853-a83f49efe49f\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"3f8b858f-a1ee-4d69-a100-d59282acd94d\":{\"columnOrder\":[\"ccdc8558-1d3f-4c8b-a31e-d59ac78d0212\"],\"columns\":{\"ccdc8558-1d3f-4c8b-a31e-d59ac78d0212\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Total Issues\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"5c48f008-d4c0-4386-a853-a83f49efe49f\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.issues\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.issues\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"ccdc8558-1d3f-4c8b-a31e-d59ac78d0212\",\"layerId\":\"3f8b858f-a1ee-4d69-a100-d59282acd94d\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"top\"}},\"title\":\"Total Alerts Created [GitHub Code Scanning]\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Issues Created [GitHub Issues]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"85cbbb74-4d3c-44e0-98f6-be076e31aea3\",\"w\":14,\"x\":14,\"y\":0},\"panelIndex\":\"85cbbb74-4d3c-44e0-98f6-be076e31aea3\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"583b3dcc-776c-48a8-90a8-14a1cdf69d5e\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\":{\"columnOrder\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\",\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\",\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1\",\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2\"],\"columns\":{\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Issues Created/Closed Ratio\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"number\",\"params\":{\"decimals\":2}},\"formula\":\"count()/count(kql='github.state:closed')\",\"isFormulaBroken\":false},\"references\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2\"],\"scale\":\"ratio\"},\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Alerts Found/Fixed Ratio\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"github.state:closed\"},\"isBucketed\":false,\"label\":\"Part of Alerts Found/Fixed Ratio\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX2\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Alerts Found/Fixed Ratio\",\"operationType\":\"math\",\"params\":{\"tinymathAst\":{\"args\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\",\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1\"],\"location\":{\"max\":40,\"min\":0},\"name\":\"divide\",\"text\":\"count()/count(kql='github.state:closed')\",\"type\":\"function\"}},\"references\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\",\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1\"],\"scale\":\"ratio\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"583b3dcc-776c-48a8-90a8-14a1cdf69d5e\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.issues\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.issues\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\",\"colorMode\":\"None\",\"layerId\":\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"layerType\":\"data\",\"textAlign\":\"center\"}},\"title\":\"Alerts Found/Fixed Ratio [GitHub Code Scanning]\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Issues Created/Closed Ratio [GitHub Issues]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"1b501988-f932-4d80-8625-d2a1c8cd7321\",\"w\":20,\"x\":28,\"y\":0},\"panelIndex\":\"1b501988-f932-4d80-8625-d2a1c8cd7321\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-cbc5557e-f6b9-4140-90b2-3100f33083c4\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"acb267f3-3c77-47f8-bf79-98920679368c\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"cbc5557e-f6b9-4140-90b2-3100f33083c4\":{\"columnOrder\":[\"3ef214a7-820c-42e3-b2b0-5daa7566fedc\",\"4525c4ae-5f82-4b4d-9867-48e4aba462fd\"],\"columns\":{\"3ef214a7-820c-42e3-b2b0-5daa7566fedc\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Open vs Closed\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"4525c4ae-5f82-4b4d-9867-48e4aba462fd\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.state\"},\"4525c4ae-5f82-4b4d-9867-48e4aba462fd\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"acb267f3-3c77-47f8-bf79-98920679368c\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.issues\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.issues\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"emptySizeRatio\":0.54,\"layerId\":\"cbc5557e-f6b9-4140-90b2-3100f33083c4\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"legendPosition\":\"right\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":true,\"primaryGroups\":[\"3ef214a7-820c-42e3-b2b0-5daa7566fedc\"],\"metrics\":[\"4525c4ae-5f82-4b4d-9867-48e4aba462fd\"]}],\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"shape\":\"donut\"}},\"title\":\"Open vs Resolved/Dismissed [GitHub Code Scanning]\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Open vs Closed [GitHub Issues]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":5,\"i\":\"12c18b92-9f7b-4832-b85f-aad64720ea87\",\"w\":14,\"x\":0,\"y\":5},\"panelIndex\":\"12c18b92-9f7b-4832-b85f-aad64720ea87\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"c9577613-d758-45ed-be30-d9d3bfe47f77\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"c58d5e58-16ac-44f6-9fae-35770b969600\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\":{\"columnOrder\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\"],\"columns\":{\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Open Issues\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}}},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"c9577613-d758-45ed-be30-d9d3bfe47f77\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.issues\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.issues\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"c58d5e58-16ac-44f6-9fae-35770b969600\",\"key\":\"github.state\",\"negate\":false,\"params\":{\"query\":\"open\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"github.state\":\"open\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\",\"colorMode\":\"Labels\",\"layerId\":\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"layerType\":\"data\",\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#209280\",\"stop\":0},{\"color\":\"#d6bf57\",\"stop\":1},{\"color\":\"#cc5642\",\"stop\":1000}],\"continuity\":\"above\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":0,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#209280\",\"stop\":1},{\"color\":\"#d6bf57\",\"stop\":1000},{\"color\":\"#cc5642\",\"stop\":1001}]},\"type\":\"palette\"},\"textAlign\":\"center\"}},\"title\":\"Open Alerts Count [GitHub Code Scanning]\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Open Issues Count [GitHub Issues]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"7131e4d3-c168-480d-9496-1463ceaaa97a\",\"w\":14,\"x\":14,\"y\":7},\"panelIndex\":\"7131e4d3-c168-480d-9496-1463ceaaa97a\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"cd19d7a9-cf26-43bf-9c56-e5cc7b6bb638\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"f3c66899-a26d-4da8-89b4-8dfe417dc588\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\":{\"columnOrder\":[\"e33d2853-5b3d-4be9-9312-2d8da64d9523\",\"e33d2853-5b3d-4be9-9312-2d8da64d9523X0\",\"e33d2853-5b3d-4be9-9312-2d8da64d9523X1\"],\"columns\":{\"e33d2853-5b3d-4be9-9312-2d8da64d9523\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Mean time to close an issue\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"number\",\"params\":{\"decimals\":2,\"suffix\":\" days\"}},\"formula\":\"round(average(github.issues.time_to_close.sec))/86400\",\"isFormulaBroken\":false},\"references\":[\"e33d2853-5b3d-4be9-9312-2d8da64d9523X1\"],\"scale\":\"ratio\"},\"e33d2853-5b3d-4be9-9312-2d8da64d9523X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Mean time to close an issue\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"github.issues.time_to_close.sec\"},\"e33d2853-5b3d-4be9-9312-2d8da64d9523X1\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Mean time to close an issue\",\"operationType\":\"math\",\"params\":{\"tinymathAst\":{\"args\":[{\"args\":[\"e33d2853-5b3d-4be9-9312-2d8da64d9523X0\"],\"location\":{\"max\":47,\"min\":0},\"name\":\"round\",\"text\":\"round(average(github.issues.time_to_close.sec))\",\"type\":\"function\"},86400],\"location\":{\"max\":53,\"min\":0},\"name\":\"divide\",\"text\":\"round(average(github.issues.time_to_close.sec))/86400\",\"type\":\"function\"}},\"references\":[\"e33d2853-5b3d-4be9-9312-2d8da64d9523X0\"],\"scale\":\"ratio\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"cd19d7a9-cf26-43bf-9c56-e5cc7b6bb638\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.issues\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.issues\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"f3c66899-a26d-4da8-89b4-8dfe417dc588\",\"key\":\"github.issues.time_to_close.sec\",\"negate\":false,\"type\":\"exists\",\"value\":\"exists\"},\"query\":{\"exists\":{\"field\":\"github.issues.time_to_close.sec\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"e33d2853-5b3d-4be9-9312-2d8da64d9523\",\"colorMode\":\"None\",\"layerId\":\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"layerType\":\"data\",\"textAlign\":\"center\"}},\"title\":\"Mean Time to Resolution [GitHub Code Scanning]\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Mean Time To Close Issues [GitHub Issues]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":5,\"i\":\"c3e8ea64-b6f9-470c-9004-02f8909672eb\",\"w\":14,\"x\":0,\"y\":10},\"panelIndex\":\"c3e8ea64-b6f9-470c-9004-02f8909672eb\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"658f3ec5-1f8c-4cca-a794-7d1fedb00bd0\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"5620f741-77e6-4967-a417-ebc51bd0e047\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\":{\"columnOrder\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\",\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\"],\"columns\":{\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Closed Issues\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}},\"formula\":\"count()\",\"isFormulaBroken\":false},\"references\":[\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\"],\"scale\":\"ratio\"},\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Resolved/Dismissed Alerts\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":false},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"658f3ec5-1f8c-4cca-a794-7d1fedb00bd0\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"github.issues\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"github.issues\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"5620f741-77e6-4967-a417-ebc51bd0e047\",\"key\":\"github.state\",\"negate\":false,\"params\":[\"closed\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"github.state\":\"closed\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e\",\"colorMode\":\"Labels\",\"layerId\":\"df5f2c10-bc9b-4a7e-be41-d13240c21d95\",\"layerType\":\"data\",\"palette\":{\"name\":\"positive\",\"params\":{\"continuity\":\"above\",\"maxSteps\":5,\"name\":\"positive\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":0,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#bbdad3\",\"stop\":0},{\"color\":\"#77b6a8\",\"stop\":8},{\"color\":\"#209280\",\"stop\":16}]},\"type\":\"palette\"},\"textAlign\":\"center\"}},\"title\":\"Resolved/Dismissed Alerts Count [GitHub Code Scanning]\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Closed Issues Count [GitHub Issues]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"4e77167a-4642-4cbb-8430-2197e2f31666\",\"w\":19,\"x\":0,\"y\":15},\"panelIndex\":\"4e77167a-4642-4cbb-8430-2197e2f31666\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"d5e367bd-d27a-4e61-9878-93e20c4489bf\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"631035e6-8678-47ee-9a8c-c6a87f6c1757\":{\"columnOrder\":[\"1d6cb347-2ab1-4d23-b268-9bd2530493e1\",\"e1d8072b-7268-444a-864e-ef1117b17b65\"],\"columns\":{\"1d6cb347-2ab1-4d23-b268-9bd2530493e1\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 labels\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e1d8072b-7268-444a-864e-ef1117b17b65\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.issues.labels.name\"},\"e1d8072b-7268-444a-864e-ef1117b17b65\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Issues count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"d5e367bd-d27a-4e61-9878-93e20c4489bf\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.issues\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.issues\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"e1d8072b-7268-444a-864e-ef1117b17b65\"],\"layerId\":\"631035e6-8678-47ee-9a8c-c6a87f6c1757\",\"layerType\":\"data\",\"seriesType\":\"bar_horizontal\",\"xAccessor\":\"1d6cb347-2ab1-4d23-b268-9bd2530493e1\",\"yConfig\":[{\"color\":\"#6dc9cd\",\"forAccessor\":\"e1d8072b-7268-444a-864e-ef1117b17b65\"}]}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_horizontal\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"Tool Contribution Count [GitHub Code Scanning]\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Issues by labels [GitHub Issues]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"5135da2a-0093-4b71-a35a-c2b8877d22dd\",\"w\":14,\"x\":19,\"y\":15},\"panelIndex\":\"5135da2a-0093-4b71-a35a-c2b8877d22dd\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"d1569ab7-96b8-4e3d-b843-ee21f8f657c7\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"631035e6-8678-47ee-9a8c-c6a87f6c1757\":{\"columnOrder\":[\"257a7d8d-1315-4775-97d9-e679c0f3aa79\",\"e1d8072b-7268-444a-864e-ef1117b17b65\"],\"columns\":{\"257a7d8d-1315-4775-97d9-e679c0f3aa79\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Top 10 values of github.issues.labels.name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e1d8072b-7268-444a-864e-ef1117b17b65\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.issues.labels.name\"},\"e1d8072b-7268-444a-864e-ef1117b17b65\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"d1569ab7-96b8-4e3d-b843-ee21f8f657c7\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.issues\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.issues\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"emptySizeRatio\":0.3,\"layerId\":\"631035e6-8678-47ee-9a8c-c6a87f6c1757\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"legendMaxLines\":2,\"legendPosition\":\"right\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":true,\"primaryGroups\":[\"257a7d8d-1315-4775-97d9-e679c0f3aa79\"],\"metrics\":[\"e1d8072b-7268-444a-864e-ef1117b17b65\"]}],\"shape\":\"donut\"}},\"title\":\"Tool Contribution [GitHub Code Scanning]\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Issues % by labels [GitHub Issues]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"342298f7-3cf9-4d79-9654-901a769ac7c7\",\"w\":15,\"x\":33,\"y\":15},\"panelIndex\":\"342298f7-3cf9-4d79-9654-901a769ac7c7\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"2b9bd05e-fb45-43ed-9698-8698c33e3c34\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"631035e6-8678-47ee-9a8c-c6a87f6c1757\":{\"columnOrder\":[\"257a7d8d-1315-4775-97d9-e679c0f3aa79\",\"e1d8072b-7268-444a-864e-ef1117b17b65\"],\"columns\":{\"257a7d8d-1315-4775-97d9-e679c0f3aa79\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Label\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e1d8072b-7268-444a-864e-ef1117b17b65\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":1000},\"scale\":\"ordinal\",\"sourceField\":\"github.issues.labels.name\"},\"e1d8072b-7268-444a-864e-ef1117b17b65\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Issues Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"2b9bd05e-fb45-43ed-9698-8698c33e3c34\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.issues\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.issues\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"257a7d8d-1315-4775-97d9-e679c0f3aa79\"},{\"columnId\":\"e1d8072b-7268-444a-864e-ef1117b17b65\"}],\"layerId\":\"631035e6-8678-47ee-9a8c-c6a87f6c1757\",\"layerType\":\"data\"}},\"title\":\"Tool Contribution [GitHub Code Scanning]\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Issues Count by labels [GitHub Issues]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"ca116a6a-6146-40d8-b9d3-83c775d22456\",\"w\":17,\"x\":0,\"y\":26},\"panelIndex\":\"ca116a6a-6146-40d8-b9d3-83c775d22456\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"6a68e03e-88f2-4710-b493-4364dd0bd102\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"631035e6-8678-47ee-9a8c-c6a87f6c1757\":{\"columnOrder\":[\"6adc9b2a-664a-4740-8d59-d6677dd36e24\",\"e1d8072b-7268-444a-864e-ef1117b17b65\"],\"columns\":{\"6adc9b2a-664a-4740-8d59-d6677dd36e24\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"User\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e1d8072b-7268-444a-864e-ef1117b17b65\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.issues.user.login\"},\"e1d8072b-7268-444a-864e-ef1117b17b65\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Issues count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"6a68e03e-88f2-4710-b493-4364dd0bd102\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.issues\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.issues\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"e1d8072b-7268-444a-864e-ef1117b17b65\"],\"layerId\":\"631035e6-8678-47ee-9a8c-c6a87f6c1757\",\"layerType\":\"data\",\"seriesType\":\"bar_horizontal\",\"xAccessor\":\"6adc9b2a-664a-4740-8d59-d6677dd36e24\",\"yConfig\":[{\"color\":\"#6dc9cd\",\"forAccessor\":\"e1d8072b-7268-444a-864e-ef1117b17b65\"}]}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_horizontal\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"Tool Contribution Count [GitHub Code Scanning]\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top Users Creating Issues [GitHub Issues]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"4f987036-b757-47ce-967c-c417b7c95f3a\",\"w\":17,\"x\":17,\"y\":26},\"panelIndex\":\"4f987036-b757-47ce-967c-c417b7c95f3a\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"ecc24cb3-c482-43c4-a46d-3932fa8da9a7\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"631035e6-8678-47ee-9a8c-c6a87f6c1757\":{\"columnOrder\":[\"f913a108-01c0-4764-9743-61a69b3ded42\",\"e1d8072b-7268-444a-864e-ef1117b17b65\"],\"columns\":{\"e1d8072b-7268-444a-864e-ef1117b17b65\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Issues count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"f913a108-01c0-4764-9743-61a69b3ded42\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"User\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e1d8072b-7268-444a-864e-ef1117b17b65\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.issues.assignees.login\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"ecc24cb3-c482-43c4-a46d-3932fa8da9a7\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.issues\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.issues\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"e1d8072b-7268-444a-864e-ef1117b17b65\"],\"layerId\":\"631035e6-8678-47ee-9a8c-c6a87f6c1757\",\"layerType\":\"data\",\"seriesType\":\"bar_horizontal\",\"xAccessor\":\"f913a108-01c0-4764-9743-61a69b3ded42\",\"yConfig\":[{\"color\":\"#6dc9cd\",\"forAccessor\":\"e1d8072b-7268-444a-864e-ef1117b17b65\"}]}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_horizontal\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"Tool Contribution Count [GitHub Code Scanning]\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top users with assigned issues [GitHub Issues]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":11,\"i\":\"0cc3c355-192b-4fc8-be0e-0a899c6ffcff\",\"w\":14,\"x\":34,\"y\":26},\"panelIndex\":\"0cc3c355-192b-4fc8-be0e-0a899c6ffcff\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"11d97294-f73e-42d5-9dbb-ae041743ba96\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"22540369-91b3-442d-be46-f9813f4fd273\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"631035e6-8678-47ee-9a8c-c6a87f6c1757\":{\"columnOrder\":[\"eb192673-a397-4681-b973-121148e23546\",\"e1d8072b-7268-444a-864e-ef1117b17b65\"],\"columns\":{\"e1d8072b-7268-444a-864e-ef1117b17b65\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Issues count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"eb192673-a397-4681-b973-121148e23546\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"User\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e1d8072b-7268-444a-864e-ef1117b17b65\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"github.issues.closed_by.login\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"11d97294-f73e-42d5-9dbb-ae041743ba96\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.issues\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.issues\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"22540369-91b3-442d-be46-f9813f4fd273\",\"key\":\"github.issues.closed_at\",\"negate\":false,\"type\":\"exists\",\"value\":\"exists\"},\"query\":{\"exists\":{\"field\":\"github.issues.closed_at\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"e1d8072b-7268-444a-864e-ef1117b17b65\"],\"layerId\":\"631035e6-8678-47ee-9a8c-c6a87f6c1757\",\"layerType\":\"data\",\"seriesType\":\"bar_horizontal\",\"xAccessor\":\"eb192673-a397-4681-b973-121148e23546\",\"yConfig\":[{\"color\":\"#6dc9cd\",\"forAccessor\":\"e1d8072b-7268-444a-864e-ef1117b17b65\"}]}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_horizontal\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"Tool Contribution Count [GitHub Code Scanning]\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top users closing the issues [GitHub Issues]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":12,\"i\":\"234754b7-9ffa-44b0-b7f7-7ed6ec6a6d32\",\"w\":48,\"x\":0,\"y\":37},\"panelIndex\":\"234754b7-9ffa-44b0-b7f7-7ed6ec6a6d32\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-ebd4f001-671a-4772-a2c4-b07f94e34845\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"2f34a072-a5f1-4b91-afdc-77fa1ddf168a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"ebd4f001-671a-4772-a2c4-b07f94e34845\":{\"columnOrder\":[\"fc40a758-e2ae-45db-88c1-439660cb7f66\",\"5caf7916-eab1-42d2-b591-41039ee8ed72\"],\"columns\":{\"5caf7916-eab1-42d2-b591-41039ee8ed72\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"fc40a758-e2ae-45db-88c1-439660cb7f66\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"2f34a072-a5f1-4b91-afdc-77fa1ddf168a\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"github.issues\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"github.issues\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"5caf7916-eab1-42d2-b591-41039ee8ed72\"],\"layerId\":\"ebd4f001-671a-4772-a2c4-b07f94e34845\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"xAccessor\":\"fc40a758-e2ae-45db-88c1-439660cb7f66\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"Events Timeline [GitHub Code Scanning]\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Events Timeline [GitHub Issues]\"}]","timeRestore":false,"title":"[GitHub] Issues","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"github-f0104680-ae18-11ed-83fa-df5d96a45724","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"dc15f49d-29b1-4e2e-8787-51ffbab5b4ac:indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d","type":"index-pattern"},{"id":"logs-*","name":"dc15f49d-29b1-4e2e-8787-51ffbab5b4ac:5c48f008-d4c0-4386-a853-a83f49efe49f","type":"index-pattern"},{"id":"logs-*","name":"85cbbb74-4d3c-44e0-98f6-be076e31aea3:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95","type":"index-pattern"},{"id":"logs-*","name":"85cbbb74-4d3c-44e0-98f6-be076e31aea3:583b3dcc-776c-48a8-90a8-14a1cdf69d5e","type":"index-pattern"},{"id":"logs-*","name":"1b501988-f932-4d80-8625-d2a1c8cd7321:indexpattern-datasource-layer-cbc5557e-f6b9-4140-90b2-3100f33083c4","type":"index-pattern"},{"id":"logs-*","name":"1b501988-f932-4d80-8625-d2a1c8cd7321:acb267f3-3c77-47f8-bf79-98920679368c","type":"index-pattern"},{"id":"logs-*","name":"12c18b92-9f7b-4832-b85f-aad64720ea87:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95","type":"index-pattern"},{"id":"logs-*","name":"12c18b92-9f7b-4832-b85f-aad64720ea87:c9577613-d758-45ed-be30-d9d3bfe47f77","type":"index-pattern"},{"id":"logs-*","name":"12c18b92-9f7b-4832-b85f-aad64720ea87:c58d5e58-16ac-44f6-9fae-35770b969600","type":"index-pattern"},{"id":"logs-*","name":"7131e4d3-c168-480d-9496-1463ceaaa97a:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95","type":"index-pattern"},{"id":"logs-*","name":"7131e4d3-c168-480d-9496-1463ceaaa97a:cd19d7a9-cf26-43bf-9c56-e5cc7b6bb638","type":"index-pattern"},{"id":"logs-*","name":"7131e4d3-c168-480d-9496-1463ceaaa97a:f3c66899-a26d-4da8-89b4-8dfe417dc588","type":"index-pattern"},{"id":"logs-*","name":"c3e8ea64-b6f9-470c-9004-02f8909672eb:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95","type":"index-pattern"},{"id":"logs-*","name":"c3e8ea64-b6f9-470c-9004-02f8909672eb:658f3ec5-1f8c-4cca-a794-7d1fedb00bd0","type":"index-pattern"},{"id":"logs-*","name":"c3e8ea64-b6f9-470c-9004-02f8909672eb:5620f741-77e6-4967-a417-ebc51bd0e047","type":"index-pattern"},{"id":"logs-*","name":"4e77167a-4642-4cbb-8430-2197e2f31666:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757","type":"index-pattern"},{"id":"logs-*","name":"4e77167a-4642-4cbb-8430-2197e2f31666:d5e367bd-d27a-4e61-9878-93e20c4489bf","type":"index-pattern"},{"id":"logs-*","name":"5135da2a-0093-4b71-a35a-c2b8877d22dd:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757","type":"index-pattern"},{"id":"logs-*","name":"5135da2a-0093-4b71-a35a-c2b8877d22dd:d1569ab7-96b8-4e3d-b843-ee21f8f657c7","type":"index-pattern"},{"id":"logs-*","name":"342298f7-3cf9-4d79-9654-901a769ac7c7:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757","type":"index-pattern"},{"id":"logs-*","name":"342298f7-3cf9-4d79-9654-901a769ac7c7:2b9bd05e-fb45-43ed-9698-8698c33e3c34","type":"index-pattern"},{"id":"logs-*","name":"ca116a6a-6146-40d8-b9d3-83c775d22456:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757","type":"index-pattern"},{"id":"logs-*","name":"ca116a6a-6146-40d8-b9d3-83c775d22456:6a68e03e-88f2-4710-b493-4364dd0bd102","type":"index-pattern"},{"id":"logs-*","name":"4f987036-b757-47ce-967c-c417b7c95f3a:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757","type":"index-pattern"},{"id":"logs-*","name":"4f987036-b757-47ce-967c-c417b7c95f3a:ecc24cb3-c482-43c4-a46d-3932fa8da9a7","type":"index-pattern"},{"id":"logs-*","name":"0cc3c355-192b-4fc8-be0e-0a899c6ffcff:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757","type":"index-pattern"},{"id":"logs-*","name":"0cc3c355-192b-4fc8-be0e-0a899c6ffcff:11d97294-f73e-42d5-9dbb-ae041743ba96","type":"index-pattern"},{"id":"logs-*","name":"0cc3c355-192b-4fc8-be0e-0a899c6ffcff:22540369-91b3-442d-be46-f9813f4fd273","type":"index-pattern"},{"id":"logs-*","name":"234754b7-9ffa-44b0-b7f7-7ed6ec6a6d32:indexpattern-datasource-layer-ebd4f001-671a-4772-a2c4-b07f94e34845","type":"index-pattern"},{"id":"logs-*","name":"234754b7-9ffa-44b0-b7f7-7ed6ec6a6d32:2f34a072-a5f1-4b91-afdc-77fa1ddf168a","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_93a8183f-ab74-4636-9f63-9e30c35bfa6b:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_965171e3-e02b-49ff-a2f7-6ddfa5159eee:optionsListDataView","type":"index-pattern"},{"id":"logs-*","name":"controlGroup_8fb8d319-c120-4bcb-849d-6d45f3f5406a:optionsListDataView","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-github-default","name":"tag-ref-fleet-pkg-github-default","type":"tag"}],"sort":[1688996741503,7816],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3ODEsMV0="}
+{"attributes":{"columns":["google_workspace.groups.email","google_workspace.groups.setting","google_workspace.groups.old_value","google_workspace.groups.new_value"],"description":"","grid":{"columns":{"google_workspace.groups.email":{"width":327},"google_workspace.groups.setting":{"width":327}}},"hideChart":false,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.action\",\"negate\":false,\"params\":{\"query\":\"change_identity_setting\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.action\":\"change_identity_setting\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.groups\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.groups\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"sort":[["@timestamp","desc"]],"title":"Group Identity Setting Changes [Logs Google Workspace]"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"google_workspace-10b37c00-3c03-11ed-8bdd-f5c5df6c1370","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688996741503,7822],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3ODIsMV0="}
+{"attributes":{"columns":["file.name","google_workspace.drive.old_value","google_workspace.drive.new_value","source.user.email","google_workspace.drive.target"],"description":"","grid":{"columns":{"@timestamp":{"width":210}}},"hideChart":false,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.drive\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.drive\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"event.action\",\"negate\":false,\"params\":{\"query\":\"change_user_access\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.action\":\"change_user_access\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"sort":[["@timestamp","desc"]],"title":"Documents Shared Outside of the Organization [Logs Google Workspace]"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"google_workspace-1cac9ed0-3b2f-11ed-8bdd-f5c5df6c1370","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688996741503,7828],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3ODMsMV0="}
+{"attributes":{"description":"Overview of Google Workspace Token.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.token\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.token\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"1ca11e02-f3a4-43cf-a962-bf84c3c6e650\",\"w\":24,\"x\":0,\"y\":0},\"panelIndex\":\"1ca11e02-f3a4-43cf-a962-bf84c3c6e650\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-09129e2b-bba2-4f41-8c9c-047aa949dee2\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"09129e2b-bba2-4f41-8c9c-047aa949dee2\":{\"columnOrder\":[\"9887703f-af94-4f55-b7d7-f977552dea98\"],\"columns\":{\"9887703f-af94-4f55-b7d7-f977552dea98\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Token Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"9887703f-af94-4f55-b7d7-f977552dea98\",\"layerId\":\"09129e2b-bba2-4f41-8c9c-047aa949dee2\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Token Count [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"7cfb8685-4632-4dec-bb4e-6b7475ed0227\",\"w\":24,\"x\":24,\"y\":0},\"panelIndex\":\"7cfb8685-4632-4dec-bb4e-6b7475ed0227\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-9df4100c-a031-4b57-9d3a-73fa0d385ab6\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"9df4100c-a031-4b57-9d3a-73fa0d385ab6\":{\"columnOrder\":[\"229fd203-04f3-46e1-a875-469430b40a22\",\"9592fd8f-45c8-4dfd-8008-52214c5a7aeb\"],\"columns\":{\"229fd203-04f3-46e1-a875-469430b40a22\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Event Action\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"9592fd8f-45c8-4dfd-8008-52214c5a7aeb\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"event.action\"},\"9592fd8f-45c8-4dfd-8008-52214c5a7aeb\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"9df4100c-a031-4b57-9d3a-73fa0d385ab6\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":false,\"primaryGroups\":[\"229fd203-04f3-46e1-a875-469430b40a22\"],\"metrics\":[\"9592fd8f-45c8-4dfd-8008-52214c5a7aeb\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Token Events by Event Action [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"35cea442-7a68-4d7c-ac87-dd3085d625ed\",\"w\":48,\"x\":0,\"y\":15},\"panelIndex\":\"35cea442-7a68-4d7c-ac87-dd3085d625ed\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-df1fecdd-ecef-4746-b5ec-852852f851f7\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"df1fecdd-ecef-4746-b5ec-852852f851f7\":{\"columnOrder\":[\"9aa178f0-63f8-47a9-80d3-55f340685455\",\"d2c89dd7-4b08-4d2b-aee7-e1de1c93b21f\"],\"columns\":{\"9aa178f0-63f8-47a9-80d3-55f340685455\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Client Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"d2c89dd7-4b08-4d2b-aee7-e1de1c93b21f\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.token.client.type\"},\"d2c89dd7-4b08-4d2b-aee7-e1de1c93b21f\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"accessors\":[\"d2c89dd7-4b08-4d2b-aee7-e1de1c93b21f\"],\"layerId\":\"df1fecdd-ecef-4746-b5ec-852852f851f7\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"9aa178f0-63f8-47a9-80d3-55f340685455\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false,\"showSingleSeries\":true},\"preferredSeriesType\":\"bar_stacked\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Token Events by Client Type [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"468dffd3-7212-4866-97a2-95eb4934f44c\",\"w\":48,\"x\":0,\"y\":30},\"panelIndex\":\"468dffd3-7212-4866-97a2-95eb4934f44c\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-9df4100c-a031-4b57-9d3a-73fa0d385ab6\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"9df4100c-a031-4b57-9d3a-73fa0d385ab6\":{\"columnOrder\":[\"229fd203-04f3-46e1-a875-469430b40a22\",\"9592fd8f-45c8-4dfd-8008-52214c5a7aeb\"],\"columns\":{\"229fd203-04f3-46e1-a875-469430b40a22\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"App Name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"9592fd8f-45c8-4dfd-8008-52214c5a7aeb\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.token.app_name\"},\"9592fd8f-45c8-4dfd-8008-52214c5a7aeb\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"9592fd8f-45c8-4dfd-8008-52214c5a7aeb\"],\"layerId\":\"9df4100c-a031-4b57-9d3a-73fa0d385ab6\",\"layerType\":\"data\",\"seriesType\":\"bar_horizontal\",\"xAccessor\":\"229fd203-04f3-46e1-a875-469430b40a22\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false,\"showSingleSeries\":true},\"preferredSeriesType\":\"bar_horizontal\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Token Events by App Name [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"4bc1506b-1ce5-44c5-88cd-63a383011434\",\"w\":24,\"x\":24,\"y\":45},\"panelIndex\":\"4bc1506b-1ce5-44c5-88cd-63a383011434\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-9df4100c-a031-4b57-9d3a-73fa0d385ab6\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"9df4100c-a031-4b57-9d3a-73fa0d385ab6\":{\"columnOrder\":[\"229fd203-04f3-46e1-a875-469430b40a22\",\"9592fd8f-45c8-4dfd-8008-52214c5a7aeb\"],\"columns\":{\"229fd203-04f3-46e1-a875-469430b40a22\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"API Name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"9592fd8f-45c8-4dfd-8008-52214c5a7aeb\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.token.api_name\"},\"9592fd8f-45c8-4dfd-8008-52214c5a7aeb\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"9df4100c-a031-4b57-9d3a-73fa0d385ab6\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":false,\"primaryGroups\":[\"229fd203-04f3-46e1-a875-469430b40a22\"],\"metrics\":[\"9592fd8f-45c8-4dfd-8008-52214c5a7aeb\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Token Events by API Name [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"a6c35112-c754-479b-af22-9e0fe7c8291a\",\"w\":24,\"x\":0,\"y\":45},\"panelIndex\":\"a6c35112-c754-479b-af22-9e0fe7c8291a\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-9df4100c-a031-4b57-9d3a-73fa0d385ab6\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"9df4100c-a031-4b57-9d3a-73fa0d385ab6\":{\"columnOrder\":[\"229fd203-04f3-46e1-a875-469430b40a22\",\"9592fd8f-45c8-4dfd-8008-52214c5a7aeb\"],\"columns\":{\"229fd203-04f3-46e1-a875-469430b40a22\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Method Name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"9592fd8f-45c8-4dfd-8008-52214c5a7aeb\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.token.method_name\"},\"9592fd8f-45c8-4dfd-8008-52214c5a7aeb\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"9df4100c-a031-4b57-9d3a-73fa0d385ab6\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":false,\"primaryGroups\":[\"229fd203-04f3-46e1-a875-469430b40a22\"],\"metrics\":[\"9592fd8f-45c8-4dfd-8008-52214c5a7aeb\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Token Events by Method Name [Logs Google Workspace]\"}]","timeRestore":false,"title":"[Logs Google Workspace] Token","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"google_workspace-26c10e40-8cbc-11ed-add3-0fec96545f1c","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"1ca11e02-f3a4-43cf-a962-bf84c3c6e650:indexpattern-datasource-layer-09129e2b-bba2-4f41-8c9c-047aa949dee2","type":"index-pattern"},{"id":"logs-*","name":"7cfb8685-4632-4dec-bb4e-6b7475ed0227:indexpattern-datasource-layer-9df4100c-a031-4b57-9d3a-73fa0d385ab6","type":"index-pattern"},{"id":"logs-*","name":"35cea442-7a68-4d7c-ac87-dd3085d625ed:indexpattern-datasource-layer-df1fecdd-ecef-4746-b5ec-852852f851f7","type":"index-pattern"},{"id":"logs-*","name":"468dffd3-7212-4866-97a2-95eb4934f44c:indexpattern-datasource-layer-9df4100c-a031-4b57-9d3a-73fa0d385ab6","type":"index-pattern"},{"id":"logs-*","name":"4bc1506b-1ce5-44c5-88cd-63a383011434:indexpattern-datasource-layer-9df4100c-a031-4b57-9d3a-73fa0d385ab6","type":"index-pattern"},{"id":"logs-*","name":"a6c35112-c754-479b-af22-9e0fe7c8291a:indexpattern-datasource-layer-9df4100c-a031-4b57-9d3a-73fa0d385ab6","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688996741503,7838],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3ODQsMV0="}
+{"attributes":{"columns":["event.action","google_workspace.event.type","event.provider","source.user.email"],"description":"","grid":{},"hideChart":false,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.action\",\"negate\":false,\"params\":{\"query\":\"login_success\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.action\":\"login_success\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.login\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.login\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"sort":[["@timestamp","desc"]],"title":"Successful Logins by Compromised Users [Logs Google Workspace]"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"google_workspace-2c0d5bc0-3b0d-11ed-8bdd-f5c5df6c1370","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688996741503,7844],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3ODUsMV0="}
+{"attributes":{"columns":["event.action","file.name","google_workspace.drive.old_value","google_workspace.drive.new_value","source.user.email"],"description":"","grid":{"columns":{"@timestamp":{"width":210}}},"hideChart":false,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.action\",\"negate\":false,\"params\":{\"query\":\"acl_change\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.action\":\"acl_change\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.drive\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.drive\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"sort":[["@timestamp","desc"]],"title":"ACL Changes [Logs Google Workspace]"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"google_workspace-2c40f770-3b24-11ed-8bdd-f5c5df6c1370","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688996741503,7850],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3ODYsMV0="}
+{"attributes":{"description":"Overview of Google Workspace Rules.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.rules\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.rules\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":9,\"i\":\"123197a0-8c1a-4b5f-9328-f42cff317429\",\"w\":24,\"x\":0,\"y\":0},\"panelIndex\":\"123197a0-8c1a-4b5f-9328-f42cff317429\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-49d52ffc-77d4-4564-b467-21113069fd3f\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"49d52ffc-77d4-4564-b467-21113069fd3f\":{\"columnOrder\":[\"ac717c64-0a2d-486d-b00f-8d5fd9ceddd5\"],\"columns\":{\"ac717c64-0a2d-486d-b00f-8d5fd9ceddd5\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Severity\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"google_workspace.rules.severity\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"ac717c64-0a2d-486d-b00f-8d5fd9ceddd5\",\"layerId\":\"49d52ffc-77d4-4564-b467-21113069fd3f\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Severity [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"a995f12f-5ce4-4fbf-9d8c-411ee0fe691f\",\"w\":24,\"x\":24,\"y\":0},\"panelIndex\":\"a995f12f-5ce4-4fbf-9d8c-411ee0fe691f\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-91b13cbe-d02c-49f3-bdc7-60e804a3576a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"91b13cbe-d02c-49f3-bdc7-60e804a3576a\":{\"columnOrder\":[\"c792ccd0-e339-4a57-9b77-8ec01540876c\",\"fb52ca0a-d8cc-4d5f-83c0-c28cefb0f8ce\"],\"columns\":{\"c792ccd0-e339-4a57-9b77-8ec01540876c\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Severity\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"fb52ca0a-d8cc-4d5f-83c0-c28cefb0f8ce\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.rules.severity\"},\"fb52ca0a-d8cc-4d5f-83c0-c28cefb0f8ce\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"91b13cbe-d02c-49f3-bdc7-60e804a3576a\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"c792ccd0-e339-4a57-9b77-8ec01540876c\"],\"metrics\":[\"fb52ca0a-d8cc-4d5f-83c0-c28cefb0f8ce\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Rules by Severity [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":6,\"i\":\"c82a2b25-eb5e-40b2-b3b2-650d74c936f9\",\"w\":24,\"x\":0,\"y\":9},\"panelIndex\":\"c82a2b25-eb5e-40b2-b3b2-650d74c936f9\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-788b8016-043d-4d6d-945c-3f2e1dc365d3\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"788b8016-043d-4d6d-945c-3f2e1dc365d3\":{\"columnOrder\":[\"f4aeb862-4b10-40a9-8fbe-c9d68bf4be55\",\"2b54f274-eb68-4fe8-960b-d9acded9b6f0\"],\"columns\":{\"2b54f274-eb68-4fe8-960b-d9acded9b6f0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Rule Severity\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"f4aeb862-4b10-40a9-8fbe-c9d68bf4be55\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Severity\",\"operationType\":\"filters\",\"params\":{\"filters\":[{\"input\":{\"language\":\"kuery\",\"query\":\"google_workspace.rules.severity : \\\"HIGH\\\" \"},\"label\":\"HIGH\"},{\"input\":{\"language\":\"kuery\",\"query\":\"google_workspace.rules.severity : \\\"MEDIUM\\\" \"},\"label\":\"MEDIUM\"},{\"input\":{\"language\":\"kuery\",\"query\":\"google_workspace.rules.severity : \\\"LOW\\\" \"},\"label\":\"LOW\"}]},\"scale\":\"ordinal\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"breakdownByAccessor\":\"f4aeb862-4b10-40a9-8fbe-c9d68bf4be55\",\"layerId\":\"788b8016-043d-4d6d-945c-3f2e1dc365d3\",\"layerType\":\"data\",\"maxCols\":3,\"metricAccessor\":\"2b54f274-eb68-4fe8-960b-d9acded9b6f0\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"3c4011fa-9c5c-48e6-abae-693bf685851e\",\"w\":24,\"x\":0,\"y\":15},\"panelIndex\":\"3c4011fa-9c5c-48e6-abae-693bf685851e\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-568a0980-a917-48ad-bde5-ebb17d8e623a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"568a0980-a917-48ad-bde5-ebb17d8e623a\":{\"columnOrder\":[\"959dbeaa-f55c-45e8-9b38-b98952a1612b\",\"414f2299-b09f-409a-8855-ff346d86f770\"],\"columns\":{\"414f2299-b09f-409a-8855-ff346d86f770\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"959dbeaa-f55c-45e8-9b38-b98952a1612b\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Device Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"414f2299-b09f-409a-8855-ff346d86f770\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.rules.device.type\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"568a0980-a917-48ad-bde5-ebb17d8e623a\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"959dbeaa-f55c-45e8-9b38-b98952a1612b\"],\"metrics\":[\"414f2299-b09f-409a-8855-ff346d86f770\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Rules by Device Type [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"6cb8bd6f-be16-43ef-85dc-1f5007ca46ef\",\"w\":24,\"x\":24,\"y\":15},\"panelIndex\":\"6cb8bd6f-be16-43ef-85dc-1f5007ca46ef\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-e0b93956-6fd4-4842-a441-e185bd29c77c\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"e0b93956-6fd4-4842-a441-e185bd29c77c\":{\"columnOrder\":[\"37b9483a-d496-4993-99e3-a2487dfcc9de\",\"5be194b7-6d94-4677-b820-ebe7fdc33582\"],\"columns\":{\"37b9483a-d496-4993-99e3-a2487dfcc9de\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Event Action\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"5be194b7-6d94-4677-b820-ebe7fdc33582\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"event.action\"},\"5be194b7-6d94-4677-b820-ebe7fdc33582\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"e0b93956-6fd4-4842-a441-e185bd29c77c\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"37b9483a-d496-4993-99e3-a2487dfcc9de\"],\"metrics\":[\"5be194b7-6d94-4677-b820-ebe7fdc33582\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Rules by Event Action [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"a2806b00-58d7-4fb8-97c4-59c3da0220a0\",\"w\":24,\"x\":0,\"y\":30},\"panelIndex\":\"a2806b00-58d7-4fb8-97c4-59c3da0220a0\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b04c4c24-d9f1-4a60-9b0f-8bd4fb9f80a4\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b04c4c24-d9f1-4a60-9b0f-8bd4fb9f80a4\":{\"columnOrder\":[\"087501c1-0b44-4947-824d-23d688acd8b0\",\"c9367b78-19e4-4f77-aeb3-bc453bc5a289\"],\"columns\":{\"087501c1-0b44-4947-824d-23d688acd8b0\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Rule Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"c9367b78-19e4-4f77-aeb3-bc453bc5a289\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.rules.type\"},\"c9367b78-19e4-4f77-aeb3-bc453bc5a289\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"b04c4c24-d9f1-4a60-9b0f-8bd4fb9f80a4\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"087501c1-0b44-4947-824d-23d688acd8b0\"],\"metrics\":[\"c9367b78-19e4-4f77-aeb3-bc453bc5a289\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Rules by Rule Type [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"4e8cd032-411a-4a42-92b4-ee98a8f803af\",\"w\":24,\"x\":24,\"y\":30},\"panelIndex\":\"4e8cd032-411a-4a42-92b4-ee98a8f803af\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-f2ade8d5-c408-4496-afd1-cecb15659a59\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"f2ade8d5-c408-4496-afd1-cecb15659a59\":{\"columnOrder\":[\"e75c13c9-7a45-4339-9076-455ddc337225\",\"351f6b1e-5758-4aae-9110-edb5a3e357c0\"],\"columns\":{\"351f6b1e-5758-4aae-9110-edb5a3e357c0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"e75c13c9-7a45-4339-9076-455ddc337225\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Data Source\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"351f6b1e-5758-4aae-9110-edb5a3e357c0\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.rules.data_source\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"351f6b1e-5758-4aae-9110-edb5a3e357c0\"],\"layerId\":\"f2ade8d5-c408-4496-afd1-cecb15659a59\",\"layerType\":\"data\",\"seriesType\":\"bar_stacked\",\"xAccessor\":\"e75c13c9-7a45-4339-9076-455ddc337225\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Rules by Data Source [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"554995d9-c1b1-4a58-9bea-a82cefc57583\",\"w\":24,\"x\":0,\"y\":45},\"panelIndex\":\"554995d9-c1b1-4a58-9bea-a82cefc57583\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-58c070e1-e2d0-4496-8b94-249b85491fb2\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"58c070e1-e2d0-4496-8b94-249b85491fb2\":{\"columnOrder\":[\"a87c4d55-df7d-4f2c-9921-aa3749be256e\",\"e5c683c3-dba5-44ca-a638-fe7a80eccee6\"],\"columns\":{\"a87c4d55-df7d-4f2c-9921-aa3749be256e\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Resource Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e5c683c3-dba5-44ca-a638-fe7a80eccee6\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.rules.resource.type\"},\"e5c683c3-dba5-44ca-a638-fe7a80eccee6\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"58c070e1-e2d0-4496-8b94-249b85491fb2\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"a87c4d55-df7d-4f2c-9921-aa3749be256e\"],\"metrics\":[\"e5c683c3-dba5-44ca-a638-fe7a80eccee6\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Rules by Resource Type [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"1759911d-52c6-4cae-895c-d6bc9c90d8ed\",\"w\":24,\"x\":24,\"y\":45},\"panelIndex\":\"1759911d-52c6-4cae-895c-d6bc9c90d8ed\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-47571350-d5fe-468c-b53e-aab0f4883775\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"47571350-d5fe-468c-b53e-aab0f4883775\":{\"columnOrder\":[\"eaf232c1-34a5-4a66-ac64-83f23d75db51\",\"ab05f76a-e76b-43e8-a234-e34d658d1709\"],\"columns\":{\"ab05f76a-e76b-43e8-a234-e34d658d1709\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"eaf232c1-34a5-4a66-ac64-83f23d75db51\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Organization Domain\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"ab05f76a-e76b-43e8-a234-e34d658d1709\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.organization.domain\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"eaf232c1-34a5-4a66-ac64-83f23d75db51\",\"isTransposed\":false},{\"columnId\":\"ab05f76a-e76b-43e8-a234-e34d658d1709\",\"isTransposed\":false}],\"layerId\":\"47571350-d5fe-468c-b53e-aab0f4883775\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top 10 Organization Domain [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"bede3b5c-48c7-48b9-94fd-0d60bcd6761f\",\"w\":24,\"x\":0,\"y\":60},\"panelIndex\":\"bede3b5c-48c7-48b9-94fd-0d60bcd6761f\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-c032fb76-0265-4e61-9008-5ae30772f62f\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"c032fb76-0265-4e61-9008-5ae30772f62f\":{\"columnOrder\":[\"8978c239-b005-47c3-a4a4-df17a7132bf8\",\"6140ef40-3eb6-45e3-b440-4920f0605429\"],\"columns\":{\"6140ef40-3eb6-45e3-b440-4920f0605429\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"8978c239-b005-47c3-a4a4-df17a7132bf8\":{\"customLabel\":true,\"dataType\":\"ip\",\"isBucketed\":true,\"label\":\"User IP\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"6140ef40-3eb6-45e3-b440-4920f0605429\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"source.ip\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"8978c239-b005-47c3-a4a4-df17a7132bf8\",\"isTransposed\":false},{\"columnId\":\"6140ef40-3eb6-45e3-b440-4920f0605429\",\"isTransposed\":false}],\"layerId\":\"c032fb76-0265-4e61-9008-5ae30772f62f\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top 10 User IP [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"918fbb38-c024-4a02-9451-e24d2f821105\",\"w\":24,\"x\":24,\"y\":60},\"panelIndex\":\"918fbb38-c024-4a02-9451-e24d2f821105\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-2b72303a-7466-4238-acdc-376df532b930\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"2b72303a-7466-4238-acdc-376df532b930\":{\"columnOrder\":[\"2eb34b3a-230d-4897-96aa-8dcd4a64716b\",\"fcc8bb7a-a697-40e2-82a4-3d090881730d\"],\"columns\":{\"2eb34b3a-230d-4897-96aa-8dcd4a64716b\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Trigger of the Rule Evaluation\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"fcc8bb7a-a697-40e2-82a4-3d090881730d\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.rules.matched.trigger\"},\"fcc8bb7a-a697-40e2-82a4-3d090881730d\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"2eb34b3a-230d-4897-96aa-8dcd4a64716b\"},{\"columnId\":\"fcc8bb7a-a697-40e2-82a4-3d090881730d\"}],\"layerId\":\"2b72303a-7466-4238-acdc-376df532b930\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top 10 Trigger of the Rule Evaluation [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":18,\"i\":\"a770d1b0-ce49-4e7c-9b2f-d61438af1415\",\"w\":48,\"x\":0,\"y\":75},\"panelIndex\":\"a770d1b0-ce49-4e7c-9b2f-d61438af1415\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"annotations\":[],\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"767fa210-34e3-11ed-99ee-6d37de6553b1\"}],\"bar_color_rules\":[{\"id\":\"7412e7d0-34e3-11ed-99ee-6d37de6553b1\"}],\"drop_last_bucket\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"gauge_color_rules\":[{\"id\":\"789059a0-34e3-11ed-99ee-6d37de6553b1\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"id\":\"27f31679-7606-4f1e-b1d3-acc503edc784\",\"index_pattern_ref_name\":\"metrics_a770d1b0-ce49-4e7c-9b2f-d61438af1415_0_index_pattern\",\"interval\":\"\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"default\",\"id\":\"e8e519c9-71f7-4662-8cbc-7b22c4b7965d\",\"label\":\"Triggered Rules by Severity\",\"line_width\":1,\"metrics\":[{\"agg_with\":\"noop\",\"field\":\"google_workspace.rules.matched.trigger\",\"id\":\"86d42c61-1989-446d-b39c-638c17283ab1\",\"order\":\"desc\",\"type\":\"cardinality\"}],\"override_index_pattern\":0,\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"point_size\":1,\"separate_axis\":0,\"series_drop_last_bucket\":0,\"series_index_pattern\":{\"id\":\"logs-*\"},\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"google_workspace.rules.severity\",\"terms_size\":\"10\",\"time_range_mode\":\"entire_time_range\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"timeseries\",\"use_kibana_indexes\":true},\"title\":\"\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Triggered Rules by Severity Over Time [Logs Google Workspace]\"}]","timeRestore":false,"title":"[Logs Google Workspace] Rules","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"google_workspace-3be0b490-3430-11ed-9f31-c9178ccae8cd","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"123197a0-8c1a-4b5f-9328-f42cff317429:indexpattern-datasource-layer-49d52ffc-77d4-4564-b467-21113069fd3f","type":"index-pattern"},{"id":"logs-*","name":"a995f12f-5ce4-4fbf-9d8c-411ee0fe691f:indexpattern-datasource-layer-91b13cbe-d02c-49f3-bdc7-60e804a3576a","type":"index-pattern"},{"id":"logs-*","name":"c82a2b25-eb5e-40b2-b3b2-650d74c936f9:indexpattern-datasource-layer-788b8016-043d-4d6d-945c-3f2e1dc365d3","type":"index-pattern"},{"id":"logs-*","name":"3c4011fa-9c5c-48e6-abae-693bf685851e:indexpattern-datasource-layer-568a0980-a917-48ad-bde5-ebb17d8e623a","type":"index-pattern"},{"id":"logs-*","name":"6cb8bd6f-be16-43ef-85dc-1f5007ca46ef:indexpattern-datasource-layer-e0b93956-6fd4-4842-a441-e185bd29c77c","type":"index-pattern"},{"id":"logs-*","name":"a2806b00-58d7-4fb8-97c4-59c3da0220a0:indexpattern-datasource-layer-b04c4c24-d9f1-4a60-9b0f-8bd4fb9f80a4","type":"index-pattern"},{"id":"logs-*","name":"4e8cd032-411a-4a42-92b4-ee98a8f803af:indexpattern-datasource-layer-f2ade8d5-c408-4496-afd1-cecb15659a59","type":"index-pattern"},{"id":"logs-*","name":"554995d9-c1b1-4a58-9bea-a82cefc57583:indexpattern-datasource-layer-58c070e1-e2d0-4496-8b94-249b85491fb2","type":"index-pattern"},{"id":"logs-*","name":"1759911d-52c6-4cae-895c-d6bc9c90d8ed:indexpattern-datasource-layer-47571350-d5fe-468c-b53e-aab0f4883775","type":"index-pattern"},{"id":"logs-*","name":"bede3b5c-48c7-48b9-94fd-0d60bcd6761f:indexpattern-datasource-layer-c032fb76-0265-4e61-9008-5ae30772f62f","type":"index-pattern"},{"id":"logs-*","name":"918fbb38-c024-4a02-9451-e24d2f821105:indexpattern-datasource-layer-2b72303a-7466-4238-acdc-376df532b930","type":"index-pattern"},{"id":"logs-*","name":"a770d1b0-ce49-4e7c-9b2f-d61438af1415:metrics_a770d1b0-ce49-4e7c-9b2f-d61438af1415_0_index_pattern","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688996741503,7866],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3ODcsMV0="}
+{"attributes":{"columns":["google_workspace.groups.email","google_workspace.groups.setting","google_workspace.groups.old_value","google_workspace.groups.new_value"],"description":"","grid":{"columns":{"google_workspace.groups.email":{"width":327},"google_workspace.groups.setting":{"width":327}}},"hideChart":false,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.action\",\"negate\":false,\"params\":{\"query\":\"change_spam_moderation_setting\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.action\":\"change_spam_moderation_setting\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.groups\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.groups\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"sort":[["@timestamp","desc"]],"title":"Group Spam Moderation Setting Changes [Logs Google Workspace]"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"google_workspace-3ceeeba0-3c04-11ed-8bdd-f5c5df6c1370","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688996741503,7872],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3ODgsMV0="}
+{"attributes":{"description":"Overview of Google Workspace Group Enterprise.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.group_enterprise\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.group_enterprise\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"732db5ab-2e3e-4a4c-b58a-eff4d690308e\",\"w\":24,\"x\":0,\"y\":0},\"panelIndex\":\"732db5ab-2e3e-4a4c-b58a-eff4d690308e\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-3bcf296c-5ae2-4d11-9cb1-07a081b29b2f\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"a967f1ea-0b32-4f97-94b1-dfdf4ade828d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"3bcf296c-5ae2-4d11-9cb1-07a081b29b2f\":{\"columnOrder\":[\"7a53b14c-bd89-441b-882b-3a0ab39d0e87\"],\"columns\":{\"7a53b14c-bd89-441b-882b-3a0ab39d0e87\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Group Enterprise Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"a967f1ea-0b32-4f97-94b1-dfdf4ade828d\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.group_enterprise\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.group_enterprise\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"7a53b14c-bd89-441b-882b-3a0ab39d0e87\",\"layerId\":\"3bcf296c-5ae2-4d11-9cb1-07a081b29b2f\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Group Enterprise Count [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"d321fa7c-a82c-4650-acd3-6219235a3959\",\"w\":24,\"x\":24,\"y\":15},\"panelIndex\":\"d321fa7c-a82c-4650-acd3-6219235a3959\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-015b3cd1-f202-4274-bfc3-9d904dda8ea9\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"015b3cd1-f202-4274-bfc3-9d904dda8ea9\":{\"columnOrder\":[\"249c33b5-4a34-411b-9b87-472f6d7ad38e\",\"de3bab7d-ee0b-4c6c-9f22-7b675972310c\"],\"columns\":{\"249c33b5-4a34-411b-9b87-472f6d7ad38e\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Member Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"de3bab7d-ee0b-4c6c-9f22-7b675972310c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.group_enterprise.member.type\"},\"de3bab7d-ee0b-4c6c-9f22-7b675972310c\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"015b3cd1-f202-4274-bfc3-9d904dda8ea9\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":false,\"primaryGroups\":[\"249c33b5-4a34-411b-9b87-472f6d7ad38e\"],\"metrics\":[\"de3bab7d-ee0b-4c6c-9f22-7b675972310c\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Group Enterprise Events by Member Type [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"1d21aa30-dc28-4752-aedd-c443dd87fb4a\",\"w\":24,\"x\":0,\"y\":15},\"panelIndex\":\"1d21aa30-dc28-4752-aedd-c443dd87fb4a\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-015b3cd1-f202-4274-bfc3-9d904dda8ea9\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"015b3cd1-f202-4274-bfc3-9d904dda8ea9\":{\"columnOrder\":[\"249c33b5-4a34-411b-9b87-472f6d7ad38e\",\"de3bab7d-ee0b-4c6c-9f22-7b675972310c\"],\"columns\":{\"249c33b5-4a34-411b-9b87-472f6d7ad38e\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Member Role\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"de3bab7d-ee0b-4c6c-9f22-7b675972310c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.group_enterprise.member.role\"},\"de3bab7d-ee0b-4c6c-9f22-7b675972310c\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"015b3cd1-f202-4274-bfc3-9d904dda8ea9\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":false,\"primaryGroups\":[\"249c33b5-4a34-411b-9b87-472f6d7ad38e\"],\"metrics\":[\"de3bab7d-ee0b-4c6c-9f22-7b675972310c\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Group Enterprise Events by Member Role [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"15f4fa4d-5d03-4372-8040-195ebe44fa62\",\"w\":24,\"x\":24,\"y\":0},\"panelIndex\":\"15f4fa4d-5d03-4372-8040-195ebe44fa62\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-cdb292b4-7101-484f-a0a9-57d4a83d0a0d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"cdb292b4-7101-484f-a0a9-57d4a83d0a0d\":{\"columnOrder\":[\"e7689431-8c2b-48b8-b7a0-5f5e187f018b\",\"ac6e01b4-4d1f-47cc-affd-a842ac8a5745\",\"d25b955c-6a25-427d-9038-6f9e4975459b\"],\"columns\":{\"ac6e01b4-4d1f-47cc-affd-a842ac8a5745\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"d25b955c-6a25-427d-9038-6f9e4975459b\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"e7689431-8c2b-48b8-b7a0-5f5e187f018b\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Event Action\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"d25b955c-6a25-427d-9038-6f9e4975459b\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":35},\"scale\":\"ordinal\",\"sourceField\":\"event.action\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"d25b955c-6a25-427d-9038-6f9e4975459b\"],\"layerId\":\"cdb292b4-7101-484f-a0a9-57d4a83d0a0d\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"splitAccessor\":\"e7689431-8c2b-48b8-b7a0-5f5e187f018b\",\"xAccessor\":\"ac6e01b4-4d1f-47cc-affd-a842ac8a5745\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Group Enterprise Events by Event Action [Logs Google Workspace]\"}]","timeRestore":false,"title":"[Logs Google Workspace] Group Enterprise","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"google_workspace-3fb94480-8cbc-11ed-add3-0fec96545f1c","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"732db5ab-2e3e-4a4c-b58a-eff4d690308e:indexpattern-datasource-layer-3bcf296c-5ae2-4d11-9cb1-07a081b29b2f","type":"index-pattern"},{"id":"logs-*","name":"732db5ab-2e3e-4a4c-b58a-eff4d690308e:a967f1ea-0b32-4f97-94b1-dfdf4ade828d","type":"index-pattern"},{"id":"logs-*","name":"d321fa7c-a82c-4650-acd3-6219235a3959:indexpattern-datasource-layer-015b3cd1-f202-4274-bfc3-9d904dda8ea9","type":"index-pattern"},{"id":"logs-*","name":"1d21aa30-dc28-4752-aedd-c443dd87fb4a:indexpattern-datasource-layer-015b3cd1-f202-4274-bfc3-9d904dda8ea9","type":"index-pattern"},{"id":"logs-*","name":"15f4fa4d-5d03-4372-8040-195ebe44fa62:indexpattern-datasource-layer-cdb292b4-7101-484f-a0a9-57d4a83d0a0d","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688996741503,7881],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3ODksMV0="}
+{"attributes":{"description":"Overview of Google Workspace Device.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.device\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.device\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"de2b27df-ba29-409e-9f26-c547cea21c10\",\"w\":24,\"x\":0,\"y\":0},\"panelIndex\":\"de2b27df-ba29-409e-9f26-c547cea21c10\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-0aa843a1-6902-47e5-88d7-a9efd68ce2e3\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"0aa843a1-6902-47e5-88d7-a9efd68ce2e3\":{\"columnOrder\":[\"3158d245-f7ae-4266-b391-ca75016164cb\"],\"columns\":{\"3158d245-f7ae-4266-b391-ca75016164cb\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"3158d245-f7ae-4266-b391-ca75016164cb\",\"layerId\":\"0aa843a1-6902-47e5-88d7-a9efd68ce2e3\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Device Count [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"f5a25a0b-604e-467b-bf83-685ed7925c1d\",\"w\":24,\"x\":24,\"y\":0},\"panelIndex\":\"f5a25a0b-604e-467b-bf83-685ed7925c1d\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b4080c20-fb76-441d-a8d3-b772997c1a9d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b4080c20-fb76-441d-a8d3-b772997c1a9d\":{\"columnOrder\":[\"9579ebfd-7a45-4e45-8f9d-635ae78762be\",\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\"],\"columns\":{\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"9579ebfd-7a45-4e45-8f9d-635ae78762be\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Device Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.device.type\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\"],\"layerId\":\"b4080c20-fb76-441d-a8d3-b772997c1a9d\",\"layerType\":\"data\",\"seriesType\":\"bar\",\"xAccessor\":\"9579ebfd-7a45-4e45-8f9d-635ae78762be\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Device Events by Type [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"42da590b-25b7-4779-8aea-54dc9bd6731f\",\"w\":24,\"x\":0,\"y\":15},\"panelIndex\":\"42da590b-25b7-4779-8aea-54dc9bd6731f\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b4080c20-fb76-441d-a8d3-b772997c1a9d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b4080c20-fb76-441d-a8d3-b772997c1a9d\":{\"columnOrder\":[\"9579ebfd-7a45-4e45-8f9d-635ae78762be\",\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\"],\"columns\":{\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"9579ebfd-7a45-4e45-8f9d-635ae78762be\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Account State\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.device.account_state\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"b4080c20-fb76-441d-a8d3-b772997c1a9d\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":false,\"primaryGroups\":[\"9579ebfd-7a45-4e45-8f9d-635ae78762be\"],\"metrics\":[\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Device Events by Account State [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"00e49338-83b8-4b28-9035-635d382ec72a\",\"w\":24,\"x\":24,\"y\":15},\"panelIndex\":\"00e49338-83b8-4b28-9035-635d382ec72a\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-3301a3e3-33e1-4809-9280-7ee202b61d18\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"3301a3e3-33e1-4809-9280-7ee202b61d18\":{\"columnOrder\":[\"641ba828-307e-46c6-a459-c2ff096d711c\",\"c8328db5-c93e-486e-b74f-bccaca0c0626\"],\"columns\":{\"641ba828-307e-46c6-a459-c2ff096d711c\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Device ID\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"c8328db5-c93e-486e-b74f-bccaca0c0626\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.device.id\"},\"c8328db5-c93e-486e-b74f-bccaca0c0626\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Failed Password Attempts\",\"operationType\":\"max\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"google_workspace.device.failed_passwd_attempts\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"641ba828-307e-46c6-a459-c2ff096d711c\",\"isTransposed\":false},{\"alignment\":\"left\",\"columnId\":\"c8328db5-c93e-486e-b74f-bccaca0c0626\",\"isTransposed\":false}],\"layerId\":\"3301a3e3-33e1-4809-9280-7ee202b61d18\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top 10 Devices with Most Failed Password Attempts [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"e81c9c68-4e3e-48ed-b289-eaafb7af3752\",\"w\":24,\"x\":0,\"y\":30},\"panelIndex\":\"e81c9c68-4e3e-48ed-b289-eaafb7af3752\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-3301a3e3-33e1-4809-9280-7ee202b61d18\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"3301a3e3-33e1-4809-9280-7ee202b61d18\":{\"columnOrder\":[\"641ba828-307e-46c6-a459-c2ff096d711c\",\"5b18e655-fa6a-406d-a5cb-53ba2c9243fd\",\"e6233e8a-4716-40c6-9357-1cea503e99dd\"],\"columns\":{\"5b18e655-fa6a-406d-a5cb-53ba2c9243fd\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Device Deactivation Reason\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e6233e8a-4716-40c6-9357-1cea503e99dd\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.device.deactivation_reason\"},\"641ba828-307e-46c6-a459-c2ff096d711c\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Device Compliance\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e6233e8a-4716-40c6-9357-1cea503e99dd\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.device.compliance\"},\"e6233e8a-4716-40c6-9357-1cea503e99dd\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"641ba828-307e-46c6-a459-c2ff096d711c\",\"isTransposed\":false},{\"columnId\":\"5b18e655-fa6a-406d-a5cb-53ba2c9243fd\",\"isTransposed\":false},{\"alignment\":\"left\",\"columnId\":\"e6233e8a-4716-40c6-9357-1cea503e99dd\",\"hidden\":true,\"isTransposed\":false}],\"layerId\":\"3301a3e3-33e1-4809-9280-7ee202b61d18\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"List of Device Compliance and Device Deactivation Reason [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"427981ce-492c-49c6-83d0-40ee3a717a20\",\"w\":24,\"x\":24,\"y\":30},\"panelIndex\":\"427981ce-492c-49c6-83d0-40ee3a717a20\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-4ecc0135-8b3b-4420-a97b-07baf0ad169c\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"4ecc0135-8b3b-4420-a97b-07baf0ad169c\":{\"columnOrder\":[\"6bf48d8b-4d0f-47ba-a7d1-1425256c574e\",\"fe1f0681-2ceb-4d10-bbd0-51f6f1c6d975\"],\"columns\":{\"6bf48d8b-4d0f-47ba-a7d1-1425256c574e\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Event Action\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"fe1f0681-2ceb-4d10-bbd0-51f6f1c6d975\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":25},\"scale\":\"ordinal\",\"sourceField\":\"event.action\"},\"fe1f0681-2ceb-4d10-bbd0-51f6f1c6d975\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"accessors\":[\"fe1f0681-2ceb-4d10-bbd0-51f6f1c6d975\"],\"layerId\":\"4ecc0135-8b3b-4420-a97b-07baf0ad169c\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_horizontal_stacked\",\"showGridlines\":false,\"xAccessor\":\"6bf48d8b-4d0f-47ba-a7d1-1425256c574e\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false,\"showSingleSeries\":true},\"preferredSeriesType\":\"bar_horizontal_stacked\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Device Events by Event Action [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"88339376-e612-4096-b762-9b6bb7a19c1f\",\"w\":24,\"x\":0,\"y\":45},\"panelIndex\":\"88339376-e612-4096-b762-9b6bb7a19c1f\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b4080c20-fb76-441d-a8d3-b772997c1a9d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b4080c20-fb76-441d-a8d3-b772997c1a9d\":{\"columnOrder\":[\"9579ebfd-7a45-4e45-8f9d-635ae78762be\",\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\"],\"columns\":{\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"9579ebfd-7a45-4e45-8f9d-635ae78762be\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Security Patch Level\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.device.security.patch_level\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"b4080c20-fb76-441d-a8d3-b772997c1a9d\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":false,\"primaryGroups\":[\"9579ebfd-7a45-4e45-8f9d-635ae78762be\"],\"metrics\":[\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Device by Security Patch Level [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"794cfd69-290e-4a83-8e59-21a13e713fe6\",\"w\":24,\"x\":24,\"y\":45},\"panelIndex\":\"794cfd69-290e-4a83-8e59-21a13e713fe6\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-4ecc0135-8b3b-4420-a97b-07baf0ad169c\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"4ecc0135-8b3b-4420-a97b-07baf0ad169c\":{\"columnOrder\":[\"6bf48d8b-4d0f-47ba-a7d1-1425256c574e\",\"fe1f0681-2ceb-4d10-bbd0-51f6f1c6d975\"],\"columns\":{\"6bf48d8b-4d0f-47ba-a7d1-1425256c574e\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Potentially Harmful App Category\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"fe1f0681-2ceb-4d10-bbd0-51f6f1c6d975\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":25},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.device.pha_category\"},\"fe1f0681-2ceb-4d10-bbd0-51f6f1c6d975\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"accessors\":[\"fe1f0681-2ceb-4d10-bbd0-51f6f1c6d975\"],\"layerId\":\"4ecc0135-8b3b-4420-a97b-07baf0ad169c\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_horizontal_stacked\",\"showGridlines\":false,\"xAccessor\":\"6bf48d8b-4d0f-47ba-a7d1-1425256c574e\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false,\"showSingleSeries\":true},\"preferredSeriesType\":\"bar_horizontal_stacked\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Device Events by Potentially Harmful App Category [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"cdf1fd4d-d93a-4ad2-aa00-4959fe77be56\",\"w\":24,\"x\":0,\"y\":60},\"panelIndex\":\"cdf1fd4d-d93a-4ad2-aa00-4959fe77be56\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b4080c20-fb76-441d-a8d3-b772997c1a9d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b4080c20-fb76-441d-a8d3-b772997c1a9d\":{\"columnOrder\":[\"9579ebfd-7a45-4e45-8f9d-635ae78762be\",\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\"],\"columns\":{\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"9579ebfd-7a45-4e45-8f9d-635ae78762be\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Application State\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.device.application.state\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"b4080c20-fb76-441d-a8d3-b772997c1a9d\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":false,\"primaryGroups\":[\"9579ebfd-7a45-4e45-8f9d-635ae78762be\"],\"metrics\":[\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Device Events by Application State [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"6f6b8831-d79e-4291-9431-b2ea16be6dd7\",\"w\":24,\"x\":24,\"y\":60},\"panelIndex\":\"6f6b8831-d79e-4291-9431-b2ea16be6dd7\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-4ecc0135-8b3b-4420-a97b-07baf0ad169c\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"4ecc0135-8b3b-4420-a97b-07baf0ad169c\":{\"columnOrder\":[\"6bf48d8b-4d0f-47ba-a7d1-1425256c574e\",\"fe1f0681-2ceb-4d10-bbd0-51f6f1c6d975\"],\"columns\":{\"6bf48d8b-4d0f-47ba-a7d1-1425256c574e\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Action Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"fe1f0681-2ceb-4d10-bbd0-51f6f1c6d975\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":25},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.device.action.type\"},\"fe1f0681-2ceb-4d10-bbd0-51f6f1c6d975\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"accessors\":[\"fe1f0681-2ceb-4d10-bbd0-51f6f1c6d975\"],\"layerId\":\"4ecc0135-8b3b-4420-a97b-07baf0ad169c\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_horizontal_stacked\",\"showGridlines\":false,\"xAccessor\":\"6bf48d8b-4d0f-47ba-a7d1-1425256c574e\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false,\"showSingleSeries\":true},\"preferredSeriesType\":\"bar_horizontal_stacked\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Device Events by Action Type [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"f684b364-536f-44d4-a6a6-6975f964daae\",\"w\":24,\"x\":0,\"y\":75},\"panelIndex\":\"f684b364-536f-44d4-a6a6-6975f964daae\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b4080c20-fb76-441d-a8d3-b772997c1a9d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b4080c20-fb76-441d-a8d3-b772997c1a9d\":{\"columnOrder\":[\"9579ebfd-7a45-4e45-8f9d-635ae78762be\",\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\"],\"columns\":{\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"9579ebfd-7a45-4e45-8f9d-635ae78762be\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Application Report Severity\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.device.application.report.severity\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"b4080c20-fb76-441d-a8d3-b772997c1a9d\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":false,\"primaryGroups\":[\"9579ebfd-7a45-4e45-8f9d-635ae78762be\"],\"metrics\":[\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Device Events by Application Report Severity [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"4a4bf160-0594-40f8-ab4d-6242c41b79a2\",\"w\":24,\"x\":0,\"y\":90},\"panelIndex\":\"4a4bf160-0594-40f8-ab4d-6242c41b79a2\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b4080c20-fb76-441d-a8d3-b772997c1a9d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b4080c20-fb76-441d-a8d3-b772997c1a9d\":{\"columnOrder\":[\"9579ebfd-7a45-4e45-8f9d-635ae78762be\",\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\"],\"columns\":{\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"9579ebfd-7a45-4e45-8f9d-635ae78762be\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Device Policy App Privilege\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.device.register_privilege\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"b4080c20-fb76-441d-a8d3-b772997c1a9d\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":false,\"primaryGroups\":[\"9579ebfd-7a45-4e45-8f9d-635ae78762be\"],\"metrics\":[\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Device Events by Device Policy App Privilege [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"62e853e4-fa5e-49f0-8e5f-575c5c9bf3fc\",\"w\":24,\"x\":24,\"y\":75},\"panelIndex\":\"62e853e4-fa5e-49f0-8e5f-575c5c9bf3fc\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b4080c20-fb76-441d-a8d3-b772997c1a9d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b4080c20-fb76-441d-a8d3-b772997c1a9d\":{\"columnOrder\":[\"9579ebfd-7a45-4e45-8f9d-635ae78762be\",\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\"],\"columns\":{\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"9579ebfd-7a45-4e45-8f9d-635ae78762be\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Policy Status\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.device.policy.sync.result\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"b4080c20-fb76-441d-a8d3-b772997c1a9d\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":false,\"primaryGroups\":[\"9579ebfd-7a45-4e45-8f9d-635ae78762be\"],\"metrics\":[\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Device Events by Policy Status [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"06d83d34-1df0-4dc3-ac38-d8ce26f23b80\",\"w\":24,\"x\":0,\"y\":105},\"panelIndex\":\"06d83d34-1df0-4dc3-ac38-d8ce26f23b80\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b4080c20-fb76-441d-a8d3-b772997c1a9d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b4080c20-fb76-441d-a8d3-b772997c1a9d\":{\"columnOrder\":[\"9579ebfd-7a45-4e45-8f9d-635ae78762be\",\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\"],\"columns\":{\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"9579ebfd-7a45-4e45-8f9d-635ae78762be\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Policy Sync Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.device.policy.sync.type\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"b4080c20-fb76-441d-a8d3-b772997c1a9d\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":false,\"primaryGroups\":[\"9579ebfd-7a45-4e45-8f9d-635ae78762be\"],\"metrics\":[\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Device Events by Policy Sync Type [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"0e36eb8f-5d02-4ffd-90cb-4f7e094d300d\",\"w\":24,\"x\":24,\"y\":90},\"panelIndex\":\"0e36eb8f-5d02-4ffd-90cb-4f7e094d300d\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b4080c20-fb76-441d-a8d3-b772997c1a9d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b4080c20-fb76-441d-a8d3-b772997c1a9d\":{\"columnOrder\":[\"9579ebfd-7a45-4e45-8f9d-635ae78762be\",\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\"],\"columns\":{\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"9579ebfd-7a45-4e45-8f9d-635ae78762be\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Action Execution Status\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.device.action.execution_status\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\"],\"layerId\":\"b4080c20-fb76-441d-a8d3-b772997c1a9d\",\"layerType\":\"data\",\"seriesType\":\"bar\",\"xAccessor\":\"9579ebfd-7a45-4e45-8f9d-635ae78762be\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Device Events by Action Execution Status [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"b3e68758-292a-4392-8311-23a575fec922\",\"w\":24,\"x\":0,\"y\":120},\"panelIndex\":\"b3e68758-292a-4392-8311-23a575fec922\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b4080c20-fb76-441d-a8d3-b772997c1a9d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b4080c20-fb76-441d-a8d3-b772997c1a9d\":{\"columnOrder\":[\"9579ebfd-7a45-4e45-8f9d-635ae78762be\",\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\"],\"columns\":{\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"9579ebfd-7a45-4e45-8f9d-635ae78762be\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Device Ownership\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.device.ownership\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"b4080c20-fb76-441d-a8d3-b772997c1a9d\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":false,\"primaryGroups\":[\"9579ebfd-7a45-4e45-8f9d-635ae78762be\"],\"metrics\":[\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Device Events by Device Ownership [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"57f08755-8c84-4134-bbb4-af146826e55a\",\"w\":24,\"x\":24,\"y\":105},\"panelIndex\":\"57f08755-8c84-4134-bbb4-af146826e55a\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b4080c20-fb76-441d-a8d3-b772997c1a9d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b4080c20-fb76-441d-a8d3-b772997c1a9d\":{\"columnOrder\":[\"9579ebfd-7a45-4e45-8f9d-635ae78762be\",\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\"],\"columns\":{\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"9579ebfd-7a45-4e45-8f9d-635ae78762be\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"OS Property\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.device.os.property\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"b4080c20-fb76-441d-a8d3-b772997c1a9d\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":false,\"primaryGroups\":[\"9579ebfd-7a45-4e45-8f9d-635ae78762be\"],\"metrics\":[\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Device Events by OS Property [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"16b1f8bc-bd46-420c-9538-579c1339b9cb\",\"w\":24,\"x\":0,\"y\":135},\"panelIndex\":\"16b1f8bc-bd46-420c-9538-579c1339b9cb\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b4080c20-fb76-441d-a8d3-b772997c1a9d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b4080c20-fb76-441d-a8d3-b772997c1a9d\":{\"columnOrder\":[\"9579ebfd-7a45-4e45-8f9d-635ae78762be\",\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\"],\"columns\":{\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"9579ebfd-7a45-4e45-8f9d-635ae78762be\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Device Property\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.device.property\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\"],\"layerId\":\"b4080c20-fb76-441d-a8d3-b772997c1a9d\",\"layerType\":\"data\",\"seriesType\":\"bar\",\"xAccessor\":\"9579ebfd-7a45-4e45-8f9d-635ae78762be\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Device Events by Device Property [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"0df40626-ace9-4e3b-b839-8f865051bb87\",\"w\":24,\"x\":24,\"y\":120},\"panelIndex\":\"0df40626-ace9-4e3b-b839-8f865051bb87\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b4080c20-fb76-441d-a8d3-b772997c1a9d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b4080c20-fb76-441d-a8d3-b772997c1a9d\":{\"columnOrder\":[\"9579ebfd-7a45-4e45-8f9d-635ae78762be\",\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\"],\"columns\":{\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"9579ebfd-7a45-4e45-8f9d-635ae78762be\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Device Setting\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.device.setting\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"b4080c20-fb76-441d-a8d3-b772997c1a9d\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":false,\"primaryGroups\":[\"9579ebfd-7a45-4e45-8f9d-635ae78762be\"],\"metrics\":[\"7ad6e2ac-8d61-4c1f-abb3-f4d99f1b06a0\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Device Events by Device Setting [Logs Google Workspace]\"}]","timeRestore":false,"title":"[Logs Google Workspace] Device","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"google_workspace-4c5a4cc0-8cbc-11ed-add3-0fec96545f1c","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"de2b27df-ba29-409e-9f26-c547cea21c10:indexpattern-datasource-layer-0aa843a1-6902-47e5-88d7-a9efd68ce2e3","type":"index-pattern"},{"id":"logs-*","name":"f5a25a0b-604e-467b-bf83-685ed7925c1d:indexpattern-datasource-layer-b4080c20-fb76-441d-a8d3-b772997c1a9d","type":"index-pattern"},{"id":"logs-*","name":"42da590b-25b7-4779-8aea-54dc9bd6731f:indexpattern-datasource-layer-b4080c20-fb76-441d-a8d3-b772997c1a9d","type":"index-pattern"},{"id":"logs-*","name":"00e49338-83b8-4b28-9035-635d382ec72a:indexpattern-datasource-layer-3301a3e3-33e1-4809-9280-7ee202b61d18","type":"index-pattern"},{"id":"logs-*","name":"e81c9c68-4e3e-48ed-b289-eaafb7af3752:indexpattern-datasource-layer-3301a3e3-33e1-4809-9280-7ee202b61d18","type":"index-pattern"},{"id":"logs-*","name":"427981ce-492c-49c6-83d0-40ee3a717a20:indexpattern-datasource-layer-4ecc0135-8b3b-4420-a97b-07baf0ad169c","type":"index-pattern"},{"id":"logs-*","name":"88339376-e612-4096-b762-9b6bb7a19c1f:indexpattern-datasource-layer-b4080c20-fb76-441d-a8d3-b772997c1a9d","type":"index-pattern"},{"id":"logs-*","name":"794cfd69-290e-4a83-8e59-21a13e713fe6:indexpattern-datasource-layer-4ecc0135-8b3b-4420-a97b-07baf0ad169c","type":"index-pattern"},{"id":"logs-*","name":"cdf1fd4d-d93a-4ad2-aa00-4959fe77be56:indexpattern-datasource-layer-b4080c20-fb76-441d-a8d3-b772997c1a9d","type":"index-pattern"},{"id":"logs-*","name":"6f6b8831-d79e-4291-9431-b2ea16be6dd7:indexpattern-datasource-layer-4ecc0135-8b3b-4420-a97b-07baf0ad169c","type":"index-pattern"},{"id":"logs-*","name":"f684b364-536f-44d4-a6a6-6975f964daae:indexpattern-datasource-layer-b4080c20-fb76-441d-a8d3-b772997c1a9d","type":"index-pattern"},{"id":"logs-*","name":"4a4bf160-0594-40f8-ab4d-6242c41b79a2:indexpattern-datasource-layer-b4080c20-fb76-441d-a8d3-b772997c1a9d","type":"index-pattern"},{"id":"logs-*","name":"62e853e4-fa5e-49f0-8e5f-575c5c9bf3fc:indexpattern-datasource-layer-b4080c20-fb76-441d-a8d3-b772997c1a9d","type":"index-pattern"},{"id":"logs-*","name":"06d83d34-1df0-4dc3-ac38-d8ce26f23b80:indexpattern-datasource-layer-b4080c20-fb76-441d-a8d3-b772997c1a9d","type":"index-pattern"},{"id":"logs-*","name":"0e36eb8f-5d02-4ffd-90cb-4f7e094d300d:indexpattern-datasource-layer-b4080c20-fb76-441d-a8d3-b772997c1a9d","type":"index-pattern"},{"id":"logs-*","name":"b3e68758-292a-4392-8311-23a575fec922:indexpattern-datasource-layer-b4080c20-fb76-441d-a8d3-b772997c1a9d","type":"index-pattern"},{"id":"logs-*","name":"57f08755-8c84-4134-bbb4-af146826e55a:indexpattern-datasource-layer-b4080c20-fb76-441d-a8d3-b772997c1a9d","type":"index-pattern"},{"id":"logs-*","name":"16b1f8bc-bd46-420c-9538-579c1339b9cb:indexpattern-datasource-layer-b4080c20-fb76-441d-a8d3-b772997c1a9d","type":"index-pattern"},{"id":"logs-*","name":"0df40626-ace9-4e3b-b839-8f865051bb87:indexpattern-datasource-layer-b4080c20-fb76-441d-a8d3-b772997c1a9d","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688996741503,7904],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3OTAsMV0="}
+{"attributes":{"columns":["google_workspace.groups.email","google_workspace.groups.setting","google_workspace.groups.old_value","google_workspace.groups.new_value"],"description":"","grid":{"columns":{"google_workspace.groups.email":{"width":327},"google_workspace.groups.setting":{"width":327}}},"hideChart":false,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.action\",\"negate\":false,\"params\":{\"query\":\"change_info_setting\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.action\":\"change_info_setting\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.groups\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.groups\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"sort":[["@timestamp","desc"]],"title":"Group Info Settings Changes [Logs Google Workspace]"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"google_workspace-676e6980-3bfc-11ed-8bdd-f5c5df6c1370","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688996741503,7910],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3OTEsMV0="}
+{"attributes":{"columns":["source.user.email"],"description":"","grid":{"columns":{"@timestamp":{"width":210}}},"hideChart":false,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.login\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.login\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"sort":[["@timestamp","desc"]],"title":"Login Failure by Types [Logs Google Workspace]"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"google_workspace-7ab25b80-3b13-11ed-8bdd-f5c5df6c1370","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688996741503,7915],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3OTIsMV0="}
+{"attributes":{"columns":["event.action","google_workspace.event.type","google_workspace.admin.old_value","google_workspace.admin.new_value"],"description":"","grid":{},"hideChart":false,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.admin\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.admin\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"sort":[["@timestamp","desc"]],"title":"Settings Changes [Logs Google Workspace]"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"google_workspace-ebb44680-3bf5-11ed-8bdd-f5c5df6c1370","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688996741503,7920],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3OTMsMV0="}
+{"attributes":{"description":"Overview of Google Workspace Admin.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.admin\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.admin\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"map\",\"gridData\":{\"h\":18,\"i\":\"db3ad227-f043-4cc0-9d48-69d67cdc63d4\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"db3ad227-f043-4cc0-9d48-69d67cdc63d4\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"layerListJSON\":\"[{\\\"locale\\\":\\\"autoselect\\\",\\\"sourceDescriptor\\\":{\\\"type\\\":\\\"EMS_TMS\\\",\\\"isAutoSelect\\\":true,\\\"lightModeDefault\\\":\\\"road_map_desaturated\\\"},\\\"id\\\":\\\"1b9a0ec2-a115-4f57-a731-62e35e588921\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":1,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"EMS_VECTOR_TILE\\\",\\\"color\\\":\\\"\\\"},\\\"includeInFitToBounds\\\":true,\\\"type\\\":\\\"EMS_VECTOR_TILE\\\"},{\\\"sourceDescriptor\\\":{\\\"geoField\\\":\\\"source.geo.location\\\",\\\"requestType\\\":\\\"heatmap\\\",\\\"resolution\\\":\\\"SUPER_FINE\\\",\\\"id\\\":\\\"9b7deb92-238b-47a2-a87d-5bd1aaf60862\\\",\\\"type\\\":\\\"ES_GEO_GRID\\\",\\\"applyGlobalQuery\\\":true,\\\"applyGlobalTime\\\":true,\\\"applyForceRefresh\\\":true,\\\"metrics\\\":[{\\\"type\\\":\\\"count\\\"}],\\\"indexPatternRefName\\\":\\\"layer_1_source_index_pattern\\\"},\\\"id\\\":\\\"1bb6bfcd-9dc9-4abb-b41d-bd8eafb59a67\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":0.75,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"HEATMAP\\\",\\\"colorRampName\\\":\\\"theclassic\\\"},\\\"includeInFitToBounds\\\":true,\\\"type\\\":\\\"HEATMAP\\\"}]\",\"mapStateJSON\":\"{\\\"zoom\\\":0.68,\\\"center\\\":{\\\"lon\\\":-91.00144,\\\"lat\\\":6.63298},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-15m\\\",\\\"to\\\":\\\"now\\\"},\\\"refreshConfig\\\":{\\\"isPaused\\\":true,\\\"interval\\\":0},\\\"query\\\":{\\\"query\\\":\\\"\\\",\\\"language\\\":\\\"kuery\\\"},\\\"filters\\\":[],\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false,\\\"backgroundColor\\\":\\\"#ffffff\\\",\\\"customIcons\\\":[],\\\"disableInteractive\\\":false,\\\"disableTooltipControl\\\":false,\\\"hideToolbarOverlay\\\":false,\\\"hideLayerControl\\\":false,\\\"hideViewControl\\\":false,\\\"initialLocation\\\":\\\"LAST_SAVED_LOCATION\\\",\\\"fixedLocation\\\":{\\\"lat\\\":0,\\\"lon\\\":0,\\\"zoom\\\":2},\\\"browserLocation\\\":{\\\"zoom\\\":2},\\\"keydownScrollZoom\\\":false,\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"showScaleControl\\\":false,\\\"showSpatialFilters\\\":true,\\\"showTimesliderToggleButton\\\":true,\\\"spatialFiltersAlpa\\\":0.3,\\\"spatialFiltersFillColor\\\":\\\"#DA8B45\\\",\\\"spatialFiltersLineColor\\\":\\\"#DA8B45\\\"}}\",\"title\":\"\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[\\\"1bb6bfcd-9dc9-4abb-b41d-bd8eafb59a67\\\"]}\"},\"enhancements\":{},\"hiddenLayers\":[],\"hidePanelTitles\":false,\"isLayerTOCOpen\":true,\"mapBuffer\":{\"maxLat\":85.05113,\"maxLon\":360,\"minLat\":-85.05113,\"minLon\":-540},\"mapCenter\":{\"lat\":15.6024,\"lon\":-91.00144,\"zoom\":0.68},\"openTOCDetails\":[\"1bb6bfcd-9dc9-4abb-b41d-bd8eafb59a67\"],\"type\":\"map\"},\"title\":\"Admin Activity by Location [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"542bc939-aff6-4f03-b85c-82cdc0b61c0d\",\"w\":24,\"x\":0,\"y\":18},\"panelIndex\":\"542bc939-aff6-4f03-b85c-82cdc0b61c0d\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-ac16649e-423f-457c-bc22-a70b87b3afb8\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"ac16649e-423f-457c-bc22-a70b87b3afb8\":{\"columnOrder\":[\"7d808e71-39e6-49fc-9aea-b6fd81b8729f\",\"29790544-b881-4932-9bf8-afe77aa456b3\"],\"columns\":{\"29790544-b881-4932-9bf8-afe77aa456b3\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"7d808e71-39e6-49fc-9aea-b6fd81b8729f\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Event Action\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"29790544-b881-4932-9bf8-afe77aa456b3\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"event.action\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"ac16649e-423f-457c-bc22-a70b87b3afb8\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"7d808e71-39e6-49fc-9aea-b6fd81b8729f\"],\"metrics\":[\"29790544-b881-4932-9bf8-afe77aa456b3\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Admin Events by Event Action [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"2dd48f01-fe23-4e26-8184-cae43aceb9f7\",\"w\":24,\"x\":24,\"y\":18},\"panelIndex\":\"2dd48f01-fe23-4e26-8184-cae43aceb9f7\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-bae06901-e65e-44de-bc42-376e6d4ac823\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"bae06901-e65e-44de-bc42-376e6d4ac823\":{\"columnOrder\":[\"808a404a-4e26-4fa9-9252-4d0b482177e3\",\"7d028f30-2071-4ae3-957f-7afab533a9dc\"],\"columns\":{\"7d028f30-2071-4ae3-957f-7afab533a9dc\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"808a404a-4e26-4fa9-9252-4d0b482177e3\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Data Source\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"7d028f30-2071-4ae3-957f-7afab533a9dc\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.event.type\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"808a404a-4e26-4fa9-9252-4d0b482177e3\"},{\"columnId\":\"7d028f30-2071-4ae3-957f-7afab533a9dc\"}],\"layerId\":\"bae06901-e65e-44de-bc42-376e6d4ac823\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top 10 Data Source [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"1bf4ea45-2339-4154-bbb4-cdcae8996a6b\",\"w\":24,\"x\":24,\"y\":33},\"panelIndex\":\"1bf4ea45-2339-4154-bbb4-cdcae8996a6b\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-37c9e2f8-0a5d-4fe5-b90a-3020bcf15de4\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"37c9e2f8-0a5d-4fe5-b90a-3020bcf15de4\":{\"columnOrder\":[\"b55b0541-7c14-4a92-a9a8-e488a57f0088\",\"59c7cf52-497c-4f6a-815b-3a77b1ec5734\"],\"columns\":{\"59c7cf52-497c-4f6a-815b-3a77b1ec5734\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"b55b0541-7c14-4a92-a9a8-e488a57f0088\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Domain\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"59c7cf52-497c-4f6a-815b-3a77b1ec5734\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.admin.domain.name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"59c7cf52-497c-4f6a-815b-3a77b1ec5734\"],\"layerId\":\"37c9e2f8-0a5d-4fe5-b90a-3020bcf15de4\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"b55b0541-7c14-4a92-a9a8-e488a57f0088\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Admin Events by Domain [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"533eb7c5-d127-4ed7-a1bf-3944ba07f73d\",\"w\":24,\"x\":0,\"y\":33},\"panelIndex\":\"533eb7c5-d127-4ed7-a1bf-3944ba07f73d\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-941b90b0-14c7-49f8-80a4-261b8d9489e5\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"941b90b0-14c7-49f8-80a4-261b8d9489e5\":{\"columnOrder\":[\"671d6acf-25ff-451f-8053-69c2978ed1e6\",\"83748527-ab97-4f00-b955-35661178e638\"],\"columns\":{\"671d6acf-25ff-451f-8053-69c2978ed1e6\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Device Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"83748527-ab97-4f00-b955-35661178e638\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.admin.device.type\"},\"83748527-ab97-4f00-b955-35661178e638\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"941b90b0-14c7-49f8-80a4-261b8d9489e5\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"671d6acf-25ff-451f-8053-69c2978ed1e6\"],\"metrics\":[\"83748527-ab97-4f00-b955-35661178e638\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Admin Events by Device Type [Logs Google Workspace]\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":20,\"i\":\"44df46b9-f301-4d3c-83db-8781aeb70d13\",\"w\":48,\"x\":0,\"y\":48},\"panelIndex\":\"44df46b9-f301-4d3c-83db-8781aeb70d13\",\"panelRefName\":\"panel_44df46b9-f301-4d3c-83db-8781aeb70d13\",\"type\":\"search\",\"version\":\"8.4.0\"}]","timeRestore":false,"title":"[Logs Google Workspace] Admin","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"google_workspace-8925d900-3b43-11ed-8bdd-f5c5df6c1370","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"db3ad227-f043-4cc0-9d48-69d67cdc63d4:layer_1_source_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"542bc939-aff6-4f03-b85c-82cdc0b61c0d:indexpattern-datasource-layer-ac16649e-423f-457c-bc22-a70b87b3afb8","type":"index-pattern"},{"id":"logs-*","name":"2dd48f01-fe23-4e26-8184-cae43aceb9f7:indexpattern-datasource-layer-bae06901-e65e-44de-bc42-376e6d4ac823","type":"index-pattern"},{"id":"logs-*","name":"1bf4ea45-2339-4154-bbb4-cdcae8996a6b:indexpattern-datasource-layer-37c9e2f8-0a5d-4fe5-b90a-3020bcf15de4","type":"index-pattern"},{"id":"logs-*","name":"533eb7c5-d127-4ed7-a1bf-3944ba07f73d:indexpattern-datasource-layer-941b90b0-14c7-49f8-80a4-261b8d9489e5","type":"index-pattern"},{"id":"google_workspace-ebb44680-3bf5-11ed-8bdd-f5c5df6c1370","name":"44df46b9-f301-4d3c-83db-8781aeb70d13:panel_44df46b9-f301-4d3c-83db-8781aeb70d13","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688996741503,7930],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3OTQsMV0="}
+{"attributes":{"columns":["google_workspace.groups.email","google_workspace.groups.setting","google_workspace.groups.old_value","google_workspace.groups.new_value"],"description":"","grid":{"columns":{"google_workspace.groups.email":{"width":327},"google_workspace.groups.setting":{"width":327}}},"hideChart":false,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.action\",\"negate\":false,\"params\":{\"query\":\"change_topic_setting\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.action\":\"change_topic_setting\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.groups\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.groups\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"sort":[["@timestamp","desc"]],"title":"Group Topic Setting Changes [Logs Google Workspace]"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"google_workspace-8e8f98d0-3c02-11ed-8bdd-f5c5df6c1370","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688996741503,7936],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3OTUsMV0="}
+{"attributes":{"columns":["user.email","google_workspace.alert.type"],"description":"","grid":{"columns":{"@timestamp":{"width":322},"user.email":{"width":495}}},"hideChart":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"google_workspace.alert\\\"\"}}"},"sort":[["@timestamp","desc"]],"title":"User Email and Alert Type [Logs Google Workspace]"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"google_workspace-8ec40930-0110-11ed-825d-df764a9c0c57","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688996741503,7940],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3OTYsMV0="}
+{"attributes":{"columns":["google_workspace.context_aware_access.application","google_workspace.context_aware_access.device.id","google_workspace.context_aware_access.device.state"],"description":"","grid":{},"hideChart":false,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.context_aware_access\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.context_aware_access\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"sort":[["@timestamp","desc"]],"title":"Context Aware Access [Logs Google Workspace]"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"google_workspace-c3960ae0-9586-11ed-82ba-c3ec829933e4","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688996741503,7945],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3OTcsMV0="}
+{"attributes":{"description":"Overview of Google Workspace User Account.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.user_accounts\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.user_accounts\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"map\",\"gridData\":{\"h\":18,\"i\":\"26ae43a3-589e-487d-a0d7-525634a754a6\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"26ae43a3-589e-487d-a0d7-525634a754a6\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"layerListJSON\":\"[{\\\"locale\\\":\\\"autoselect\\\",\\\"sourceDescriptor\\\":{\\\"type\\\":\\\"EMS_TMS\\\",\\\"isAutoSelect\\\":true,\\\"lightModeDefault\\\":\\\"road_map_desaturated\\\"},\\\"id\\\":\\\"707528d3-06d1-49af-8918-358001efd8f5\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":1,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"EMS_VECTOR_TILE\\\",\\\"color\\\":\\\"\\\"},\\\"includeInFitToBounds\\\":true,\\\"type\\\":\\\"EMS_VECTOR_TILE\\\"},{\\\"sourceDescriptor\\\":{\\\"geoField\\\":\\\"source.geo.location\\\",\\\"requestType\\\":\\\"heatmap\\\",\\\"resolution\\\":\\\"SUPER_FINE\\\",\\\"id\\\":\\\"b93e3b9e-f9e2-4895-9e4d-a44773daae0d\\\",\\\"type\\\":\\\"ES_GEO_GRID\\\",\\\"applyGlobalQuery\\\":true,\\\"applyGlobalTime\\\":true,\\\"applyForceRefresh\\\":true,\\\"metrics\\\":[{\\\"type\\\":\\\"count\\\"}],\\\"indexPatternRefName\\\":\\\"layer_1_source_index_pattern\\\"},\\\"id\\\":\\\"77ef5d1b-be38-442a-9286-322721644d0f\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":0.75,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"HEATMAP\\\",\\\"colorRampName\\\":\\\"theclassic\\\"},\\\"includeInFitToBounds\\\":true,\\\"type\\\":\\\"HEATMAP\\\"}]\",\"mapStateJSON\":\"{\\\"zoom\\\":1.54,\\\"center\\\":{\\\"lon\\\":0,\\\"lat\\\":19.94277},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-15m\\\",\\\"to\\\":\\\"now\\\"},\\\"refreshConfig\\\":{\\\"isPaused\\\":true,\\\"interval\\\":0},\\\"query\\\":{\\\"query\\\":\\\"\\\",\\\"language\\\":\\\"kuery\\\"},\\\"filters\\\":[],\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false,\\\"backgroundColor\\\":\\\"#ffffff\\\",\\\"customIcons\\\":[],\\\"disableInteractive\\\":false,\\\"disableTooltipControl\\\":false,\\\"hideToolbarOverlay\\\":false,\\\"hideLayerControl\\\":false,\\\"hideViewControl\\\":false,\\\"initialLocation\\\":\\\"LAST_SAVED_LOCATION\\\",\\\"fixedLocation\\\":{\\\"lat\\\":0,\\\"lon\\\":0,\\\"zoom\\\":2},\\\"browserLocation\\\":{\\\"zoom\\\":2},\\\"keydownScrollZoom\\\":false,\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"showScaleControl\\\":false,\\\"showSpatialFilters\\\":true,\\\"showTimesliderToggleButton\\\":true,\\\"spatialFiltersAlpa\\\":0.3,\\\"spatialFiltersFillColor\\\":\\\"#DA8B45\\\",\\\"spatialFiltersLineColor\\\":\\\"#DA8B45\\\"}}\",\"title\":\"\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[\\\"77ef5d1b-be38-442a-9286-322721644d0f\\\"]}\"},\"enhancements\":{},\"hiddenLayers\":[],\"hidePanelTitles\":false,\"isLayerTOCOpen\":true,\"mapBuffer\":{\"maxLat\":66.51326,\"maxLon\":180,\"minLat\":-66.51326,\"minLon\":-180},\"mapCenter\":{\"lat\":19.94277,\"lon\":0,\"zoom\":1.54},\"openTOCDetails\":[\"77ef5d1b-be38-442a-9286-322721644d0f\"],\"type\":\"map\"},\"title\":\"User Account Activity by Location [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"063f63f2-df3c-4d39-a49b-c0f79b5becf3\",\"w\":24,\"x\":0,\"y\":18},\"panelIndex\":\"063f63f2-df3c-4d39-a49b-c0f79b5becf3\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-552c1fa5-8dea-4d0d-a845-214b0f15beaf\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"552c1fa5-8dea-4d0d-a845-214b0f15beaf\":{\"columnOrder\":[\"1f3d0f09-fcda-4fe0-9534-741484a7c626\",\"48bd6463-e49e-4661-9792-98e02c6be994\"],\"columns\":{\"1f3d0f09-fcda-4fe0-9534-741484a7c626\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Event Action\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"48bd6463-e49e-4661-9792-98e02c6be994\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"event.action\"},\"48bd6463-e49e-4661-9792-98e02c6be994\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"552c1fa5-8dea-4d0d-a845-214b0f15beaf\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"1f3d0f09-fcda-4fe0-9534-741484a7c626\"],\"metrics\":[\"48bd6463-e49e-4661-9792-98e02c6be994\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of User Account Events by Event Action [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"d418d972-b396-4b34-92ba-79a3c8f5c5f7\",\"w\":24,\"x\":24,\"y\":18},\"panelIndex\":\"d418d972-b396-4b34-92ba-79a3c8f5c5f7\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-76ad4adb-bb8a-48e7-8787-ca9d7cd73a40\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"76ad4adb-bb8a-48e7-8787-ca9d7cd73a40\":{\"columnOrder\":[\"2b6d220f-5d57-4588-a496-0fa9c3d66b91\",\"258d75db-23b3-4cb9-a506-256a8490e546\"],\"columns\":{\"258d75db-23b3-4cb9-a506-256a8490e546\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"2b6d220f-5d57-4588-a496-0fa9c3d66b91\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Organization Domain\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"258d75db-23b3-4cb9-a506-256a8490e546\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.organization.domain\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"2b6d220f-5d57-4588-a496-0fa9c3d66b91\"},{\"columnId\":\"258d75db-23b3-4cb9-a506-256a8490e546\"}],\"layerId\":\"76ad4adb-bb8a-48e7-8787-ca9d7cd73a40\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top 10 Organization Domain [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"3c8d2701-a63b-4c7e-a158-a2bb4340915a\",\"w\":24,\"x\":0,\"y\":33},\"panelIndex\":\"3c8d2701-a63b-4c7e-a158-a2bb4340915a\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-8725877a-58ef-473d-9322-1e473840de8c\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"8725877a-58ef-473d-9322-1e473840de8c\":{\"columnOrder\":[\"afede701-0d06-4d84-8bb3-f3711ba91cb6\",\"acd3624b-32bb-4634-b97b-5f899b78f7ae\"],\"columns\":{\"acd3624b-32bb-4634-b97b-5f899b78f7ae\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"afede701-0d06-4d84-8bb3-f3711ba91cb6\":{\"customLabel\":true,\"dataType\":\"ip\",\"isBucketed\":true,\"label\":\"IP of User Account\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"acd3624b-32bb-4634-b97b-5f899b78f7ae\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"source.ip\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"afede701-0d06-4d84-8bb3-f3711ba91cb6\"},{\"columnId\":\"acd3624b-32bb-4634-b97b-5f899b78f7ae\"}],\"layerId\":\"8725877a-58ef-473d-9322-1e473840de8c\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top 10 IP of User Account [Logs Google Workspace]\"}]","timeRestore":false,"title":"[Logs Google Workspace] User Account","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"google_workspace-ca3ff140-3b3f-11ed-8bdd-f5c5df6c1370","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"26ae43a3-589e-487d-a0d7-525634a754a6:layer_1_source_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"063f63f2-df3c-4d39-a49b-c0f79b5becf3:indexpattern-datasource-layer-552c1fa5-8dea-4d0d-a845-214b0f15beaf","type":"index-pattern"},{"id":"logs-*","name":"d418d972-b396-4b34-92ba-79a3c8f5c5f7:indexpattern-datasource-layer-76ad4adb-bb8a-48e7-8787-ca9d7cd73a40","type":"index-pattern"},{"id":"logs-*","name":"3c8d2701-a63b-4c7e-a158-a2bb4340915a:indexpattern-datasource-layer-8725877a-58ef-473d-9322-1e473840de8c","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688996741503,7953],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3OTgsMV0="}
+{"attributes":{"columns":["google_workspace.groups.email","google_workspace.groups.setting","google_workspace.groups.old_value","google_workspace.groups.new_value"],"description":"","grid":{"columns":{"google_workspace.groups.email":{"width":327}}},"hideChart":false,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.action\",\"negate\":false,\"params\":{\"query\":\"change_new_members_restrictions_setting\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.action\":\"change_new_members_restrictions_setting\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.groups\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.groups\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"sort":[["@timestamp","desc"]],"title":"Group New Members Restrictions Setting Changes [Logs Google Workspace]"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"google_workspace-e3d44490-3bfc-11ed-8bdd-f5c5df6c1370","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688996741503,7959],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ3OTksMV0="}
+{"attributes":{"columns":["google_workspace.groups.acl_permission","google_workspace.groups.email","google_workspace.groups.old_value","google_workspace.groups.new_value"],"description":"","grid":{"columns":{"google_workspace.groups.email":{"width":327}}},"hideChart":false,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.action\",\"negate\":false,\"params\":{\"query\":\"change_acl_permission\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.action\":\"change_acl_permission\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.groups\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.groups\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"sort":[["@timestamp","desc"]],"title":"Group Permission Changes [Logs Google Workspace]"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"google_workspace-d542c8e0-3bfa-11ed-8bdd-f5c5df6c1370","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688996741503,7965],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4MDAsMV0="}
+{"attributes":{"description":"Overview of Google Workspace Groups.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.groups\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.groups\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"map\",\"gridData\":{\"h\":19,\"i\":\"afb88f80-4dc3-4dda-957a-42f50248c77c\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"afb88f80-4dc3-4dda-957a-42f50248c77c\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"layerListJSON\":\"[{\\\"locale\\\":\\\"autoselect\\\",\\\"sourceDescriptor\\\":{\\\"type\\\":\\\"EMS_TMS\\\",\\\"isAutoSelect\\\":true,\\\"lightModeDefault\\\":\\\"road_map_desaturated\\\"},\\\"id\\\":\\\"1b6b7889-8746-4131-b1e9-e324b4e78dfe\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":1,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"EMS_VECTOR_TILE\\\",\\\"color\\\":\\\"\\\"},\\\"includeInFitToBounds\\\":true,\\\"type\\\":\\\"EMS_VECTOR_TILE\\\"},{\\\"sourceDescriptor\\\":{\\\"geoField\\\":\\\"source.geo.location\\\",\\\"requestType\\\":\\\"heatmap\\\",\\\"resolution\\\":\\\"SUPER_FINE\\\",\\\"id\\\":\\\"ec262955-508f-44d9-a458-111c73323707\\\",\\\"type\\\":\\\"ES_GEO_GRID\\\",\\\"applyGlobalQuery\\\":true,\\\"applyGlobalTime\\\":true,\\\"applyForceRefresh\\\":true,\\\"metrics\\\":[{\\\"type\\\":\\\"count\\\"}],\\\"indexPatternRefName\\\":\\\"layer_1_source_index_pattern\\\"},\\\"id\\\":\\\"99127787-99fb-4fa9-82a3-3a30d74eee9a\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":0.75,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"HEATMAP\\\",\\\"colorRampName\\\":\\\"theclassic\\\"},\\\"includeInFitToBounds\\\":true,\\\"type\\\":\\\"HEATMAP\\\"}]\",\"mapStateJSON\":\"{\\\"zoom\\\":1.56,\\\"center\\\":{\\\"lon\\\":0.79396,\\\"lat\\\":18.74281},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-15y\\\",\\\"to\\\":\\\"now\\\"},\\\"refreshConfig\\\":{\\\"isPaused\\\":true,\\\"interval\\\":0},\\\"query\\\":{\\\"query\\\":\\\"\\\",\\\"language\\\":\\\"kuery\\\"},\\\"filters\\\":[],\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false,\\\"backgroundColor\\\":\\\"#ffffff\\\",\\\"customIcons\\\":[],\\\"disableInteractive\\\":false,\\\"disableTooltipControl\\\":false,\\\"hideToolbarOverlay\\\":false,\\\"hideLayerControl\\\":false,\\\"hideViewControl\\\":false,\\\"initialLocation\\\":\\\"LAST_SAVED_LOCATION\\\",\\\"fixedLocation\\\":{\\\"lat\\\":0,\\\"lon\\\":0,\\\"zoom\\\":2},\\\"browserLocation\\\":{\\\"zoom\\\":2},\\\"keydownScrollZoom\\\":false,\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"showScaleControl\\\":false,\\\"showSpatialFilters\\\":true,\\\"showTimesliderToggleButton\\\":true,\\\"spatialFiltersAlpa\\\":0.3,\\\"spatialFiltersFillColor\\\":\\\"#DA8B45\\\",\\\"spatialFiltersLineColor\\\":\\\"#DA8B45\\\"}}\",\"title\":\"\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[\\\"99127787-99fb-4fa9-82a3-3a30d74eee9a\\\"]}\"},\"enhancements\":{},\"hiddenLayers\":[],\"hidePanelTitles\":false,\"isLayerTOCOpen\":true,\"mapBuffer\":{\"maxLat\":66.51326,\"maxLon\":270,\"minLat\":-66.51326,\"minLon\":-270},\"mapCenter\":{\"lat\":18.74281,\"lon\":0.79396,\"zoom\":1.56},\"openTOCDetails\":[\"99127787-99fb-4fa9-82a3-3a30d74eee9a\"],\"type\":\"map\"},\"title\":\"Group Activity by Location [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"f9dbc5f6-21e9-4a47-8e96-38b51da23fc4\",\"w\":24,\"x\":0,\"y\":19},\"panelIndex\":\"f9dbc5f6-21e9-4a47-8e96-38b51da23fc4\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-7633317d-f40f-4529-9a3a-7a6ef0ad8c10\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"7633317d-f40f-4529-9a3a-7a6ef0ad8c10\":{\"columnOrder\":[\"c6720064-5b3a-4d61-90ee-897c0c9d281f\",\"9a0c0ebd-da40-4d91-8279-f6aa059deb2a\"],\"columns\":{\"9a0c0ebd-da40-4d91-8279-f6aa059deb2a\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"c6720064-5b3a-4d61-90ee-897c0c9d281f\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Event Action\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"9a0c0ebd-da40-4d91-8279-f6aa059deb2a\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"event.action\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"7633317d-f40f-4529-9a3a-7a6ef0ad8c10\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"c6720064-5b3a-4d61-90ee-897c0c9d281f\"],\"metrics\":[\"9a0c0ebd-da40-4d91-8279-f6aa059deb2a\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Groups Events by Event Action [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"c2e2430f-3be1-43f6-a2d4-fee6fc64232c\",\"w\":24,\"x\":24,\"y\":19},\"panelIndex\":\"c2e2430f-3be1-43f6-a2d4-fee6fc64232c\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-46c2ca78-5e2c-42b9-8d54-6f39c8a1b756\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"46c2ca78-5e2c-42b9-8d54-6f39c8a1b756\":{\"columnOrder\":[\"bc58f82f-057e-4715-a191-88e33bf91997\",\"ba66231e-10bf-43a1-b018-904416d0ff5c\"],\"columns\":{\"ba66231e-10bf-43a1-b018-904416d0ff5c\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"bc58f82f-057e-4715-a191-88e33bf91997\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"ACL Permissions\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"ba66231e-10bf-43a1-b018-904416d0ff5c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.groups.acl_permission\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"bc58f82f-057e-4715-a191-88e33bf91997\"},{\"columnId\":\"ba66231e-10bf-43a1-b018-904416d0ff5c\"}],\"layerId\":\"46c2ca78-5e2c-42b9-8d54-6f39c8a1b756\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top 10 ACL Permissions [Logs Google Workspace]\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":15,\"i\":\"8178a326-bde4-48d7-be24-4b1f26229cf9\",\"w\":24,\"x\":0,\"y\":34},\"panelIndex\":\"8178a326-bde4-48d7-be24-4b1f26229cf9\",\"panelRefName\":\"panel_8178a326-bde4-48d7-be24-4b1f26229cf9\",\"type\":\"search\",\"version\":\"8.4.0\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":15,\"i\":\"20424297-98c8-4286-b938-3b2cc4d97db0\",\"w\":24,\"x\":24,\"y\":34},\"panelIndex\":\"20424297-98c8-4286-b938-3b2cc4d97db0\",\"panelRefName\":\"panel_20424297-98c8-4286-b938-3b2cc4d97db0\",\"type\":\"search\",\"version\":\"8.4.0\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":19,\"i\":\"6f49ba9e-85aa-4425-8b49-03d21d459844\",\"w\":48,\"x\":0,\"y\":49},\"panelIndex\":\"6f49ba9e-85aa-4425-8b49-03d21d459844\",\"panelRefName\":\"panel_6f49ba9e-85aa-4425-8b49-03d21d459844\",\"type\":\"search\",\"version\":\"8.4.0\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":19,\"i\":\"8fa377dc-cbba-498e-a52e-7f871beafe44\",\"w\":48,\"x\":0,\"y\":68},\"panelIndex\":\"8fa377dc-cbba-498e-a52e-7f871beafe44\",\"panelRefName\":\"panel_8fa377dc-cbba-498e-a52e-7f871beafe44\",\"type\":\"search\",\"version\":\"8.4.0\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":19,\"i\":\"57346c0f-28a4-4300-92bf-7b8d50387bdb\",\"w\":48,\"x\":0,\"y\":87},\"panelIndex\":\"57346c0f-28a4-4300-92bf-7b8d50387bdb\",\"panelRefName\":\"panel_57346c0f-28a4-4300-92bf-7b8d50387bdb\",\"type\":\"search\",\"version\":\"8.4.0\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":19,\"i\":\"b0a5f751-2bbc-4059-a715-a62b27aa951f\",\"w\":48,\"x\":0,\"y\":106},\"panelIndex\":\"b0a5f751-2bbc-4059-a715-a62b27aa951f\",\"panelRefName\":\"panel_b0a5f751-2bbc-4059-a715-a62b27aa951f\",\"type\":\"search\",\"version\":\"8.4.0\"}]","timeRestore":false,"title":"[Logs Google Workspace] Groups","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"google_workspace-d3cf6d50-3bfb-11ed-8bdd-f5c5df6c1370","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"afb88f80-4dc3-4dda-957a-42f50248c77c:layer_1_source_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"f9dbc5f6-21e9-4a47-8e96-38b51da23fc4:indexpattern-datasource-layer-7633317d-f40f-4529-9a3a-7a6ef0ad8c10","type":"index-pattern"},{"id":"logs-*","name":"c2e2430f-3be1-43f6-a2d4-fee6fc64232c:indexpattern-datasource-layer-46c2ca78-5e2c-42b9-8d54-6f39c8a1b756","type":"index-pattern"},{"id":"google_workspace-e3d44490-3bfc-11ed-8bdd-f5c5df6c1370","name":"8178a326-bde4-48d7-be24-4b1f26229cf9:panel_8178a326-bde4-48d7-be24-4b1f26229cf9","type":"search"},{"id":"google_workspace-3ceeeba0-3c04-11ed-8bdd-f5c5df6c1370","name":"20424297-98c8-4286-b938-3b2cc4d97db0:panel_20424297-98c8-4286-b938-3b2cc4d97db0","type":"search"},{"id":"google_workspace-10b37c00-3c03-11ed-8bdd-f5c5df6c1370","name":"6f49ba9e-85aa-4425-8b49-03d21d459844:panel_6f49ba9e-85aa-4425-8b49-03d21d459844","type":"search"},{"id":"google_workspace-676e6980-3bfc-11ed-8bdd-f5c5df6c1370","name":"8fa377dc-cbba-498e-a52e-7f871beafe44:panel_8fa377dc-cbba-498e-a52e-7f871beafe44","type":"search"},{"id":"google_workspace-d542c8e0-3bfa-11ed-8bdd-f5c5df6c1370","name":"57346c0f-28a4-4300-92bf-7b8d50387bdb:panel_57346c0f-28a4-4300-92bf-7b8d50387bdb","type":"search"},{"id":"google_workspace-8e8f98d0-3c02-11ed-8bdd-f5c5df6c1370","name":"b0a5f751-2bbc-4059-a715-a62b27aa951f:panel_b0a5f751-2bbc-4059-a715-a62b27aa951f","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688996741503,7978],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4MDEsMV0="}
+{"attributes":{"columns":["event.id","google_workspace.alert.source","google_workspace.alert.type"],"description":"","grid":{},"hideChart":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"google_workspace.alert\\\"\"}}"},"sort":[["@timestamp","desc"]],"title":"Alert [Logs Google Workspace]"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"google_workspace-e013b790-010b-11ed-825d-df764a9c0c57","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688996741503,7982],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4MDIsMV0="}
+{"attributes":{"description":"Overview of Google Workspace Alert.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"google_workspace.alert\\\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"56b2ee3f-ebac-45fe-b858-dce50d80ec2c\",\"w\":24,\"x\":0,\"y\":0},\"panelIndex\":\"56b2ee3f-ebac-45fe-b858-dce50d80ec2c\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-a1b37bdb-205d-4a62-8ec6-9f959262ee6f\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a1b37bdb-205d-4a62-8ec6-9f959262ee6f\":{\"columnOrder\":[\"f8f5d22a-5fda-43ab-a592-f485d006adca\",\"1753e5a5-24a4-48c9-bacf-467d9e5a7e19\",\"482dc9f7-a02d-4efe-884b-9540b978a570\"],\"columns\":{\"1753e5a5-24a4-48c9-bacf-467d9e5a7e19\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Alert Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"482dc9f7-a02d-4efe-884b-9540b978a570\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.alert.type\"},\"482dc9f7-a02d-4efe-884b-9540b978a570\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"f8f5d22a-5fda-43ab-a592-f485d006adca\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Customer ID\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"482dc9f7-a02d-4efe-884b-9540b978a570\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"organization.id\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"google_workspace.alert\\\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"f8f5d22a-5fda-43ab-a592-f485d006adca\",\"isTransposed\":false},{\"columnId\":\"1753e5a5-24a4-48c9-bacf-467d9e5a7e19\",\"isTransposed\":false},{\"alignment\":\"left\",\"columnId\":\"482dc9f7-a02d-4efe-884b-9540b978a570\",\"isTransposed\":false}],\"layerId\":\"a1b37bdb-205d-4a62-8ec6-9f959262ee6f\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top 10 Customer ID and Alert Type [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"6579eaad-0eb6-449e-8c7d-ccbd0982ef4e\",\"w\":16,\"x\":24,\"y\":0},\"panelIndex\":\"6579eaad-0eb6-449e-8c7d-ccbd0982ef4e\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-1b1a5743-7b56-4496-98e8-3226c635b02e\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"1b1a5743-7b56-4496-98e8-3226c635b02e\":{\"columnOrder\":[\"07a44659-9889-47ac-8722-facf15e17973\",\"84097520-fceb-4281-a3ff-68936e5ac1f2\"],\"columns\":{\"07a44659-9889-47ac-8722-facf15e17973\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Alert Status\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"84097520-fceb-4281-a3ff-68936e5ac1f2\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.alert.metadata.status\"},\"84097520-fceb-4281-a3ff-68936e5ac1f2\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"google_workspace.alert\\\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"1b1a5743-7b56-4496-98e8-3226c635b02e\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"legendPosition\":\"right\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":false,\"primaryGroups\":[\"07a44659-9889-47ac-8722-facf15e17973\"],\"metrics\":[\"84097520-fceb-4281-a3ff-68936e5ac1f2\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Alert Event by Alert Status [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"37d5ad5e-9fc7-43b9-99ae-cf0244e433e7\",\"w\":8,\"x\":40,\"y\":0},\"panelIndex\":\"37d5ad5e-9fc7-43b9-99ae-cf0244e433e7\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-dd17cab9-16f9-49f1-952a-fdf5b43fca61\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"dd17cab9-16f9-49f1-952a-fdf5b43fca61\":{\"columnOrder\":[\"7ab0f5e4-cf93-4cce-83d9-354cdc8832ca\"],\"columns\":{\"7ab0f5e4-cf93-4cce-83d9-354cdc8832ca\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Total Alert\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"google_workspace.alert\\\"\"},\"visualization\":{\"accessor\":\"7ab0f5e4-cf93-4cce-83d9-354cdc8832ca\",\"colorMode\":\"None\",\"layerId\":\"dd17cab9-16f9-49f1-952a-fdf5b43fca61\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Alert [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"f35cbdce-64f5-48ff-ac0e-7a26bc0ad7a8\",\"w\":24,\"x\":0,\"y\":15},\"panelIndex\":\"f35cbdce-64f5-48ff-ac0e-7a26bc0ad7a8\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-682c4ae9-c25f-4c6e-a02f-49ecadf23f79\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"682c4ae9-c25f-4c6e-a02f-49ecadf23f79\":{\"columnOrder\":[\"8f51b899-e4c4-436b-8cac-985156f8eba1\",\"58dab0b4-28cf-408b-b449-223f1f83878c\"],\"columns\":{\"58dab0b4-28cf-408b-b449-223f1f83878c\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"8f51b899-e4c4-436b-8cac-985156f8eba1\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Alert Source\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"58dab0b4-28cf-408b-b449-223f1f83878c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"event.action\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"google_workspace.alert\\\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"682c4ae9-c25f-4c6e-a02f-49ecadf23f79\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"8f51b899-e4c4-436b-8cac-985156f8eba1\"],\"metrics\":[\"58dab0b4-28cf-408b-b449-223f1f83878c\"]}],\"shape\":\"treemap\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Alert Event by Alert Source [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"76793002-1815-458b-84e2-77479aad6e3b\",\"w\":24,\"x\":24,\"y\":15},\"panelIndex\":\"76793002-1815-458b-84e2-77479aad6e3b\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-1de0ae32-4b53-4e68-a64e-a1137945ca37\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"1de0ae32-4b53-4e68-a64e-a1137945ca37\":{\"columnOrder\":[\"d32e217a-9bb3-46de-b925-53cbd0408ac4\",\"d217f394-c117-448a-a04e-2c1c124567c6\"],\"columns\":{\"d217f394-c117-448a-a04e-2c1c124567c6\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"d32e217a-9bb3-46de-b925-53cbd0408ac4\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Alert Severity\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"d217f394-c117-448a-a04e-2c1c124567c6\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.alert.metadata.severity\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"google_workspace.alert\\\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"1de0ae32-4b53-4e68-a64e-a1137945ca37\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":false,\"primaryGroups\":[\"d32e217a-9bb3-46de-b925-53cbd0408ac4\"],\"metrics\":[\"d217f394-c117-448a-a04e-2c1c124567c6\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Alert Event by Alert Severity [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"9025f50e-8c6f-4d4a-bb2f-329ca79da9ed\",\"w\":24,\"x\":0,\"y\":30},\"panelIndex\":\"9025f50e-8c6f-4d4a-bb2f-329ca79da9ed\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-c87edeb9-1c07-41c8-a627-14c4fc097da4\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"c87edeb9-1c07-41c8-a627-14c4fc097da4\":{\"columnOrder\":[\"e9d3707f-02f2-4334-8923-32890766f0e7\",\"809922ff-889c-430b-8c4d-9b59f79f146f\"],\"columns\":{\"809922ff-889c-430b-8c4d-9b59f79f146f\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"e9d3707f-02f2-4334-8923-32890766f0e7\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Alert Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"809922ff-889c-430b-8c4d-9b59f79f146f\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.alert.type\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"google_workspace.alert\\\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"e9d3707f-02f2-4334-8923-32890766f0e7\"},{\"alignment\":\"left\",\"columnId\":\"809922ff-889c-430b-8c4d-9b59f79f146f\"}],\"layerId\":\"c87edeb9-1c07-41c8-a627-14c4fc097da4\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top 10 Alert Type [Logs Google Workspace]\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":15,\"i\":\"9bd845b4-711f-41b8-8507-f2e2b9d42164\",\"w\":24,\"x\":24,\"y\":30},\"panelIndex\":\"9bd845b4-711f-41b8-8507-f2e2b9d42164\",\"panelRefName\":\"panel_9bd845b4-711f-41b8-8507-f2e2b9d42164\",\"type\":\"search\",\"version\":\"8.3.0\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"e44f86d0-eff4-4048-a976-d01587ff8e3f\",\"w\":24,\"x\":0,\"y\":45},\"panelIndex\":\"e44f86d0-eff4-4048-a976-d01587ff8e3f\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-c87edeb9-1c07-41c8-a627-14c4fc097da4\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"c87edeb9-1c07-41c8-a627-14c4fc097da4\":{\"columnOrder\":[\"e9d3707f-02f2-4334-8923-32890766f0e7\",\"809922ff-889c-430b-8c4d-9b59f79f146f\"],\"columns\":{\"809922ff-889c-430b-8c4d-9b59f79f146f\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"e9d3707f-02f2-4334-8923-32890766f0e7\":{\"customLabel\":true,\"dataType\":\"ip\",\"isBucketed\":true,\"label\":\"Source IP\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"809922ff-889c-430b-8c4d-9b59f79f146f\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"source.ip\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"google_workspace.alert\\\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"e9d3707f-02f2-4334-8923-32890766f0e7\"},{\"alignment\":\"left\",\"columnId\":\"809922ff-889c-430b-8c4d-9b59f79f146f\"}],\"layerId\":\"c87edeb9-1c07-41c8-a627-14c4fc097da4\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top 10 Source IP [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"f7e4ad57-5267-4e5f-923b-35a28c1bdafa\",\"w\":24,\"x\":24,\"y\":45},\"panelIndex\":\"f7e4ad57-5267-4e5f-923b-35a28c1bdafa\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-c87edeb9-1c07-41c8-a627-14c4fc097da4\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"c87edeb9-1c07-41c8-a627-14c4fc097da4\":{\"columnOrder\":[\"e9d3707f-02f2-4334-8923-32890766f0e7\",\"fe11ba28-0f22-4400-90ea-6167d17065c2\",\"809922ff-889c-430b-8c4d-9b59f79f146f\"],\"columns\":{\"809922ff-889c-430b-8c4d-9b59f79f146f\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"e9d3707f-02f2-4334-8923-32890766f0e7\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Alert Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"809922ff-889c-430b-8c4d-9b59f79f146f\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.alert.type\"},\"fe11ba28-0f22-4400-90ea-6167d17065c2\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Security Tool Link\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"809922ff-889c-430b-8c4d-9b59f79f146f\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.alert.security_investigation_tool_link\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"google_workspace.alert\\\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"e9d3707f-02f2-4334-8923-32890766f0e7\"},{\"alignment\":\"left\",\"columnId\":\"809922ff-889c-430b-8c4d-9b59f79f146f\"},{\"columnId\":\"fe11ba28-0f22-4400-90ea-6167d17065c2\",\"isTransposed\":false}],\"layerId\":\"c87edeb9-1c07-41c8-a627-14c4fc097da4\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top 10 Alert and Security Tool Link [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"3a937eaa-5f1c-46e7-8a03-0be62f440612\",\"w\":24,\"x\":0,\"y\":60},\"panelIndex\":\"3a937eaa-5f1c-46e7-8a03-0be62f440612\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-c87edeb9-1c07-41c8-a627-14c4fc097da4\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"c87edeb9-1c07-41c8-a627-14c4fc097da4\":{\"columnOrder\":[\"e9d3707f-02f2-4334-8923-32890766f0e7\",\"05eabd31-8ff6-4ecb-b00e-748d510c9291\",\"809922ff-889c-430b-8c4d-9b59f79f146f\"],\"columns\":{\"05eabd31-8ff6-4ecb-b00e-748d510c9291\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Rule Name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"809922ff-889c-430b-8c4d-9b59f79f146f\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"rule.name\"},\"809922ff-889c-430b-8c4d-9b59f79f146f\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"e9d3707f-02f2-4334-8923-32890766f0e7\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Alert Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"809922ff-889c-430b-8c4d-9b59f79f146f\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.alert.type\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"google_workspace.alert\\\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"e9d3707f-02f2-4334-8923-32890766f0e7\"},{\"alignment\":\"left\",\"columnId\":\"809922ff-889c-430b-8c4d-9b59f79f146f\"},{\"columnId\":\"05eabd31-8ff6-4ecb-b00e-748d510c9291\",\"isTransposed\":false}],\"layerId\":\"c87edeb9-1c07-41c8-a627-14c4fc097da4\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top 10 Rule Name and Alert Type [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"5c4a632a-2385-4da5-b66d-184a293e3120\",\"w\":24,\"x\":24,\"y\":60},\"panelIndex\":\"5c4a632a-2385-4da5-b66d-184a293e3120\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-6ca72cb8-dd53-4b53-b277-ee1eb429b475\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"6ca72cb8-dd53-4b53-b277-ee1eb429b475\":{\"columnOrder\":[\"f92bf4db-7cbb-4b3b-b160-f1dc431d8163\",\"5588c500-1188-40ad-8f57-3dbc17224146\",\"17b70b54-f338-497c-986e-6b443526012b\",\"3eedd4f7-6b18-4025-a35a-6468bcd8d7c4\"],\"columns\":{\"17b70b54-f338-497c-986e-6b443526012b\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Device ID\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"3eedd4f7-6b18-4025-a35a-6468bcd8d7c4\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.alert.data.events.device.id\"},\"3eedd4f7-6b18-4025-a35a-6468bcd8d7c4\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"5588c500-1188-40ad-8f57-3dbc17224146\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Device Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"3eedd4f7-6b18-4025-a35a-6468bcd8d7c4\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.alert.data.events.device.type\"},\"f92bf4db-7cbb-4b3b-b160-f1dc431d8163\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Device Model\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"3eedd4f7-6b18-4025-a35a-6468bcd8d7c4\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.alert.data.events.device.model\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"google_workspace.alert\\\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"f92bf4db-7cbb-4b3b-b160-f1dc431d8163\",\"isTransposed\":false},{\"alignment\":\"left\",\"columnId\":\"3eedd4f7-6b18-4025-a35a-6468bcd8d7c4\",\"isTransposed\":false},{\"columnId\":\"5588c500-1188-40ad-8f57-3dbc17224146\",\"isTransposed\":false},{\"columnId\":\"17b70b54-f338-497c-986e-6b443526012b\",\"isTransposed\":false}],\"layerId\":\"6ca72cb8-dd53-4b53-b277-ee1eb429b475\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top 10 Device Type, Device ID and Device Model [Logs Google Workspace]\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":15,\"i\":\"9b8c6a67-9021-44a8-93a9-84ba202964de\",\"w\":48,\"x\":0,\"y\":75},\"panelIndex\":\"9b8c6a67-9021-44a8-93a9-84ba202964de\",\"panelRefName\":\"panel_9b8c6a67-9021-44a8-93a9-84ba202964de\",\"type\":\"search\",\"version\":\"8.3.0\"}]","timeRestore":false,"title":"[Logs Google Workspace] Alert","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"google_workspace-d6287d50-0107-11ed-825d-df764a9c0c57","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"56b2ee3f-ebac-45fe-b858-dce50d80ec2c:indexpattern-datasource-layer-a1b37bdb-205d-4a62-8ec6-9f959262ee6f","type":"index-pattern"},{"id":"logs-*","name":"6579eaad-0eb6-449e-8c7d-ccbd0982ef4e:indexpattern-datasource-layer-1b1a5743-7b56-4496-98e8-3226c635b02e","type":"index-pattern"},{"id":"logs-*","name":"37d5ad5e-9fc7-43b9-99ae-cf0244e433e7:indexpattern-datasource-layer-dd17cab9-16f9-49f1-952a-fdf5b43fca61","type":"index-pattern"},{"id":"logs-*","name":"f35cbdce-64f5-48ff-ac0e-7a26bc0ad7a8:indexpattern-datasource-layer-682c4ae9-c25f-4c6e-a02f-49ecadf23f79","type":"index-pattern"},{"id":"logs-*","name":"76793002-1815-458b-84e2-77479aad6e3b:indexpattern-datasource-layer-1de0ae32-4b53-4e68-a64e-a1137945ca37","type":"index-pattern"},{"id":"logs-*","name":"9025f50e-8c6f-4d4a-bb2f-329ca79da9ed:indexpattern-datasource-layer-c87edeb9-1c07-41c8-a627-14c4fc097da4","type":"index-pattern"},{"id":"google_workspace-8ec40930-0110-11ed-825d-df764a9c0c57","name":"9bd845b4-711f-41b8-8507-f2e2b9d42164:panel_9bd845b4-711f-41b8-8507-f2e2b9d42164","type":"search"},{"id":"logs-*","name":"e44f86d0-eff4-4048-a976-d01587ff8e3f:indexpattern-datasource-layer-c87edeb9-1c07-41c8-a627-14c4fc097da4","type":"index-pattern"},{"id":"logs-*","name":"f7e4ad57-5267-4e5f-923b-35a28c1bdafa:indexpattern-datasource-layer-c87edeb9-1c07-41c8-a627-14c4fc097da4","type":"index-pattern"},{"id":"logs-*","name":"3a937eaa-5f1c-46e7-8a03-0be62f440612:indexpattern-datasource-layer-c87edeb9-1c07-41c8-a627-14c4fc097da4","type":"index-pattern"},{"id":"logs-*","name":"5c4a632a-2385-4da5-b66d-184a293e3120:indexpattern-datasource-layer-6ca72cb8-dd53-4b53-b277-ee1eb429b475","type":"index-pattern"},{"id":"google_workspace-e013b790-010b-11ed-825d-df764a9c0c57","name":"9b8c6a67-9021-44a8-93a9-84ba202964de:panel_9b8c6a67-9021-44a8-93a9-84ba202964de","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688996741503,7997],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4MDMsMV0="}
+{"attributes":{"description":"Overview of Google Workspace Context Aware Access.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.context_aware_access\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.context_aware_access\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"33c833bf-afb9-4c83-a205-7baf495aeb2d\",\"w\":24,\"x\":0,\"y\":0},\"panelIndex\":\"33c833bf-afb9-4c83-a205-7baf495aeb2d\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-52d472a0-b19c-474a-baca-a8d615842fe2\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"52d472a0-b19c-474a-baca-a8d615842fe2\":{\"columnOrder\":[\"cfe4f6eb-a896-4153-a38e-e5ffff54e82b\"],\"columns\":{\"cfe4f6eb-a896-4153-a38e-e5ffff54e82b\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of Context Aware Access\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"cfe4f6eb-a896-4153-a38e-e5ffff54e82b\",\"layerId\":\"52d472a0-b19c-474a-baca-a8d615842fe2\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Context Aware Access Count [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"3d627cfb-4158-44ea-af97-939ae549fc12\",\"w\":24,\"x\":24,\"y\":0},\"panelIndex\":\"3d627cfb-4158-44ea-af97-939ae549fc12\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b198159b-9fc8-43d7-85b5-1d837bc4dd1d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b198159b-9fc8-43d7-85b5-1d837bc4dd1d\":{\"columnOrder\":[\"3f7b8397-e2bc-4612-aabe-b86bc3292988\",\"0c1a8e5e-744a-4aee-ad9a-dcd9b67adc60\"],\"columns\":{\"0c1a8e5e-744a-4aee-ad9a-dcd9b67adc60\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"3f7b8397-e2bc-4612-aabe-b86bc3292988\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Event Action\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0c1a8e5e-744a-4aee-ad9a-dcd9b67adc60\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"event.action\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"b198159b-9fc8-43d7-85b5-1d837bc4dd1d\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"truncateLegend\":false,\"primaryGroups\":[\"3f7b8397-e2bc-4612-aabe-b86bc3292988\"],\"metrics\":[\"0c1a8e5e-744a-4aee-ad9a-dcd9b67adc60\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Context Aware Access Events by Event Action [Logs Google Workspace]\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":15,\"i\":\"ef3a9503-f97c-4635-ac10-0ca907d12ef1\",\"w\":48,\"x\":0,\"y\":15},\"panelIndex\":\"ef3a9503-f97c-4635-ac10-0ca907d12ef1\",\"panelRefName\":\"panel_ef3a9503-f97c-4635-ac10-0ca907d12ef1\",\"type\":\"search\",\"version\":\"8.4.0\"}]","timeRestore":false,"title":"[Logs Google Workspace] Context Aware Access","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"google_workspace-d79f1730-9585-11ed-82ba-c3ec829933e4","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"33c833bf-afb9-4c83-a205-7baf495aeb2d:indexpattern-datasource-layer-52d472a0-b19c-474a-baca-a8d615842fe2","type":"index-pattern"},{"id":"logs-*","name":"3d627cfb-4158-44ea-af97-939ae549fc12:indexpattern-datasource-layer-b198159b-9fc8-43d7-85b5-1d837bc4dd1d","type":"index-pattern"},{"id":"google_workspace-c3960ae0-9586-11ed-82ba-c3ec829933e4","name":"ef3a9503-f97c-4635-ac10-0ca907d12ef1:panel_ef3a9503-f97c-4635-ac10-0ca907d12ef1","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688996741503,8004],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4MDQsMV0="}
+{"attributes":{"description":"Overview of Google Workspace Access Transparency and GCP.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"b1d6603d-58b0-406d-bfee-36bdbfc0613e\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"b1d6603d-58b0-406d-bfee-36bdbfc0613e\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":25,\"markdown\":\"Access Transparency Logs\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"33c833bf-afb9-4c83-a205-7baf495aeb2d\",\"w\":24,\"x\":0,\"y\":4},\"panelIndex\":\"33c833bf-afb9-4c83-a205-7baf495aeb2d\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-52d472a0-b19c-474a-baca-a8d615842fe2\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"787386d9-9f5a-43f2-9fa4-6d61c80e61f0\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"52d472a0-b19c-474a-baca-a8d615842fe2\":{\"columnOrder\":[\"cfe4f6eb-a896-4153-a38e-e5ffff54e82b\"],\"columns\":{\"cfe4f6eb-a896-4153-a38e-e5ffff54e82b\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of Access Transparency\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"787386d9-9f5a-43f2-9fa4-6d61c80e61f0\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.access_transparency\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.access_transparency\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"cfe4f6eb-a896-4153-a38e-e5ffff54e82b\",\"layerId\":\"52d472a0-b19c-474a-baca-a8d615842fe2\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Access Transparency Count [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"3d627cfb-4158-44ea-af97-939ae549fc12\",\"w\":24,\"x\":24,\"y\":4},\"panelIndex\":\"3d627cfb-4158-44ea-af97-939ae549fc12\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b198159b-9fc8-43d7-85b5-1d837bc4dd1d\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"b55f097a-0337-4238-a95b-548d275f00c5\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b198159b-9fc8-43d7-85b5-1d837bc4dd1d\":{\"columnOrder\":[\"3f7b8397-e2bc-4612-aabe-b86bc3292988\",\"0c1a8e5e-744a-4aee-ad9a-dcd9b67adc60\"],\"columns\":{\"0c1a8e5e-744a-4aee-ad9a-dcd9b67adc60\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"3f7b8397-e2bc-4612-aabe-b86bc3292988\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Product Name\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0c1a8e5e-744a-4aee-ad9a-dcd9b67adc60\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.access_transparency.gsuite_product_name\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"b55f097a-0337-4238-a95b-548d275f00c5\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.access_transparency\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.access_transparency\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"0c1a8e5e-744a-4aee-ad9a-dcd9b67adc60\"],\"layerId\":\"b198159b-9fc8-43d7-85b5-1d837bc4dd1d\",\"layerType\":\"data\",\"seriesType\":\"bar_horizontal\",\"xAccessor\":\"3f7b8397-e2bc-4612-aabe-b86bc3292988\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false,\"showSingleSeries\":true},\"preferredSeriesType\":\"bar_horizontal\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Access Transparency Events by Product Name [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"2454d096-efb5-4768-8370-c6ab3a0427d4\",\"w\":48,\"x\":0,\"y\":19},\"panelIndex\":\"2454d096-efb5-4768-8370-c6ab3a0427d4\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":25,\"markdown\":\"GCP Logs\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"db896a78-3616-45ad-9bc8-19b05e8fcfd8\",\"w\":24,\"x\":0,\"y\":23},\"panelIndex\":\"db896a78-3616-45ad-9bc8-19b05e8fcfd8\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b198159b-9fc8-43d7-85b5-1d837bc4dd1d\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"a42aa10f-1b9d-48a9-89ad-f046dcdc5c66\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b198159b-9fc8-43d7-85b5-1d837bc4dd1d\":{\"columnOrder\":[\"3f7b8397-e2bc-4612-aabe-b86bc3292988\",\"0c1a8e5e-744a-4aee-ad9a-dcd9b67adc60\"],\"columns\":{\"0c1a8e5e-744a-4aee-ad9a-dcd9b67adc60\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"3f7b8397-e2bc-4612-aabe-b86bc3292988\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Event Action\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0c1a8e5e-744a-4aee-ad9a-dcd9b67adc60\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"event.action\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"a42aa10f-1b9d-48a9-89ad-f046dcdc5c66\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.gcp\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.gcp\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"0c1a8e5e-744a-4aee-ad9a-dcd9b67adc60\"],\"layerId\":\"b198159b-9fc8-43d7-85b5-1d837bc4dd1d\",\"layerType\":\"data\",\"seriesType\":\"bar_horizontal\",\"xAccessor\":\"3f7b8397-e2bc-4612-aabe-b86bc3292988\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false,\"showSingleSeries\":true},\"preferredSeriesType\":\"bar_horizontal\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of GCP Events by Event Action [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"0d7a2a9c-878a-49ef-b6a1-36b775d31e9b\",\"w\":24,\"x\":24,\"y\":23},\"panelIndex\":\"0d7a2a9c-878a-49ef-b6a1-36b775d31e9b\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-35204d48-9325-4626-a8dd-27752514ba35\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"f94d3a60-02aa-4ebe-b4d9-5b5ff956555b\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"35204d48-9325-4626-a8dd-27752514ba35\":{\"columnOrder\":[\"a53b9c2c-fe48-46d9-a65e-7fd87bfe007d\",\"192da17a-f603-4d4f-b1bb-5fe9918c6659\"],\"columns\":{\"192da17a-f603-4d4f-b1bb-5fe9918c6659\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"a53b9c2c-fe48-46d9-a65e-7fd87bfe007d\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Filters\",\"operationType\":\"filters\",\"params\":{\"filters\":[{\"input\":{\"language\":\"kuery\",\"query\":\"event.action : \\\"DELETE_POSIX_ACCOUNT\\\"\"},\"label\":\"Delete Posix Account\"},{\"input\":{\"language\":\"kuery\",\"query\":\"event.action : \\\"DELETE_SSH_PUBLIC_KEY\\\"\"},\"label\":\"Delete SSH Public Key\"}]},\"scale\":\"ordinal\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"f94d3a60-02aa-4ebe-b4d9-5b5ff956555b\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.gcp\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.gcp\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"breakdownByAccessor\":\"a53b9c2c-fe48-46d9-a65e-7fd87bfe007d\",\"layerId\":\"35204d48-9325-4626-a8dd-27752514ba35\",\"layerType\":\"data\",\"maxCols\":2,\"metricAccessor\":\"192da17a-f603-4d4f-b1bb-5fe9918c6659\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Delete Posix Account and Delete SSH Public Key Count [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":7,\"i\":\"42b780e5-b9e6-49e0-af59-a2d205d0cbce\",\"w\":24,\"x\":24,\"y\":31},\"panelIndex\":\"42b780e5-b9e6-49e0-af59-a2d205d0cbce\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-35204d48-9325-4626-a8dd-27752514ba35\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"3410ee9d-49ea-4f09-963b-85a9b7900a44\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"35204d48-9325-4626-a8dd-27752514ba35\":{\"columnOrder\":[\"a53b9c2c-fe48-46d9-a65e-7fd87bfe007d\",\"192da17a-f603-4d4f-b1bb-5fe9918c6659\"],\"columns\":{\"192da17a-f603-4d4f-b1bb-5fe9918c6659\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"a53b9c2c-fe48-46d9-a65e-7fd87bfe007d\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Filters\",\"operationType\":\"filters\",\"params\":{\"filters\":[{\"input\":{\"language\":\"kuery\",\"query\":\"event.action : \\\"GET_SSH_PUBLIC_KEY\\\"\"},\"label\":\"Retrieve SSH Public Key\"},{\"input\":{\"language\":\"kuery\",\"query\":\"event.action : \\\"GET_LOGIN_PROFILE\\\"\"},\"label\":\"Retrieve Login Profile\"}]},\"scale\":\"ordinal\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"3410ee9d-49ea-4f09-963b-85a9b7900a44\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.gcp\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.gcp\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"breakdownByAccessor\":\"a53b9c2c-fe48-46d9-a65e-7fd87bfe007d\",\"layerId\":\"35204d48-9325-4626-a8dd-27752514ba35\",\"layerType\":\"data\",\"maxCols\":2,\"metricAccessor\":\"192da17a-f603-4d4f-b1bb-5fe9918c6659\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Retrieve SSH Public Key and Retrieve Login Profile Count [Logs Google Workspace]\"}]","timeRestore":false,"title":"[Logs Google Workspace] Access Transparency and GCP","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"google_workspace-e9a62e70-9583-11ed-82ba-c3ec829933e4","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"33c833bf-afb9-4c83-a205-7baf495aeb2d:indexpattern-datasource-layer-52d472a0-b19c-474a-baca-a8d615842fe2","type":"index-pattern"},{"id":"logs-*","name":"33c833bf-afb9-4c83-a205-7baf495aeb2d:787386d9-9f5a-43f2-9fa4-6d61c80e61f0","type":"index-pattern"},{"id":"logs-*","name":"3d627cfb-4158-44ea-af97-939ae549fc12:indexpattern-datasource-layer-b198159b-9fc8-43d7-85b5-1d837bc4dd1d","type":"index-pattern"},{"id":"logs-*","name":"3d627cfb-4158-44ea-af97-939ae549fc12:b55f097a-0337-4238-a95b-548d275f00c5","type":"index-pattern"},{"id":"logs-*","name":"db896a78-3616-45ad-9bc8-19b05e8fcfd8:indexpattern-datasource-layer-b198159b-9fc8-43d7-85b5-1d837bc4dd1d","type":"index-pattern"},{"id":"logs-*","name":"db896a78-3616-45ad-9bc8-19b05e8fcfd8:a42aa10f-1b9d-48a9-89ad-f046dcdc5c66","type":"index-pattern"},{"id":"logs-*","name":"0d7a2a9c-878a-49ef-b6a1-36b775d31e9b:indexpattern-datasource-layer-35204d48-9325-4626-a8dd-27752514ba35","type":"index-pattern"},{"id":"logs-*","name":"0d7a2a9c-878a-49ef-b6a1-36b775d31e9b:f94d3a60-02aa-4ebe-b4d9-5b5ff956555b","type":"index-pattern"},{"id":"logs-*","name":"42b780e5-b9e6-49e0-af59-a2d205d0cbce:indexpattern-datasource-layer-35204d48-9325-4626-a8dd-27752514ba35","type":"index-pattern"},{"id":"logs-*","name":"42b780e5-b9e6-49e0-af59-a2d205d0cbce:3410ee9d-49ea-4f09-963b-85a9b7900a44","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688996741503,8017],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4MDUsMV0="}
+{"attributes":{"description":"Overview of Google Workspace SAML.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.saml\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.saml\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"map\",\"gridData\":{\"h\":21,\"i\":\"c40b49d0-6f01-4395-9d81-0de47dfa2290\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"c40b49d0-6f01-4395-9d81-0de47dfa2290\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"layerListJSON\":\"[{\\\"locale\\\":\\\"autoselect\\\",\\\"sourceDescriptor\\\":{\\\"type\\\":\\\"EMS_TMS\\\",\\\"isAutoSelect\\\":true,\\\"lightModeDefault\\\":\\\"road_map_desaturated\\\"},\\\"id\\\":\\\"0fd07aa5-f21a-43ff-99d0-42e0413407ae\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":1,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"EMS_VECTOR_TILE\\\",\\\"color\\\":\\\"\\\"},\\\"includeInFitToBounds\\\":true,\\\"type\\\":\\\"EMS_VECTOR_TILE\\\"},{\\\"sourceDescriptor\\\":{\\\"geoField\\\":\\\"source.geo.location\\\",\\\"requestType\\\":\\\"heatmap\\\",\\\"resolution\\\":\\\"SUPER_FINE\\\",\\\"id\\\":\\\"e9f2d621-2ca0-4119-a694-1861d45404b0\\\",\\\"type\\\":\\\"ES_GEO_GRID\\\",\\\"applyGlobalQuery\\\":true,\\\"applyGlobalTime\\\":true,\\\"applyForceRefresh\\\":true,\\\"metrics\\\":[{\\\"type\\\":\\\"count\\\"}],\\\"indexPatternRefName\\\":\\\"layer_1_source_index_pattern\\\"},\\\"id\\\":\\\"cfbd14c5-ad5b-4dae-ad9d-1a2730835edd\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":0.75,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"HEATMAP\\\",\\\"colorRampName\\\":\\\"theclassic\\\"},\\\"includeInFitToBounds\\\":true,\\\"type\\\":\\\"HEATMAP\\\"}]\",\"mapStateJSON\":\"{\\\"zoom\\\":1.9,\\\"center\\\":{\\\"lon\\\":8.28539,\\\"lat\\\":41.32621},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-15m\\\",\\\"to\\\":\\\"now\\\"},\\\"refreshConfig\\\":{\\\"isPaused\\\":true,\\\"interval\\\":0},\\\"query\\\":{\\\"query\\\":\\\"\\\",\\\"language\\\":\\\"kuery\\\"},\\\"filters\\\":[],\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false,\\\"backgroundColor\\\":\\\"#ffffff\\\",\\\"customIcons\\\":[],\\\"disableInteractive\\\":false,\\\"disableTooltipControl\\\":false,\\\"hideToolbarOverlay\\\":false,\\\"hideLayerControl\\\":false,\\\"hideViewControl\\\":false,\\\"initialLocation\\\":\\\"LAST_SAVED_LOCATION\\\",\\\"fixedLocation\\\":{\\\"lat\\\":0,\\\"lon\\\":0,\\\"zoom\\\":2},\\\"browserLocation\\\":{\\\"zoom\\\":2},\\\"keydownScrollZoom\\\":false,\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"showScaleControl\\\":false,\\\"showSpatialFilters\\\":true,\\\"showTimesliderToggleButton\\\":true,\\\"spatialFiltersAlpa\\\":0.3,\\\"spatialFiltersFillColor\\\":\\\"#DA8B45\\\",\\\"spatialFiltersLineColor\\\":\\\"#DA8B45\\\"}}\",\"title\":\"\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[\\\"cfbd14c5-ad5b-4dae-ad9d-1a2730835edd\\\"]}\"},\"enhancements\":{},\"hiddenLayers\":[],\"hidePanelTitles\":false,\"isLayerTOCOpen\":true,\"mapBuffer\":{\"maxLat\":85.05113,\"maxLon\":270,\"minLat\":-66.51326,\"minLon\":-180},\"mapCenter\":{\"lat\":41.32621,\"lon\":8.28539,\"zoom\":1.9},\"openTOCDetails\":[\"cfbd14c5-ad5b-4dae-ad9d-1a2730835edd\"],\"type\":\"map\"},\"title\":\"SAML Activity by Location [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"013b5322-a572-42db-8238-968dc7a8b2d0\",\"w\":24,\"x\":0,\"y\":21},\"panelIndex\":\"013b5322-a572-42db-8238-968dc7a8b2d0\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-90c540c3-ba1c-4d69-889b-60a40f55c2e5\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"4b0bafd4-a641-4dea-9615-81986d090331\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"90c540c3-ba1c-4d69-889b-60a40f55c2e5\":{\"columnOrder\":[\"00bf2ec4-4fab-44fa-afa9-00902061538a\"],\"columns\":{\"00bf2ec4-4fab-44fa-afa9-00902061538a\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"4b0bafd4-a641-4dea-9615-81986d090331\",\"key\":\"event.action\",\"negate\":false,\"params\":{\"query\":\"login_failure\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.action\":\"login_failure\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"00bf2ec4-4fab-44fa-afa9-00902061538a\",\"layerId\":\"90c540c3-ba1c-4d69-889b-60a40f55c2e5\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Failed sign-in Attempts [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"75928038-4f14-4612-8364-da5257f57fae\",\"w\":24,\"x\":24,\"y\":21},\"panelIndex\":\"75928038-4f14-4612-8364-da5257f57fae\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-ddd95dae-1e5c-4250-b131-3d0cc9d15274\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"ddd95dae-1e5c-4250-b131-3d0cc9d15274\":{\"columnOrder\":[\"d1197d6e-53bc-4550-aec3-4e9c93715140\",\"087eb712-d84b-4d26-9ebc-ab7603baff94\"],\"columns\":{\"087eb712-d84b-4d26-9ebc-ab7603baff94\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"d1197d6e-53bc-4550-aec3-4e9c93715140\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Requester of Authentication\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"087eb712-d84b-4d26-9ebc-ab7603baff94\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.saml.initiated_by\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"ddd95dae-1e5c-4250-b131-3d0cc9d15274\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"d1197d6e-53bc-4550-aec3-4e9c93715140\"],\"metrics\":[\"087eb712-d84b-4d26-9ebc-ab7603baff94\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of SAML Events by Requester of Authentication [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"1b94ed2d-bda6-401b-8053-a3964d8e6afd\",\"w\":24,\"x\":0,\"y\":36},\"panelIndex\":\"1b94ed2d-bda6-401b-8053-a3964d8e6afd\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-3197fe98-4987-4e70-8ffd-9ca3df75a1ca\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"3197fe98-4987-4e70-8ffd-9ca3df75a1ca\":{\"columnOrder\":[\"6cd80fbe-be11-49a0-bd2a-99c3cda6ab7c\",\"3e0b1422-5d09-4645-b90f-07882b0787e8\"],\"columns\":{\"3e0b1422-5d09-4645-b90f-07882b0787e8\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"6cd80fbe-be11-49a0-bd2a-99c3cda6ab7c\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Event Action\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"3e0b1422-5d09-4645-b90f-07882b0787e8\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"event.action\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"3197fe98-4987-4e70-8ffd-9ca3df75a1ca\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"6cd80fbe-be11-49a0-bd2a-99c3cda6ab7c\"],\"metrics\":[\"3e0b1422-5d09-4645-b90f-07882b0787e8\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of SAML Events by Event Action [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"d76c97f4-0b14-487e-8cdd-f27a00086096\",\"w\":24,\"x\":24,\"y\":36},\"panelIndex\":\"d76c97f4-0b14-487e-8cdd-f27a00086096\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-116d52a9-f986-4c80-9a99-d28e72a82bdd\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"116d52a9-f986-4c80-9a99-d28e72a82bdd\":{\"columnOrder\":[\"e534ccd5-8af3-409e-80bd-aac33a1bb172\",\"964c7c6d-2302-43c3-a363-cdcda9800aad\"],\"columns\":{\"964c7c6d-2302-43c3-a363-cdcda9800aad\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"e534ccd5-8af3-409e-80bd-aac33a1bb172\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Failure Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"964c7c6d-2302-43c3-a363-cdcda9800aad\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.saml.failure_type\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"116d52a9-f986-4c80-9a99-d28e72a82bdd\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"e534ccd5-8af3-409e-80bd-aac33a1bb172\"],\"metrics\":[\"964c7c6d-2302-43c3-a363-cdcda9800aad\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of SAML Events by Failure Type [Logs Google Workspace]\"}]","timeRestore":false,"title":"[Logs Google Workspace] SAML","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"google_workspace-ec193fd0-3ab6-11ed-8bdd-f5c5df6c1370","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"c40b49d0-6f01-4395-9d81-0de47dfa2290:layer_1_source_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"013b5322-a572-42db-8238-968dc7a8b2d0:indexpattern-datasource-layer-90c540c3-ba1c-4d69-889b-60a40f55c2e5","type":"index-pattern"},{"id":"logs-*","name":"013b5322-a572-42db-8238-968dc7a8b2d0:4b0bafd4-a641-4dea-9615-81986d090331","type":"index-pattern"},{"id":"logs-*","name":"75928038-4f14-4612-8364-da5257f57fae:indexpattern-datasource-layer-ddd95dae-1e5c-4250-b131-3d0cc9d15274","type":"index-pattern"},{"id":"logs-*","name":"1b94ed2d-bda6-401b-8053-a3964d8e6afd:indexpattern-datasource-layer-3197fe98-4987-4e70-8ffd-9ca3df75a1ca","type":"index-pattern"},{"id":"logs-*","name":"d76c97f4-0b14-487e-8cdd-f27a00086096:indexpattern-datasource-layer-116d52a9-f986-4c80-9a99-d28e72a82bdd","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688996741503,8027],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4MDYsMV0="}
+{"attributes":{"description":"Overview of Google Workspace Login.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.login\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.login\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"map\",\"gridData\":{\"h\":19,\"i\":\"29210aa9-bb90-4edc-b942-609f8e418f10\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"29210aa9-bb90-4edc-b942-609f8e418f10\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"layerListJSON\":\"[{\\\"locale\\\":\\\"autoselect\\\",\\\"sourceDescriptor\\\":{\\\"type\\\":\\\"EMS_TMS\\\",\\\"isAutoSelect\\\":true,\\\"lightModeDefault\\\":\\\"road_map_desaturated\\\"},\\\"id\\\":\\\"16f086bd-d15b-46ae-ad9a-69dac1c3034b\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":1,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"EMS_VECTOR_TILE\\\",\\\"color\\\":\\\"\\\"},\\\"includeInFitToBounds\\\":true,\\\"type\\\":\\\"EMS_VECTOR_TILE\\\"},{\\\"sourceDescriptor\\\":{\\\"geoField\\\":\\\"source.geo.location\\\",\\\"requestType\\\":\\\"heatmap\\\",\\\"resolution\\\":\\\"SUPER_FINE\\\",\\\"id\\\":\\\"2f93b217-9f4e-4efe-9a33-2d3ee12d621c\\\",\\\"type\\\":\\\"ES_GEO_GRID\\\",\\\"applyGlobalQuery\\\":true,\\\"applyGlobalTime\\\":true,\\\"applyForceRefresh\\\":true,\\\"metrics\\\":[{\\\"type\\\":\\\"count\\\"}],\\\"indexPatternRefName\\\":\\\"layer_1_source_index_pattern\\\"},\\\"id\\\":\\\"52758523-86c9-4f95-89d1-96f963d7a6bb\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":0.75,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"HEATMAP\\\",\\\"colorRampName\\\":\\\"theclassic\\\"},\\\"includeInFitToBounds\\\":true,\\\"type\\\":\\\"HEATMAP\\\"}]\",\"mapStateJSON\":\"{\\\"zoom\\\":1.54,\\\"center\\\":{\\\"lon\\\":0,\\\"lat\\\":19.94277},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-15m\\\",\\\"to\\\":\\\"now\\\"},\\\"refreshConfig\\\":{\\\"isPaused\\\":true,\\\"interval\\\":0},\\\"query\\\":{\\\"query\\\":\\\"\\\",\\\"language\\\":\\\"kuery\\\"},\\\"filters\\\":[],\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false,\\\"backgroundColor\\\":\\\"#ffffff\\\",\\\"customIcons\\\":[],\\\"disableInteractive\\\":false,\\\"disableTooltipControl\\\":false,\\\"hideToolbarOverlay\\\":false,\\\"hideLayerControl\\\":false,\\\"hideViewControl\\\":false,\\\"initialLocation\\\":\\\"LAST_SAVED_LOCATION\\\",\\\"fixedLocation\\\":{\\\"lat\\\":0,\\\"lon\\\":0,\\\"zoom\\\":2},\\\"browserLocation\\\":{\\\"zoom\\\":2},\\\"keydownScrollZoom\\\":false,\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"showScaleControl\\\":false,\\\"showSpatialFilters\\\":true,\\\"showTimesliderToggleButton\\\":true,\\\"spatialFiltersAlpa\\\":0.3,\\\"spatialFiltersFillColor\\\":\\\"#DA8B45\\\",\\\"spatialFiltersLineColor\\\":\\\"#DA8B45\\\"}}\",\"title\":\"\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[\\\"52758523-86c9-4f95-89d1-96f963d7a6bb\\\"]}\"},\"enhancements\":{},\"hiddenLayers\":[],\"hidePanelTitles\":false,\"isLayerTOCOpen\":true,\"mapBuffer\":{\"maxLat\":66.51326,\"maxLon\":180,\"minLat\":-66.51326,\"minLon\":-180},\"mapCenter\":{\"lat\":19.94277,\"lon\":0,\"zoom\":1.54},\"openTOCDetails\":[\"52758523-86c9-4f95-89d1-96f963d7a6bb\"],\"type\":\"map\"},\"title\":\"Login Activity by Location [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"28c54fde-6df9-4d31-9714-cc53a7672b57\",\"w\":24,\"x\":0,\"y\":19},\"panelIndex\":\"28c54fde-6df9-4d31-9714-cc53a7672b57\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-bad76b3a-acf1-48a7-9e09-1e8ed40cff65\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"2498e963-085a-4510-9236-bfaf40222a9c\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"bad76b3a-acf1-48a7-9e09-1e8ed40cff65\":{\"columnOrder\":[\"656a9403-137f-4f35-b9ac-76f5038c1b96\"],\"columns\":{\"656a9403-137f-4f35-b9ac-76f5038c1b96\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"2498e963-085a-4510-9236-bfaf40222a9c\",\"key\":\"event.action\",\"negate\":false,\"params\":{\"query\":\"login_success\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.action\":\"login_success\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"656a9403-137f-4f35-b9ac-76f5038c1b96\",\"layerId\":\"bad76b3a-acf1-48a7-9e09-1e8ed40cff65\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Successful Login [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"f44a5ab5-b955-4e18-8877-de9bbad1d8ee\",\"w\":24,\"x\":24,\"y\":19},\"panelIndex\":\"f44a5ab5-b955-4e18-8877-de9bbad1d8ee\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-ac23a8d1-ce4d-44fc-8b5a-c07cde2ad01e\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"355df87c-dfe1-469f-9aba-2e26c5c4947b\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"ac23a8d1-ce4d-44fc-8b5a-c07cde2ad01e\":{\"columnOrder\":[\"1a5ce547-26d3-4df3-92d1-4700add392c0\"],\"columns\":{\"1a5ce547-26d3-4df3-92d1-4700add392c0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"355df87c-dfe1-469f-9aba-2e26c5c4947b\",\"key\":\"event.action\",\"negate\":false,\"params\":{\"query\":\"login_failure\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.action\":\"login_failure\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"1a5ce547-26d3-4df3-92d1-4700add392c0\",\"layerId\":\"ac23a8d1-ce4d-44fc-8b5a-c07cde2ad01e\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Total Login Failures [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"7de60bed-66b1-4eac-94d5-9232075d966a\",\"w\":24,\"x\":0,\"y\":34},\"panelIndex\":\"7de60bed-66b1-4eac-94d5-9232075d966a\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-8eb1dd26-089b-4628-95b4-ab8fb896a34b\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"8eb1dd26-089b-4628-95b4-ab8fb896a34b\":{\"columnOrder\":[\"9f8cde90-d679-43e7-9522-6fb3e637eb93\",\"ce403b9a-1d45-4eec-8c00-efd610f7d4ad\"],\"columns\":{\"9f8cde90-d679-43e7-9522-6fb3e637eb93\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Login State\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"ce403b9a-1d45-4eec-8c00-efd610f7d4ad\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"event.action\"},\"ce403b9a-1d45-4eec-8c00-efd610f7d4ad\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"8eb1dd26-089b-4628-95b4-ab8fb896a34b\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"9f8cde90-d679-43e7-9522-6fb3e637eb93\"],\"metrics\":[\"ce403b9a-1d45-4eec-8c00-efd610f7d4ad\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Login Events by Login State [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"cc2db11e-631d-41fa-bb64-ef5765fbec67\",\"w\":24,\"x\":24,\"y\":34},\"panelIndex\":\"cc2db11e-631d-41fa-bb64-ef5765fbec67\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-cc29da28-7ee9-46e9-89aa-4f40a194579b\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"cc29da28-7ee9-46e9-89aa-4f40a194579b\":{\"columnOrder\":[\"a979f09f-fa90-4290-9969-ae3524fbee4d\",\"09967274-c8cd-4f44-8bbd-c934de3bc38e\"],\"columns\":{\"09967274-c8cd-4f44-8bbd-c934de3bc38e\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Login Activity\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"event.action\"},\"a979f09f-fa90-4290-9969-ae3524fbee4d\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"09967274-c8cd-4f44-8bbd-c934de3bc38e\"],\"layerId\":\"cc29da28-7ee9-46e9-89aa-4f40a194579b\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"a979f09f-fa90-4290-9969-ae3524fbee4d\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Login Activity Over Time [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"41d89e0c-8187-42db-a930-019746ce7f26\",\"w\":24,\"x\":0,\"y\":49},\"panelIndex\":\"41d89e0c-8187-42db-a930-019746ce7f26\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-499ed09d-4967-41a1-8f56-a925e856cf4e\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"499ed09d-4967-41a1-8f56-a925e856cf4e\":{\"columnOrder\":[\"43188990-0c24-4d05-aab6-0c2ec75811eb\",\"e1fa7253-404d-4269-a6b8-3784968c8863\",\"ddfc9b85-9534-42d7-89cc-fe74c912512b\"],\"columns\":{\"43188990-0c24-4d05-aab6-0c2ec75811eb\":{\"customLabel\":true,\"dataType\":\"ip\",\"isBucketed\":true,\"label\":\"IP Address\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"ddfc9b85-9534-42d7-89cc-fe74c912512b\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"source.ip\"},\"ddfc9b85-9534-42d7-89cc-fe74c912512b\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"e1fa7253-404d-4269-a6b8-3784968c8863\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"User Email\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"ddfc9b85-9534-42d7-89cc-fe74c912512b\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"user.email\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"43188990-0c24-4d05-aab6-0c2ec75811eb\"},{\"columnId\":\"ddfc9b85-9534-42d7-89cc-fe74c912512b\"},{\"columnId\":\"e1fa7253-404d-4269-a6b8-3784968c8863\",\"isTransposed\":false}],\"layerId\":\"499ed09d-4967-41a1-8f56-a925e856cf4e\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top 10 Login by IPs [Logs Google Workspace]\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":15,\"i\":\"acb1ca56-45a5-445f-906a-72af4f55acdc\",\"w\":24,\"x\":24,\"y\":49},\"panelIndex\":\"acb1ca56-45a5-445f-906a-72af4f55acdc\",\"panelRefName\":\"panel_acb1ca56-45a5-445f-906a-72af4f55acdc\",\"type\":\"search\",\"version\":\"8.4.0\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":17,\"i\":\"1036cea6-ecbc-4e89-8288-cdd1acaf8b92\",\"w\":48,\"x\":0,\"y\":64},\"panelIndex\":\"1036cea6-ecbc-4e89-8288-cdd1acaf8b92\",\"panelRefName\":\"panel_1036cea6-ecbc-4e89-8288-cdd1acaf8b92\",\"type\":\"search\",\"version\":\"8.4.0\"}]","timeRestore":false,"title":"[Logs Google Workspace] Login","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"google_workspace-f163f270-3b13-11ed-8bdd-f5c5df6c1370","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"29210aa9-bb90-4edc-b942-609f8e418f10:layer_1_source_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"28c54fde-6df9-4d31-9714-cc53a7672b57:indexpattern-datasource-layer-bad76b3a-acf1-48a7-9e09-1e8ed40cff65","type":"index-pattern"},{"id":"logs-*","name":"28c54fde-6df9-4d31-9714-cc53a7672b57:2498e963-085a-4510-9236-bfaf40222a9c","type":"index-pattern"},{"id":"logs-*","name":"f44a5ab5-b955-4e18-8877-de9bbad1d8ee:indexpattern-datasource-layer-ac23a8d1-ce4d-44fc-8b5a-c07cde2ad01e","type":"index-pattern"},{"id":"logs-*","name":"f44a5ab5-b955-4e18-8877-de9bbad1d8ee:355df87c-dfe1-469f-9aba-2e26c5c4947b","type":"index-pattern"},{"id":"logs-*","name":"7de60bed-66b1-4eac-94d5-9232075d966a:indexpattern-datasource-layer-8eb1dd26-089b-4628-95b4-ab8fb896a34b","type":"index-pattern"},{"id":"logs-*","name":"cc2db11e-631d-41fa-bb64-ef5765fbec67:indexpattern-datasource-layer-cc29da28-7ee9-46e9-89aa-4f40a194579b","type":"index-pattern"},{"id":"logs-*","name":"41d89e0c-8187-42db-a930-019746ce7f26:indexpattern-datasource-layer-499ed09d-4967-41a1-8f56-a925e856cf4e","type":"index-pattern"},{"id":"google_workspace-7ab25b80-3b13-11ed-8bdd-f5c5df6c1370","name":"acb1ca56-45a5-445f-906a-72af4f55acdc:panel_acb1ca56-45a5-445f-906a-72af4f55acdc","type":"search"},{"id":"google_workspace-2c0d5bc0-3b0d-11ed-8bdd-f5c5df6c1370","name":"1036cea6-ecbc-4e89-8288-cdd1acaf8b92:panel_1036cea6-ecbc-4e89-8288-cdd1acaf8b92","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688996741503,8041],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4MDcsMV0="}
+{"attributes":{"description":"Overview of Google Workspace Drive.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"google_workspace.drive\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"google_workspace.drive\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"map\",\"gridData\":{\"h\":17,\"i\":\"88d9b7a3-a631-4079-a36f-0ce9401f59d8\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"88d9b7a3-a631-4079-a36f-0ce9401f59d8\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"layerListJSON\":\"[{\\\"locale\\\":\\\"autoselect\\\",\\\"sourceDescriptor\\\":{\\\"type\\\":\\\"EMS_TMS\\\",\\\"isAutoSelect\\\":true,\\\"lightModeDefault\\\":\\\"road_map_desaturated\\\"},\\\"id\\\":\\\"bcfedb82-4cc4-436e-b6fb-81708bb72414\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":1,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"EMS_VECTOR_TILE\\\",\\\"color\\\":\\\"\\\"},\\\"includeInFitToBounds\\\":true,\\\"type\\\":\\\"EMS_VECTOR_TILE\\\"},{\\\"sourceDescriptor\\\":{\\\"geoField\\\":\\\"source.geo.location\\\",\\\"requestType\\\":\\\"heatmap\\\",\\\"resolution\\\":\\\"SUPER_FINE\\\",\\\"id\\\":\\\"05f00420-00c5-4794-ad57-57e7d8da73ae\\\",\\\"type\\\":\\\"ES_GEO_GRID\\\",\\\"applyGlobalQuery\\\":true,\\\"applyGlobalTime\\\":true,\\\"applyForceRefresh\\\":true,\\\"metrics\\\":[{\\\"type\\\":\\\"count\\\"}],\\\"indexPatternRefName\\\":\\\"layer_1_source_index_pattern\\\"},\\\"id\\\":\\\"c5d8e98c-79e7-4f79-8499-0f172f748378\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":0.75,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"HEATMAP\\\",\\\"colorRampName\\\":\\\"theclassic\\\"},\\\"includeInFitToBounds\\\":true,\\\"type\\\":\\\"HEATMAP\\\"}]\",\"mapStateJSON\":\"{\\\"zoom\\\":1.54,\\\"center\\\":{\\\"lon\\\":0,\\\"lat\\\":19.94277},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-15y\\\",\\\"to\\\":\\\"now\\\"},\\\"refreshConfig\\\":{\\\"isPaused\\\":true,\\\"interval\\\":0},\\\"query\\\":{\\\"query\\\":\\\"\\\",\\\"language\\\":\\\"kuery\\\"},\\\"filters\\\":[],\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false,\\\"backgroundColor\\\":\\\"#ffffff\\\",\\\"customIcons\\\":[],\\\"disableInteractive\\\":false,\\\"disableTooltipControl\\\":false,\\\"hideToolbarOverlay\\\":false,\\\"hideLayerControl\\\":false,\\\"hideViewControl\\\":false,\\\"initialLocation\\\":\\\"LAST_SAVED_LOCATION\\\",\\\"fixedLocation\\\":{\\\"lat\\\":0,\\\"lon\\\":0,\\\"zoom\\\":2},\\\"browserLocation\\\":{\\\"zoom\\\":2},\\\"keydownScrollZoom\\\":false,\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"showScaleControl\\\":false,\\\"showSpatialFilters\\\":true,\\\"showTimesliderToggleButton\\\":true,\\\"spatialFiltersAlpa\\\":0.3,\\\"spatialFiltersFillColor\\\":\\\"#DA8B45\\\",\\\"spatialFiltersLineColor\\\":\\\"#DA8B45\\\"}}\",\"title\":\"\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[\\\"c5d8e98c-79e7-4f79-8499-0f172f748378\\\"]}\"},\"enhancements\":{},\"hiddenLayers\":[],\"hidePanelTitles\":false,\"isLayerTOCOpen\":true,\"mapBuffer\":{\"maxLat\":66.51326,\"maxLon\":270,\"minLat\":-66.51326,\"minLon\":-270},\"mapCenter\":{\"lat\":15.95347,\"lon\":-1.96086,\"zoom\":1.56},\"openTOCDetails\":[\"c5d8e98c-79e7-4f79-8499-0f172f748378\"],\"type\":\"map\"},\"title\":\"Drive Activity by Location [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"13fdbdfd-2204-42e6-a0df-5ec6abd24eb2\",\"w\":24,\"x\":0,\"y\":17},\"panelIndex\":\"13fdbdfd-2204-42e6-a0df-5ec6abd24eb2\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-23370ea2-03f9-4302-8b0c-4c4ee6a81318\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"b3241535-72fc-4880-8186-e0e663c80620\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"23370ea2-03f9-4302-8b0c-4c4ee6a81318\":{\"columnOrder\":[\"d6471b8e-6e22-459d-a682-9b0a04757f64\",\"bd04ef7a-ea8e-4f46-b6e7-f824cacc5885\"],\"columns\":{\"bd04ef7a-ea8e-4f46-b6e7-f824cacc5885\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"d6471b8e-6e22-459d-a682-9b0a04757f64\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Document Title\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"bd04ef7a-ea8e-4f46-b6e7-f824cacc5885\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"file.name\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"b3241535-72fc-4880-8186-e0e663c80620\",\"key\":\"event.action\",\"negate\":false,\"params\":{\"query\":\"download\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.action\":\"download\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"23370ea2-03f9-4302-8b0c-4c4ee6a81318\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"d6471b8e-6e22-459d-a682-9b0a04757f64\"],\"metrics\":[\"bd04ef7a-ea8e-4f46-b6e7-f824cacc5885\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Document Downloads by Title [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"d59d4f9e-73e8-48ab-9f31-3f36a9b49d0e\",\"w\":24,\"x\":24,\"y\":17},\"panelIndex\":\"d59d4f9e-73e8-48ab-9f31-3f36a9b49d0e\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-18651fd1-ac7a-4ab0-8610-1e890b4b9846\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"18651fd1-ac7a-4ab0-8610-1e890b4b9846\":{\"columnOrder\":[\"1871eda3-319f-46ab-949b-2e2bf749c54d\",\"0aab9f3f-951e-4d6f-8597-64dc7f874ef9\"],\"columns\":{\"0aab9f3f-951e-4d6f-8597-64dc7f874ef9\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"1871eda3-319f-46ab-949b-2e2bf749c54d\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Event Action\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0aab9f3f-951e-4d6f-8597-64dc7f874ef9\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"event.action\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"18651fd1-ac7a-4ab0-8610-1e890b4b9846\",\"layerType\":\"data\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"1871eda3-319f-46ab-949b-2e2bf749c54d\"],\"metrics\":[\"0aab9f3f-951e-4d6f-8597-64dc7f874ef9\"]}],\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Drive Events by Event Action [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"f334e21c-1d4d-426c-953e-dbb45d99219e\",\"w\":24,\"x\":0,\"y\":32},\"panelIndex\":\"f334e21c-1d4d-426c-953e-dbb45d99219e\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":0,\"id\":\"8b7f0824-9e4a-41c8-b2b9-b0a7d9a00273\",\"index_pattern_ref_name\":\"metrics_f334e21c-1d4d-426c-953e-dbb45d99219e_0_index_pattern\",\"interval\":\"\",\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"default\",\"id\":\"65ff96dc-8f2a-4a60-92a3-ad0f249b245d\",\"label\":\"Country Name\",\"line_width\":1,\"metrics\":[{\"id\":\"e68be7b0-708a-400b-badb-0175c3224d21\",\"type\":\"count\"}],\"override_index_pattern\":0,\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"point_size\":1,\"separate_axis\":0,\"series_drop_last_bucket\":0,\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"source.geo.country_name\",\"time_range_mode\":\"entire_time_range\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"timeseries\",\"use_kibana_indexes\":true},\"title\":\"\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Drive Activity by Country Over Time [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"5abea4dd-c858-4dfd-bc80-d949ef49a10b\",\"w\":24,\"x\":24,\"y\":32},\"panelIndex\":\"5abea4dd-c858-4dfd-bc80-d949ef49a10b\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-aacc9a6c-42f7-426a-b5c2-030c3d002d6e\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"02f23398-a7dc-47f2-9e72-697f63c0020a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"aacc9a6c-42f7-426a-b5c2-030c3d002d6e\":{\"columnOrder\":[\"922c01da-1df7-46cf-8076-58bc33def986\",\"2ff3a275-f906-4af9-9c77-7581805436cd\"],\"columns\":{\"2ff3a275-f906-4af9-9c77-7581805436cd\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"922c01da-1df7-46cf-8076-58bc33def986\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Document Title\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"2ff3a275-f906-4af9-9c77-7581805436cd\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"file.name\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"02f23398-a7dc-47f2-9e72-697f63c0020a\",\"key\":\"event.action\",\"negate\":false,\"params\":{\"query\":\"upload\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.action\":\"upload\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"922c01da-1df7-46cf-8076-58bc33def986\",\"isTransposed\":false},{\"columnId\":\"2ff3a275-f906-4af9-9c77-7581805436cd\",\"isTransposed\":false}],\"layerId\":\"aacc9a6c-42f7-426a-b5c2-030c3d002d6e\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top 10 Uploads by Title [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"4bc634ec-bd01-47a4-9f99-5e43edc2de2a\",\"w\":24,\"x\":0,\"y\":47},\"panelIndex\":\"4bc634ec-bd01-47a4-9f99-5e43edc2de2a\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-065ef144-3d40-40fa-ba4a-df4b27642fff\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"065ef144-3d40-40fa-ba4a-df4b27642fff\":{\"columnOrder\":[\"df0aa4ec-73f8-40d4-93d2-135f2b22a3d8\",\"c6ba95bd-d627-412a-adc5-517d63660ad4\"],\"columns\":{\"c6ba95bd-d627-412a-adc5-517d63660ad4\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"df0aa4ec-73f8-40d4-93d2-135f2b22a3d8\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Document Type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"c6ba95bd-d627-412a-adc5-517d63660ad4\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"google_workspace.drive.file.type\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"c6ba95bd-d627-412a-adc5-517d63660ad4\"],\"layerId\":\"065ef144-3d40-40fa-ba4a-df4b27642fff\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"df0aa4ec-73f8-40d4-93d2-135f2b22a3d8\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Distribution of Drive Events by Document Type [Logs Google Workspace]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"2606ea99-ab2d-4a46-9528-f254bd341971\",\"w\":24,\"x\":24,\"y\":47},\"panelIndex\":\"2606ea99-ab2d-4a46-9528-f254bd341971\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-944c8671-ceff-4edc-b04e-850f6442d26a\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"9e5838ff-215b-4024-815f-970935f28fc7\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"944c8671-ceff-4edc-b04e-850f6442d26a\":{\"columnOrder\":[\"e0167364-5a48-495f-9afe-2e61df1135d6\",\"70a5231f-a46a-4ac2-8b7d-9095f2eceb05\"],\"columns\":{\"70a5231f-a46a-4ac2-8b7d-9095f2eceb05\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"e0167364-5a48-495f-9afe-2e61df1135d6\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Viewed Documents\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"70a5231f-a46a-4ac2-8b7d-9095f2eceb05\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"file.name\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"9e5838ff-215b-4024-815f-970935f28fc7\",\"key\":\"event.action\",\"negate\":false,\"params\":{\"query\":\"view\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.action\":\"view\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"e0167364-5a48-495f-9afe-2e61df1135d6\",\"isTransposed\":false},{\"columnId\":\"70a5231f-a46a-4ac2-8b7d-9095f2eceb05\",\"isTransposed\":false}],\"layerId\":\"944c8671-ceff-4edc-b04e-850f6442d26a\",\"layerType\":\"data\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Top 10 Viewed Documents [Logs Google Workspace]\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":19,\"i\":\"c0550726-6ce7-4d12-a078-3903beb1b4f8\",\"w\":48,\"x\":0,\"y\":62},\"panelIndex\":\"c0550726-6ce7-4d12-a078-3903beb1b4f8\",\"panelRefName\":\"panel_c0550726-6ce7-4d12-a078-3903beb1b4f8\",\"type\":\"search\",\"version\":\"8.4.0\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":19,\"i\":\"cb11b1b1-3767-4eeb-92b3-b05d38a01d78\",\"w\":48,\"x\":0,\"y\":81},\"panelIndex\":\"cb11b1b1-3767-4eeb-92b3-b05d38a01d78\",\"panelRefName\":\"panel_cb11b1b1-3767-4eeb-92b3-b05d38a01d78\",\"type\":\"search\",\"version\":\"8.4.0\"}]","timeRestore":false,"title":"[Logs Google Workspace] Drive","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"google_workspace-f8210e80-3b28-11ed-8bdd-f5c5df6c1370","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"88d9b7a3-a631-4079-a36f-0ce9401f59d8:layer_1_source_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"13fdbdfd-2204-42e6-a0df-5ec6abd24eb2:indexpattern-datasource-layer-23370ea2-03f9-4302-8b0c-4c4ee6a81318","type":"index-pattern"},{"id":"logs-*","name":"13fdbdfd-2204-42e6-a0df-5ec6abd24eb2:b3241535-72fc-4880-8186-e0e663c80620","type":"index-pattern"},{"id":"logs-*","name":"d59d4f9e-73e8-48ab-9f31-3f36a9b49d0e:indexpattern-datasource-layer-18651fd1-ac7a-4ab0-8610-1e890b4b9846","type":"index-pattern"},{"id":"logs-*","name":"f334e21c-1d4d-426c-953e-dbb45d99219e:metrics_f334e21c-1d4d-426c-953e-dbb45d99219e_0_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"5abea4dd-c858-4dfd-bc80-d949ef49a10b:indexpattern-datasource-layer-aacc9a6c-42f7-426a-b5c2-030c3d002d6e","type":"index-pattern"},{"id":"logs-*","name":"5abea4dd-c858-4dfd-bc80-d949ef49a10b:02f23398-a7dc-47f2-9e72-697f63c0020a","type":"index-pattern"},{"id":"logs-*","name":"4bc634ec-bd01-47a4-9f99-5e43edc2de2a:indexpattern-datasource-layer-065ef144-3d40-40fa-ba4a-df4b27642fff","type":"index-pattern"},{"id":"logs-*","name":"2606ea99-ab2d-4a46-9528-f254bd341971:indexpattern-datasource-layer-944c8671-ceff-4edc-b04e-850f6442d26a","type":"index-pattern"},{"id":"logs-*","name":"2606ea99-ab2d-4a46-9528-f254bd341971:9e5838ff-215b-4024-815f-970935f28fc7","type":"index-pattern"},{"id":"google_workspace-1cac9ed0-3b2f-11ed-8bdd-f5c5df6c1370","name":"c0550726-6ce7-4d12-a078-3903beb1b4f8:panel_c0550726-6ce7-4d12-a078-3903beb1b4f8","type":"search"},{"id":"google_workspace-2c40f770-3b24-11ed-8bdd-f5c5df6c1370","name":"cb11b1b1-3767-4eeb-92b3-b05d38a01d78:panel_cb11b1b1-3767-4eeb-92b3-b05d38a01d78","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-google_workspace-default","name":"tag-ref-fleet-pkg-google_workspace-default","type":"tag"}],"sort":[1688996741503,8057],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4MDgsMV0="}
+{"attributes":{"columns":["action_id","osquery.path","agent.name"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"action_id:pack_ossec-rootkit\"},\"version\":true}"},"sort":[["@timestamp","desc"]],"title":"OSSEC Rootkits [Osquery Manager]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"osquery_manager-0fe5dc00-f49b-11e7-8647-534bb4c21040","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-osquery_manager-default","name":"tag-ref-fleet-pkg-osquery_manager-default","type":"tag"}],"sort":[1688996741503,8061],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4MDksMV0="}
+{"attributes":{"columns":["action_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"action_id:pack_it-compliance_os_version\"},\"version\":true}"},"sort":[["@timestamp","desc"]],"title":"OS versions [Osquery Manager]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"osquery_manager-b5d6baa0-eb02-11e7-8f04-51231daa5b05","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-osquery_manager-default","name":"tag-ref-fleet-pkg-osquery_manager-default","type":"tag"}],"sort":[1688996741503,8065],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4MTAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"savedSearchRefName":"search_0","title":"OS versions [Osquery Manager]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"field\":\"host.hostname\"},\"schema\":\"metric\",\"type\":\"cardinality\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"field\":\"osquery.platform_like\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"osquery.name\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"osquery.version\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"OS versions [Osquery Manager]\",\"type\":\"pie\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"osquery_manager-1da1ed30-eb03-11e7-8f04-51231daa5b05","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"osquery_manager-b5d6baa0-eb02-11e7-8f04-51231daa5b05","name":"search_0","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-osquery_manager-default","name":"tag-ref-fleet-pkg-osquery_manager-default","type":"tag"}],"sort":[1688996741503,8069],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4MTEsMV0="}
+{"attributes":{"columns":["action_id","osquery.name","osquery.status"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"action_id:pack_it-compliance_kernel_integrations\"},\"version\":true}"},"sort":[["@timestamp","desc"]],"title":"Kernel integrations [Osquery Manager]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"osquery_manager-f59e21e0-eb03-11e7-8f04-51231daa5b05","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-osquery_manager-default","name":"tag-ref-fleet-pkg-osquery_manager-default","type":"tag"}],"sort":[1688996741503,8073],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4MTIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"osquery.status\",\"negate\":false,\"params\":{\"query\":\"Live\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"Live\"},\"query\":{\"match\":{\"osquery.status\":{\"query\":\"Live\",\"type\":\"phrase\"}}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"savedSearchRefName":"search_0","title":"Number of Kernel integrations [Osquery Manager]","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Live Kernel integrations\",\"field\":\"osquery.name\"},\"schema\":\"metric\",\"type\":\"cardinality\"}],\"params\":{\"addLegend\":true,\"addTooltip\":true,\"gauge\":{\"alignment\":\"horizontal\",\"backStyle\":\"Full\",\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"extendRange\":true,\"gaugeColorMode\":\"Labels\",\"gaugeStyle\":\"Full\",\"gaugeType\":\"Arc\",\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"orientation\":\"vertical\",\"percentageMode\":false,\"scale\":{\"color\":\"#333\",\"labels\":false,\"show\":true},\"style\":{\"bgColor\":false,\"bgFill\":\"#eee\",\"bgMask\":false,\"bgWidth\":0.9,\"fontSize\":60,\"labelColor\":true,\"mask\":false,\"maskBars\":50,\"subText\":\"\",\"width\":0.9},\"type\":\"meter\"},\"isDisplayWarning\":false,\"type\":\"gauge\"},\"title\":\"Number of Kernel integrations [Osquery Manager]\",\"type\":\"gauge\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"osquery_manager-240f3630-eb05-11e7-8f04-51231daa5b05","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"osquery_manager-f59e21e0-eb03-11e7-8f04-51231daa5b05","name":"search_0","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-osquery_manager-default","name":"tag-ref-fleet-pkg-osquery_manager-default","type":"tag"}],"sort":[1688996741503,8078],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4MTMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Navigation [Osquery Manager]","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Navigation [Osquery Manager]\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":10,\"markdown\":\"[Compliance](#/dashboard/osquery_manager-69f5ae20-eb02-11e7-8f04-51231daa5b05) | [OSSEC Rootkit](#/dashboard/osquery_manager-c0a7ce90-f4aa-11e7-8647-534bb4c21040)\",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"osquery_manager-2d6e0760-f4ab-11e7-8647-534bb4c21040","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-osquery_manager-default","name":"tag-ref-fleet-pkg-osquery_manager-default","type":"tag"}],"sort":[1688996741503,8081],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4MTQsMV0="}
+{"attributes":{"columns":["osquery.name","osquery.version","osquery.revision"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"action_id:pack_it-compliance_deb_packages\"},\"version\":true}"},"sort":[["@timestamp","desc"]],"title":"DEB packages installed [Osquery Manager]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"osquery_manager-3824b080-eb02-11e7-8f04-51231daa5b05","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-osquery_manager-default","name":"tag-ref-fleet-pkg-osquery_manager-default","type":"tag"}],"sort":[1688996741503,8085],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4MTUsMV0="}
+{"attributes":{"columns":["osquery.path","osquery.type","osquery.flags"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"action_id:pack_it-compliance_mounts\"},\"version\":true}"},"sort":[["@timestamp","desc"]],"title":"Mounts [Osquery Manager]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"osquery_manager-7a9482d0-eb00-11e7-8f04-51231daa5b05","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-osquery_manager-default","name":"tag-ref-fleet-pkg-osquery_manager-default","type":"tag"}],"sort":[1688996741503,8089],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4MTYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"savedSearchRefName":"search_0","title":"Mounts by type [Osquery Manager]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"osquery.path\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":10},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"osquery.type\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Mounts by type [Osquery Manager]\",\"type\":\"pie\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"osquery_manager-a9fd8bb0-eb01-11e7-8f04-51231daa5b05","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"osquery_manager-7a9482d0-eb00-11e7-8f04-51231daa5b05","name":"search_0","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-osquery_manager-default","name":"tag-ref-fleet-pkg-osquery_manager-default","type":"tag"}],"sort":[1688996741503,8093],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4MTcsMV0="}
+{"attributes":{"description":"Dashboard for visualizing the data collected by the Osquery compliance pack.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"query\":{\"language\":\"kuery\",\"query\":\"event.module:osquery_manager\"},\"version\":true}"},"optionsJSON":"{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":16,\"i\":\"1\",\"w\":24,\"x\":24,\"y\":15},\"panelIndex\":\"1\",\"panelRefName\":\"panel_0\",\"version\":\"7.11.0-SNAPSHOT\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":15,\"i\":\"2\",\"w\":28,\"x\":20,\"y\":0},\"panelIndex\":\"2\",\"panelRefName\":\"panel_1\",\"version\":\"7.11.0-SNAPSHOT\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":16,\"i\":\"3\",\"w\":24,\"x\":0,\"y\":15},\"panelIndex\":\"3\",\"panelRefName\":\"panel_2\",\"version\":\"7.11.0-SNAPSHOT\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":11,\"i\":\"4\",\"w\":11,\"x\":0,\"y\":4},\"panelIndex\":\"4\",\"panelRefName\":\"panel_3\",\"version\":\"7.11.0-SNAPSHOT\"},{\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"},\"legendOpen\":false}},\"gridData\":{\"h\":11,\"i\":\"5\",\"w\":9,\"x\":11,\"y\":4},\"panelIndex\":\"5\",\"panelRefName\":\"panel_4\",\"version\":\"7.11.0-SNAPSHOT\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":4,\"i\":\"6\",\"w\":20,\"x\":0,\"y\":0},\"panelIndex\":\"6\",\"panelRefName\":\"panel_5\",\"version\":\"7.11.0-SNAPSHOT\"}]","timeRestore":false,"title":"[Osquery Manager] Compliance pack","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"osquery_manager-69f5ae20-eb02-11e7-8f04-51231daa5b05","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"osquery_manager-7a9482d0-eb00-11e7-8f04-51231daa5b05","name":"panel_0","type":"search"},{"id":"osquery_manager-a9fd8bb0-eb01-11e7-8f04-51231daa5b05","name":"panel_1","type":"visualization"},{"id":"osquery_manager-3824b080-eb02-11e7-8f04-51231daa5b05","name":"panel_2","type":"search"},{"id":"osquery_manager-1da1ed30-eb03-11e7-8f04-51231daa5b05","name":"panel_3","type":"visualization"},{"id":"osquery_manager-240f3630-eb05-11e7-8f04-51231daa5b05","name":"panel_4","type":"visualization"},{"id":"osquery_manager-2d6e0760-f4ab-11e7-8647-534bb4c21040","name":"panel_5","type":"visualization"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-osquery_manager-default","name":"tag-ref-fleet-pkg-osquery_manager-default","type":"tag"}],"sort":[1688996741503,8102],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4MTgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Info OSSEC rootkit [Osquery Manager]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"This dashboard shows data collected by the ossec-rootkit pack from osquery.\"},\"title\":\"Info OSSEC rootkit [Osquery Manager]\",\"type\":\"markdown\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"osquery_manager-6ec10290-f4aa-11e7-8647-534bb4c21040","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-osquery_manager-default","name":"tag-ref-fleet-pkg-osquery_manager-default","type":"tag"}],"sort":[1688996741503,8105],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4MTksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"savedSearchRefName":"search_0","title":"Number of hosts infected [Osquery Manager]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Hosts\",\"field\":\"agent.name\"},\"schema\":\"metric\",\"type\":\"cardinality\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":40,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Number of hosts infected [Osquery Manager]\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"osquery_manager-ab587180-f4a9-11e7-8647-534bb4c21040","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"osquery_manager-0fe5dc00-f49b-11e7-8647-534bb4c21040","name":"search_0","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-osquery_manager-default","name":"tag-ref-fleet-pkg-osquery_manager-default","type":"tag"}],"sort":[1688996741503,8109],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4MjAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"savedSearchRefName":"search_0","title":"Number of rootkits found [Osquery Manager]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Rootkits\",\"field\":\"action_id\"},\"schema\":\"metric\",\"type\":\"cardinality\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":40,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Number of rootkits found [Osquery Manager]\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"osquery_manager-ffdbba50-f4a9-11e7-8647-534bb4c21040","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"osquery_manager-0fe5dc00-f49b-11e7-8647-534bb4c21040","name":"search_0","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-osquery_manager-default","name":"tag-ref-fleet-pkg-osquery_manager-default","type":"tag"}],"sort":[1688996741503,8113],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4MjEsMV0="}
+{"attributes":{"description":"This dashboard shows data collected by the OSSEC rootkit pack from osquery","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"query\":{\"language\":\"kuery\",\"query\":\"event.module:osquery_manager\"},\"version\":true,\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.2.0\",\"type\":\"visualization\",\"gridData\":{\"x\":7,\"y\":0,\"w\":24,\"h\":5,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"panelRefName\":\"panel_1\"},{\"version\":\"8.2.0\",\"type\":\"visualization\",\"gridData\":{\"x\":37,\"y\":0,\"w\":6,\"h\":5,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"panelRefName\":\"panel_2\"},{\"version\":\"8.2.0\",\"type\":\"visualization\",\"gridData\":{\"x\":31,\"y\":0,\"w\":6,\"h\":5,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"panelRefName\":\"panel_3\"},{\"version\":\"8.2.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":7,\"h\":5,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"8.2.0\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":5,\"w\":43,\"h\":20,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"}]","timeRestore":false,"title":"[Osquery Manager] OSSEC rootkit pack","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"osquery_manager-c0a7ce90-f4aa-11e7-8647-534bb4c21040","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"osquery_manager-6ec10290-f4aa-11e7-8647-534bb4c21040","name":"1:panel_1","type":"visualization"},{"id":"osquery_manager-ffdbba50-f4a9-11e7-8647-534bb4c21040","name":"2:panel_2","type":"visualization"},{"id":"osquery_manager-ab587180-f4a9-11e7-8647-534bb4c21040","name":"3:panel_3","type":"visualization"},{"id":"osquery_manager-2d6e0760-f4ab-11e7-8647-534bb4c21040","name":"4:panel_4","type":"visualization"},{"id":"osquery_manager-0fe5dc00-f49b-11e7-8647-534bb4c21040","name":"5:panel_5","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-osquery_manager-default","name":"tag-ref-fleet-pkg-osquery_manager-default","type":"tag"}],"sort":[1688996741503,8121],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4MjIsMV0="}
+{"attributes":{"columns":["host.name","message","redis.slowlog.duration.us","redis.slowlog.key"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:redis.slowlog\"},\"version\":true}"},"sort":[["@timestamp","desc"]],"title":"Slow logs [Logs Redis]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"redis-0ab87b80-478e-11e7-b1f0-cb29bac6bf8b","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-redis-default","name":"tag-ref-fleet-pkg-redis-default","type":"tag"}],"sort":[1688996741503,8125],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4MjMsMV0="}
+{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{\"88495d21-6261-4c60-8de6-e9aa688b2085\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"title\":\"Keyspace\",\"fieldName\":\"redis.keyspace.id\",\"id\":\"88495d21-6261-4c60-8de6-e9aa688b2085\",\"selectedOptions\":[\"db0\",\"db1\"],\"enhancements\":{}}}}"},"description":"Redis keys metrics","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"redis.keyspace.id\",\"negate\":false,\"params\":[\"db0\",\"db1\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"redis.keyspace.id\":\"db0\"}},{\"match_phrase\":{\"redis.keyspace.id\":\"db1\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"79fa7446-f3ce-466c-a4b5-bd4fde483e5d\",\"w\":12,\"x\":0,\"y\":0},\"panelIndex\":\"79fa7446-f3ce-466c-a4b5-bd4fde483e5d\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-9d7816a6-2ec8-4b54-aecf-ae00937afd79\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"9d7816a6-2ec8-4b54-aecf-ae00937afd79\":{\"columnOrder\":[\"6b75ecc1-b2d2-4493-82db-b6d84d591a29\",\"fc3ea097-f4a0-4adf-8f5e-e511e2daa39e\",\"7489bf17-cd18-46e5-b971-4b8000b11708\"],\"columns\":{\"6b75ecc1-b2d2-4493-82db-b6d84d591a29\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Key type\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"7489bf17-cd18-46e5-b971-4b8000b11708\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"redis.key.type\"},\"7489bf17-cd18-46e5-b971-4b8000b11708\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Number of keys\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"redis.key.id\"},\"fc3ea097-f4a0-4adf-8f5e-e511e2daa39e\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"includeEmptyRows\":false,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"emphasizeFitting\":false,\"fittingFunction\":\"Linear\",\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"layers\":[{\"accessors\":[\"7489bf17-cd18-46e5-b971-4b8000b11708\"],\"layerId\":\"9d7816a6-2ec8-4b54-aecf-ae00937afd79\",\"layerType\":\"data\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"6b75ecc1-b2d2-4493-82db-b6d84d591a29\",\"xAccessor\":\"fc3ea097-f4a0-4adf-8f5e-e511e2daa39e\",\"yConfig\":[{\"axisMode\":\"left\",\"forAccessor\":\"7489bf17-cd18-46e5-b971-4b8000b11708\"}]}],\"legend\":{\"isVisible\":false,\"legendSize\":\"auto\",\"position\":\"right\",\"showSingleSeries\":false},\"preferredSeriesType\":\"line\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"yTitle\":\"Number of keys\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Keys by type\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"3199303d-19cf-430f-ab40-ac73f0ec9ea2\",\"w\":36,\"x\":12,\"y\":0},\"panelIndex\":\"3199303d-19cf-430f-ab40-ac73f0ec9ea2\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-ab5b97a3-2883-46a9-8740-a9e19a13bc0d\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"dd769d1f-2e9d-43b5-b55c-07041bda88c6\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"ab5b97a3-2883-46a9-8740-a9e19a13bc0d\":{\"columnOrder\":[\"e515d55b-1227-4b78-af88-7062dd8a3195\",\"984c366d-3801-4b1d-af7c-d486ee563cf5\",\"39b25dd7-6f66-4279-a12e-23689aa73f60\"],\"columns\":{\"39b25dd7-6f66-4279-a12e-23689aa73f60\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Number of elements\",\"operationType\":\"max\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"redis.key.length\"},\"984c366d-3801-4b1d-af7c-d486ee563cf5\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":false,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"e515d55b-1227-4b78-af88-7062dd8a3195\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Keyspace\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"39b25dd7-6f66-4279-a12e-23689aa73f60\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"multi_terms\"},\"secondaryFields\":[\"redis.key.name\"],\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"redis.keyspace.id\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"dd769d1f-2e9d-43b5-b55c-07041bda88c6\",\"key\":\"redis.key.type\",\"negate\":false,\"params\":{\"query\":\"list\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"redis.key.type\":\"list\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"curveType\":\"LINEAR\",\"endValue\":\"None\",\"fittingFunction\":\"Linear\",\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"layers\":[{\"accessors\":[\"39b25dd7-6f66-4279-a12e-23689aa73f60\"],\"layerId\":\"ab5b97a3-2883-46a9-8740-a9e19a13bc0d\",\"layerType\":\"data\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"e515d55b-1227-4b78-af88-7062dd8a3195\",\"xAccessor\":\"984c366d-3801-4b1d-af7c-d486ee563cf5\",\"yConfig\":[{\"axisMode\":\"left\",\"forAccessor\":\"39b25dd7-6f66-4279-a12e-23689aa73f60\"}]}],\"legend\":{\"isVisible\":true,\"legendSize\":\"large\",\"position\":\"right\",\"shouldTruncate\":true,\"showSingleSeries\":true},\"preferredSeriesType\":\"line\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\",\"yTitle\":\"Number of elements\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Lists length\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"161bf113-0b65-4f2c-ad1c-64f06c8b2344\",\"w\":24,\"x\":0,\"y\":15},\"panelIndex\":\"161bf113-0b65-4f2c-ad1c-64f06c8b2344\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-a99f131f-7844-46d3-801d-3023f3eb35d2\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"5febc991-5629-423b-adfd-8d8fafa8c72d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a99f131f-7844-46d3-801d-3023f3eb35d2\":{\"columnOrder\":[\"d754cd8e-a5c1-4776-a991-0d6f76d283a8\",\"55655d47-efcd-4fd4-8f44-aecf4a2df817\",\"8323e01e-804a-48fe-857f-520ea53f8466\"],\"columns\":{\"55655d47-efcd-4fd4-8f44-aecf4a2df817\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"includeEmptyRows\":false,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"8323e01e-804a-48fe-857f-520ea53f8466\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average key size\",\"operationType\":\"average\",\"scale\":\"ratio\",\"sourceField\":\"redis.key.length\"},\"d754cd8e-a5c1-4776-a991-0d6f76d283a8\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Keyspace\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"8323e01e-804a-48fe-857f-520ea53f8466\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"redis.keyspace.id\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"5febc991-5629-423b-adfd-8d8fafa8c72d\",\"key\":\"redis.key.type\",\"negate\":false,\"params\":{\"query\":\"string\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"redis.key.type\":\"string\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"fittingFunction\":\"Linear\",\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"layers\":[{\"accessors\":[\"8323e01e-804a-48fe-857f-520ea53f8466\"],\"layerId\":\"a99f131f-7844-46d3-801d-3023f3eb35d2\",\"layerType\":\"data\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"d754cd8e-a5c1-4776-a991-0d6f76d283a8\",\"xAccessor\":\"55655d47-efcd-4fd4-8f44-aecf4a2df817\",\"yConfig\":[{\"axisMode\":\"left\",\"forAccessor\":\"8323e01e-804a-48fe-857f-520ea53f8466\"}]}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"showSingleSeries\":true},\"preferredSeriesType\":\"line\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"yTitle\":\"Average key size\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Average size of string keys\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"375cffab-4569-45e7-8848-c4464789a543\",\"w\":24,\"x\":24,\"y\":15},\"panelIndex\":\"375cffab-4569-45e7-8848-c4464789a543\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-93604465-9546-445d-8756-e2fe12469522\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"ed708dfe-6273-4fab-a1fb-8ed22b65de53\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"93604465-9546-445d-8756-e2fe12469522\":{\"columnOrder\":[\"88176cc2-3242-443a-b717-ca7e61a68ebb\",\"abc8f7d8-aa5e-489a-b23a-3a62e53f84eb\",\"f14d54b6-0cbc-46f1-a221-135fd946367a\"],\"columns\":{\"88176cc2-3242-443a-b717-ca7e61a68ebb\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Keyspace\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"f14d54b6-0cbc-46f1-a221-135fd946367a\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"multi_terms\"},\"secondaryFields\":[\"redis.key.type\"],\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"redis.keyspace.id\"},\"abc8f7d8-aa5e-489a-b23a-3a62e53f84eb\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":false,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"f14d54b6-0cbc-46f1-a221-135fd946367a\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average TTL\",\"operationType\":\"average\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"redis.key.expire.ttl\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"ed708dfe-6273-4fab-a1fb-8ed22b65de53\",\"key\":\"redis.key.expire.ttl\",\"negate\":false,\"params\":{\"gte\":0,\"lt\":null},\"type\":\"range\"},\"query\":{\"range\":{\"redis.key.expire.ttl\":{\"gte\":0,\"lt\":null}}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"endValue\":\"None\",\"fittingFunction\":\"Linear\",\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"layers\":[{\"accessors\":[\"f14d54b6-0cbc-46f1-a221-135fd946367a\"],\"layerId\":\"93604465-9546-445d-8756-e2fe12469522\",\"layerType\":\"data\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"splitAccessor\":\"88176cc2-3242-443a-b717-ca7e61a68ebb\",\"xAccessor\":\"abc8f7d8-aa5e-489a-b23a-3a62e53f84eb\",\"yConfig\":[{\"axisMode\":\"left\",\"forAccessor\":\"f14d54b6-0cbc-46f1-a221-135fd946367a\"}]}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":true,\"showSingleSeries\":true},\"preferredSeriesType\":\"line\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\",\"yTitle\":\"Average TTL\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Average keys TTL\"}]","timeRestore":false,"title":"[Metrics Redis] Keys","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"redis-28969190-0511-11e9-9c60-d582a238e2c5","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"79fa7446-f3ce-466c-a4b5-bd4fde483e5d:indexpattern-datasource-layer-9d7816a6-2ec8-4b54-aecf-ae00937afd79","type":"index-pattern"},{"id":"metrics-*","name":"3199303d-19cf-430f-ab40-ac73f0ec9ea2:indexpattern-datasource-layer-ab5b97a3-2883-46a9-8740-a9e19a13bc0d","type":"index-pattern"},{"id":"metrics-*","name":"3199303d-19cf-430f-ab40-ac73f0ec9ea2:dd769d1f-2e9d-43b5-b55c-07041bda88c6","type":"index-pattern"},{"id":"metrics-*","name":"161bf113-0b65-4f2c-ad1c-64f06c8b2344:indexpattern-datasource-layer-a99f131f-7844-46d3-801d-3023f3eb35d2","type":"index-pattern"},{"id":"metrics-*","name":"161bf113-0b65-4f2c-ad1c-64f06c8b2344:5febc991-5629-423b-adfd-8d8fafa8c72d","type":"index-pattern"},{"id":"metrics-*","name":"375cffab-4569-45e7-8848-c4464789a543:indexpattern-datasource-layer-93604465-9546-445d-8756-e2fe12469522","type":"index-pattern"},{"id":"metrics-*","name":"375cffab-4569-45e7-8848-c4464789a543:ed708dfe-6273-4fab-a1fb-8ed22b65de53","type":"index-pattern"},{"id":"metrics-*","name":"controlGroup_88495d21-6261-4c60-8de6-e9aa688b2085:optionsListDataView","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-redis-default","name":"tag-ref-fleet-pkg-redis-default","type":"tag"}],"sort":[1688996741503,8137],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4MjQsMV0="}
+{"attributes":{"columns":["host.name","log.level","redis.log.role","message"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"redis.log\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"redis.log\"}}}],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"version\":true}"},"sort":[["@timestamp","desc"]],"title":"Logs [Logs Redis]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"redis-73613570-4791-11e7-be88-2ddb32f3df97","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-redis-default","name":"tag-ref-fleet-pkg-redis-default","type":"tag"}],"sort":[1688996741503,8143],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4MjUsMV0="}
+{"attributes":{"description":"Overview dashboard for the FIlebeat Redis integration","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"version\":true}"},"optionsJSON":"{\"darkTheme\":false,\"syncColors\":true}","panelsJSON":"[{\"embeddableConfig\":{\"columns\":[\"host.name\",\"log.level\",\"redis.log.role\",\"message\"],\"enhancements\":{},\"sort\":[[\"@timestamp\",\"desc\"]]},\"gridData\":{\"h\":16,\"i\":\"4\",\"w\":48,\"x\":0,\"y\":30},\"panelIndex\":\"4\",\"panelRefName\":\"panel_4\",\"type\":\"search\",\"version\":\"8.3.0\"},{\"embeddableConfig\":{\"columns\":[\"host.name\",\"message\",\"redis.slowlog.duration.us\",\"redis.slowlog.key\"],\"enhancements\":{},\"sort\":[]},\"gridData\":{\"h\":16,\"i\":\"6\",\"w\":24,\"x\":0,\"y\":0},\"panelIndex\":\"6\",\"panelRefName\":\"panel_6\",\"type\":\"search\",\"version\":\"8.3.0\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":16,\"i\":\"048af531-a2d5-4a14-b7d2-6156dce83cbc\",\"w\":24,\"x\":24,\"y\":0},\"panelIndex\":\"048af531-a2d5-4a14-b7d2-6156dce83cbc\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-c0de1034-34c9-4f6a-b525-e39bd578cd2f\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"c0de1034-34c9-4f6a-b525-e39bd578cd2f\":{\"columnOrder\":[\"0cba538d-a0cc-4d03-8dc7-9510396251ad\",\"62c9f6ca-0756-4950-9c84-4d05a6aa27a1\"],\"columns\":{\"0cba538d-a0cc-4d03-8dc7-9510396251ad\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Command\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"62c9f6ca-0756-4950-9c84-4d05a6aa27a1\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"redis.slowlog.cmd\"},\"62c9f6ca-0756-4950-9c84-4d05a6aa27a1\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Duration (microseconds)\",\"operationType\":\"max\",\"scale\":\"ratio\",\"sourceField\":\"redis.slowlog.duration.us\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:redis.slowlog\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":-45,\"yRight\":0},\"layers\":[{\"accessors\":[\"62c9f6ca-0756-4950-9c84-4d05a6aa27a1\"],\"layerId\":\"c0de1034-34c9-4f6a-b525-e39bd578cd2f\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"xAccessor\":\"0cba538d-a0cc-4d03-8dc7-9510396251ad\",\"yConfig\":[{\"axisMode\":\"left\",\"forAccessor\":\"62c9f6ca-0756-4950-9c84-4d05a6aa27a1\"}]}],\"legend\":{\"isVisible\":false,\"legendSize\":\"auto\",\"position\":\"right\",\"showSingleSeries\":false},\"preferredSeriesType\":\"bar_horizontal\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\",\"xTitle\":\"Command\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"yTitle\":\"\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Top slowest commands [Logs Redis]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":14,\"i\":\"62b73fa0-e562-4af6-9d4e-9158eba31a8b\",\"w\":14,\"x\":0,\"y\":16},\"panelIndex\":\"62b73fa0-e562-4af6-9d4e-9158eba31a8b\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-257bce71-5aee-4178-a2be-194e662bfb13\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"257bce71-5aee-4178-a2be-194e662bfb13\":{\"columnOrder\":[\"3e287c6c-a179-407b-8190-518aeb0a5a9b\",\"a222cc47-29f7-4207-9b62-38996bcf3dba\",\"bcd9cc84-7d4e-4511-918e-4cac501f3ecc\"],\"columns\":{\"3e287c6c-a179-407b-8190-518aeb0a5a9b\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"redis.log.role: Descending\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"bcd9cc84-7d4e-4511-918e-4cac501f3ecc\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"redis.log.role\"},\"a222cc47-29f7-4207-9b62-38996bcf3dba\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Log level\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"bcd9cc84-7d4e-4511-918e-4cac501f3ecc\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"log.level\"},\"bcd9cc84-7d4e-4511-918e-4cac501f3ecc\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:redis.log\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"257bce71-5aee-4178-a2be-194e662bfb13\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"legendPosition\":\"right\",\"nestedLegend\":true,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"3e287c6c-a179-407b-8190-518aeb0a5a9b\",\"a222cc47-29f7-4207-9b62-38996bcf3dba\"],\"metrics\":[\"bcd9cc84-7d4e-4511-918e-4cac501f3ecc\"]}],\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Log levels and roles breakdown [Logs Redis]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":14,\"i\":\"5150d808-cfa0-4a30-ab6f-e9517fa2ceec\",\"w\":34,\"x\":14,\"y\":16},\"panelIndex\":\"5150d808-cfa0-4a30-ab6f-e9517fa2ceec\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-ebb70b66-e024-4a14-b179-d15c72b605bf\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"ebb70b66-e024-4a14-b179-d15c72b605bf\":{\"columnOrder\":[\"54dd66c7-519e-421a-8957-1a9cc9f80ee1\",\"af9a34cf-82d8-44e2-b7b6-41d10f0ce82c\",\"dc980987-d01e-4f82-b7c5-d87eccb0b52e\"],\"columns\":{\"54dd66c7-519e-421a-8957-1a9cc9f80ee1\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"log.level: Descending\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"dc980987-d01e-4f82-b7c5-d87eccb0b52e\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"log.level\"},\"af9a34cf-82d8-44e2-b7b6-41d10f0ce82c\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"includeEmptyRows\":false,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"dc980987-d01e-4f82-b7c5-d87eccb0b52e\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:redis.log\"},\"visualization\":{\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"layers\":[{\"accessors\":[\"dc980987-d01e-4f82-b7c5-d87eccb0b52e\"],\"layerId\":\"ebb70b66-e024-4a14-b179-d15c72b605bf\",\"layerType\":\"data\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"splitAccessor\":\"54dd66c7-519e-421a-8957-1a9cc9f80ee1\",\"xAccessor\":\"af9a34cf-82d8-44e2-b7b6-41d10f0ce82c\",\"yConfig\":[{\"axisMode\":\"left\",\"forAccessor\":\"dc980987-d01e-4f82-b7c5-d87eccb0b52e\"}]}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"showSingleSeries\":true},\"preferredSeriesType\":\"bar_stacked\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"yTitle\":\"Count\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Logs over time [Logs Redis]\"}]","timeRestore":false,"title":"[Logs Redis] Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"redis-7fea2930-478e-11e7-b1f0-cb29bac6bf8b","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"redis-73613570-4791-11e7-be88-2ddb32f3df97","name":"4:panel_4","type":"search"},{"id":"redis-0ab87b80-478e-11e7-b1f0-cb29bac6bf8b","name":"6:panel_6","type":"search"},{"id":"logs-*","name":"048af531-a2d5-4a14-b7d2-6156dce83cbc:indexpattern-datasource-layer-c0de1034-34c9-4f6a-b525-e39bd578cd2f","type":"index-pattern"},{"id":"logs-*","name":"62b73fa0-e562-4af6-9d4e-9158eba31a8b:indexpattern-datasource-layer-257bce71-5aee-4178-a2be-194e662bfb13","type":"index-pattern"},{"id":"logs-*","name":"5150d808-cfa0-4a30-ab6f-e9517fa2ceec:indexpattern-datasource-layer-ebb70b66-e024-4a14-b179-d15c72b605bf","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-redis-default","name":"tag-ref-fleet-pkg-redis-default","type":"tag"}],"sort":[1688996741503,8151],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4MjYsMV0="}
+{"attributes":{"description":"Overview of Redis server metrics","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"version\":true}"},"optionsJSON":"{\"darkTheme\":false}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":14,\"i\":\"9587ad36-13de-4de0-8586-16065d55d029\",\"w\":12,\"x\":0,\"y\":0},\"panelIndex\":\"9587ad36-13de-4de0-8586-16065d55d029\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-42f14593-5da1-4fb7-adbc-aeb5e9a4e2cc\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"42f14593-5da1-4fb7-adbc-aeb5e9a4e2cc\":{\"columnOrder\":[\"659dc838-53d8-4d49-9133-e789047508c5\"],\"columns\":{\"659dc838-53d8-4d49-9133-e789047508c5\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Connected clients\",\"operationType\":\"max\",\"scale\":\"ratio\",\"sourceField\":\"redis.info.clients.connected\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:redis.info OR data_stream.dataset:redis.key OR data_stream.dataset:redis.keyspace)\"},\"visualization\":{\"accessor\":\"659dc838-53d8-4d49-9133-e789047508c5\",\"layerId\":\"42f14593-5da1-4fb7-adbc-aeb5e9a4e2cc\",\"layerType\":\"data\",\"size\":\"xl\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Clients [Metrics Redis]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":14,\"i\":\"452a1f6f-4931-4391-88bf-dfd23334b77b\",\"w\":20,\"x\":12,\"y\":0},\"panelIndex\":\"452a1f6f-4931-4391-88bf-dfd23334b77b\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-663fc5eb-ba63-4cb6-b9af-d996c9496392\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"663fc5eb-ba63-4cb6-b9af-d996c9496392\":{\"columnOrder\":[\"48692284-5798-41a9-91f7-5f7e7f3e46de\",\"1b56a011-fc01-44df-bcff-65f5cc07f133\",\"e9f31d33-1f86-42b0-a310-a37a94682a24\"],\"columns\":{\"1b56a011-fc01-44df-bcff-65f5cc07f133\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Connected\",\"operationType\":\"max\",\"scale\":\"ratio\",\"sourceField\":\"redis.info.clients.connected\"},\"48692284-5798-41a9-91f7-5f7e7f3e46de\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"includeEmptyRows\":false,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"e9f31d33-1f86-42b0-a310-a37a94682a24\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Blocked\",\"operationType\":\"max\",\"scale\":\"ratio\",\"sourceField\":\"redis.info.clients.blocked\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:redis.info OR data_stream.dataset:redis.key OR data_stream.dataset:redis.keyspace)\"},\"visualization\":{\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"layers\":[{\"accessors\":[\"1b56a011-fc01-44df-bcff-65f5cc07f133\",\"e9f31d33-1f86-42b0-a310-a37a94682a24\"],\"layerId\":\"663fc5eb-ba63-4cb6-b9af-d996c9496392\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"48692284-5798-41a9-91f7-5f7e7f3e46de\",\"yConfig\":[{\"axisMode\":\"left\",\"forAccessor\":\"1b56a011-fc01-44df-bcff-65f5cc07f133\"},{\"axisMode\":\"left\",\"color\":\"#c15c17\",\"forAccessor\":\"e9f31d33-1f86-42b0-a310-a37a94682a24\"}]}],\"legend\":{\"isVisible\":true,\"legendSize\":\"auto\",\"position\":\"right\",\"showSingleSeries\":true},\"preferredSeriesType\":\"bar_stacked\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"yTitle\":\"Count\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Connected clients [Metrics Redis]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":14,\"i\":\"6ceb010f-3be5-402d-a4cf-42f52a01d0db\",\"w\":16,\"x\":32,\"y\":0},\"panelIndex\":\"6ceb010f-3be5-402d-a4cf-42f52a01d0db\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-4b781053-c878-4b17-9517-9dbd0482b634\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"4b781053-c878-4b17-9517-9dbd0482b634\":{\"columnOrder\":[\"405f771b-81b2-472f-8253-e40fcf217393\",\"257a3660-149f-4109-8898-e968df8443b2\",\"5e1828a5-c90f-4166-9a03-ce8c082eda11\"],\"columns\":{\"257a3660-149f-4109-8898-e968df8443b2\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"includeEmptyRows\":false,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"405f771b-81b2-472f-8253-e40fcf217393\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Keyspaces\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"5e1828a5-c90f-4166-9a03-ce8c082eda11\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"redis.keyspace.id\"},\"5e1828a5-c90f-4166-9a03-ce8c082eda11\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Number of keys\",\"operationType\":\"average\",\"scale\":\"ratio\",\"sourceField\":\"redis.keyspace.keys\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:redis.info OR data_stream.dataset:redis.key OR data_stream.dataset:redis.keyspace)\"},\"visualization\":{\"emphasizeFitting\":false,\"fittingFunction\":\"Linear\",\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"layers\":[{\"accessors\":[\"5e1828a5-c90f-4166-9a03-ce8c082eda11\"],\"layerId\":\"4b781053-c878-4b17-9517-9dbd0482b634\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"area_stacked\",\"showGridlines\":false,\"splitAccessor\":\"405f771b-81b2-472f-8253-e40fcf217393\",\"xAccessor\":\"257a3660-149f-4109-8898-e968df8443b2\",\"yConfig\":[{\"axisMode\":\"left\",\"forAccessor\":\"5e1828a5-c90f-4166-9a03-ce8c082eda11\"}]}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"showSingleSeries\":true},\"preferredSeriesType\":\"area_stacked\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"yTitle\":\"Count\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Keyspaces [Metrics Redis]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"e38aacc7-f856-4306-86d2-3746d0143d6a\",\"w\":48,\"x\":0,\"y\":14},\"panelIndex\":\"e38aacc7-f856-4306-86d2-3746d0143d6a\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-0af489b3-738e-40c0-9ae4-43dd70bf9fed\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"0af489b3-738e-40c0-9ae4-43dd70bf9fed\":{\"columnOrder\":[\"50308496-2a4e-4b1a-853a-a36dbc7d5acd\",\"105df467-ea31-40ef-aea9-aecd0242bcb5\",\"67c478fc-b5f9-44f9-8fab-20cc58659a12\",\"cb63f311-87f5-47b1-915f-ffa1e5c92582\",\"b89a8033-9e4e-43c0-b11c-233b757fe699\",\"619deadb-3098-435a-9c28-3b77f8a1ffc7\"],\"columns\":{\"105df467-ea31-40ef-aea9-aecd0242bcb5\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Uptime (s)\",\"operationType\":\"max\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"redis.info.server.uptime\"},\"50308496-2a4e-4b1a-853a-a36dbc7d5acd\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"service.address: Descending\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"105df467-ea31-40ef-aea9-aecd0242bcb5\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"service.address\"},\"619deadb-3098-435a-9c28-3b77f8a1ffc7\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"CPU used (system)\",\"operationType\":\"max\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"redis.info.cpu.used.sys\"},\"67c478fc-b5f9-44f9-8fab-20cc58659a12\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"PID\",\"operationType\":\"max\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"process.pid\"},\"b89a8033-9e4e-43c0-b11c-233b757fe699\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"CPU used (user)\",\"operationType\":\"max\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"redis.info.cpu.used.user\"},\"cb63f311-87f5-47b1-915f-ffa1e5c92582\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Memory\",\"operationType\":\"max\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"redis.info.memory.used.peak\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:redis.info OR data_stream.dataset:redis.key OR data_stream.dataset:redis.keyspace)\"},\"visualization\":{\"columns\":[{\"columnId\":\"50308496-2a4e-4b1a-853a-a36dbc7d5acd\",\"isTransposed\":false},{\"alignment\":\"left\",\"columnId\":\"105df467-ea31-40ef-aea9-aecd0242bcb5\",\"isTransposed\":false},{\"alignment\":\"left\",\"columnId\":\"67c478fc-b5f9-44f9-8fab-20cc58659a12\",\"isTransposed\":false},{\"alignment\":\"left\",\"columnId\":\"cb63f311-87f5-47b1-915f-ffa1e5c92582\",\"isTransposed\":false},{\"alignment\":\"left\",\"columnId\":\"b89a8033-9e4e-43c0-b11c-233b757fe699\",\"isTransposed\":false},{\"alignment\":\"left\",\"columnId\":\"619deadb-3098-435a-9c28-3b77f8a1ffc7\",\"isTransposed\":false}],\"layerId\":\"0af489b3-738e-40c0-9ae4-43dd70bf9fed\",\"layerType\":\"data\",\"paging\":{\"enabled\":true,\"size\":10}}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Hosts [Metrics Redis]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"e59f5a8f-6f47-471c-bf7c-96d6eab6baf3\",\"w\":16,\"x\":0,\"y\":22},\"panelIndex\":\"e59f5a8f-6f47-471c-bf7c-96d6eab6baf3\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-495b0b3d-5f1c-49b0-ac9b-788f6f4d2b06\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"495b0b3d-5f1c-49b0-ac9b-788f6f4d2b06\":{\"columnOrder\":[\"d32bf426-f3bf-43f9-a1f6-825c2ac9cd5a\",\"3996a38e-2cff-4888-b0cc-234ec8debdf8\"],\"columns\":{\"3996a38e-2cff-4888-b0cc-234ec8debdf8\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Hosts\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"service.address\"},\"d32bf426-f3bf-43f9-a1f6-825c2ac9cd5a\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Multiplexing API\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"3996a38e-2cff-4888-b0cc-234ec8debdf8\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"service.version\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:redis.info OR data_stream.dataset:redis.key OR data_stream.dataset:redis.keyspace)\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"495b0b3d-5f1c-49b0-ac9b-788f6f4d2b06\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"d32bf426-f3bf-43f9-a1f6-825c2ac9cd5a\"],\"metrics\":[\"3996a38e-2cff-4888-b0cc-234ec8debdf8\"]}],\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Server Versions [Metrics Redis]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"989efbbc-7d45-466c-8bb3-9322a6fa6a46\",\"w\":16,\"x\":16,\"y\":22},\"panelIndex\":\"989efbbc-7d45-466c-8bb3-9322a6fa6a46\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-88f523d4-adf4-423a-9a09-a6ae74f410ff\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"88f523d4-adf4-423a-9a09-a6ae74f410ff\":{\"columnOrder\":[\"a60e9838-ac8c-440d-b42f-07cc81d2694c\",\"3f54a1a9-ff71-44a3-80f5-f16d7db12c58\"],\"columns\":{\"3f54a1a9-ff71-44a3-80f5-f16d7db12c58\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Hosts\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"service.address\"},\"a60e9838-ac8c-440d-b42f-07cc81d2694c\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Server mode\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"3f54a1a9-ff71-44a3-80f5-f16d7db12c58\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"redis.info.server.mode\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:redis.info OR data_stream.dataset:redis.key OR data_stream.dataset:redis.keyspace)\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"88f523d4-adf4-423a-9a09-a6ae74f410ff\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"a60e9838-ac8c-440d-b42f-07cc81d2694c\"],\"metrics\":[\"3f54a1a9-ff71-44a3-80f5-f16d7db12c58\"]}],\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Server mode [Metrics Redis]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"eed90cad-e313-4af5-b26b-965cfc02ea24\",\"w\":16,\"x\":32,\"y\":22},\"panelIndex\":\"eed90cad-e313-4af5-b26b-965cfc02ea24\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-7dd18b64-cbba-40ed-b1e3-56aa0f27f3f3\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"7dd18b64-cbba-40ed-b1e3-56aa0f27f3f3\":{\"columnOrder\":[\"cfccf32e-014a-43c4-b8f5-7bcc29ce6e46\",\"a2c1d752-9b78-45b8-ae86-f71e48c5fee1\"],\"columns\":{\"a2c1d752-9b78-45b8-ae86-f71e48c5fee1\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Hosts\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"service.address\"},\"cfccf32e-014a-43c4-b8f5-7bcc29ce6e46\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Multiplexing API\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"a2c1d752-9b78-45b8-ae86-f71e48c5fee1\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"redis.info.server.multiplexing_api\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:redis.info OR data_stream.dataset:redis.key OR data_stream.dataset:redis.keyspace)\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"default\",\"layerId\":\"7dd18b64-cbba-40ed-b1e3-56aa0f27f3f3\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"primaryGroups\":[\"cfccf32e-014a-43c4-b8f5-7bcc29ce6e46\"],\"metrics\":[\"a2c1d752-9b78-45b8-ae86-f71e48c5fee1\"]}],\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"shape\":\"pie\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Multiplexing API [Metrics Redis]\"}]","timeRestore":false,"title":"[Metrics Redis] Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"redis-AV4YjZ5pux-M-tCAunxK","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"metrics-*","name":"9587ad36-13de-4de0-8586-16065d55d029:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"9587ad36-13de-4de0-8586-16065d55d029:indexpattern-datasource-layer-42f14593-5da1-4fb7-adbc-aeb5e9a4e2cc","type":"index-pattern"},{"id":"metrics-*","name":"452a1f6f-4931-4391-88bf-dfd23334b77b:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"452a1f6f-4931-4391-88bf-dfd23334b77b:indexpattern-datasource-layer-663fc5eb-ba63-4cb6-b9af-d996c9496392","type":"index-pattern"},{"id":"metrics-*","name":"6ceb010f-3be5-402d-a4cf-42f52a01d0db:indexpattern-datasource-layer-4b781053-c878-4b17-9517-9dbd0482b634","type":"index-pattern"},{"id":"metrics-*","name":"e38aacc7-f856-4306-86d2-3746d0143d6a:indexpattern-datasource-layer-0af489b3-738e-40c0-9ae4-43dd70bf9fed","type":"index-pattern"},{"id":"metrics-*","name":"e59f5a8f-6f47-471c-bf7c-96d6eab6baf3:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"e59f5a8f-6f47-471c-bf7c-96d6eab6baf3:indexpattern-datasource-layer-495b0b3d-5f1c-49b0-ac9b-788f6f4d2b06","type":"index-pattern"},{"id":"metrics-*","name":"989efbbc-7d45-466c-8bb3-9322a6fa6a46:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"989efbbc-7d45-466c-8bb3-9322a6fa6a46:indexpattern-datasource-layer-88f523d4-adf4-423a-9a09-a6ae74f410ff","type":"index-pattern"},{"id":"metrics-*","name":"eed90cad-e313-4af5-b26b-965cfc02ea24:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"eed90cad-e313-4af5-b26b-965cfc02ea24:indexpattern-datasource-layer-7dd18b64-cbba-40ed-b1e3-56aa0f27f3f3","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-redis-default","name":"tag-ref-fleet-pkg-redis-default","type":"tag"}],"sort":[1688996741503,8166],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4MjcsMV0="}
+{"attributes":{"columns":["user.name","user.domain","winlog.logon.id","event.action","winlog.logon.type","winlog.event_data.SubjectUserName"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4625\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.code\":\"4625\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"winlog.provider_name\",\"negate\":false,\"params\":{\"query\":\"Microsoft-Windows-Security-Auditing\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"winlog.provider_name\":\"Microsoft-Windows-Security-Auditing\"}}}],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"},\"version\":true}"},"sort":[["@timestamp","desc"]],"title":"User Logouts [Windows System Security]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"system-06b6b060-7a80-11ea-bc9a-0baf2ca323a3","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"system-fleet-managed-default","name":"tag-ref-system-fleet-managed-default","type":"tag"},{"id":"system-fleet-pkg-system-default","name":"tag-ref-system-fleet-pkg-system-default","type":"tag"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-system-default","name":"tag-ref-fleet-pkg-system-default","type":"tag"}],"sort":[1688996741503,8174],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4MjgsMV0="}
+{"attributes":{"columns":["user.name","user.id","group.id","system.auth.useradd.home","system.auth.useradd.shell"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"system.auth.useradd:*\"}}"},"sort":[["@timestamp","desc"]],"title":"useradd logs [Logs System]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"system-8030c1b0-fa77-11e6-ae9b-81e5311e8cab","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"system-fleet-managed-default","name":"tag-ref-system-fleet-managed-default","type":"tag"},{"id":"system-fleet-pkg-system-default","name":"tag-ref-system-fleet-pkg-system-default","type":"tag"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-system-default","name":"tag-ref-fleet-pkg-system-default","type":"tag"}],"sort":[1688996741503,8180],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4MjksMV0="}
+{"attributes":{"columns":["group.name","group.id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"system.auth.groupadd:*\"}}"},"sort":[["@timestamp","desc"]],"title":"groupadd logs [Logs System]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"system-eb0039f0-fa7f-11e6-a1df-a78bd7504d38","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"system-fleet-managed-default","name":"tag-ref-system-fleet-managed-default","type":"tag"},{"id":"system-fleet-pkg-system-default","name":"tag-ref-system-fleet-pkg-system-default","type":"tag"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-system-default","name":"tag-ref-fleet-pkg-system-default","type":"tag"}],"sort":[1688996741503,8186],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4MzAsMV0="}
+{"attributes":{"description":"New users and groups dashboard for the System integration in Logs","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"version\":true}"},"optionsJSON":"{\"darkTheme\":false}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"7\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"[Syslog](#/dashboard/system-Logs-syslog-dashboard) | [Sudo commands](#/dashboard/system-277876d0-fa2c-11e6-bbd3-29c986c96e5a) | [SSH logins](#/dashboard/system-5517a150-f9ce-11e6-8115-a7c18106d86a) | [New users and groups](#/dashboard/system-0d3f2380-fa78-11e6-ae9b-81e5311e8cab)\"},\"title\":\"Dashboards [Logs System]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"b9f97626-14a8-42d6-8bc4-2f37b06b9e6d\",\"w\":24,\"x\":0,\"y\":4},\"panelIndex\":\"b9f97626-14a8-42d6-8bc4-2f37b06b9e6d\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Host\",\"field\":\"host.hostname\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"User\",\"field\":\"user.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"UID\",\"field\":\"user.id\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"5\",\"params\":{\"customLabel\":\"GID\",\"field\":\"group.id\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"6\",\"params\":{\"customLabel\":\"Home\",\"field\":\"system.auth.useradd.home\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"7\",\"params\":{\"customLabel\":\"Shell\",\"field\":\"system.auth.useradd.shell\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[]}},\"description\":\"\",\"params\":{\"autoFitRowToContent\":false,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"system.auth\\\"\"},\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"},\"title\":\"New users [Logs System]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"eb0fbea1-6c85-41e0-b52c-b0db0c895432\",\"w\":24,\"x\":24,\"y\":4},\"panelIndex\":\"eb0fbea1-6c85-41e0-b52c-b0db0c895432\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"scaleMetricValues\":false,\"timeRange\":{\"from\":\"now-15m\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"used_interval\":\"30s\"},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"user.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"group\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[]}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"defaultYExtents\":false,\"detailedTooltip\":true,\"grid\":{\"categoryLines\":false},\"labels\":{\"show\":false},\"legendPosition\":\"bottom\",\"legendSize\":\"auto\",\"maxLegendLines\":1,\"mode\":\"stacked\",\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"radiusRatio\":0,\"scale\":\"linear\",\"seriesParams\":[{\"circlesRadius\":1,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"stacked\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"truncateLegend\":true,\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":true,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"\"},\"type\":\"value\"}]},\"type\":\"histogram\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"New users over time [Logs System]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"2e5bb345-992a-4cf4-9b8b-8d68a6b26f3c\",\"w\":24,\"x\":0,\"y\":16},\"panelIndex\":\"2e5bb345-992a-4cf4-9b8b-8d68a6b26f3c\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"system.auth.useradd.shell\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"user.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[]}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"distinctColors\":true,\"emptySizeRatio\":0.3,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"system.auth\\\"\"},\"isDonut\":false,\"labels\":{\"last_level\":false,\"percentDecimals\":2,\"position\":\"default\",\"show\":true,\"truncate\":100,\"values\":true,\"valuesFormat\":\"percent\"},\"legendPosition\":\"right\",\"legendSize\":\"auto\",\"maxLegendLines\":1,\"nestedLegend\":false,\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"truncateLegend\":true,\"type\":\"pie\"},\"type\":\"pie\",\"uiState\":{\"vis\":{\"colors\":{\"/bin/bash\":\"#E24D42\",\"/bin/false\":\"#508642\",\"/sbin/nologin\":\"#7EB26D\"},\"legendOpen\":true}}},\"type\":\"visualization\"},\"title\":\"New users by shell [Logs System]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"26b1fdeb-77e8-4eaa-8d09-140485154c1a\",\"w\":24,\"x\":24,\"y\":16},\"panelIndex\":\"26b1fdeb-77e8-4eaa-8d09-140485154c1a\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"system.auth.useradd.home\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"user.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[]}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"distinctColors\":true,\"emptySizeRatio\":0.3,\"isDonut\":false,\"labels\":{\"last_level\":false,\"percentDecimals\":2,\"position\":\"default\",\"show\":true,\"truncate\":100,\"values\":true,\"valuesFormat\":\"percent\"},\"legendPosition\":\"right\",\"legendSize\":\"auto\",\"maxLegendLines\":1,\"nestedLegend\":false,\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"truncateLegend\":true,\"type\":\"pie\"},\"type\":\"pie\",\"uiState\":{\"vis\":{\"colors\":{\"/bin/bash\":\"#E24D42\",\"/bin/false\":\"#508642\",\"/nonexistent\":\"#629E51\",\"/sbin/nologin\":\"#7EB26D\"},\"legendOpen\":true}}},\"type\":\"visualization\"},\"title\":\"New users by home directory [Logs System]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"c6ff6af0-7172-4e98-8f0e-7b3a6c37217e\",\"w\":24,\"x\":0,\"y\":28},\"panelIndex\":\"c6ff6af0-7172-4e98-8f0e-7b3a6c37217e\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"group.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"group.id\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[]}},\"description\":\"\",\"params\":{\"autoFitRowToContent\":false,\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"},\"title\":\"New groups [Logs System]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"edc0a4ad-a2f9-4ae8-93ca-cfd7d0ed40fe\",\"w\":24,\"x\":24,\"y\":28},\"panelIndex\":\"edc0a4ad-a2f9-4ae8-93ca-cfd7d0ed40fe\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"scaleMetricValues\":false,\"timeRange\":{\"from\":\"now-15m\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"used_interval\":\"30s\"},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"group.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"group\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[]}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"defaultYExtents\":false,\"detailedTooltip\":true,\"grid\":{\"categoryLines\":false},\"labels\":{\"show\":false},\"legendPosition\":\"bottom\",\"legendSize\":\"auto\",\"maxLegendLines\":1,\"mode\":\"stacked\",\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"radiusRatio\":0,\"scale\":\"linear\",\"seriesParams\":[{\"circlesRadius\":1,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"stacked\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"truncateLegend\":true,\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":true,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"\"},\"type\":\"value\"}]},\"type\":\"histogram\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"New groups over time [Logs System]\"}]","timeRestore":false,"title":"[Logs System] New users and groups","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"system-0d3f2380-fa78-11e6-ae9b-81e5311e8cab","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"system-8030c1b0-fa77-11e6-ae9b-81e5311e8cab","name":"b9f97626-14a8-42d6-8bc4-2f37b06b9e6d:search_0","type":"search"},{"id":"system-8030c1b0-fa77-11e6-ae9b-81e5311e8cab","name":"eb0fbea1-6c85-41e0-b52c-b0db0c895432:search_0","type":"search"},{"id":"system-8030c1b0-fa77-11e6-ae9b-81e5311e8cab","name":"2e5bb345-992a-4cf4-9b8b-8d68a6b26f3c:search_0","type":"search"},{"id":"system-8030c1b0-fa77-11e6-ae9b-81e5311e8cab","name":"26b1fdeb-77e8-4eaa-8d09-140485154c1a:search_0","type":"search"},{"id":"system-eb0039f0-fa7f-11e6-a1df-a78bd7504d38","name":"c6ff6af0-7172-4e98-8f0e-7b3a6c37217e:search_0","type":"search"},{"id":"system-eb0039f0-fa7f-11e6-a1df-a78bd7504d38","name":"edc0a4ad-a2f9-4ae8-93ca-cfd7d0ed40fe:search_0","type":"search"},{"id":"system-fleet-managed-default","name":"tag-ref-system-fleet-managed-default","type":"tag"},{"id":"system-fleet-pkg-system-default","name":"tag-ref-system-fleet-pkg-system-default","type":"tag"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-system-default","name":"tag-ref-fleet-pkg-system-default","type":"tag"}],"sort":[1688996741503,8197],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4MzEsMV0="}
+{"attributes":{"columns":["user.name","system.auth.sudo.user","system.auth.sudo.pwd","system.auth.sudo.command"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"system.auth.sudo:*\"}}"},"sort":[["@timestamp","desc"]],"title":"Sudo commands [Logs System]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"system-b6f321e0-fa25-11e6-bbd3-29c986c96e5a","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"system-fleet-managed-default","name":"tag-ref-system-fleet-managed-default","type":"tag"},{"id":"system-fleet-pkg-system-default","name":"tag-ref-system-fleet-pkg-system-default","type":"tag"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-system-default","name":"tag-ref-fleet-pkg-system-default","type":"tag"}],"sort":[1688996741503,8203],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4MzIsMV0="}
+{"attributes":{"description":"Sudo commands dashboard from the Logs System integration","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"version\":true}"},"optionsJSON":"{\"darkTheme\":false}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"4\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"[Syslog](#/dashboard/system-Logs-syslog-dashboard) | [Sudo commands](#/dashboard/system-277876d0-fa2c-11e6-bbd3-29c986c96e5a) | [SSH logins](#/dashboard/system-5517a150-f9ce-11e6-8115-a7c18106d86a) | [New users and groups](#/dashboard/system-0d3f2380-fa78-11e6-ae9b-81e5311e8cab)\"},\"title\":\"Dashboards [Logs System]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":16,\"i\":\"9176826e-b47b-405c-9fed-7928177e627b\",\"w\":48,\"x\":0,\"y\":4},\"panelIndex\":\"9176826e-b47b-405c-9fed-7928177e627b\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"system.auth.sudo.command\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"user.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[]}},\"description\":\"\",\"params\":{\"autoFitRowToContent\":false,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"system.auth\\\"\"},\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showToolbar\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"type\":\"table\",\"uiState\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},\"type\":\"visualization\"},\"title\":\"Top sudo commands [Logs System]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":16,\"i\":\"f3e4b05c-4eab-4e12-98ac-5e5a7ae4fac7\",\"w\":48,\"x\":0,\"y\":20},\"panelIndex\":\"f3e4b05c-4eab-4e12-98ac-5e5a7ae4fac7\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"scaleMetricValues\":false,\"timeRange\":{\"from\":\"now-15m\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"used_interval\":\"30s\"},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"user.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"group\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[]}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"defaultYExtents\":false,\"detailedTooltip\":true,\"grid\":{\"categoryLines\":false},\"labels\":{\"show\":false},\"legendPosition\":\"right\",\"legendSize\":\"auto\",\"maxLegendLines\":1,\"mode\":\"stacked\",\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"radiusRatio\":0,\"scale\":\"linear\",\"seriesParams\":[{\"circlesRadius\":1,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"stacked\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"truncateLegend\":true,\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":true,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"\"},\"type\":\"value\"}]},\"type\":\"histogram\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Sudo commands by user [Logs System]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"fd4d0b9e-760d-4d7a-90e9-62aca0609b9e\",\"w\":48,\"x\":0,\"y\":36},\"panelIndex\":\"fd4d0b9e-760d-4d7a-90e9-62aca0609b9e\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"scaleMetricValues\":false,\"timeRange\":{\"from\":\"now-15m\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"used_interval\":\"30s\"},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"system.auth.sudo.error\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"group\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"system.auth.sudo.error:*\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"defaultYExtents\":false,\"detailedTooltip\":true,\"grid\":{\"categoryLines\":false},\"labels\":{\"show\":false},\"legendPosition\":\"right\",\"legendSize\":\"auto\",\"maxLegendLines\":1,\"mode\":\"stacked\",\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"radiusRatio\":0,\"scale\":\"linear\",\"seriesParams\":[{\"circlesRadius\":1,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"stacked\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"truncateLegend\":true,\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":true,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"\"},\"type\":\"value\"}]},\"type\":\"histogram\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Sudo errors [Logs System]\"}]","timeRestore":false,"title":"[Logs System] Sudo commands","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"system-277876d0-fa2c-11e6-bbd3-29c986c96e5a","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"system-b6f321e0-fa25-11e6-bbd3-29c986c96e5a","name":"9176826e-b47b-405c-9fed-7928177e627b:search_0","type":"search"},{"id":"system-b6f321e0-fa25-11e6-bbd3-29c986c96e5a","name":"f3e4b05c-4eab-4e12-98ac-5e5a7ae4fac7:search_0","type":"search"},{"id":"logs-*","name":"fd4d0b9e-760d-4d7a-90e9-62aca0609b9e:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"system-fleet-managed-default","name":"tag-ref-system-fleet-managed-default","type":"tag"},{"id":"system-fleet-pkg-system-default","name":"tag-ref-system-fleet-pkg-system-default","type":"tag"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-system-default","name":"tag-ref-fleet-pkg-system-default","type":"tag"}],"sort":[1688996741503,8211],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4MzMsMV0="}
+{"attributes":{"columns":["event.action","winlog.event_data.TargetUserName","user.domain","user.name","winlog.event_data.SubjectDomainName","winlog.logon.id","related.user"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4720\",\"4722\",\"4723\",\"4724\",\"4725\",\"4726\",\"4738\",\"4740\",\"4767\",\"4781\",\"4798\"],\"type\":\"phrases\",\"value\":\"4720, 4722, 4723, 4724, 4725, 4726, 4738, 4740, 4767, 4781, 4798\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4720\"}},{\"match_phrase\":{\"event.code\":\"4722\"}},{\"match_phrase\":{\"event.code\":\"4723\"}},{\"match_phrase\":{\"event.code\":\"4724\"}},{\"match_phrase\":{\"event.code\":\"4725\"}},{\"match_phrase\":{\"event.code\":\"4726\"}},{\"match_phrase\":{\"event.code\":\"4738\"}},{\"match_phrase\":{\"event.code\":\"4740\"}},{\"match_phrase\":{\"event.code\":\"4767\"}},{\"match_phrase\":{\"event.code\":\"4781\"}},{\"match_phrase\":{\"event.code\":\"4798\"}}]}}}],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"},\"version\":true}"},"sort":[["@timestamp","desc"]],"title":"User management Details - Search [Windows System Security]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"system-324686c0-fefb-11e9-8405-516218e3d268","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"system-fleet-managed-default","name":"tag-ref-system-fleet-managed-default","type":"tag"},{"id":"system-fleet-pkg-system-default","name":"tag-ref-system-fleet-pkg-system-default","type":"tag"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-system-default","name":"tag-ref-fleet-pkg-system-default","type":"tag"}],"sort":[1688996741503,8218],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4MzQsMV0="}
+{"attributes":{"columns":["system.auth.ssh.event","system.auth.ssh.method","user.name","source.ip","source.geo.country_iso_code"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:system.auth AND system.auth.ssh.event:*\"}}"},"sort":[["@timestamp","desc"]],"title":"SSH login attempts [Logs System]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"system-62439dc0-f9c9-11e6-a747-6121780e0414","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"system-fleet-managed-default","name":"tag-ref-system-fleet-managed-default","type":"tag"},{"id":"system-fleet-pkg-system-default","name":"tag-ref-system-fleet-pkg-system-default","type":"tag"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-system-default","name":"tag-ref-fleet-pkg-system-default","type":"tag"}],"sort":[1688996741503,8224],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4MzUsMV0="}
+{"attributes":{"description":"SSH dashboard for the System integration in Logs","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"version\":true}"},"optionsJSON":"{\"darkTheme\":false}","panelsJSON":"[{\"embeddableConfig\":{\"columns\":[\"system.auth.ssh.event\",\"system.auth.ssh.method\",\"user.name\",\"source.ip\",\"source.geo.country_iso_code\"],\"enhancements\":{},\"sort\":[\"@timestamp\",\"desc\"]},\"gridData\":{\"h\":12,\"i\":\"5\",\"w\":48,\"x\":0,\"y\":44},\"panelIndex\":\"5\",\"panelRefName\":\"panel_5\",\"type\":\"search\",\"version\":\"8.1.0\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"6\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"[Syslog](#/dashboard/system-Logs-syslog-dashboard) | [Sudo commands](#/dashboard/system-277876d0-fa2c-11e6-bbd3-29c986c96e5a) | [SSH logins](#/dashboard/system-5517a150-f9ce-11e6-8115-a7c18106d86a) | [New users and groups](#/dashboard/system-0d3f2380-fa78-11e6-ae9b-81e5311e8cab)\"},\"title\":\"Dashboards [Logs System]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"map\",\"gridData\":{\"h\":16,\"i\":\"9cef48b8-7995-45f6-9420-1d0b3dbbefe5\",\"w\":24,\"x\":24,\"y\":28},\"panelIndex\":\"9cef48b8-7995-45f6-9420-1d0b3dbbefe5\",\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"layerListJSON\":\"[{\\\"sourceDescriptor\\\":{\\\"type\\\":\\\"EMS_TMS\\\",\\\"isAutoSelect\\\":true,\\\"lightModeDefault\\\":\\\"road_map_desaturated\\\"},\\\"id\\\":\\\"985e7399-20df-464b-b6d5-880922106ffe\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":1,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"TILE\\\"},\\\"includeInFitToBounds\\\":true,\\\"type\\\":\\\"EMS_VECTOR_TILE\\\"},{\\\"alpha\\\":0.75,\\\"id\\\":\\\"05b729fa-80a9-4215-aaed-4a8d9476e87d\\\",\\\"includeInFitToBounds\\\":true,\\\"joins\\\":[],\\\"label\\\":\\\"SSH failed login attempts source locations [Logs System]\\\",\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"sourceDescriptor\\\":{\\\"applyForceRefresh\\\":true,\\\"applyGlobalQuery\\\":true,\\\"applyGlobalTime\\\":true,\\\"geoField\\\":\\\"source.geo.location\\\",\\\"id\\\":\\\"80bac1cc-d19d-415d-93ad-f776fd099f24\\\",\\\"metrics\\\":[{\\\"type\\\":\\\"count\\\"}],\\\"requestType\\\":\\\"point\\\",\\\"resolution\\\":\\\"MOST_FINE\\\",\\\"type\\\":\\\"ES_GEO_GRID\\\",\\\"indexPatternRefName\\\":\\\"layer_1_source_index_pattern\\\"},\\\"style\\\":{\\\"isTimeAware\\\":true,\\\"properties\\\":{\\\"fillColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"Yellow to Red\\\",\\\"colorCategory\\\":\\\"palette_0\\\",\\\"field\\\":{\\\"name\\\":\\\"doc_count\\\",\\\"origin\\\":\\\"source\\\"},\\\"fieldMetaOptions\\\":{\\\"isEnabled\\\":false,\\\"sigma\\\":3},\\\"type\\\":\\\"ORDINAL\\\"},\\\"type\\\":\\\"DYNAMIC\\\"},\\\"icon\\\":{\\\"options\\\":{\\\"value\\\":\\\"marker\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"iconOrientation\\\":{\\\"options\\\":{\\\"orientation\\\":0},\\\"type\\\":\\\"STATIC\\\"},\\\"iconSize\\\":{\\\"options\\\":{\\\"size\\\":6},\\\"type\\\":\\\"STATIC\\\"},\\\"labelBorderColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#FFFFFF\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"labelBorderSize\\\":{\\\"options\\\":{\\\"size\\\":\\\"SMALL\\\"}},\\\"labelColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#000000\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"labelSize\\\":{\\\"options\\\":{\\\"size\\\":14},\\\"type\\\":\\\"STATIC\\\"},\\\"labelText\\\":{\\\"options\\\":{\\\"value\\\":\\\"\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"lineColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#3d3d3d\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"lineWidth\\\":{\\\"options\\\":{\\\"size\\\":1},\\\"type\\\":\\\"STATIC\\\"},\\\"symbolizeAs\\\":{\\\"options\\\":{\\\"value\\\":\\\"circle\\\"}}},\\\"type\\\":\\\"VECTOR\\\"},\\\"type\\\":\\\"GEOJSON_VECTOR\\\",\\\"visible\\\":true}]\",\"mapStateJSON\":\"{\\\"zoom\\\":1.58,\\\"center\\\":{\\\"lon\\\":0,\\\"lat\\\":19.94277},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-15m\\\",\\\"to\\\":\\\"now\\\"},\\\"refreshConfig\\\":{\\\"isPaused\\\":true,\\\"interval\\\":0},\\\"query\\\":{\\\"language\\\":\\\"kuery\\\",\\\"query\\\":\\\"system.auth.ssh.event:Failed OR system.auth.ssh.event:Invalid\\\"},\\\"filters\\\":[],\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false,\\\"backgroundColor\\\":\\\"#ffffff\\\",\\\"disableInteractive\\\":false,\\\"disableTooltipControl\\\":false,\\\"hideToolbarOverlay\\\":false,\\\"hideLayerControl\\\":false,\\\"hideViewControl\\\":false,\\\"initialLocation\\\":\\\"LAST_SAVED_LOCATION\\\",\\\"fixedLocation\\\":{\\\"lat\\\":0,\\\"lon\\\":0,\\\"zoom\\\":2},\\\"browserLocation\\\":{\\\"zoom\\\":2},\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"showScaleControl\\\":false,\\\"showSpatialFilters\\\":true,\\\"showTimesliderToggleButton\\\":true,\\\"spatialFiltersAlpa\\\":0.3,\\\"spatialFiltersFillColor\\\":\\\"#DA8B45\\\",\\\"spatialFiltersLineColor\\\":\\\"#DA8B45\\\"}}\",\"references\":[],\"title\":\"SSH failed login attempts source locations [Logs System]\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[]}\"},\"enhancements\":{},\"hiddenLayers\":[],\"isLayerTOCOpen\":true,\"mapBuffer\":{\"maxLat\":66.51326,\"maxLon\":180,\"minLat\":-66.51326,\"minLon\":-180},\"mapCenter\":{\"lat\":19.94277,\"lon\":0,\"zoom\":1.58},\"openTOCDetails\":[],\"type\":\"map\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"ea2ece08-f34b-47e9-99af-4242fd5450d3\",\"w\":48,\"x\":0,\"y\":4},\"panelIndex\":\"ea2ece08-f34b-47e9-99af-4242fd5450d3\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"scaleMetricValues\":false,\"timeRange\":{\"from\":\"now-15m\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"used_interval\":\"30s\"},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"system.auth.ssh.event\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"group\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"defaultYExtents\":false,\"detailedTooltip\":true,\"grid\":{\"categoryLines\":false},\"labels\":{\"show\":false},\"legendPosition\":\"right\",\"legendSize\":\"auto\",\"maxLegendLines\":1,\"mode\":\"stacked\",\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"radiusRatio\":0,\"scale\":\"linear\",\"seriesParams\":[{\"circlesRadius\":1,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"stacked\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"truncateLegend\":true,\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":true,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"\"},\"type\":\"value\"}]},\"type\":\"histogram\",\"uiState\":{\"vis\":{\"colors\":{\"Accepted\":\"#3F6833\",\"Failed\":\"#F9934E\",\"Invalid\":\"#447EBC\"}}}},\"type\":\"visualization\"},\"title\":\"SSH login attempts [Logs System]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"782d75bd-ba9d-47c1-a022-073565c79953\",\"w\":48,\"x\":0,\"y\":16},\"panelIndex\":\"782d75bd-ba9d-47c1-a022-073565c79953\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"scaleMetricValues\":false,\"timeRange\":{\"from\":\"now-15m\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"used_interval\":\"30s\"},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"system.auth.ssh.method\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"group\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"system.auth.ssh.event:Accepted\"}}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"defaultYExtents\":false,\"detailedTooltip\":true,\"grid\":{\"categoryLines\":false},\"labels\":{\"show\":false},\"legendPosition\":\"right\",\"legendSize\":\"auto\",\"maxLegendLines\":1,\"mode\":\"stacked\",\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"radiusRatio\":0,\"scale\":\"linear\",\"seriesParams\":[{\"circlesRadius\":1,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"stacked\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"truncateLegend\":true,\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":true,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"\"},\"type\":\"value\"}]},\"type\":\"histogram\",\"uiState\":{\"vis\":{\"colors\":{\"Accepted\":\"#3F6833\",\"Failed\":\"#F9934E\",\"Invalid\":\"#447EBC\",\"password\":\"#BF1B00\",\"publickey\":\"#629E51\"}}}},\"type\":\"visualization\"},\"title\":\"Successful SSH logins [Logs System]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":16,\"i\":\"305f2fa8-f09c-4018-bdbd-a4d901689514\",\"w\":24,\"x\":0,\"y\":28},\"panelIndex\":\"305f2fa8-f09c-4018-bdbd-a4d901689514\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"user.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":50},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"system.auth.ssh.event:Failed OR system.auth.ssh.event:Invalid\"}}},\"description\":\"\",\"params\":{\"maxFontSize\":72,\"minFontSize\":18,\"orientation\":\"single\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"scale\":\"linear\",\"showLabel\":true},\"type\":\"tagcloud\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"SSH users of failed login attempts [Logs System]\"}]","timeRestore":false,"title":"[Logs System] SSH login attempts","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"system-5517a150-f9ce-11e6-8115-a7c18106d86a","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"system-62439dc0-f9c9-11e6-a747-6121780e0414","name":"5:panel_5","type":"search"},{"id":"logs-*","name":"9cef48b8-7995-45f6-9420-1d0b3dbbefe5:layer_1_source_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"ea2ece08-f34b-47e9-99af-4242fd5450d3:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"782d75bd-ba9d-47c1-a022-073565c79953:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"305f2fa8-f09c-4018-bdbd-a4d901689514:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"system-fleet-managed-default","name":"tag-ref-system-fleet-managed-default","type":"tag"},{"id":"system-fleet-pkg-system-default","name":"tag-ref-system-fleet-pkg-system-default","type":"tag"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-system-default","name":"tag-ref-fleet-pkg-system-default","type":"tag"}],"sort":[1688996741503,8234],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4MzYsMV0="}
+{"attributes":{"columns":["user.name","source.domain","source.ip","winlog.logon.id","event.action"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4778\",\"4779\"],\"type\":\"phrases\",\"value\":\"4778, 4779\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4778\"}},{\"match_phrase\":{\"event.code\":\"4779\"}}]}}}],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"},\"version\":true}"},"sort":[["@timestamp","desc"]],"title":"Remote Interactive Connections and Disconnections [Windows System Security]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"system-6f4071a0-7a78-11ea-bc9a-0baf2ca323a3","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"system-fleet-managed-default","name":"tag-ref-system-fleet-managed-default","type":"tag"},{"id":"system-fleet-pkg-system-default","name":"tag-ref-system-fleet-pkg-system-default","type":"tag"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-system-default","name":"tag-ref-fleet-pkg-system-default","type":"tag"}],"sort":[1688996741503,8241],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4MzcsMV0="}
+{"attributes":{"columns":["user.name","source.domain","source.ip","winlog.logon.id","winlog.logon.type"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4624\"],\"type\":\"phrases\",\"value\":\"4624\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4624\"}}]}}}],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"},\"version\":true}"},"sort":[["@timestamp","desc"]],"title":"Logon Details [Windows System Security]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"system-7e178c80-fee1-11e9-8405-516218e3d268","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"system-fleet-managed-default","name":"tag-ref-system-fleet-managed-default","type":"tag"},{"id":"system-fleet-pkg-system-default","name":"tag-ref-system-fleet-pkg-system-default","type":"tag"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-system-default","name":"tag-ref-fleet-pkg-system-default","type":"tag"}],"sort":[1688996741503,8248],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4MzgsMV0="}
+{"attributes":{"description":"User management activity.","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"system.security\",\"windows.forwarded\",\"windows.security\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"system.security\"}},{\"match_phrase\":{\"data_stream.dataset\":\"windows.forwarded\"}},{\"match_phrase\":{\"data_stream.dataset\":\"windows.security\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"winlog.provider_name\",\"negate\":false,\"params\":{\"query\":\"Microsoft-Windows-Security-Auditing\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"winlog.provider_name\":\"Microsoft-Windows-Security-Auditing\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"useMargins\":false}","panelsJSON":"[{\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":10,\"markdown\":\"# **User Management Events**\\n\\n#### This dashboard shows information about User Management Events collected by winlogbeat\\n\",\"openLinksInNewTab\":false},\"title\":\"User  Management Events - Description [Windows System Security]\",\"type\":\"markdown\",\"uiState\":{}}},\"gridData\":{\"h\":8,\"i\":\"1\",\"w\":17,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"title\":\"\",\"type\":\"visualization\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-2d2094c7-e57e-4a12-88ad-50291d81a64b\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"ee7f0132-6cba-4ea8-80ea-50bddb3c588e\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"2d2094c7-e57e-4a12-88ad-50291d81a64b\":{\"columnOrder\":[\"bc1e93e0-12cf-4730-8736-4a2bb261ee4d\",\"7dc6af71-b4db-4262-b6a2-05d40c06c17d\",\"636e03a9-9b87-4c7a-a04b-402ad5c78483\",\"b621a299-9e1c-46fc-8876-98a3b2933237\"],\"columns\":{\"636e03a9-9b87-4c7a-a04b-402ad5c78483\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performer LogonID\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"b621a299-9e1c-46fc-8876-98a3b2933237\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.logon.id\"},\"7dc6af71-b4db-4262-b6a2-05d40c06c17d\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performed by\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":true,\"orderBy\":{\"columnId\":\"b621a299-9e1c-46fc-8876-98a3b2933237\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.SubjectUserName\"},\"b621a299-9e1c-46fc-8876-98a3b2933237\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"bc1e93e0-12cf-4730-8736-4a2bb261ee4d\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Created User\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"b621a299-9e1c-46fc-8876-98a3b2933237\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":100},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.TargetUserName\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"ee7f0132-6cba-4ea8-80ea-50bddb3c588e\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4720\"},\"type\":\"phrase\",\"value\":\"4720\"},\"query\":{\"match\":{\"event.code\":{\"query\":\"4720\",\"type\":\"phrase\"}}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"alignment\":\"left\",\"columnId\":\"b621a299-9e1c-46fc-8876-98a3b2933237\"},{\"alignment\":\"left\",\"columnId\":\"bc1e93e0-12cf-4730-8736-4a2bb261ee4d\"},{\"alignment\":\"left\",\"columnId\":\"7dc6af71-b4db-4262-b6a2-05d40c06c17d\"},{\"alignment\":\"left\",\"columnId\":\"636e03a9-9b87-4c7a-a04b-402ad5c78483\"}],\"headerRowHeight\":\"single\",\"layerId\":\"2d2094c7-e57e-4a12-88ad-50291d81a64b\",\"layerType\":\"data\",\"paging\":{\"enabled\":true,\"size\":10},\"rowHeight\":\"single\"}},\"title\":\"Users Created - Table [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":16,\"i\":\"3\",\"w\":9,\"x\":0,\"y\":56},\"panelIndex\":\"3\",\"title\":\"Users Created - Table [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-95473519-9e23-4ab1-acb8-3212f69ea3b5\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"f8e3cf39-b76f-4658-af4f-c9c915ba6ba6\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"95473519-9e23-4ab1-acb8-3212f69ea3b5\":{\"columnOrder\":[\"2e2024e2-e599-4fb0-a7ab-1a24dd30b919\",\"f6598c5a-cb6f-4bbf-9534-525c3573fa75\",\"7b527c70-07d2-46ec-816d-775b472c2af9\",\"900f2a97-5fda-45dd-826e-3b992e50cec7\"],\"columns\":{\"2e2024e2-e599-4fb0-a7ab-1a24dd30b919\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Enabled User\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"900f2a97-5fda-45dd-826e-3b992e50cec7\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":100},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.TargetUserName\"},\"7b527c70-07d2-46ec-816d-775b472c2af9\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performer LogonId\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"900f2a97-5fda-45dd-826e-3b992e50cec7\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.logon.id\"},\"900f2a97-5fda-45dd-826e-3b992e50cec7\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"f6598c5a-cb6f-4bbf-9534-525c3573fa75\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performed by\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":true,\"orderBy\":{\"columnId\":\"900f2a97-5fda-45dd-826e-3b992e50cec7\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.SubjectUserName\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"f8e3cf39-b76f-4658-af4f-c9c915ba6ba6\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4722\"},\"type\":\"phrase\",\"value\":\"4722\"},\"query\":{\"match\":{\"event.code\":{\"query\":\"4722\",\"type\":\"phrase\"}}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security \"},\"visualization\":{\"columns\":[{\"alignment\":\"left\",\"columnId\":\"900f2a97-5fda-45dd-826e-3b992e50cec7\"},{\"alignment\":\"left\",\"columnId\":\"2e2024e2-e599-4fb0-a7ab-1a24dd30b919\"},{\"alignment\":\"left\",\"columnId\":\"f6598c5a-cb6f-4bbf-9534-525c3573fa75\"},{\"alignment\":\"left\",\"columnId\":\"7b527c70-07d2-46ec-816d-775b472c2af9\"}],\"headerRowHeight\":\"single\",\"layerId\":\"95473519-9e23-4ab1-acb8-3212f69ea3b5\",\"layerType\":\"data\",\"paging\":{\"enabled\":true,\"size\":10},\"rowHeight\":\"single\"}},\"title\":\"Users Enabled - Table [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":16,\"i\":\"5\",\"w\":9,\"x\":9,\"y\":56},\"panelIndex\":\"5\",\"title\":\"Users Enabled - Table [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-dc37e882-6f66-420e-a41d-17176340e1fc\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"87383246-3af7-4da7-bf25-da8b92485bf4\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"dc37e882-6f66-420e-a41d-17176340e1fc\":{\"columnOrder\":[\"0ead95a2-6c9c-49f4-bff5-4f376b8754f8\",\"c5b66e5a-f608-46d0-91e1-e8740430d275\",\"02bbb586-1441-43d5-8cc1-777ff1e18b41\",\"36336253-a60b-4de5-ba0a-366d7867ef1d\"],\"columns\":{\"02bbb586-1441-43d5-8cc1-777ff1e18b41\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performer LogonId\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"36336253-a60b-4de5-ba0a-366d7867ef1d\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.logon.id\"},\"0ead95a2-6c9c-49f4-bff5-4f376b8754f8\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Disabled User\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"36336253-a60b-4de5-ba0a-366d7867ef1d\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":100},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.TargetUserName\"},\"36336253-a60b-4de5-ba0a-366d7867ef1d\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"c5b66e5a-f608-46d0-91e1-e8740430d275\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performed by\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":true,\"orderBy\":{\"columnId\":\"36336253-a60b-4de5-ba0a-366d7867ef1d\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.SubjectUserName\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"87383246-3af7-4da7-bf25-da8b92485bf4\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4725\"},\"type\":\"phrase\",\"value\":\"4725\"},\"query\":{\"match\":{\"event.code\":{\"query\":\"4725\",\"type\":\"phrase\"}}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"alignment\":\"left\",\"columnId\":\"36336253-a60b-4de5-ba0a-366d7867ef1d\"},{\"alignment\":\"left\",\"columnId\":\"0ead95a2-6c9c-49f4-bff5-4f376b8754f8\"},{\"alignment\":\"left\",\"columnId\":\"c5b66e5a-f608-46d0-91e1-e8740430d275\"},{\"alignment\":\"left\",\"columnId\":\"02bbb586-1441-43d5-8cc1-777ff1e18b41\"}],\"headerRowHeight\":\"single\",\"layerId\":\"dc37e882-6f66-420e-a41d-17176340e1fc\",\"layerType\":\"data\",\"paging\":{\"enabled\":true,\"size\":10},\"rowHeight\":\"single\"}},\"title\":\"Users Disabled - Table [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":16,\"i\":\"6\",\"w\":9,\"x\":0,\"y\":79},\"panelIndex\":\"6\",\"title\":\"Users Disabled - Table [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-5ef7cf84-7e34-4c90-afe6-2a3bc54f9e62\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"2974422c-1f81-4077-9f55-a01a8b045f56\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"5ef7cf84-7e34-4c90-afe6-2a3bc54f9e62\":{\"columnOrder\":[\"881c3fbc-6d02-4e9b-a683-dcfaa9148d25\",\"2dfe6335-d29c-478f-986b-eb228db115ea\",\"f9fb320f-2485-437e-9c05-3a0f4ecf7d83\",\"7fe58e26-2c9d-4c54-ad14-a7b8ef9e4b8a\"],\"columns\":{\"2dfe6335-d29c-478f-986b-eb228db115ea\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performed by\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":true,\"orderBy\":{\"columnId\":\"7fe58e26-2c9d-4c54-ad14-a7b8ef9e4b8a\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.SubjectUserName\"},\"7fe58e26-2c9d-4c54-ad14-a7b8ef9e4b8a\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"881c3fbc-6d02-4e9b-a683-dcfaa9148d25\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Deleted User\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"7fe58e26-2c9d-4c54-ad14-a7b8ef9e4b8a\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":100},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.TargetUserName\"},\"f9fb320f-2485-437e-9c05-3a0f4ecf7d83\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performed LogonId\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"7fe58e26-2c9d-4c54-ad14-a7b8ef9e4b8a\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.logon.id\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"2974422c-1f81-4077-9f55-a01a8b045f56\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4726\"},\"type\":\"phrase\",\"value\":\"4726\"},\"query\":{\"match\":{\"event.code\":{\"query\":\"4726\",\"type\":\"phrase\"}}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"alignment\":\"left\",\"columnId\":\"7fe58e26-2c9d-4c54-ad14-a7b8ef9e4b8a\"},{\"alignment\":\"left\",\"columnId\":\"881c3fbc-6d02-4e9b-a683-dcfaa9148d25\"},{\"alignment\":\"left\",\"columnId\":\"2dfe6335-d29c-478f-986b-eb228db115ea\"},{\"alignment\":\"left\",\"columnId\":\"f9fb320f-2485-437e-9c05-3a0f4ecf7d83\"}],\"headerRowHeight\":\"single\",\"layerId\":\"5ef7cf84-7e34-4c90-afe6-2a3bc54f9e62\",\"layerType\":\"data\",\"paging\":{\"enabled\":true,\"size\":10},\"rowHeight\":\"single\"}},\"title\":\"Users Deleted - Table [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":16,\"i\":\"7\",\"w\":9,\"x\":18,\"y\":56},\"panelIndex\":\"7\",\"title\":\"Users Deleted - Table [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-f8300e3b-29eb-46f6-a509-9bd4b4b2f8ec\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"8726b1f3-6de9-4d3f-8ac6-c47b378bdcb2\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"f8300e3b-29eb-46f6-a509-9bd4b4b2f8ec\":{\"columnOrder\":[\"f37acc2c-0fae-4670-a434-0c939124f9d3\",\"16cddd4c-69d4-479a-9f57-81916e475839\",\"fdfaf51d-5ab4-4259-bed8-3453117d62d2\",\"c5a8f9ae-5f3a-446e-bfa8-9ed3a003e806\"],\"columns\":{\"16cddd4c-69d4-479a-9f57-81916e475839\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performed by\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":true,\"orderBy\":{\"columnId\":\"c5a8f9ae-5f3a-446e-bfa8-9ed3a003e806\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.SubjectUserName\"},\"c5a8f9ae-5f3a-446e-bfa8-9ed3a003e806\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"f37acc2c-0fae-4670-a434-0c939124f9d3\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Password Change to\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"c5a8f9ae-5f3a-446e-bfa8-9ed3a003e806\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":100},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.TargetUserName\"},\"fdfaf51d-5ab4-4259-bed8-3453117d62d2\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performer LogonId\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"c5a8f9ae-5f3a-446e-bfa8-9ed3a003e806\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.logon.id\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"8726b1f3-6de9-4d3f-8ac6-c47b378bdcb2\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4723\",\"4724\"],\"type\":\"phrases\",\"value\":\"4723, 4724\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4723\"}},{\"match_phrase\":{\"event.code\":\"4724\"}}]}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"alignment\":\"left\",\"columnId\":\"c5a8f9ae-5f3a-446e-bfa8-9ed3a003e806\"},{\"alignment\":\"left\",\"columnId\":\"f37acc2c-0fae-4670-a434-0c939124f9d3\"},{\"alignment\":\"left\",\"columnId\":\"16cddd4c-69d4-479a-9f57-81916e475839\"},{\"alignment\":\"left\",\"columnId\":\"fdfaf51d-5ab4-4259-bed8-3453117d62d2\"}],\"headerRowHeight\":\"single\",\"layerId\":\"f8300e3b-29eb-46f6-a509-9bd4b4b2f8ec\",\"layerType\":\"data\",\"paging\":{\"enabled\":true,\"size\":10},\"rowHeight\":\"single\"}},\"title\":\"Users Password Changes - Table [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":16,\"i\":\"9\",\"w\":9,\"x\":18,\"y\":79},\"panelIndex\":\"9\",\"title\":\"Users Password Changes - Table [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-8ee3da48-29cf-4b5a-b9be-ede6e7f10f54\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"6d7d0e01-edd7-4907-a80b-65abcdd357ca\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"8ee3da48-29cf-4b5a-b9be-ede6e7f10f54\":{\"columnOrder\":[\"26403b58-b2fb-4a4a-b3dc-8f139025201f\",\"ee0bc81c-2c6e-4b5a-852f-9fe72e955c8e\",\"66edd873-c5e9-4ef2-86d2-eccb01b242fe\",\"1a82fe58-0eee-4ebc-844d-8e2360ec9564\"],\"columns\":{\"1a82fe58-0eee-4ebc-844d-8e2360ec9564\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"26403b58-b2fb-4a4a-b3dc-8f139025201f\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Unlocked User\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"1a82fe58-0eee-4ebc-844d-8e2360ec9564\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":100},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.TargetUserName\"},\"66edd873-c5e9-4ef2-86d2-eccb01b242fe\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performer Logonid\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"1a82fe58-0eee-4ebc-844d-8e2360ec9564\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.logon.id\"},\"ee0bc81c-2c6e-4b5a-852f-9fe72e955c8e\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performed by\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":true,\"orderBy\":{\"columnId\":\"1a82fe58-0eee-4ebc-844d-8e2360ec9564\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.SubjectUserName\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"6d7d0e01-edd7-4907-a80b-65abcdd357ca\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4767\"},\"type\":\"phrase\",\"value\":\"4767\"},\"query\":{\"match\":{\"event.code\":{\"query\":\"4767\",\"type\":\"phrase\"}}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"alignment\":\"left\",\"columnId\":\"1a82fe58-0eee-4ebc-844d-8e2360ec9564\"},{\"alignment\":\"left\",\"columnId\":\"26403b58-b2fb-4a4a-b3dc-8f139025201f\"},{\"alignment\":\"left\",\"columnId\":\"ee0bc81c-2c6e-4b5a-852f-9fe72e955c8e\"},{\"alignment\":\"left\",\"columnId\":\"66edd873-c5e9-4ef2-86d2-eccb01b242fe\"}],\"headerRowHeight\":\"single\",\"layerId\":\"8ee3da48-29cf-4b5a-b9be-ede6e7f10f54\",\"layerType\":\"data\",\"paging\":{\"enabled\":true,\"size\":10},\"rowHeight\":\"single\"}},\"title\":\"Unlocked Users - Table [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":16,\"i\":\"15\",\"w\":9,\"x\":9,\"y\":79},\"panelIndex\":\"15\",\"title\":\"Unlocked Users - Table [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-5ffb434e-0578-45fe-bbc8-01893ae2f867\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"d72b2685-a2ee-4c6d-bf7f-70cdfad9817e\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"5ffb434e-0578-45fe-bbc8-01893ae2f867\":{\"columnOrder\":[\"b940e43a-bfed-494b-aae4-9740335da997\",\"0ba64458-1a5b-4ecb-a4b6-254ea4b1549d\",\"0b36b00a-d3af-48ae-a9d8-3099d1de0808\",\"084148b6-cc9b-4a3c-9609-d4c109703dab\"],\"columns\":{\"084148b6-cc9b-4a3c-9609-d4c109703dab\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"0b36b00a-d3af-48ae-a9d8-3099d1de0808\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performer LogonId\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"084148b6-cc9b-4a3c-9609-d4c109703dab\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.logon.id\"},\"0ba64458-1a5b-4ecb-a4b6-254ea4b1549d\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performed by\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":true,\"orderBy\":{\"columnId\":\"084148b6-cc9b-4a3c-9609-d4c109703dab\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.SubjectUserName\"},\"b940e43a-bfed-494b-aae4-9740335da997\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Changed  User\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"084148b6-cc9b-4a3c-9609-d4c109703dab\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":100},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.TargetUserName\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"d72b2685-a2ee-4c6d-bf7f-70cdfad9817e\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4738\"},\"type\":\"phrase\",\"value\":\"4738\"},\"query\":{\"match\":{\"event.code\":{\"query\":\"4738\",\"type\":\"phrase\"}}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"alignment\":\"left\",\"columnId\":\"084148b6-cc9b-4a3c-9609-d4c109703dab\"},{\"alignment\":\"left\",\"columnId\":\"b940e43a-bfed-494b-aae4-9740335da997\"},{\"alignment\":\"left\",\"columnId\":\"0ba64458-1a5b-4ecb-a4b6-254ea4b1549d\"},{\"alignment\":\"left\",\"columnId\":\"0b36b00a-d3af-48ae-a9d8-3099d1de0808\"}],\"headerRowHeight\":\"single\",\"layerId\":\"5ffb434e-0578-45fe-bbc8-01893ae2f867\",\"layerType\":\"data\",\"paging\":{\"enabled\":true,\"size\":10},\"rowHeight\":\"single\"}},\"title\":\"Users Changes  Table [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":16,\"i\":\"16\",\"w\":9,\"x\":18,\"y\":102},\"panelIndex\":\"16\",\"title\":\"Users Changes  Table [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-7868e85e-6ff2-4087-8bd9-7d22da031e24\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"84460bff-f94b-4d8b-a166-5ab188df891c\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"7868e85e-6ff2-4087-8bd9-7d22da031e24\":{\"columnOrder\":[\"f86a3e5c-b673-412a-8120-5c018f5d9d53\",\"5a4bcb3b-926f-4881-8390-ce37adfbe392\",\"a5cf5fe1-7ab1-4be7-83d3-0639e59f6594\",\"c2fd7b5a-2f4c-4d52-93af-1c56873b255b\"],\"columns\":{\"5a4bcb3b-926f-4881-8390-ce37adfbe392\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performed by\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":true,\"orderBy\":{\"columnId\":\"c2fd7b5a-2f4c-4d52-93af-1c56873b255b\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.SubjectUserName\"},\"a5cf5fe1-7ab1-4be7-83d3-0639e59f6594\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performer LogonId\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"c2fd7b5a-2f4c-4d52-93af-1c56873b255b\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.logon.id\"},\"c2fd7b5a-2f4c-4d52-93af-1c56873b255b\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"f86a3e5c-b673-412a-8120-5c018f5d9d53\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Locked  User\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"c2fd7b5a-2f4c-4d52-93af-1c56873b255b\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":100},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.TargetUserName\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"84460bff-f94b-4d8b-a166-5ab188df891c\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4740\"},\"type\":\"phrase\",\"value\":\"4740\"},\"query\":{\"match\":{\"event.code\":{\"query\":\"4740\",\"type\":\"phrase\"}}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"alignment\":\"left\",\"columnId\":\"c2fd7b5a-2f4c-4d52-93af-1c56873b255b\"},{\"alignment\":\"left\",\"columnId\":\"f86a3e5c-b673-412a-8120-5c018f5d9d53\"},{\"alignment\":\"left\",\"columnId\":\"5a4bcb3b-926f-4881-8390-ce37adfbe392\"},{\"alignment\":\"left\",\"columnId\":\"a5cf5fe1-7ab1-4be7-83d3-0639e59f6594\"}],\"headerRowHeight\":\"single\",\"layerId\":\"7868e85e-6ff2-4087-8bd9-7d22da031e24\",\"layerType\":\"data\",\"paging\":{\"enabled\":true,\"size\":10},\"rowHeight\":\"single\"}},\"title\":\"Users Locked Out - Table [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":16,\"i\":\"20\",\"w\":9,\"x\":0,\"y\":102},\"panelIndex\":\"20\",\"title\":\"Users Locked Out - Table [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":46,\"i\":\"22\",\"w\":21,\"x\":27,\"y\":72},\"panelIndex\":\"22\",\"panelRefName\":\"panel_22\",\"type\":\"search\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":19,\"i\":\"23\",\"w\":48,\"x\":0,\"y\":118},\"panelIndex\":\"23\",\"panelRefName\":\"panel_23\",\"type\":\"search\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-c613d393-dc99-42e4-a4f0-afb124b56634\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"642679d4-cdd9-44fe-9723-862f94ee2256\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"c613d393-dc99-42e4-a4f0-afb124b56634\":{\"columnOrder\":[\"1d812881-c1ba-4b91-825c-8dc3d2fe9ad2\",\"b6315fb5-2e5c-42f1-bfe6-92404796792e\",\"82c2bda9-7f77-4546-a167-2c008532e954\",\"0485c61c-fd61-463a-9b15-bacb6243a85a\"],\"columns\":{\"0485c61c-fd61-463a-9b15-bacb6243a85a\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"1d812881-c1ba-4b91-825c-8dc3d2fe9ad2\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Old User Name\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0485c61c-fd61-463a-9b15-bacb6243a85a\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":100},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.OldTargetUserName\"},\"82c2bda9-7f77-4546-a167-2c008532e954\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performer LogonId\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0485c61c-fd61-463a-9b15-bacb6243a85a\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.logon.id\"},\"b6315fb5-2e5c-42f1-bfe6-92404796792e\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performed by\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":true,\"orderBy\":{\"columnId\":\"0485c61c-fd61-463a-9b15-bacb6243a85a\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.SubjectUserName\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"642679d4-cdd9-44fe-9723-862f94ee2256\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4781\"},\"type\":\"phrase\",\"value\":\"4781\"},\"query\":{\"match\":{\"event.code\":{\"query\":\"4781\",\"type\":\"phrase\"}}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"alignment\":\"left\",\"columnId\":\"0485c61c-fd61-463a-9b15-bacb6243a85a\"},{\"alignment\":\"left\",\"columnId\":\"1d812881-c1ba-4b91-825c-8dc3d2fe9ad2\"},{\"alignment\":\"left\",\"columnId\":\"b6315fb5-2e5c-42f1-bfe6-92404796792e\"},{\"alignment\":\"left\",\"columnId\":\"82c2bda9-7f77-4546-a167-2c008532e954\"}],\"headerRowHeight\":\"single\",\"layerId\":\"c613d393-dc99-42e4-a4f0-afb124b56634\",\"layerType\":\"data\",\"paging\":{\"enabled\":true,\"size\":10},\"rowHeight\":\"single\"}},\"title\":\"Users Renamed - Table [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":16,\"i\":\"33\",\"w\":9,\"x\":9,\"y\":102},\"panelIndex\":\"33\",\"title\":\"Users Renamed - Table [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"[Windows Overview](#/dashboard/system-Windows-Dashboard) | [User Logon Information](#/dashboard/system-bae11b00-9bfc-11ea-87e4-49f31ec44891) |  [Logon Failed and Account Lockout](#/dashboard/system-d401ef40-a7d5-11e9-a422-d144027429da) | **User Management Events** | [Group Management Events](#/dashboard/system-bb858830-f412-11e9-8405-516218e3d268)\",\"openLinksInNewTab\":false},\"title\":\"Dashboard links  [Windows System Security]\",\"type\":\"markdown\",\"uiState\":{}}},\"gridData\":{\"h\":8,\"i\":\"cf0adfac-7cf2-479d-8ddb-1edeee62d37c\",\"w\":31,\"x\":17,\"y\":0},\"panelIndex\":\"cf0adfac-7cf2-479d-8ddb-1edeee62d37c\",\"title\":\"\",\"type\":\"visualization\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-5cfa8804-5c32-451e-a9ef-ab4f2f5ea013\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"1cdd7bfd-1207-485b-9fbc-a80cafd98b00\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"5cfa8804-5c32-451e-a9ef-ab4f2f5ea013\":{\"columnOrder\":[\"ee354f1a-af8f-47d5-9e55-7500ff35589a\",\"e66adfc6-a434-4665-93ad-34ccded647c7\"],\"columns\":{\"e66adfc6-a434-4665-93ad-34ccded647c7\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"ee354f1a-af8f-47d5-9e55-7500ff35589a\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"event.action: Descending\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"e66adfc6-a434-4665-93ad-34ccded647c7\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":15},\"scale\":\"ordinal\",\"sourceField\":\"event.action\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"1cdd7bfd-1207-485b-9fbc-a80cafd98b00\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4720\",\"4722\",\"4723\",\"4724\",\"4725\",\"4726\",\"4738\",\"4740\",\"4767\",\"4781\",\"4798\"],\"type\":\"phrases\",\"value\":\"4720, 4722, 4723, 4724, 4725, 4726, 4738, 4740, 4767, 4781, 4798\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4720\"}},{\"match_phrase\":{\"event.code\":\"4722\"}},{\"match_phrase\":{\"event.code\":\"4723\"}},{\"match_phrase\":{\"event.code\":\"4724\"}},{\"match_phrase\":{\"event.code\":\"4725\"}},{\"match_phrase\":{\"event.code\":\"4726\"}},{\"match_phrase\":{\"event.code\":\"4738\"}},{\"match_phrase\":{\"event.code\":\"4740\"}},{\"match_phrase\":{\"event.code\":\"4767\"}},{\"match_phrase\":{\"event.code\":\"4781\"}},{\"match_phrase\":{\"event.code\":\"4798\"}}]}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"hide\",\"emptySizeRatio\":0.3,\"layerId\":\"5cfa8804-5c32-451e-a9ef-ab4f2f5ea013\",\"layerType\":\"data\",\"legendDisplay\":\"hide\",\"legendMaxLines\":1,\"legendPosition\":\"right\",\"legendSize\":\"auto\",\"metrics\":[\"e66adfc6-a434-4665-93ad-34ccded647c7\"],\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"percentDecimals\":2,\"primaryGroups\":[\"ee354f1a-af8f-47d5-9e55-7500ff35589a\"],\"secondaryGroups\":[],\"showValuesInLegend\":true,\"truncateLegend\":true}],\"shape\":\"pie\"}},\"title\":\"User Management Actions [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":16,\"i\":\"a2871661-98a8-489b-b615-e66ebe3b971a\",\"w\":17,\"x\":0,\"y\":8},\"panelIndex\":\"a2871661-98a8-489b-b615-e66ebe3b971a\",\"title\":\"User Management Actions [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-49665402-a64a-44e2-b251-976e50a5c030\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"7e29a9cf-64d5-426d-b6aa-8808264a7496\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"49665402-a64a-44e2-b251-976e50a5c030\":{\"columnOrder\":[\"03dfb72e-e140-48d0-8b6b-0dd7253a1f61\",\"fb36a279-27ac-4814-ae98-a5864704ff3a\",\"050b0eae-08cf-44a4-be0e-fd22d216cdff\"],\"columns\":{\"03dfb72e-e140-48d0-8b6b-0dd7253a1f61\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"event.action\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"050b0eae-08cf-44a4-be0e-fd22d216cdff\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":25},\"scale\":\"ordinal\",\"sourceField\":\"event.action\"},\"050b0eae-08cf-44a4-be0e-fd22d216cdff\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"fb36a279-27ac-4814-ae98-a5864704ff3a\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"event.code\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"050b0eae-08cf-44a4-be0e-fd22d216cdff\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"event.code\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"7e29a9cf-64d5-426d-b6aa-8808264a7496\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4720\",\"4722\",\"4723\",\"4724\",\"4725\",\"4726\",\"4738\",\"4740\",\"4767\",\"4781\",\"4798\"],\"type\":\"phrases\",\"value\":\"4720, 4722, 4723, 4724, 4725, 4726, 4738, 4740, 4767, 4781, 4798\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4720\"}},{\"match_phrase\":{\"event.code\":\"4722\"}},{\"match_phrase\":{\"event.code\":\"4723\"}},{\"match_phrase\":{\"event.code\":\"4724\"}},{\"match_phrase\":{\"event.code\":\"4725\"}},{\"match_phrase\":{\"event.code\":\"4726\"}},{\"match_phrase\":{\"event.code\":\"4738\"}},{\"match_phrase\":{\"event.code\":\"4740\"}},{\"match_phrase\":{\"event.code\":\"4767\"}},{\"match_phrase\":{\"event.code\":\"4781\"}},{\"match_phrase\":{\"event.code\":\"4798\"}}]}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"},\"visualization\":{\"columns\":[{\"alignment\":\"left\",\"columnId\":\"050b0eae-08cf-44a4-be0e-fd22d216cdff\"},{\"alignment\":\"left\",\"columnId\":\"03dfb72e-e140-48d0-8b6b-0dd7253a1f61\"},{\"alignment\":\"left\",\"columnId\":\"fb36a279-27ac-4814-ae98-a5864704ff3a\"}],\"headerRowHeight\":\"single\",\"layerId\":\"49665402-a64a-44e2-b251-976e50a5c030\",\"layerType\":\"data\",\"paging\":{\"enabled\":true,\"size\":10},\"rowHeight\":\"single\"}},\"title\":\"User Event Actions - Table [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":16,\"i\":\"dd3e12e6-0d3c-448e-b0c4-91f7dc8742b6\",\"w\":13,\"x\":17,\"y\":8},\"panelIndex\":\"dd3e12e6-0d3c-448e-b0c4-91f7dc8742b6\",\"title\":\"User Event Actions - Table [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-e1805dcb-7ae9-4b50-b201-34f1337a8c57\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"e1805dcb-7ae9-4b50-b201-34f1337a8c57\":{\"columnOrder\":[\"d5bb0346-b16f-44ab-b12a-78b0e2c2758d\",\"8571440b-0b36-4565-9f37-e06df2d69b01\"],\"columns\":{\"8571440b-0b36-4565-9f37-e06df2d69b01\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"d5bb0346-b16f-44ab-b12a-78b0e2c2758d\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Target Users\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"8571440b-0b36-4565-9f37-e06df2d69b01\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.TargetUserName\"}},\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"8571440b-0b36-4565-9f37-e06df2d69b01\"],\"layerId\":\"e1805dcb-7ae9-4b50-b201-34f1337a8c57\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"xAccessor\":\"d5bb0346-b16f-44ab-b12a-78b0e2c2758d\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_horizontal\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":16,\"i\":\"44697eb7-bb8e-4994-9e1b-95599f1b994a\",\"w\":18,\"x\":30,\"y\":8},\"panelIndex\":\"44697eb7-bb8e-4994-9e1b-95599f1b994a\",\"title\":\"Target Users [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-81502bd7-7787-49aa-a890-24912feb1796\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"2434c52c-2206-4a9f-9d0c-c4d6ec7b7854\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"81502bd7-7787-49aa-a890-24912feb1796\":{\"columnOrder\":[\"15718d57-7630-4e2e-95c2-e54ed6194206\",\"bcc8b6f9-e162-4212-a450-0767191d1022\",\"cbf854c1-cf1f-42b9-a300-45c58996aadb\"],\"columns\":{\"15718d57-7630-4e2e-95c2-e54ed6194206\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Target User\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"cbf854c1-cf1f-42b9-a300-45c58996aadb\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":20},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.TargetUserName\"},\"bcc8b6f9-e162-4212-a450-0767191d1022\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"event.action: Descending\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"cbf854c1-cf1f-42b9-a300-45c58996aadb\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"event.action\"},\"cbf854c1-cf1f-42b9-a300-45c58996aadb\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"2434c52c-2206-4a9f-9d0c-c4d6ec7b7854\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4720\",\"4722\",\"4723\",\"4724\",\"4725\",\"4726\",\"4738\",\"4740\",\"4767\",\"4781\",\"4798\"],\"type\":\"phrases\",\"value\":\"4720, 4722, 4723, 4724, 4725, 4726, 4738, 4740, 4767, 4781, 4798\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4720\"}},{\"match_phrase\":{\"event.code\":\"4722\"}},{\"match_phrase\":{\"event.code\":\"4723\"}},{\"match_phrase\":{\"event.code\":\"4724\"}},{\"match_phrase\":{\"event.code\":\"4725\"}},{\"match_phrase\":{\"event.code\":\"4726\"}},{\"match_phrase\":{\"event.code\":\"4738\"}},{\"match_phrase\":{\"event.code\":\"4740\"}},{\"match_phrase\":{\"event.code\":\"4767\"}},{\"match_phrase\":{\"event.code\":\"4781\"}},{\"match_phrase\":{\"event.code\":\"4798\"}}]}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"},\"visualization\":{\"gridConfig\":{\"isCellLabelVisible\":true,\"isXAxisLabelVisible\":true,\"isXAxisTitleVisible\":true,\"isYAxisLabelVisible\":true,\"isYAxisTitleVisible\":true,\"type\":\"heatmap_grid\"},\"layerId\":\"81502bd7-7787-49aa-a890-24912feb1796\",\"layerType\":\"data\",\"legend\":{\"position\":\"right\",\"type\":\"heatmap_legend\"},\"palette\":{\"accessor\":\"cbf854c1-cf1f-42b9-a300-45c58996aadb\",\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#F7FBFF\",\"stop\":0},{\"color\":\"#C3DBEE\",\"stop\":25},{\"color\":\"#6DAED5\",\"stop\":50},{\"color\":\"#2271B3\",\"stop\":75}],\"continuity\":\"none\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":100,\"rangeMin\":0,\"rangeType\":\"percent\",\"reverse\":false,\"stops\":[{\"color\":\"#F7FBFF\",\"stop\":25},{\"color\":\"#C3DBEE\",\"stop\":50},{\"color\":\"#6DAED5\",\"stop\":75},{\"color\":\"#2271B3\",\"stop\":100}]},\"type\":\"palette\"},\"shape\":\"heatmap\",\"valueAccessor\":\"cbf854c1-cf1f-42b9-a300-45c58996aadb\",\"xAccessor\":\"15718d57-7630-4e2e-95c2-e54ed6194206\",\"yAccessor\":\"bcc8b6f9-e162-4212-a450-0767191d1022\"}},\"title\":\"User Management Events - Affected Users vs Actions - Heatmap [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsHeatmap\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":25,\"i\":\"29f54335-78db-4c49-a3e0-a641fd0099f6\",\"w\":48,\"x\":0,\"y\":24},\"panelIndex\":\"29f54335-78db-4c49-a3e0-a641fd0099f6\",\"title\":\"User Management Events - Affected Users vs Actions - Heatmap [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[],\"state\":{\"adHocDataViews\":{\"tsvb_ad_hoc_logs-*/@timestamp\":{\"allowNoIndex\":false,\"fieldAttrs\":{},\"fieldFormats\":{},\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"logs-*\",\"runtimeFieldMap\":{},\"sourceFilters\":[],\"timeFieldName\":\"@timestamp\",\"title\":\"logs-*\"}},\"datasourceStates\":{\"formBased\":{\"layers\":{\"d62110e5-9d90-412a-833a-3bb5da7f6693\":{\"columnOrder\":[\"f6c30a0d-83b4-4139-a669-5041c87cc19a\"],\"columns\":{\"f6c30a0d-83b4-4139-a669-5041c87cc19a\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"event.code: \\\"4720\\\"\"},\"isBucketed\":false,\"label\":\"Users Created\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[{\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"indexpattern-datasource-layer-d62110e5-9d90-412a-833a-3bb5da7f6693\",\"type\":\"index-pattern\"}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"f6c30a0d-83b4-4139-a669-5041c87cc19a\",\"colorMode\":\"Background\",\"layerId\":\"d62110e5-9d90-412a-833a-3bb5da7f6693\",\"layerType\":\"data\",\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#D0D0D0\",\"stop\":null},{\"color\":\"#cc5642\",\"stop\":0}],\"continuity\":\"all\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":null,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#D0D0D0\",\"stop\":0},{\"color\":\"#cc5642\",\"stop\":1}]},\"type\":\"palette\"}}},\"title\":\"TSVB visualization\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":7,\"i\":\"a6f12dd2-11fb-4039-8a8c-56b742a96e30\",\"w\":9,\"x\":0,\"y\":49},\"panelIndex\":\"a6f12dd2-11fb-4039-8a8c-56b742a96e30\",\"title\":\"\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[],\"state\":{\"adHocDataViews\":{\"tsvb_ad_hoc_logs-*/@timestamp\":{\"allowNoIndex\":false,\"fieldAttrs\":{},\"fieldFormats\":{},\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"logs-*\",\"runtimeFieldMap\":{},\"sourceFilters\":[],\"timeFieldName\":\"@timestamp\",\"title\":\"logs-*\"}},\"datasourceStates\":{\"formBased\":{\"layers\":{\"d62110e5-9d90-412a-833a-3bb5da7f6693\":{\"columnOrder\":[\"f6c30a0d-83b4-4139-a669-5041c87cc19a\"],\"columns\":{\"f6c30a0d-83b4-4139-a669-5041c87cc19a\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"event.code: \\\"4722\\\"\"},\"isBucketed\":false,\"label\":\"Users Enabled\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[{\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"indexpattern-datasource-layer-d62110e5-9d90-412a-833a-3bb5da7f6693\",\"type\":\"index-pattern\"}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"f6c30a0d-83b4-4139-a669-5041c87cc19a\",\"colorMode\":\"Background\",\"layerId\":\"d62110e5-9d90-412a-833a-3bb5da7f6693\",\"layerType\":\"data\",\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#D0D0D0\",\"stop\":null},{\"color\":\"#cc5642\",\"stop\":1}],\"continuity\":\"all\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":null,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#D0D0D0\",\"stop\":1},{\"color\":\"#cc5642\",\"stop\":2}]},\"type\":\"palette\"}}},\"title\":\"TSVB visualization\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":7,\"i\":\"39724444-251e-480d-b5f2-642362f8929e\",\"w\":9,\"x\":9,\"y\":49},\"panelIndex\":\"39724444-251e-480d-b5f2-642362f8929e\",\"title\":\"\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[],\"state\":{\"adHocDataViews\":{\"tsvb_ad_hoc_logs-*/@timestamp\":{\"allowNoIndex\":false,\"fieldAttrs\":{},\"fieldFormats\":{},\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"logs-*\",\"runtimeFieldMap\":{},\"sourceFilters\":[],\"timeFieldName\":\"@timestamp\",\"title\":\"logs-*\"}},\"datasourceStates\":{\"formBased\":{\"layers\":{\"53b82494-6fb7-47b6-8d8d-dd3fcb3b89ed\":{\"columnOrder\":[\"b54a4942-5808-4c83-b3ea-50406c4199ef\"],\"columns\":{\"b54a4942-5808-4c83-b3ea-50406c4199ef\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"event.code: \\\"4726\\\"\"},\"isBucketed\":false,\"label\":\"Users Deleted\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[{\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"indexpattern-datasource-layer-53b82494-6fb7-47b6-8d8d-dd3fcb3b89ed\",\"type\":\"index-pattern\"}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"b54a4942-5808-4c83-b3ea-50406c4199ef\",\"colorMode\":\"Background\",\"layerId\":\"53b82494-6fb7-47b6-8d8d-dd3fcb3b89ed\",\"layerType\":\"data\",\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#D0D0D0\",\"stop\":null},{\"color\":\"#DA8B45\",\"stop\":1}],\"continuity\":\"all\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":null,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#D0D0D0\",\"stop\":1},{\"color\":\"#DA8B45\",\"stop\":2}]},\"type\":\"palette\"}}},\"title\":\"TSVB visualization\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":7,\"i\":\"9fdcbd20-59e6-4fd2-bc0a-72b0daaee79e\",\"w\":9,\"x\":18,\"y\":49},\"panelIndex\":\"9fdcbd20-59e6-4fd2-bc0a-72b0daaee79e\",\"title\":\"\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-f948c2c2-e83b-4f32-aaab-acb740cf74e3\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"9863d407-89f7-419e-ac97-2dd548e76e0b\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"f948c2c2-e83b-4f32-aaab-acb740cf74e3\":{\"columnOrder\":[\"11ccc892-90c4-4cfa-9c5e-821d584dabcc\",\"d8077715-92a4-46cb-8baa-471f429e0fd4\",\"2915bf68-6254-470e-b565-bf1597c1d345\"],\"columns\":{\"11ccc892-90c4-4cfa-9c5e-821d584dabcc\":{\"customLabel\":true,\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":false,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"2915bf68-6254-470e-b565-bf1597c1d345\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"d8077715-92a4-46cb-8baa-471f429e0fd4\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"event.action: Descending\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"2915bf68-6254-470e-b565-bf1597c1d345\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":15},\"scale\":\"ordinal\",\"sourceField\":\"event.action\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"9863d407-89f7-419e-ac97-2dd548e76e0b\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4720\",\"4722\",\"4723\",\"4724\",\"4725\",\"4726\",\"4738\",\"4740\",\"4767\",\"4781\",\"4798\"],\"type\":\"phrases\",\"value\":\"4720, 4722, 4723, 4724, 4725, 4726, 4738, 4740, 4767, 4781, 4798\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4720\"}},{\"match_phrase\":{\"event.code\":\"4722\"}},{\"match_phrase\":{\"event.code\":\"4723\"}},{\"match_phrase\":{\"event.code\":\"4724\"}},{\"match_phrase\":{\"event.code\":\"4725\"}},{\"match_phrase\":{\"event.code\":\"4726\"}},{\"match_phrase\":{\"event.code\":\"4738\"}},{\"match_phrase\":{\"event.code\":\"4740\"}},{\"match_phrase\":{\"event.code\":\"4767\"}},{\"match_phrase\":{\"event.code\":\"4781\"}},{\"match_phrase\":{\"event.code\":\"4798\"}}]}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"curveType\":\"LINEAR\",\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":-90},\"layers\":[{\"accessors\":[\"2915bf68-6254-470e-b565-bf1597c1d345\"],\"isHistogram\":true,\"layerId\":\"f948c2c2-e83b-4f32-aaab-acb740cf74e3\",\"layerType\":\"data\",\"seriesType\":\"bar_stacked\",\"simpleView\":false,\"splitAccessor\":\"d8077715-92a4-46cb-8baa-471f429e0fd4\",\"xAccessor\":\"11ccc892-90c4-4cfa-9c5e-821d584dabcc\",\"xScaleType\":\"time\",\"yConfig\":[{\"axisMode\":\"left\",\"forAccessor\":\"2915bf68-6254-470e-b565-bf1597c1d345\"}]}],\"legend\":{\"isVisible\":true,\"legendSize\":\"auto\",\"maxLines\":1,\"position\":\"right\",\"shouldTruncate\":true,\"showSingleSeries\":true},\"preferredSeriesType\":\"bar_stacked\",\"showCurrentTimeMarker\":false,\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"valuesInLegend\":false,\"yLeftExtent\":{\"enforce\":true,\"mode\":\"full\"},\"yLeftScale\":\"linear\",\"yRightScale\":\"linear\",\"yTitle\":\"Count\"}},\"title\":\"Event Distribution in time [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":23,\"i\":\"1ec8b993-9ac1-4c7f-b7f7-5136f2e310aa\",\"w\":21,\"x\":27,\"y\":49},\"panelIndex\":\"1ec8b993-9ac1-4c7f-b7f7-5136f2e310aa\",\"title\":\"Event Distribution in time [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[],\"state\":{\"adHocDataViews\":{\"tsvb_ad_hoc_logs-*/@timestamp\":{\"allowNoIndex\":false,\"fieldAttrs\":{},\"fieldFormats\":{},\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"logs-*\",\"runtimeFieldMap\":{},\"sourceFilters\":[],\"timeFieldName\":\"@timestamp\",\"title\":\"logs-*\"}},\"datasourceStates\":{\"formBased\":{\"layers\":{\"4a1f13e9-c9c4-44b2-b9dc-ce205372ca10\":{\"columnOrder\":[\"64cc5931-61bd-44b8-b16c-5054d276ae0e\"],\"columns\":{\"64cc5931-61bd-44b8-b16c-5054d276ae0e\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"((data_stream.dataset:windows.security OR data_stream.dataset:system.security) AND event.code: \\\"4725\\\")\"},\"isBucketed\":false,\"label\":\"Users Disabled\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[{\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"indexpattern-datasource-layer-4a1f13e9-c9c4-44b2-b9dc-ce205372ca10\",\"type\":\"index-pattern\"}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"64cc5931-61bd-44b8-b16c-5054d276ae0e\",\"colorMode\":\"Background\",\"layerId\":\"4a1f13e9-c9c4-44b2-b9dc-ce205372ca10\",\"layerType\":\"data\",\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#D0D0D0\",\"stop\":null},{\"color\":\"#209280\",\"stop\":1}],\"continuity\":\"all\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":null,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#D0D0D0\",\"stop\":1},{\"color\":\"#209280\",\"stop\":2}]},\"type\":\"palette\"}}},\"title\":\"TSVB visualization\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":7,\"i\":\"bd1b0e6a-ed99-423d-8a51-29456ec74e0e\",\"w\":9,\"x\":0,\"y\":72},\"panelIndex\":\"bd1b0e6a-ed99-423d-8a51-29456ec74e0e\",\"title\":\"\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[],\"state\":{\"adHocDataViews\":{\"tsvb_ad_hoc_logs-*/@timestamp\":{\"allowNoIndex\":false,\"fieldAttrs\":{},\"fieldFormats\":{},\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"logs-*\",\"runtimeFieldMap\":{},\"sourceFilters\":[],\"timeFieldName\":\"@timestamp\",\"title\":\"logs-*\"}},\"datasourceStates\":{\"formBased\":{\"layers\":{\"f0a07f86-9bd8-4a78-a711-4a9e7addd049\":{\"columnOrder\":[\"f98f0911-786f-45d8-a808-8c2f20f07313\"],\"columns\":{\"f98f0911-786f-45d8-a808-8c2f20f07313\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"event.code: \\\"4767\\\"\"},\"isBucketed\":false,\"label\":\"Users Unlocks\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[{\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"indexpattern-datasource-layer-f0a07f86-9bd8-4a78-a711-4a9e7addd049\",\"type\":\"index-pattern\"}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"f98f0911-786f-45d8-a808-8c2f20f07313\",\"colorMode\":\"Background\",\"layerId\":\"f0a07f86-9bd8-4a78-a711-4a9e7addd049\",\"layerType\":\"data\",\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#D0D0D0\",\"stop\":null},{\"color\":\"#209280\",\"stop\":1}],\"continuity\":\"all\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":null,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#D0D0D0\",\"stop\":1},{\"color\":\"#209280\",\"stop\":2}]},\"type\":\"palette\"}}},\"title\":\"TSVB visualization\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":7,\"i\":\"16030d60-0638-4c98-8bc5-0d8c4bf43a0c\",\"w\":9,\"x\":9,\"y\":72},\"panelIndex\":\"16030d60-0638-4c98-8bc5-0d8c4bf43a0c\",\"title\":\"\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[],\"state\":{\"adHocDataViews\":{\"tsvb_ad_hoc_logs-*/@timestamp\":{\"allowNoIndex\":false,\"fieldAttrs\":{},\"fieldFormats\":{},\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"logs-*\",\"runtimeFieldMap\":{},\"sourceFilters\":[],\"timeFieldName\":\"@timestamp\",\"title\":\"logs-*\"}},\"datasourceStates\":{\"formBased\":{\"layers\":{\"71d71f2b-1120-4e6e-b3cf-c5dc99a1860f\":{\"columnOrder\":[\"101426f1-a447-42fb-8a21-203065dd42c5\"],\"columns\":{\"101426f1-a447-42fb-8a21-203065dd42c5\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"event.code: \\\"4723\\\"  OR event.code: \\\"4724\\\"\"},\"isBucketed\":false,\"label\":\"Password Changes/Reset\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[{\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"indexpattern-datasource-layer-71d71f2b-1120-4e6e-b3cf-c5dc99a1860f\",\"type\":\"index-pattern\"}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"101426f1-a447-42fb-8a21-203065dd42c5\",\"colorMode\":\"Background\",\"layerId\":\"71d71f2b-1120-4e6e-b3cf-c5dc99a1860f\",\"layerType\":\"data\",\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#D0D0D0\",\"stop\":null},{\"color\":\"#d6bf57\",\"stop\":1}],\"continuity\":\"all\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":null,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#D0D0D0\",\"stop\":1},{\"color\":\"#d6bf57\",\"stop\":2}]},\"type\":\"palette\"}}},\"title\":\"TSVB visualization\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":7,\"i\":\"9c593d0d-c730-4277-ae74-ac3134055800\",\"w\":9,\"x\":18,\"y\":72},\"panelIndex\":\"9c593d0d-c730-4277-ae74-ac3134055800\",\"title\":\"\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[],\"state\":{\"adHocDataViews\":{\"tsvb_ad_hoc_logs-*/@timestamp\":{\"allowNoIndex\":false,\"fieldAttrs\":{},\"fieldFormats\":{},\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"logs-*\",\"runtimeFieldMap\":{},\"sourceFilters\":[],\"timeFieldName\":\"@timestamp\",\"title\":\"logs-*\"}},\"datasourceStates\":{\"formBased\":{\"layers\":{\"afbadb03-16b7-407f-af63-f2e4a851e785\":{\"columnOrder\":[\"1094c3d6-772d-435d-b002-698f1320d162\"],\"columns\":{\"1094c3d6-772d-435d-b002-698f1320d162\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"((data_stream.dataset:windows.security OR data_stream.dataset:system.security) AND event.code: \\\"4740\\\")\"},\"isBucketed\":false,\"label\":\"Users Locked Out\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[{\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"indexpattern-datasource-layer-afbadb03-16b7-407f-af63-f2e4a851e785\",\"type\":\"index-pattern\"}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"1094c3d6-772d-435d-b002-698f1320d162\",\"colorMode\":\"Background\",\"layerId\":\"afbadb03-16b7-407f-af63-f2e4a851e785\",\"layerType\":\"data\",\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#D0D0D0\",\"stop\":null},{\"color\":\"#808080\",\"stop\":0}],\"continuity\":\"all\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":null,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#D0D0D0\",\"stop\":0},{\"color\":\"#808080\",\"stop\":1}]},\"type\":\"palette\"}}},\"title\":\"TSVB visualization\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":7,\"i\":\"0f1cf1e8-0798-464b-b18a-0dd1ae19d36f\",\"w\":9,\"x\":0,\"y\":95},\"panelIndex\":\"0f1cf1e8-0798-464b-b18a-0dd1ae19d36f\",\"title\":\"\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[],\"state\":{\"adHocDataViews\":{\"tsvb_ad_hoc_logs-*/@timestamp\":{\"allowNoIndex\":false,\"fieldAttrs\":{},\"fieldFormats\":{},\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"logs-*\",\"runtimeFieldMap\":{},\"sourceFilters\":[],\"timeFieldName\":\"@timestamp\",\"title\":\"logs-*\"}},\"datasourceStates\":{\"formBased\":{\"layers\":{\"92862cde-d2fe-4d8a-87ba-d2e86f3751c7\":{\"columnOrder\":[\"2a0b322c-fbee-472a-aea7-86cc0bb9a3e6\"],\"columns\":{\"2a0b322c-fbee-472a-aea7-86cc0bb9a3e6\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"event.code: \\\"4781\\\"\"},\"isBucketed\":false,\"label\":\"Users Renamed\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[{\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"indexpattern-datasource-layer-92862cde-d2fe-4d8a-87ba-d2e86f3751c7\",\"type\":\"index-pattern\"}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"2a0b322c-fbee-472a-aea7-86cc0bb9a3e6\",\"colorMode\":\"Background\",\"layerId\":\"92862cde-d2fe-4d8a-87ba-d2e86f3751c7\",\"layerType\":\"data\",\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#D0D0D0\",\"stop\":null},{\"color\":\"#808080\",\"stop\":1}],\"continuity\":\"all\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":null,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#D0D0D0\",\"stop\":1},{\"color\":\"#808080\",\"stop\":2}]},\"type\":\"palette\"}}},\"title\":\"TSVB visualization\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":7,\"i\":\"ca7947ea-7c33-4ef7-acfb-51df31226ea0\",\"w\":9,\"x\":9,\"y\":95},\"panelIndex\":\"ca7947ea-7c33-4ef7-acfb-51df31226ea0\",\"title\":\"\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[],\"state\":{\"adHocDataViews\":{\"tsvb_ad_hoc_logs-*/@timestamp\":{\"allowNoIndex\":false,\"fieldAttrs\":{},\"fieldFormats\":{},\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"logs-*\",\"runtimeFieldMap\":{},\"sourceFilters\":[],\"timeFieldName\":\"@timestamp\",\"title\":\"logs-*\"}},\"datasourceStates\":{\"formBased\":{\"layers\":{\"f3ab0f05-2e4c-4794-a430-81d0f4f2585c\":{\"columnOrder\":[\"2c0aee5b-6685-49c3-8a07-4b4858303bdf\"],\"columns\":{\"2c0aee5b-6685-49c3-8a07-4b4858303bdf\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"event.code: \\\"4738\\\"\"},\"isBucketed\":false,\"label\":\"Users Changes\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[{\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"indexpattern-datasource-layer-f3ab0f05-2e4c-4794-a430-81d0f4f2585c\",\"type\":\"index-pattern\"}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"2c0aee5b-6685-49c3-8a07-4b4858303bdf\",\"colorMode\":\"Background\",\"layerId\":\"f3ab0f05-2e4c-4794-a430-81d0f4f2585c\",\"layerType\":\"data\",\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#D0D0D0\",\"stop\":null},{\"color\":\"#d6bf57\",\"stop\":1}],\"continuity\":\"all\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":null,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#D0D0D0\",\"stop\":1},{\"color\":\"#d6bf57\",\"stop\":2}]},\"type\":\"palette\"}}},\"title\":\"TSVB visualization\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":7,\"i\":\"38e91c86-1d3e-4342-b8cc-e95031dbf1b7\",\"w\":9,\"x\":18,\"y\":95},\"panelIndex\":\"38e91c86-1d3e-4342-b8cc-e95031dbf1b7\",\"title\":\"\",\"type\":\"lens\",\"version\":\"8.7.0\"}]","timeRestore":false,"title":"[System Windows Security] User Management Events","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"system-71f720f0-ff18-11e9-8405-516218e3d268","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"logs-*","name":"3:indexpattern-datasource-layer-2d2094c7-e57e-4a12-88ad-50291d81a64b","type":"index-pattern"},{"id":"logs-*","name":"3:ee7f0132-6cba-4ea8-80ea-50bddb3c588e","type":"index-pattern"},{"id":"logs-*","name":"5:indexpattern-datasource-layer-95473519-9e23-4ab1-acb8-3212f69ea3b5","type":"index-pattern"},{"id":"logs-*","name":"5:f8e3cf39-b76f-4658-af4f-c9c915ba6ba6","type":"index-pattern"},{"id":"logs-*","name":"6:indexpattern-datasource-layer-dc37e882-6f66-420e-a41d-17176340e1fc","type":"index-pattern"},{"id":"logs-*","name":"6:87383246-3af7-4da7-bf25-da8b92485bf4","type":"index-pattern"},{"id":"logs-*","name":"7:indexpattern-datasource-layer-5ef7cf84-7e34-4c90-afe6-2a3bc54f9e62","type":"index-pattern"},{"id":"logs-*","name":"7:2974422c-1f81-4077-9f55-a01a8b045f56","type":"index-pattern"},{"id":"logs-*","name":"9:indexpattern-datasource-layer-f8300e3b-29eb-46f6-a509-9bd4b4b2f8ec","type":"index-pattern"},{"id":"logs-*","name":"9:8726b1f3-6de9-4d3f-8ac6-c47b378bdcb2","type":"index-pattern"},{"id":"logs-*","name":"15:indexpattern-datasource-layer-8ee3da48-29cf-4b5a-b9be-ede6e7f10f54","type":"index-pattern"},{"id":"logs-*","name":"15:6d7d0e01-edd7-4907-a80b-65abcdd357ca","type":"index-pattern"},{"id":"logs-*","name":"16:indexpattern-datasource-layer-5ffb434e-0578-45fe-bbc8-01893ae2f867","type":"index-pattern"},{"id":"logs-*","name":"16:d72b2685-a2ee-4c6d-bf7f-70cdfad9817e","type":"index-pattern"},{"id":"logs-*","name":"20:indexpattern-datasource-layer-7868e85e-6ff2-4087-8bd9-7d22da031e24","type":"index-pattern"},{"id":"logs-*","name":"20:84460bff-f94b-4d8b-a166-5ab188df891c","type":"index-pattern"},{"id":"system-7e178c80-fee1-11e9-8405-516218e3d268","name":"22:panel_22","type":"search"},{"id":"system-324686c0-fefb-11e9-8405-516218e3d268","name":"23:panel_23","type":"search"},{"id":"logs-*","name":"33:indexpattern-datasource-layer-c613d393-dc99-42e4-a4f0-afb124b56634","type":"index-pattern"},{"id":"logs-*","name":"33:642679d4-cdd9-44fe-9723-862f94ee2256","type":"index-pattern"},{"id":"logs-*","name":"a2871661-98a8-489b-b615-e66ebe3b971a:indexpattern-datasource-layer-5cfa8804-5c32-451e-a9ef-ab4f2f5ea013","type":"index-pattern"},{"id":"logs-*","name":"a2871661-98a8-489b-b615-e66ebe3b971a:1cdd7bfd-1207-485b-9fbc-a80cafd98b00","type":"index-pattern"},{"id":"logs-*","name":"dd3e12e6-0d3c-448e-b0c4-91f7dc8742b6:indexpattern-datasource-layer-49665402-a64a-44e2-b251-976e50a5c030","type":"index-pattern"},{"id":"logs-*","name":"dd3e12e6-0d3c-448e-b0c4-91f7dc8742b6:7e29a9cf-64d5-426d-b6aa-8808264a7496","type":"index-pattern"},{"id":"logs-*","name":"44697eb7-bb8e-4994-9e1b-95599f1b994a:indexpattern-datasource-layer-e1805dcb-7ae9-4b50-b201-34f1337a8c57","type":"index-pattern"},{"id":"logs-*","name":"29f54335-78db-4c49-a3e0-a641fd0099f6:indexpattern-datasource-layer-81502bd7-7787-49aa-a890-24912feb1796","type":"index-pattern"},{"id":"logs-*","name":"29f54335-78db-4c49-a3e0-a641fd0099f6:2434c52c-2206-4a9f-9d0c-c4d6ec7b7854","type":"index-pattern"},{"id":"logs-*","name":"1ec8b993-9ac1-4c7f-b7f7-5136f2e310aa:indexpattern-datasource-layer-f948c2c2-e83b-4f32-aaab-acb740cf74e3","type":"index-pattern"},{"id":"logs-*","name":"1ec8b993-9ac1-4c7f-b7f7-5136f2e310aa:9863d407-89f7-419e-ac97-2dd548e76e0b","type":"index-pattern"},{"id":"system-fleet-managed-default","name":"tag-ref-system-fleet-managed-default","type":"tag"},{"id":"system-fleet-pkg-system-default","name":"tag-ref-system-fleet-pkg-system-default","type":"tag"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-system-default","name":"tag-ref-fleet-pkg-system-default","type":"tag"}],"sort":[1688996741503,8284],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4MzksMV0="}
+{"attributes":{"columns":["event.action","user.name","related.user","user.domain","source.domain","source.ip","winlog.event_data.SubjectUserName"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4625\",\"4740\"],\"type\":\"phrases\",\"value\":\"4625, 4740\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4625\"}},{\"match_phrase\":{\"event.code\":\"4740\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"winlog.provider_name\",\"negate\":false,\"params\":{\"query\":\"Microsoft-Windows-Security-Auditing\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"winlog.provider_name\":\"Microsoft-Windows-Security-Auditing\"}}}],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"},\"version\":true}"},"sort":[["@timestamp","desc"]],"title":"3. Login Failed Details","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"system-757510b0-a87f-11e9-a422-d144027429da","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"system-fleet-managed-default","name":"tag-ref-system-fleet-managed-default","type":"tag"},{"id":"system-fleet-pkg-system-default","name":"tag-ref-system-fleet-pkg-system-default","type":"tag"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-system-default","name":"tag-ref-fleet-pkg-system-default","type":"tag"}],"sort":[1688996741503,8292],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4NDAsMV0="}
+{"attributes":{"description":"Overview of host metrics","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"version\":true}"},"optionsJSON":"{\"darkTheme\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"fcb53f5b-0e6b-41c8-ae1c-e2aafdeaff5a\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"fcb53f5b-0e6b-41c8-ae1c-e2aafdeaff5a\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"## Host overview\\n\\nTo select another host, either go back to [System Overview](#/dashboard/system-Metrics-system-overview) or select a host from the dropdown at the top below the search bar\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"System Navigation [Metrics System]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"6fd34c50-53a3-4919-b7c5-aba460f0fe6d\",\"w\":12,\"x\":36,\"y\":5},\"panelIndex\":\"6fd34c50-53a3-4919-b7c5-aba460f0fe6d\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.network\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.network\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"0e346760-1b92-11e7-bec4-a5e9ec5cab8b\"}],\"drop_last_bucket\":1,\"filter\":{\"language\":\"lucene\",\"query\":\"-system.network.name:l*\"},\"hide_last_value_indicator\":true,\"id\":\"0c761590-1b92-11e7-bec4-a5e9ec5cab8b\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"0c761591-1b92-11e7-bec4-a5e9ec5cab8b\",\"label\":\"Outbound Traffic\",\"line_width\":1,\"metrics\":[{\"field\":\"system.network.out.bytes\",\"id\":\"0c761592-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"max\"},{\"field\":\"0c761592-1b92-11e7-bec4-a5e9ec5cab8b\",\"id\":\"1d659060-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"derivative\",\"unit\":\"1s\"},{\"field\":\"1d659060-1b92-11e7-bec4-a5e9ec5cab8b\",\"id\":\"f2074f70-1b92-11e7-a416-41f5ccdba2e6\",\"type\":\"positive_only\",\"unit\":\"\"},{\"function\":\"sum\",\"id\":\"a1737470-2c55-11e7-a0ad-277ce466684d\",\"type\":\"series_agg\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"system.network.name\",\"time_range_mode\":\"entire_time_range\",\"value_template\":\"{{value}}/s\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"37f70440-1b92-11e7-bec4-a5e9ec5cab8b\",\"label\":\"Total Transferred\",\"line_width\":1,\"metrics\":[{\"field\":\"system.network.out.bytes\",\"id\":\"37f72b50-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"max\"},{\"field\":\"37f72b50-1b92-11e7-bec4-a5e9ec5cab8b\",\"id\":\"37f72b51-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"derivative\",\"unit\":\"\"},{\"field\":\"37f72b51-1b92-11e7-bec4-a5e9ec5cab8b\",\"id\":\"f9da2dd0-1b92-11e7-a416-41f5ccdba2e6\",\"type\":\"positive_only\",\"unit\":\"\"},{\"field\":\"f9da2dd0-1b92-11e7-a416-41f5ccdba2e6\",\"function\":\"overall_sum\",\"id\":\"3e63c2f0-1b92-11e7-bec4-a5e9ec5cab8b\",\"sigma\":\"\",\"type\":\"series_agg\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"system.network.name\",\"time_range_mode\":\"entire_time_range\",\"value_template\":\"{{value}}\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"last_value\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"metric\",\"use_kibana_indexes\":false},\"title\":\"\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Outbound Traffic [Metrics System]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"d0a6fc45-278c-427e-a440-eec3ec3ce367\",\"w\":12,\"x\":0,\"y\":5},\"panelIndex\":\"d0a6fc45-278c-427e-a440-eec3ec3ce367\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.cpu\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.cpu\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"system.cpu\\\"\"},\"gauge_color_rules\":[{\"gauge\":\"rgba(32,146,128,1)\",\"id\":\"4ef2c3b0-1b91-11e7-bec4-a5e9ec5cab8b\",\"operator\":\"gte\",\"value\":0},{\"gauge\":\"rgba(214,191,87,1)\",\"id\":\"e6561ae0-1b91-11e7-bec4-a5e9ec5cab8b\",\"operator\":\"gte\",\"value\":0.7},{\"gauge\":\"rgba(204,86,66,1)\",\"id\":\"ec655040-1b91-11e7-bec4-a5e9ec5cab8b\",\"operator\":\"gte\",\"value\":0.85},{\"gauge\":\"rgba(32,146,128,1)\",\"id\":\"860f8db7-6191-4519-8d2a-c51f2a95c2bc\",\"operator\":\"empty\",\"value\":null}],\"gauge_inner_width\":10,\"gauge_max\":\"1\",\"gauge_style\":\"half\",\"gauge_width\":10,\"hide_last_value_indicator\":true,\"id\":\"4c9e2550-1b91-11e7-bec4-a5e9ec5cab8b\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"percent\",\"id\":\"4c9e2551-1b91-11e7-bec4-a5e9ec5cab8b\",\"label\":\"CPU Usage\",\"line_width\":1,\"metrics\":[{\"field\":\"system.cpu.total.norm.pct\",\"id\":\"4c9e2552-1b91-11e7-bec4-a5e9ec5cab8b\",\"type\":\"avg\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"time_range_mode\":\"entire_time_range\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"last_value\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"gauge\",\"use_kibana_indexes\":false},\"title\":\"\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"CPU Usage Gauge [Metrics System]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"e50a72f5-160a-4694-8f44-2e6da666b90b\",\"w\":12,\"x\":12,\"y\":5},\"panelIndex\":\"e50a72f5-160a-4694-8f44-2e6da666b90b\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.memory\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.memory\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"system.memory\\\"\"},\"gauge_color_rules\":[{\"gauge\":\"rgba(32,146,128,1)\",\"id\":\"a0d522e0-1b91-11e7-bec4-a5e9ec5cab8b\",\"operator\":\"gte\",\"value\":0},{\"gauge\":\"rgba(214,191,87,1)\",\"id\":\"b45ad8f0-1b91-11e7-bec4-a5e9ec5cab8b\",\"operator\":\"gte\",\"value\":0.7},{\"gauge\":\"rgba(204,86,66,1)\",\"id\":\"c06e9550-1b91-11e7-bec4-a5e9ec5cab8b\",\"operator\":\"gte\",\"value\":0.85},{\"gauge\":\"rgba(32,146,128,1)\",\"id\":\"4bbf6453-9bd4-4ab7-aa12-5a7ed6306651\",\"operator\":\"empty\",\"value\":null}],\"gauge_inner_width\":10,\"gauge_max\":\"1\",\"gauge_style\":\"half\",\"gauge_width\":10,\"hide_last_value_indicator\":true,\"id\":\"9f51b730-1b91-11e7-bec4-a5e9ec5cab8b\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"percent\",\"id\":\"9f51b731-1b91-11e7-bec4-a5e9ec5cab8b\",\"label\":\"Memory Usage\",\"line_width\":1,\"metrics\":[{\"field\":\"system.memory.actual.used.pct\",\"id\":\"9f51b732-1b91-11e7-bec4-a5e9ec5cab8b\",\"type\":\"avg\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"time_range_mode\":\"entire_time_range\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"last_value\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"gauge\",\"use_kibana_indexes\":false},\"title\":\"\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Memory Usage Gauge [Metrics System]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"baca3f6a-498a-4752-8882-1d8906d06405\",\"w\":12,\"x\":24,\"y\":5},\"panelIndex\":\"baca3f6a-498a-4752-8882-1d8906d06405\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.load\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.load\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"feefabd0-1b90-11e7-bec4-a5e9ec5cab8b\"}],\"drop_last_bucket\":1,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"gauge_color_rules\":[{\"id\":\"ffd94880-1b90-11e7-bec4-a5e9ec5cab8b\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"hide_last_value_indicator\":true,\"id\":\"fdcc6180-1b90-11e7-bec4-a5e9ec5cab8b\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(32,146,128,1)\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"fdcc6181-1b90-11e7-bec4-a5e9ec5cab8b\",\"label\":\"5m Load\",\"line_width\":1,\"metrics\":[{\"field\":\"system.load.5\",\"id\":\"fdcc6182-1b90-11e7-bec4-a5e9ec5cab8b\",\"type\":\"avg\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"time_range_mode\":\"entire_time_range\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"last_value\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"gauge\",\"use_kibana_indexes\":false},\"title\":\"\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Load Gauge [Metrics System]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"02993ece-9e84-4957-9780-a89d1cfef103\",\"w\":12,\"x\":36,\"y\":14},\"panelIndex\":\"02993ece-9e84-4957-9780-a89d1cfef103\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.network\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.network\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"0e346760-1b92-11e7-bec4-a5e9ec5cab8b\"}],\"drop_last_bucket\":1,\"filter\":{\"language\":\"lucene\",\"query\":\"-system.network.name:l*\"},\"hide_last_value_indicator\":true,\"id\":\"0c761590-1b92-11e7-bec4-a5e9ec5cab8b\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"0c761591-1b92-11e7-bec4-a5e9ec5cab8b\",\"label\":\"Inbound Traffic\",\"line_width\":1,\"metrics\":[{\"field\":\"system.network.in.bytes\",\"id\":\"0c761592-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"max\"},{\"field\":\"0c761592-1b92-11e7-bec4-a5e9ec5cab8b\",\"id\":\"1d659060-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"derivative\",\"unit\":\"1s\"},{\"field\":\"1d659060-1b92-11e7-bec4-a5e9ec5cab8b\",\"id\":\"f2074f70-1b92-11e7-a416-41f5ccdba2e6\",\"type\":\"positive_only\",\"unit\":\"\"},{\"function\":\"sum\",\"id\":\"c40e18f0-2c55-11e7-a0ad-277ce466684d\",\"type\":\"series_agg\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"system.network.name\",\"time_range_mode\":\"entire_time_range\",\"value_template\":\"{{value}}/s\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"37f70440-1b92-11e7-bec4-a5e9ec5cab8b\",\"label\":\"Total Transferred\",\"line_width\":1,\"metrics\":[{\"field\":\"system.network.in.bytes\",\"id\":\"37f72b50-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"max\"},{\"field\":\"37f72b50-1b92-11e7-bec4-a5e9ec5cab8b\",\"id\":\"37f72b51-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"derivative\",\"unit\":\"\"},{\"field\":\"37f72b51-1b92-11e7-bec4-a5e9ec5cab8b\",\"id\":\"f9da2dd0-1b92-11e7-a416-41f5ccdba2e6\",\"type\":\"positive_only\",\"unit\":\"\"},{\"field\":\"f9da2dd0-1b92-11e7-a416-41f5ccdba2e6\",\"function\":\"overall_sum\",\"id\":\"3e63c2f0-1b92-11e7-bec4-a5e9ec5cab8b\",\"sigma\":\"\",\"type\":\"series_agg\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"system.network.name\",\"time_range_mode\":\"entire_time_range\",\"value_template\":\"{{value}}\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"last_value\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"metric\",\"use_kibana_indexes\":false},\"title\":\"\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Inbound Traffic [Metrics System]\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":8,\"i\":\"17f54fe4-ae84-4319-97fd-069225d0a8fb\",\"w\":12,\"x\":0,\"y\":14},\"panelIndex\":\"17f54fe4-ae84-4319-97fd-069225d0a8fb\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-9f6d8570-52c1-4af2-a105-b9993b2e8b5c\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"04b54a98-baa0-43a7-aaa8-ace6b600ff4b\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"9f6d8570-52c1-4af2-a105-b9993b2e8b5c\":{\"columnOrder\":[\"314b8c49-2a3b-464b-bc85-ab7e098fd510\",\"314b8c49-2a3b-464b-bc85-ab7e098fd510X0\"],\"columns\":{\"314b8c49-2a3b-464b-bc85-ab7e098fd510\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Processes\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(process.pid)\",\"isFormulaBroken\":false},\"references\":[\"314b8c49-2a3b-464b-bc85-ab7e098fd510X0\"],\"scale\":\"ratio\"},\"314b8c49-2a3b-464b-bc85-ab7e098fd510X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Processes\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"process.pid\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"04b54a98-baa0-43a7-aaa8-ace6b600ff4b\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.process\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.process\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"314b8c49-2a3b-464b-bc85-ab7e098fd510\",\"layerId\":\"9f6d8570-52c1-4af2-a105-b9993b2e8b5c\",\"layerType\":\"data\",\"size\":\"xl\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"79d36896-445a-4904-ad18-e0234fd9ca3f\",\"w\":12,\"x\":12,\"y\":14},\"panelIndex\":\"79d36896-445a-4904-ad18-e0234fd9ca3f\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.memory\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.memory\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"6f7618b0-4d5c-11e7-aa29-87a97a796de6\"}],\"drop_last_bucket\":1,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"system.memory\\\"\"},\"hide_last_value_indicator\":true,\"id\":\"6bc65720-4d5c-11e7-aa29-87a97a796de6\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"6bc65721-4d5c-11e7-aa29-87a97a796de6\",\"label\":\"Memory usage\",\"line_width\":1,\"metrics\":[{\"field\":\"system.memory.actual.used.bytes\",\"id\":\"6bc65722-4d5c-11e7-aa29-87a97a796de6\",\"type\":\"avg\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"time_range_mode\":\"entire_time_range\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"b8fe6820-4d5c-11e7-aa29-87a97a796de6\",\"label\":\"Total Memory\",\"line_width\":1,\"metrics\":[{\"field\":\"system.memory.total\",\"id\":\"b8fe6821-4d5c-11e7-aa29-87a97a796de6\",\"type\":\"avg\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"time_range_mode\":\"entire_time_range\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"last_value\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"metric\",\"use_kibana_indexes\":false},\"title\":\"\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Memory usage vs total [Metrics System]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"81d645ce-9d97-499f-9117-b3e662caee53\",\"w\":12,\"x\":24,\"y\":14},\"panelIndex\":\"81d645ce-9d97-499f-9117-b3e662caee53\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.fsstat\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.fsstat\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"system.fsstat\\\"\"},\"gauge_color_rules\":[{\"gauge\":\"rgba(32,146,128,1)\",\"id\":\"51921d10-4d1d-11e7-b5f2-2b7c1895bf32\",\"operator\":\"gte\",\"value\":0},{\"gauge\":\"rgba(214,191,87,1)\",\"id\":\"f26de750-4d54-11e7-b5f2-2b7c1895bf32\",\"operator\":\"gte\",\"value\":0.7},{\"gauge\":\"rgba(204,86,66,1)\",\"id\":\"fa31d190-4d54-11e7-b5f2-2b7c1895bf32\",\"operator\":\"gte\",\"value\":0.85},{\"gauge\":\"rgba(32,146,128,1)\",\"id\":\"79158349-1f03-4701-8ecc-c882c2b13ff3\",\"operator\":\"empty\",\"value\":null}],\"gauge_inner_width\":10,\"gauge_max\":\"1\",\"gauge_style\":\"half\",\"gauge_width\":10,\"hide_last_value_indicator\":true,\"id\":\"4e4dc780-4d1d-11e7-b5f2-2b7c1895bf32\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"percent\",\"id\":\"4e4dee90-4d1d-11e7-b5f2-2b7c1895bf32\",\"label\":\"Disk used\",\"line_width\":1,\"metrics\":[{\"agg_with\":\"avg\",\"field\":\"system.fsstat.total_size.used\",\"id\":\"4e4dee91-4d1d-11e7-b5f2-2b7c1895bf32\",\"order\":\"desc\",\"order_by\":\"@timestamp\",\"size\":1,\"type\":\"top_hit\"},{\"agg_with\":\"avg\",\"field\":\"system.fsstat.total_size.total\",\"id\":\"57c96ee0-4d54-11e7-b5f2-2b7c1895bf32\",\"order\":\"desc\",\"order_by\":\"@timestamp\",\"size\":1,\"type\":\"top_hit\"},{\"id\":\"6304cca0-4d54-11e7-b5f2-2b7c1895bf32\",\"script\":\"params.used/params.total \",\"type\":\"math\",\"variables\":[{\"field\":\"4e4dee91-4d1d-11e7-b5f2-2b7c1895bf32\",\"id\":\"6da10430-4d54-11e7-b5f2-2b7c1895bf32\",\"name\":\"used\"},{\"field\":\"57c96ee0-4d54-11e7-b5f2-2b7c1895bf32\",\"id\":\"73b8c510-4d54-11e7-b5f2-2b7c1895bf32\",\"name\":\"total\"}]}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"time_range_mode\":\"entire_time_range\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"last_value\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"gauge\",\"use_kibana_indexes\":false},\"title\":\"\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Disk Used [Metrics System]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":3,\"i\":\"958f18a3-3163-4d3b-a9ba-b917c5528f79\",\"w\":48,\"x\":0,\"y\":22},\"panelIndex\":\"958f18a3-3163-4d3b-a9ba-b917c5528f79\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"### CPU\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"b479c652-8d38-47ed-8599-be33592ebffe\",\"w\":11,\"x\":0,\"y\":25},\"panelIndex\":\"b479c652-8d38-47ed-8599-be33592ebffe\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-7e73c5a0-687d-49a1-9431-d445b9698b64\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"4a1e24c8-23cf-41d6-805c-b73aac7e9531\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"7e73c5a0-687d-49a1-9431-d445b9698b64\":{\"columnOrder\":[\"f4b209b5-853c-44ef-9bb2-abbbaa5612ef\",\"c9120817-6c14-43d9-9cc7-14aa03a27634\",\"09875540-a6e2-4509-a801-eca27e129cf5\"],\"columns\":{\"09875540-a6e2-4509-a801-eca27e129cf5\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Last value\",\"operationType\":\"last_value\",\"params\":{\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":2}},\"showArrayValues\":true,\"sortField\":\"@timestamp\"},\"scale\":\"ratio\",\"sourceField\":\"process.cpu.pct\"},\"c9120817-6c14-43d9-9cc7-14aa03a27634\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average\",\"operationType\":\"average\",\"params\":{\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":2}}},\"scale\":\"ratio\",\"sourceField\":\"process.cpu.pct\"},\"f4b209b5-853c-44ef-9bb2-abbbaa5612ef\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Process\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"c9120817-6c14-43d9-9cc7-14aa03a27634\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":20},\"scale\":\"ordinal\",\"sourceField\":\"process.name\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"4a1e24c8-23cf-41d6-805c-b73aac7e9531\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.process\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.process\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"process.cpu.pct: *\"},\"visualization\":{\"columns\":[{\"columnId\":\"f4b209b5-853c-44ef-9bb2-abbbaa5612ef\"},{\"colorMode\":\"cell\",\"columnId\":\"c9120817-6c14-43d9-9cc7-14aa03a27634\",\"palette\":{\"name\":\"positive\",\"params\":{\"continuity\":\"above\",\"name\":\"positive\",\"rangeMax\":null,\"rangeMin\":0,\"reverse\":false,\"stops\":[{\"color\":\"#d6e9e4\",\"stop\":0},{\"color\":\"#aed3ca\",\"stop\":20},{\"color\":\"#85bdb1\",\"stop\":40},{\"color\":\"#5aa898\",\"stop\":60},{\"color\":\"#209280\",\"stop\":80}]},\"type\":\"palette\"},\"width\":88},{\"colorMode\":\"cell\",\"columnId\":\"09875540-a6e2-4509-a801-eca27e129cf5\",\"isTransposed\":false,\"palette\":{\"name\":\"positive\",\"params\":{\"stops\":[{\"color\":\"#d6e9e4\",\"stop\":20},{\"color\":\"#aed3ca\",\"stop\":40},{\"color\":\"#85bdb1\",\"stop\":60},{\"color\":\"#5aa898\",\"stop\":80},{\"color\":\"#209280\",\"stop\":100}]},\"type\":\"palette\"},\"width\":102.5}],\"layerId\":\"7e73c5a0-687d-49a1-9431-d445b9698b64\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Top Processes by CPU Usage\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"43ee6ea2-797b-4ef6-83da-c81b9594f694\",\"w\":19,\"x\":11,\"y\":25},\"panelIndex\":\"43ee6ea2-797b-4ef6-83da-c81b9594f694\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-8da587a6-a617-4bd4-9ae5-dffb9c6343f8\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"497fbd26-58ef-4073-ac3f-024ba1789d9a\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"8da587a6-a617-4bd4-9ae5-dffb9c6343f8\":{\"columnOrder\":[\"75bae7c5-d933-4999-ab28-05ccff25a382\",\"5572d1db-8760-4518-aaeb-33e6843a17c6\",\"f0a4086c-3976-47bb-b67a-2f73c8ed1f03\",\"ca53d73b-1fbb-4864-8c6a-c71cc6e64aba\",\"11e92f7e-a84a-4ce7-a97a-a31729fa5835\",\"0eb945ae-3601-40ce-8951-3aeed0555712\",\"b17f720c-5d06-4ba6-8390-8ffbd8b3d4bd\",\"5572d1db-8760-4518-aaeb-33e6843a17c6X0\",\"f0a4086c-3976-47bb-b67a-2f73c8ed1f03X0\",\"ca53d73b-1fbb-4864-8c6a-c71cc6e64abaX0\",\"11e92f7e-a84a-4ce7-a97a-a31729fa5835X0\",\"0eb945ae-3601-40ce-8951-3aeed0555712X0\",\"b17f720c-5d06-4ba6-8390-8ffbd8b3d4bdX0\"],\"columns\":{\"0eb945ae-3601-40ce-8951-3aeed0555712\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"softirq\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":2}},\"formula\":\"average(system.cpu.softirq.norm.pct)\",\"isFormulaBroken\":false},\"references\":[\"0eb945ae-3601-40ce-8951-3aeed0555712X0\"],\"scale\":\"ratio\"},\"0eb945ae-3601-40ce-8951-3aeed0555712X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of softirq\",\"operationType\":\"average\",\"scale\":\"ratio\",\"sourceField\":\"system.cpu.softirq.norm.pct\"},\"11e92f7e-a84a-4ce7-a97a-a31729fa5835\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"irq\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":2}},\"formula\":\"average(system.cpu.irq.norm.pct)\",\"isFormulaBroken\":false},\"references\":[\"11e92f7e-a84a-4ce7-a97a-a31729fa5835X0\"],\"scale\":\"ratio\"},\"11e92f7e-a84a-4ce7-a97a-a31729fa5835X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of irq\",\"operationType\":\"average\",\"scale\":\"ratio\",\"sourceField\":\"system.cpu.irq.norm.pct\"},\"5572d1db-8760-4518-aaeb-33e6843a17c6\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"user\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":2}},\"formula\":\"average(system.cpu.user.norm.pct)\",\"isFormulaBroken\":false},\"references\":[\"5572d1db-8760-4518-aaeb-33e6843a17c6X0\"],\"scale\":\"ratio\"},\"5572d1db-8760-4518-aaeb-33e6843a17c6X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of user\",\"operationType\":\"average\",\"scale\":\"ratio\",\"sourceField\":\"system.cpu.user.norm.pct\"},\"75bae7c5-d933-4999-ab28-05ccff25a382\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"b17f720c-5d06-4ba6-8390-8ffbd8b3d4bd\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"iowait\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":2}},\"formula\":\"average(system.cpu.iowait.norm.pct)\",\"isFormulaBroken\":false},\"references\":[\"b17f720c-5d06-4ba6-8390-8ffbd8b3d4bdX0\"],\"scale\":\"ratio\"},\"b17f720c-5d06-4ba6-8390-8ffbd8b3d4bdX0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of iowait\",\"operationType\":\"average\",\"scale\":\"ratio\",\"sourceField\":\"system.cpu.iowait.norm.pct\"},\"ca53d73b-1fbb-4864-8c6a-c71cc6e64aba\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"nice\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":2}},\"formula\":\"average(system.cpu.nice.norm.pct)\",\"isFormulaBroken\":false},\"references\":[\"ca53d73b-1fbb-4864-8c6a-c71cc6e64abaX0\"],\"scale\":\"ratio\"},\"ca53d73b-1fbb-4864-8c6a-c71cc6e64abaX0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of nice\",\"operationType\":\"average\",\"scale\":\"ratio\",\"sourceField\":\"system.cpu.nice.norm.pct\"},\"f0a4086c-3976-47bb-b67a-2f73c8ed1f03\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"system\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":2}},\"formula\":\"average(system.cpu.system.norm.pct)\",\"isFormulaBroken\":false},\"references\":[\"f0a4086c-3976-47bb-b67a-2f73c8ed1f03X0\"],\"scale\":\"ratio\"},\"f0a4086c-3976-47bb-b67a-2f73c8ed1f03X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of system\",\"operationType\":\"average\",\"scale\":\"ratio\",\"sourceField\":\"system.cpu.system.norm.pct\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"497fbd26-58ef-4073-ac3f-024ba1789d9a\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.cpu\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.cpu\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"hideEndzones\":true,\"layers\":[{\"accessors\":[\"5572d1db-8760-4518-aaeb-33e6843a17c6\",\"f0a4086c-3976-47bb-b67a-2f73c8ed1f03\",\"ca53d73b-1fbb-4864-8c6a-c71cc6e64aba\",\"11e92f7e-a84a-4ce7-a97a-a31729fa5835\",\"0eb945ae-3601-40ce-8951-3aeed0555712\",\"b17f720c-5d06-4ba6-8390-8ffbd8b3d4bd\"],\"layerId\":\"8da587a6-a617-4bd4-9ae5-dffb9c6343f8\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"75bae7c5-d933-4999-ab28-05ccff25a382\"}],\"legend\":{\"isVisible\":true,\"legendSize\":\"auto\",\"position\":\"right\"},\"preferredSeriesType\":\"bar_stacked\",\"title\":\"Empty XY chart\",\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"},\"title\":\"CPU Usage\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"dcf35812-283d-4cc7-b7bb-76419f5231fc\",\"w\":18,\"x\":30,\"y\":25},\"panelIndex\":\"dcf35812-283d-4cc7-b7bb-76419f5231fc\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-60c0e8b2-20ab-4451-87a6-5a7d2241ccb0\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"d251cb14-5566-4617-b12d-9d587f9c11a8\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"60c0e8b2-20ab-4451-87a6-5a7d2241ccb0\":{\"columnOrder\":[\"ddc223d8-7456-4545-957d-3cad10a34329\",\"c4d344af-62bd-4678-baf6-542cc91acb73\",\"9935f59e-9e3b-4ae1-b2c7-1c303403def8\",\"da273a36-6477-4984-a0e9-e71cf17c561c\",\"c4d344af-62bd-4678-baf6-542cc91acb73X0\",\"9935f59e-9e3b-4ae1-b2c7-1c303403def8X0\",\"da273a36-6477-4984-a0e9-e71cf17c561cX0\"],\"columns\":{\"9935f59e-9e3b-4ae1-b2c7-1c303403def8\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"5m\",\"operationType\":\"formula\",\"params\":{\"formula\":\"average(system.load.5)\",\"isFormulaBroken\":false},\"references\":[\"9935f59e-9e3b-4ae1-b2c7-1c303403def8X0\"],\"scale\":\"ratio\"},\"9935f59e-9e3b-4ae1-b2c7-1c303403def8X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of 5m\",\"operationType\":\"average\",\"scale\":\"ratio\",\"sourceField\":\"system.load.5\"},\"c4d344af-62bd-4678-baf6-542cc91acb73\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"1m\",\"operationType\":\"formula\",\"params\":{\"formula\":\"average(system.load.1)\",\"isFormulaBroken\":false},\"references\":[\"c4d344af-62bd-4678-baf6-542cc91acb73X0\"],\"scale\":\"ratio\"},\"c4d344af-62bd-4678-baf6-542cc91acb73X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of 1m\",\"operationType\":\"average\",\"scale\":\"ratio\",\"sourceField\":\"system.load.1\"},\"da273a36-6477-4984-a0e9-e71cf17c561c\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"15m\",\"operationType\":\"formula\",\"params\":{\"formula\":\"average(system.load.15)\",\"isFormulaBroken\":false},\"references\":[\"da273a36-6477-4984-a0e9-e71cf17c561cX0\"],\"scale\":\"ratio\"},\"da273a36-6477-4984-a0e9-e71cf17c561cX0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of 15m\",\"operationType\":\"average\",\"scale\":\"ratio\",\"sourceField\":\"system.load.15\"},\"ddc223d8-7456-4545-957d-3cad10a34329\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"d251cb14-5566-4617-b12d-9d587f9c11a8\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.load\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.load\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"c4d344af-62bd-4678-baf6-542cc91acb73\",\"9935f59e-9e3b-4ae1-b2c7-1c303403def8\",\"da273a36-6477-4984-a0e9-e71cf17c561c\"],\"layerId\":\"60c0e8b2-20ab-4451-87a6-5a7d2241ccb0\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"xAccessor\":\"ddc223d8-7456-4545-957d-3cad10a34329\",\"yConfig\":[{\"color\":\"#209280\",\"forAccessor\":\"c4d344af-62bd-4678-baf6-542cc91acb73\"},{\"color\":\"#77b6a8\",\"forAccessor\":\"9935f59e-9e3b-4ae1-b2c7-1c303403def8\"},{\"color\":\"#bbdad3\",\"forAccessor\":\"da273a36-6477-4984-a0e9-e71cf17c561c\"}]}],\"legend\":{\"isVisible\":true,\"legendSize\":\"auto\",\"position\":\"right\"},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"},\"title\":\"System load\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":3,\"i\":\"0aa7a83d-82f4-46d2-9e9e-10f2e63c7575\",\"w\":48,\"x\":0,\"y\":40},\"panelIndex\":\"0aa7a83d-82f4-46d2-9e9e-10f2e63c7575\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"### Memory\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":12,\"i\":\"5be13ea6-48db-4fc3-8213-20e4736be04e\",\"w\":11,\"x\":0,\"y\":43},\"panelIndex\":\"5be13ea6-48db-4fc3-8213-20e4736be04e\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-7e73c5a0-687d-49a1-9431-d445b9698b64\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"45f7e45b-a19f-471f-9437-d2cdb13e836d\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"7e73c5a0-687d-49a1-9431-d445b9698b64\":{\"columnOrder\":[\"f4b209b5-853c-44ef-9bb2-abbbaa5612ef\",\"c9120817-6c14-43d9-9cc7-14aa03a27634\",\"1e8576bb-67d1-458a-973f-144560cc3cfd\"],\"columns\":{\"1e8576bb-67d1-458a-973f-144560cc3cfd\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Last value\",\"operationType\":\"last_value\",\"params\":{\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":2}},\"showArrayValues\":true,\"sortField\":\"@timestamp\"},\"scale\":\"ratio\",\"sourceField\":\"system.process.memory.rss.pct\"},\"c9120817-6c14-43d9-9cc7-14aa03a27634\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average\",\"operationType\":\"average\",\"params\":{\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":2}}},\"scale\":\"ratio\",\"sourceField\":\"system.process.memory.rss.pct\"},\"f4b209b5-853c-44ef-9bb2-abbbaa5612ef\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Process\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"c9120817-6c14-43d9-9cc7-14aa03a27634\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"process.name\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"45f7e45b-a19f-471f-9437-d2cdb13e836d\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.process\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.process\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"system.process.memory.rss.pct: *\"},\"visualization\":{\"columns\":[{\"columnId\":\"f4b209b5-853c-44ef-9bb2-abbbaa5612ef\"},{\"colorMode\":\"cell\",\"columnId\":\"c9120817-6c14-43d9-9cc7-14aa03a27634\",\"palette\":{\"name\":\"positive\",\"params\":{\"stops\":[{\"color\":\"#d6e9e4\",\"stop\":20},{\"color\":\"#aed3ca\",\"stop\":40},{\"color\":\"#85bdb1\",\"stop\":60},{\"color\":\"#5aa898\",\"stop\":80},{\"color\":\"#209280\",\"stop\":100}]},\"type\":\"palette\"},\"width\":85},{\"colorMode\":\"cell\",\"columnId\":\"1e8576bb-67d1-458a-973f-144560cc3cfd\",\"isTransposed\":false,\"palette\":{\"name\":\"positive\",\"params\":{\"stops\":[{\"color\":\"#d6e9e4\",\"stop\":20},{\"color\":\"#aed3ca\",\"stop\":40},{\"color\":\"#85bdb1\",\"stop\":60},{\"color\":\"#5aa898\",\"stop\":80},{\"color\":\"#209280\",\"stop\":100}]},\"type\":\"palette\"},\"width\":97.5}],\"layerId\":\"7e73c5a0-687d-49a1-9431-d445b9698b64\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Top Processes by Memory Usage\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":12,\"i\":\"7138d681-0dc7-4055-a4c5-8395db1aa1e8\",\"w\":30,\"x\":11,\"y\":43},\"panelIndex\":\"7138d681-0dc7-4055-a4c5-8395db1aa1e8\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-b517c683-82f8-48e6-bfce-ee0568c45958\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"2044f8ca-61ce-4e33-8768-0c31694a5c76\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"b517c683-82f8-48e6-bfce-ee0568c45958\":{\"columnOrder\":[\"37a9160d-30f4-4aee-80b0-4fba3b047938\",\"ac2bf785-8ec5-4d8c-b83d-7aaeac97c8f1\",\"807db5e3-119b-46e9-8361-b97d04e78d09\",\"807db5e3-119b-46e9-8361-b97d04e78d09X0\",\"807db5e3-119b-46e9-8361-b97d04e78d09X1\",\"807db5e3-119b-46e9-8361-b97d04e78d09X2\",\"6731f7a3-a13c-40ad-9552-74b2789297df\",\"6731f7a3-a13c-40ad-9552-74b2789297dfX0\"],\"columns\":{\"37a9160d-30f4-4aee-80b0-4fba3b047938\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"6731f7a3-a13c-40ad-9552-74b2789297df\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Free\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}},\"formula\":\"average(system.memory.free)\",\"isFormulaBroken\":false},\"references\":[\"6731f7a3-a13c-40ad-9552-74b2789297dfX0\"],\"scale\":\"ratio\"},\"6731f7a3-a13c-40ad-9552-74b2789297dfX0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Free\",\"operationType\":\"average\",\"scale\":\"ratio\",\"sourceField\":\"system.memory.free\"},\"807db5e3-119b-46e9-8361-b97d04e78d09\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Cache\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}},\"formula\":\"average(system.memory.used.bytes) - average(system.memory.actual.used.bytes)\",\"isFormulaBroken\":false},\"references\":[\"807db5e3-119b-46e9-8361-b97d04e78d09X2\"],\"scale\":\"ratio\"},\"807db5e3-119b-46e9-8361-b97d04e78d09X0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Cache\",\"operationType\":\"average\",\"scale\":\"ratio\",\"sourceField\":\"system.memory.used.bytes\"},\"807db5e3-119b-46e9-8361-b97d04e78d09X1\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Cache\",\"operationType\":\"average\",\"scale\":\"ratio\",\"sourceField\":\"system.memory.actual.used.bytes\"},\"807db5e3-119b-46e9-8361-b97d04e78d09X2\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Cache\",\"operationType\":\"math\",\"params\":{\"tinymathAst\":{\"args\":[\"807db5e3-119b-46e9-8361-b97d04e78d09X0\",\"807db5e3-119b-46e9-8361-b97d04e78d09X1\"],\"location\":{\"max\":76,\"min\":0},\"name\":\"subtract\",\"text\":\"average(system.memory.used.bytes) - average(system.memory.actual.used.bytes)\",\"type\":\"function\"}},\"references\":[\"807db5e3-119b-46e9-8361-b97d04e78d09X0\",\"807db5e3-119b-46e9-8361-b97d04e78d09X1\"],\"scale\":\"ratio\"},\"ac2bf785-8ec5-4d8c-b83d-7aaeac97c8f1\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Used\",\"operationType\":\"average\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}},\"scale\":\"ratio\",\"sourceField\":\"system.memory.actual.used.bytes\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"2044f8ca-61ce-4e33-8768-0c31694a5c76\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.memory\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.memory\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"hideEndzones\":true,\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"ac2bf785-8ec5-4d8c-b83d-7aaeac97c8f1\",\"807db5e3-119b-46e9-8361-b97d04e78d09\",\"6731f7a3-a13c-40ad-9552-74b2789297df\"],\"layerId\":\"b517c683-82f8-48e6-bfce-ee0568c45958\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"area_stacked\",\"showGridlines\":false,\"xAccessor\":\"37a9160d-30f4-4aee-80b0-4fba3b047938\"}],\"legend\":{\"isVisible\":true,\"legendSize\":\"auto\",\"position\":\"right\"},\"preferredSeriesType\":\"area_stacked\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Memory usage\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"c2428ef6-13fa-4254-9ab0-6be1c80a82d4\",\"w\":7,\"x\":41,\"y\":43},\"panelIndex\":\"c2428ef6-13fa-4254-9ab0-6be1c80a82d4\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.memory\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.memory\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"system.memory\\\"\"},\"gauge_color_rules\":[{\"gauge\":\"rgba(32,146,128,1)\",\"id\":\"d17c1e90-4d59-11e7-aee5-fdc812cc3bec\",\"operator\":\"gte\",\"value\":0},{\"gauge\":\"rgba(214,191,87,1)\",\"id\":\"fc1d3490-4d59-11e7-aee5-fdc812cc3bec\",\"operator\":\"gte\",\"value\":0.7},{\"gauge\":\"rgba(204,86,66,1)\",\"id\":\"0e204240-4d5a-11e7-aee5-fdc812cc3bec\",\"operator\":\"gte\",\"value\":0.85},{\"gauge\":\"rgba(32,146,128,1)\",\"id\":\"466e9835-712f-469c-8f00-edda88559776\",\"operator\":\"empty\",\"value\":null}],\"gauge_inner_width\":10,\"gauge_max\":\"\",\"gauge_style\":\"half\",\"gauge_width\":10,\"hide_last_value_indicator\":true,\"id\":\"cee2fd20-4d59-11e7-aee5-fdc812cc3bec\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"percent\",\"id\":\"cee2fd21-4d59-11e7-aee5-fdc812cc3bec\",\"label\":\"Swap usage\",\"line_width\":1,\"metrics\":[{\"field\":\"system.memory.swap.used.pct\",\"id\":\"cee2fd22-4d59-11e7-aee5-fdc812cc3bec\",\"type\":\"avg\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"time_range_mode\":\"entire_time_range\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"gauge\",\"use_kibana_indexes\":false},\"title\":\"\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Swap usage [Metrics System]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":3,\"i\":\"a41333eb-ba79-4557-9819-820de64abdf6\",\"w\":48,\"x\":0,\"y\":55},\"panelIndex\":\"a41333eb-ba79-4557-9819-820de64abdf6\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"### Disk\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":10,\"i\":\"40c809d8-2728-4ead-a85a-02ac2c3c346e\",\"w\":11,\"x\":0,\"y\":58},\"panelIndex\":\"40c809d8-2728-4ead-a85a-02ac2c3c346e\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-7e73c5a0-687d-49a1-9431-d445b9698b64\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"4319b26f-d004-4331-bda3-3d2771c47381\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"7e73c5a0-687d-49a1-9431-d445b9698b64\":{\"columnOrder\":[\"f4b209b5-853c-44ef-9bb2-abbbaa5612ef\",\"c9120817-6c14-43d9-9cc7-14aa03a27634\",\"a7e79c34-8ff8-4705-ae1b-5122ca2d2863\"],\"columns\":{\"a7e79c34-8ff8-4705-ae1b-5122ca2d2863\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Last value\",\"operationType\":\"last_value\",\"params\":{\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":2}},\"showArrayValues\":true,\"sortField\":\"@timestamp\"},\"scale\":\"ratio\",\"sourceField\":\"system.filesystem.used.pct\"},\"c9120817-6c14-43d9-9cc7-14aa03a27634\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Average\",\"operationType\":\"average\",\"params\":{\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":2}}},\"scale\":\"ratio\",\"sourceField\":\"system.filesystem.used.pct\"},\"f4b209b5-853c-44ef-9bb2-abbbaa5612ef\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Mountpoint\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"c9120817-6c14-43d9-9cc7-14aa03a27634\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"system.filesystem.mount_point\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"4319b26f-d004-4331-bda3-3d2771c47381\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.filesystem\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.filesystem\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"system.filesystem.used.pct: *\"},\"visualization\":{\"columns\":[{\"columnId\":\"f4b209b5-853c-44ef-9bb2-abbbaa5612ef\"},{\"colorMode\":\"cell\",\"columnId\":\"c9120817-6c14-43d9-9cc7-14aa03a27634\",\"palette\":{\"name\":\"positive\",\"params\":{\"stops\":[{\"color\":\"#d6e9e4\",\"stop\":20},{\"color\":\"#aed3ca\",\"stop\":40},{\"color\":\"#85bdb1\",\"stop\":60},{\"color\":\"#5aa898\",\"stop\":80},{\"color\":\"#209280\",\"stop\":100}]},\"type\":\"palette\"},\"width\":88},{\"colorMode\":\"cell\",\"columnId\":\"a7e79c34-8ff8-4705-ae1b-5122ca2d2863\",\"isTransposed\":false,\"palette\":{\"name\":\"positive\",\"params\":{\"stops\":[{\"color\":\"#d6e9e4\",\"stop\":20},{\"color\":\"#aed3ca\",\"stop\":40},{\"color\":\"#85bdb1\",\"stop\":60},{\"color\":\"#5aa898\",\"stop\":80},{\"color\":\"#209280\",\"stop\":100}]},\"type\":\"palette\"},\"width\":101}],\"layerId\":\"7e73c5a0-687d-49a1-9431-d445b9698b64\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Top mountpoints by disk usage\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"4e2ec836-0e0c-4125-9a0b-be26183c524f\",\"w\":30,\"x\":11,\"y\":58},\"panelIndex\":\"4e2ec836-0e0c-4125-9a0b-be26183c524f\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.diskio\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.diskio\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"system.diskio\\\"\"},\"id\":\"d3c67db0-1b1a-11e7-b09e-037021c4f8df\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(84,179,153,1)\",\"fill\":\"00.5\",\"formatter\":\"bytes\",\"id\":\"d3c67db1-1b1a-11e7-b09e-037021c4f8df\",\"label\":\"reads\",\"line_width\":1,\"metrics\":[{\"field\":\"system.diskio.read.bytes\",\"id\":\"d3c67db2-1b1a-11e7-b09e-037021c4f8df\",\"type\":\"max\"},{\"field\":\"d3c67db2-1b1a-11e7-b09e-037021c4f8df\",\"id\":\"f55b9910-1b1a-11e7-b09e-037021c4f8df\",\"type\":\"derivative\",\"unit\":\"1s\"},{\"field\":\"f55b9910-1b1a-11e7-b09e-037021c4f8df\",\"id\":\"dcbbb100-1b93-11e7-8ada-3df93aab833e\",\"type\":\"positive_only\",\"unit\":\"\"}],\"palette\":{\"name\":\"positive\",\"type\":\"palette\"},\"point_size\":\"0\",\"seperate_axis\":0,\"split_color_mode\":null,\"split_mode\":\"everything\",\"stacked\":\"none\",\"time_range_mode\":\"entire_time_range\",\"value_template\":\"{{value}}/s\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(96,146,192,1)\",\"fill\":\"00.5\",\"formatter\":\"bytes\",\"id\":\"144124d0-1b1b-11e7-b09e-037021c4f8df\",\"label\":\"writes\",\"line_width\":1,\"metrics\":[{\"field\":\"system.diskio.write.bytes\",\"id\":\"144124d1-1b1b-11e7-b09e-037021c4f8df\",\"type\":\"max\"},{\"field\":\"144124d1-1b1b-11e7-b09e-037021c4f8df\",\"id\":\"144124d2-1b1b-11e7-b09e-037021c4f8df\",\"type\":\"derivative\",\"unit\":\"1s\"},{\"id\":\"144124d4-1b1b-11e7-b09e-037021c4f8df\",\"script\":\"params.rate > 0 ? params.rate * -1 : 0\",\"type\":\"calculation\",\"variables\":[{\"field\":\"144124d2-1b1b-11e7-b09e-037021c4f8df\",\"id\":\"144124d3-1b1b-11e7-b09e-037021c4f8df\",\"name\":\"rate\"}]}],\"palette\":{\"name\":\"temperature\",\"type\":\"palette\"},\"point_size\":\"0\",\"seperate_axis\":0,\"split_color_mode\":null,\"split_mode\":\"everything\",\"stacked\":\"none\",\"time_range_mode\":\"entire_time_range\",\"value_template\":\"{{value}}/s\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Disk IO\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"fbbc5c65-b8a4-4604-b5bd-072c3c99e4c3\",\"w\":7,\"x\":41,\"y\":58},\"panelIndex\":\"fbbc5c65-b8a4-4604-b5bd-072c3c99e4c3\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.fsstat\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.fsstat\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"system.fsstat\\\"\"},\"gauge_color_rules\":[{\"gauge\":\"rgba(32,146,128,1)\",\"id\":\"51921d10-4d1d-11e7-b5f2-2b7c1895bf32\",\"operator\":\"gte\",\"value\":0},{\"gauge\":\"rgba(214,191,87,1)\",\"id\":\"f26de750-4d54-11e7-b5f2-2b7c1895bf32\",\"operator\":\"gte\",\"value\":0.7},{\"gauge\":\"rgba(204,86,66,1)\",\"id\":\"fa31d190-4d54-11e7-b5f2-2b7c1895bf32\",\"operator\":\"gte\",\"value\":0.85},{\"gauge\":\"rgba(32,146,128,1)\",\"id\":\"79158349-1f03-4701-8ecc-c882c2b13ff3\",\"operator\":\"empty\",\"value\":null}],\"gauge_inner_width\":10,\"gauge_max\":\"1\",\"gauge_style\":\"half\",\"gauge_width\":10,\"hide_last_value_indicator\":true,\"id\":\"4e4dc780-4d1d-11e7-b5f2-2b7c1895bf32\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"percent\",\"id\":\"4e4dee90-4d1d-11e7-b5f2-2b7c1895bf32\",\"label\":\"Disk used\",\"line_width\":1,\"metrics\":[{\"agg_with\":\"avg\",\"field\":\"system.fsstat.total_size.used\",\"id\":\"4e4dee91-4d1d-11e7-b5f2-2b7c1895bf32\",\"order\":\"desc\",\"order_by\":\"@timestamp\",\"size\":1,\"type\":\"top_hit\"},{\"agg_with\":\"avg\",\"field\":\"system.fsstat.total_size.total\",\"id\":\"57c96ee0-4d54-11e7-b5f2-2b7c1895bf32\",\"order\":\"desc\",\"order_by\":\"@timestamp\",\"size\":1,\"type\":\"top_hit\"},{\"id\":\"6304cca0-4d54-11e7-b5f2-2b7c1895bf32\",\"script\":\"params.used/params.total \",\"type\":\"math\",\"variables\":[{\"field\":\"4e4dee91-4d1d-11e7-b5f2-2b7c1895bf32\",\"id\":\"6da10430-4d54-11e7-b5f2-2b7c1895bf32\",\"name\":\"used\"},{\"field\":\"57c96ee0-4d54-11e7-b5f2-2b7c1895bf32\",\"id\":\"73b8c510-4d54-11e7-b5f2-2b7c1895bf32\",\"name\":\"total\"}]}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"time_range_mode\":\"entire_time_range\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"gauge\",\"use_kibana_indexes\":false},\"title\":\"\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Disk Used [Metrics System] (copy)\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":3,\"i\":\"4340cff4-224d-43c0-8e98-8257782236f3\",\"w\":48,\"x\":0,\"y\":68},\"panelIndex\":\"4340cff4-224d-43c0-8e98-8257782236f3\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"### Network\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"00a52be5-9be0-452a-974f-15c2eb08e5a5\",\"w\":6,\"x\":0,\"y\":71},\"panelIndex\":\"00a52be5-9be0-452a-974f-15c2eb08e5a5\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.network\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.network\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"0e346760-1b92-11e7-bec4-a5e9ec5cab8b\"}],\"drop_last_bucket\":1,\"filter\":{\"language\":\"lucene\",\"query\":\"-system.network.name:l*\"},\"hide_last_value_indicator\":true,\"id\":\"0c761590-1b92-11e7-bec4-a5e9ec5cab8b\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"0c761591-1b92-11e7-bec4-a5e9ec5cab8b\",\"label\":\"Inbound Traffic\",\"line_width\":1,\"metrics\":[{\"field\":\"system.network.in.bytes\",\"id\":\"0c761592-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"max\"},{\"field\":\"0c761592-1b92-11e7-bec4-a5e9ec5cab8b\",\"id\":\"1d659060-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"derivative\",\"unit\":\"1s\"},{\"field\":\"1d659060-1b92-11e7-bec4-a5e9ec5cab8b\",\"id\":\"f2074f70-1b92-11e7-a416-41f5ccdba2e6\",\"type\":\"positive_only\",\"unit\":\"\"},{\"function\":\"sum\",\"id\":\"c40e18f0-2c55-11e7-a0ad-277ce466684d\",\"type\":\"series_agg\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"system.network.name\",\"value_template\":\"{{value}}/s\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"37f70440-1b92-11e7-bec4-a5e9ec5cab8b\",\"label\":\"Total Transferred\",\"line_width\":1,\"metrics\":[{\"field\":\"system.network.in.bytes\",\"id\":\"37f72b50-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"max\"},{\"field\":\"37f72b50-1b92-11e7-bec4-a5e9ec5cab8b\",\"id\":\"37f72b51-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"derivative\",\"unit\":\"\"},{\"field\":\"37f72b51-1b92-11e7-bec4-a5e9ec5cab8b\",\"id\":\"f9da2dd0-1b92-11e7-a416-41f5ccdba2e6\",\"type\":\"positive_only\",\"unit\":\"\"},{\"field\":\"f9da2dd0-1b92-11e7-a416-41f5ccdba2e6\",\"function\":\"overall_sum\",\"id\":\"3e63c2f0-1b92-11e7-bec4-a5e9ec5cab8b\",\"sigma\":\"\",\"type\":\"series_agg\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"system.network.name\",\"value_template\":\"{{value}}\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"metric\",\"use_kibana_indexes\":false},\"title\":\"\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Inbound Traffic [Metrics System] (copy)\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"8fd9ee13-c94c-44c6-9871-da172760e777\",\"w\":6,\"x\":6,\"y\":71},\"panelIndex\":\"8fd9ee13-c94c-44c6-9871-da172760e777\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.network\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.network\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"6ba9b1f0-4d5d-11e7-aa29-87a97a796de6\"}],\"drop_last_bucket\":1,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"system.network\\\"\"},\"hide_last_value_indicator\":true,\"id\":\"6984af10-4d5d-11e7-aa29-87a97a796de6\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"6984af11-4d5d-11e7-aa29-87a97a796de6\",\"label\":\"In Packetloss\",\"line_width\":1,\"metrics\":[{\"field\":\"system.network.in.dropped\",\"id\":\"6984af12-4d5d-11e7-aa29-87a97a796de6\",\"type\":\"max\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"time_range_mode\":\"entire_time_range\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"metric\",\"use_kibana_indexes\":false},\"title\":\"\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Packetloss [Metrics System]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"40931ebc-38d8-4032-949d-246c8b381743\",\"w\":6,\"x\":12,\"y\":71},\"panelIndex\":\"40931ebc-38d8-4032-949d-246c8b381743\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.network\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.network\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"0e346760-1b92-11e7-bec4-a5e9ec5cab8b\"}],\"drop_last_bucket\":1,\"filter\":{\"language\":\"lucene\",\"query\":\"-system.network.name:l*\"},\"hide_last_value_indicator\":true,\"id\":\"0c761590-1b92-11e7-bec4-a5e9ec5cab8b\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"0c761591-1b92-11e7-bec4-a5e9ec5cab8b\",\"label\":\"Outbound Traffic\",\"line_width\":1,\"metrics\":[{\"field\":\"system.network.out.bytes\",\"id\":\"0c761592-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"max\"},{\"field\":\"0c761592-1b92-11e7-bec4-a5e9ec5cab8b\",\"id\":\"1d659060-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"derivative\",\"unit\":\"1s\"},{\"field\":\"1d659060-1b92-11e7-bec4-a5e9ec5cab8b\",\"id\":\"f2074f70-1b92-11e7-a416-41f5ccdba2e6\",\"type\":\"positive_only\",\"unit\":\"\"},{\"function\":\"sum\",\"id\":\"a1737470-2c55-11e7-a0ad-277ce466684d\",\"type\":\"series_agg\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"system.network.name\",\"value_template\":\"{{value}}/s\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"37f70440-1b92-11e7-bec4-a5e9ec5cab8b\",\"label\":\"Total Transferred\",\"line_width\":1,\"metrics\":[{\"field\":\"system.network.out.bytes\",\"id\":\"37f72b50-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"max\"},{\"field\":\"37f72b50-1b92-11e7-bec4-a5e9ec5cab8b\",\"id\":\"37f72b51-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"derivative\",\"unit\":\"\"},{\"field\":\"37f72b51-1b92-11e7-bec4-a5e9ec5cab8b\",\"id\":\"f9da2dd0-1b92-11e7-a416-41f5ccdba2e6\",\"type\":\"positive_only\",\"unit\":\"\"},{\"field\":\"f9da2dd0-1b92-11e7-a416-41f5ccdba2e6\",\"function\":\"overall_sum\",\"id\":\"3e63c2f0-1b92-11e7-bec4-a5e9ec5cab8b\",\"sigma\":\"\",\"type\":\"series_agg\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"system.network.name\",\"value_template\":\"{{value}}\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"metric\",\"use_kibana_indexes\":false},\"title\":\"\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Outbound Traffic [Metrics System] (copy)\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"42625329-6a7b-496e-89e3-2459675bf904\",\"w\":6,\"x\":18,\"y\":71},\"panelIndex\":\"42625329-6a7b-496e-89e3-2459675bf904\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.network\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.network\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"6ba9b1f0-4d5d-11e7-aa29-87a97a796de6\"}],\"drop_last_bucket\":1,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"system.network\\\"\"},\"hide_last_value_indicator\":true,\"id\":\"6984af10-4d5d-11e7-aa29-87a97a796de6\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"ac2e6b30-4d5d-11e7-aa29-87a97a796de6\",\"label\":\"Out Packetloss\",\"line_width\":1,\"metrics\":[{\"field\":\"system.network.out.dropped\",\"id\":\"ac2e6b31-4d5d-11e7-aa29-87a97a796de6\",\"type\":\"max\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"time_range_mode\":\"entire_time_range\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"metric\",\"use_kibana_indexes\":false},\"title\":\"\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Packetloss [Metrics System] (copy)\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"83789cc1-735e-426f-af14-7feceeb1e3ec\",\"w\":24,\"x\":24,\"y\":71},\"panelIndex\":\"83789cc1-735e-426f-af14-7feceeb1e3ec\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"filter\":{\"language\":\"lucene\",\"query\":\"-system.network.name:l*\"},\"id\":\"da1046f0-faa0-11e6-86b1-cd7735ff7e23\",\"index_pattern\":\"*\",\"interval\":\"auto\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(111,220,190,1)\",\"fill\":\"0.5\",\"formatter\":\"0.[00]a\",\"id\":\"da1046f1-faa0-11e6-86b1-cd7735ff7e23\",\"label\":\"Inbound\",\"line_width\":\"01\",\"metrics\":[{\"field\":\"system.network.in.packets\",\"id\":\"da1046f2-faa0-11e6-86b1-cd7735ff7e23\",\"type\":\"max\"},{\"field\":\"da1046f2-faa0-11e6-86b1-cd7735ff7e23\",\"id\":\"f41f9280-faa0-11e6-86b1-cd7735ff7e23\",\"type\":\"derivative\",\"unit\":\"1s\"},{\"field\":\"f41f9280-faa0-11e6-86b1-cd7735ff7e23\",\"id\":\"c0da3d80-1b93-11e7-8ada-3df93aab833e\",\"type\":\"positive_only\",\"unit\":\"\"},{\"function\":\"sum\",\"id\":\"ecaad010-2c2c-11e7-be71-3162da85303f\",\"type\":\"series_agg\"}],\"palette\":{\"name\":\"positive\",\"type\":\"palette\"},\"point_size\":\"0\",\"seperate_axis\":0,\"split_color_mode\":null,\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"system.network.name\",\"time_range_mode\":\"entire_time_range\",\"value_template\":\"{{value}}/s\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(96,146,192,1)\",\"fill\":\"00.5\",\"formatter\":\"0.[00]a\",\"id\":\"fbbd5720-faa0-11e6-86b1-cd7735ff7e23\",\"label\":\"Outbound\",\"line_width\":\"01\",\"metrics\":[{\"field\":\"system.network.out.packets\",\"id\":\"fbbd7e30-faa0-11e6-86b1-cd7735ff7e23\",\"type\":\"max\"},{\"field\":\"fbbd7e30-faa0-11e6-86b1-cd7735ff7e23\",\"id\":\"fbbd7e31-faa0-11e6-86b1-cd7735ff7e23\",\"type\":\"derivative\",\"unit\":\"1s\"},{\"id\":\"17e597a0-faa1-11e6-86b1-cd7735ff7e23\",\"script\":\"params.rate != null && params.rate > 0 ? params.rate * -1 : null\",\"type\":\"calculation\",\"variables\":[{\"field\":\"fbbd7e31-faa0-11e6-86b1-cd7735ff7e23\",\"id\":\"1940bad0-faa1-11e6-86b1-cd7735ff7e23\",\"name\":\"rate\"}]},{\"function\":\"sum\",\"id\":\"fe5fbdc0-2c2c-11e7-be71-3162da85303f\",\"type\":\"series_agg\"}],\"palette\":{\"name\":\"complimentary\",\"type\":\"palette\"},\"point_size\":\"0\",\"seperate_axis\":0,\"split_color_mode\":null,\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"system.network.name\",\"time_range_mode\":\"entire_time_range\",\"value_template\":\"{{value}}/s\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Network Traffic (Packets)\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":14,\"i\":\"5eae5b45-6bce-4bbd-9db2-275b45d7d329\",\"w\":24,\"x\":0,\"y\":79},\"panelIndex\":\"5eae5b45-6bce-4bbd-9db2-275b45d7d329\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-a9aa67d3-6d5c-40f9-a45d-69410b2a90bb\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"0edd5ba7-5679-4903-8b1a-9b52a84763e4\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"a9aa67d3-6d5c-40f9-a45d-69410b2a90bb\":{\"columnOrder\":[\"69b78cd3-0694-49cd-92cd-23c27f675523\",\"bdb2f885-054b-490d-91b8-2685ce22a5f5\",\"30b47015-4e96-48da-997b-9e9d41984945\"],\"columns\":{\"30b47015-4e96-48da-997b-9e9d41984945\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Outgoing Traffic\",\"operationType\":\"max\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}},\"scale\":\"ratio\",\"sourceField\":\"system.network.out.bytes\"},\"69b78cd3-0694-49cd-92cd-23c27f675523\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Interface\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"bdb2f885-054b-490d-91b8-2685ce22a5f5\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"system.network.name\"},\"bdb2f885-054b-490d-91b8-2685ce22a5f5\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Incoming Traffic\",\"operationType\":\"max\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}},\"scale\":\"ratio\",\"sourceField\":\"system.network.in.bytes\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"0edd5ba7-5679-4903-8b1a-9b52a84763e4\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.network\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.network\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"columnId\":\"69b78cd3-0694-49cd-92cd-23c27f675523\",\"isTransposed\":false},{\"colorMode\":\"cell\",\"columnId\":\"bdb2f885-054b-490d-91b8-2685ce22a5f5\",\"isTransposed\":false,\"palette\":{\"name\":\"positive\",\"params\":{\"stops\":[{\"color\":\"#d6e9e4\",\"stop\":20},{\"color\":\"#aed3ca\",\"stop\":40},{\"color\":\"#85bdb1\",\"stop\":60},{\"color\":\"#5aa898\",\"stop\":80},{\"color\":\"#209280\",\"stop\":100}]},\"type\":\"palette\"},\"width\":139},{\"colorMode\":\"cell\",\"columnId\":\"30b47015-4e96-48da-997b-9e9d41984945\",\"isTransposed\":false,\"palette\":{\"name\":\"positive\",\"params\":{\"stops\":[{\"color\":\"#d6e9e4\",\"stop\":20},{\"color\":\"#aed3ca\",\"stop\":40},{\"color\":\"#85bdb1\",\"stop\":60},{\"color\":\"#5aa898\",\"stop\":80},{\"color\":\"#209280\",\"stop\":100}]},\"type\":\"palette\"},\"width\":143.5}],\"layerId\":\"a9aa67d3-6d5c-40f9-a45d-69410b2a90bb\",\"layerType\":\"data\",\"rowHeight\":\"single\",\"rowHeightLines\":1}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"701fed8c-da9b-41aa-adab-09f793c3c84f\",\"w\":24,\"x\":24,\"y\":82},\"panelIndex\":\"701fed8c-da9b-41aa-adab-09f793c3c84f\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"filter\":{\"language\":\"lucene\",\"query\":\"-system.network.name:l*\"},\"id\":\"da1046f0-faa0-11e6-86b1-cd7735ff7e23\",\"index_pattern\":\"*\",\"interval\":\"auto\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(84,179,153,1)\",\"fill\":\"00.5\",\"formatter\":\"bytes\",\"id\":\"da1046f1-faa0-11e6-86b1-cd7735ff7e23\",\"label\":\"Inbound \",\"line_width\":\"01\",\"metrics\":[{\"field\":\"system.network.in.bytes\",\"id\":\"da1046f2-faa0-11e6-86b1-cd7735ff7e23\",\"type\":\"max\"},{\"field\":\"da1046f2-faa0-11e6-86b1-cd7735ff7e23\",\"id\":\"f41f9280-faa0-11e6-86b1-cd7735ff7e23\",\"type\":\"derivative\",\"unit\":\"1s\"},{\"field\":\"f41f9280-faa0-11e6-86b1-cd7735ff7e23\",\"id\":\"a87398e0-1b93-11e7-8ada-3df93aab833e\",\"type\":\"positive_only\",\"unit\":\"\"},{\"function\":\"sum\",\"id\":\"2d533df0-2c2d-11e7-be71-3162da85303f\",\"type\":\"series_agg\"}],\"palette\":{\"name\":\"positive\",\"type\":\"palette\"},\"point_size\":\"0\",\"seperate_axis\":0,\"split_color_mode\":null,\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"system.network.name\",\"time_range_mode\":\"entire_time_range\",\"value_template\":\"{{value}}/s\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(96,146,192,1)\",\"fill\":\"00.5\",\"formatter\":\"bytes\",\"id\":\"fbbd5720-faa0-11e6-86b1-cd7735ff7e23\",\"label\":\"Outbound \",\"line_width\":\"01\",\"metrics\":[{\"field\":\"system.network.out.bytes\",\"id\":\"fbbd7e30-faa0-11e6-86b1-cd7735ff7e23\",\"type\":\"max\"},{\"field\":\"fbbd7e30-faa0-11e6-86b1-cd7735ff7e23\",\"id\":\"fbbd7e31-faa0-11e6-86b1-cd7735ff7e23\",\"type\":\"derivative\",\"unit\":\"1s\"},{\"id\":\"17e597a0-faa1-11e6-86b1-cd7735ff7e23\",\"script\":\"params.rate != null && params.rate > 0 ? params.rate * -1 : null\",\"type\":\"calculation\",\"variables\":[{\"field\":\"fbbd7e31-faa0-11e6-86b1-cd7735ff7e23\",\"id\":\"1940bad0-faa1-11e6-86b1-cd7735ff7e23\",\"name\":\"rate\"}]},{\"function\":\"sum\",\"id\":\"533da9b0-2c2d-11e7-be71-3162da85303f\",\"type\":\"series_agg\"}],\"palette\":{\"name\":\"complimentary\",\"type\":\"palette\"},\"point_size\":\"0\",\"seperate_axis\":0,\"split_color_mode\":null,\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"system.network.name\",\"time_range_mode\":\"entire_time_range\",\"value_template\":\"{{value}}/s\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Network Traffic (Bytes)\"}]","timeRestore":false,"title":"[Metrics System] Host overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"system-79ffd6e0-faa0-11e6-947f-177f697178b8","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"metrics-*","name":"6fd34c50-53a3-4919-b7c5-aba460f0fe6d:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"d0a6fc45-278c-427e-a440-eec3ec3ce367:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"e50a72f5-160a-4694-8f44-2e6da666b90b:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"baca3f6a-498a-4752-8882-1d8906d06405:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"02993ece-9e84-4957-9780-a89d1cfef103:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"17f54fe4-ae84-4319-97fd-069225d0a8fb:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"17f54fe4-ae84-4319-97fd-069225d0a8fb:indexpattern-datasource-layer-9f6d8570-52c1-4af2-a105-b9993b2e8b5c","type":"index-pattern"},{"id":"metrics-*","name":"17f54fe4-ae84-4319-97fd-069225d0a8fb:04b54a98-baa0-43a7-aaa8-ace6b600ff4b","type":"index-pattern"},{"id":"metrics-*","name":"79d36896-445a-4904-ad18-e0234fd9ca3f:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"81d645ce-9d97-499f-9117-b3e662caee53:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"b479c652-8d38-47ed-8599-be33592ebffe:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"b479c652-8d38-47ed-8599-be33592ebffe:indexpattern-datasource-layer-7e73c5a0-687d-49a1-9431-d445b9698b64","type":"index-pattern"},{"id":"metrics-*","name":"b479c652-8d38-47ed-8599-be33592ebffe:4a1e24c8-23cf-41d6-805c-b73aac7e9531","type":"index-pattern"},{"id":"metrics-*","name":"43ee6ea2-797b-4ef6-83da-c81b9594f694:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"43ee6ea2-797b-4ef6-83da-c81b9594f694:indexpattern-datasource-layer-8da587a6-a617-4bd4-9ae5-dffb9c6343f8","type":"index-pattern"},{"id":"metrics-*","name":"43ee6ea2-797b-4ef6-83da-c81b9594f694:497fbd26-58ef-4073-ac3f-024ba1789d9a","type":"index-pattern"},{"id":"metrics-*","name":"dcf35812-283d-4cc7-b7bb-76419f5231fc:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"dcf35812-283d-4cc7-b7bb-76419f5231fc:indexpattern-datasource-layer-60c0e8b2-20ab-4451-87a6-5a7d2241ccb0","type":"index-pattern"},{"id":"metrics-*","name":"dcf35812-283d-4cc7-b7bb-76419f5231fc:d251cb14-5566-4617-b12d-9d587f9c11a8","type":"index-pattern"},{"id":"metrics-*","name":"5be13ea6-48db-4fc3-8213-20e4736be04e:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"5be13ea6-48db-4fc3-8213-20e4736be04e:indexpattern-datasource-layer-7e73c5a0-687d-49a1-9431-d445b9698b64","type":"index-pattern"},{"id":"metrics-*","name":"5be13ea6-48db-4fc3-8213-20e4736be04e:45f7e45b-a19f-471f-9437-d2cdb13e836d","type":"index-pattern"},{"id":"metrics-*","name":"7138d681-0dc7-4055-a4c5-8395db1aa1e8:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"7138d681-0dc7-4055-a4c5-8395db1aa1e8:indexpattern-datasource-layer-b517c683-82f8-48e6-bfce-ee0568c45958","type":"index-pattern"},{"id":"metrics-*","name":"7138d681-0dc7-4055-a4c5-8395db1aa1e8:2044f8ca-61ce-4e33-8768-0c31694a5c76","type":"index-pattern"},{"id":"metrics-*","name":"c2428ef6-13fa-4254-9ab0-6be1c80a82d4:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"40c809d8-2728-4ead-a85a-02ac2c3c346e:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"40c809d8-2728-4ead-a85a-02ac2c3c346e:indexpattern-datasource-layer-7e73c5a0-687d-49a1-9431-d445b9698b64","type":"index-pattern"},{"id":"metrics-*","name":"40c809d8-2728-4ead-a85a-02ac2c3c346e:4319b26f-d004-4331-bda3-3d2771c47381","type":"index-pattern"},{"id":"metrics-*","name":"4e2ec836-0e0c-4125-9a0b-be26183c524f:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"fbbc5c65-b8a4-4604-b5bd-072c3c99e4c3:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"00a52be5-9be0-452a-974f-15c2eb08e5a5:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"8fd9ee13-c94c-44c6-9871-da172760e777:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"40931ebc-38d8-4032-949d-246c8b381743:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"42625329-6a7b-496e-89e3-2459675bf904:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"5eae5b45-6bce-4bbd-9db2-275b45d7d329:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"5eae5b45-6bce-4bbd-9db2-275b45d7d329:indexpattern-datasource-layer-a9aa67d3-6d5c-40f9-a45d-69410b2a90bb","type":"index-pattern"},{"id":"metrics-*","name":"5eae5b45-6bce-4bbd-9db2-275b45d7d329:0edd5ba7-5679-4903-8b1a-9b52a84763e4","type":"index-pattern"},{"id":"system-fleet-managed-default","name":"tag-ref-system-fleet-managed-default","type":"tag"},{"id":"system-fleet-pkg-system-default","name":"tag-ref-system-fleet-pkg-system-default","type":"tag"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-system-default","name":"tag-ref-fleet-pkg-system-default","type":"tag"}],"sort":[1688996741503,8335],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4NDEsMV0="}
+{"attributes":{"columns":["event.action","group.name","group.domain","user.name","user.domain","host.name"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4731\",\"4732\",\"4733\",\"4734\",\"4735\",\"4737\",\"4764\",\"4727\",\"4728\",\"4729\",\"4730\",\"4754\",\"4755\",\"4756\",\"4757\",\"4758\",\"4799\",\"4749\",\"4750\",\"4751\",\"4752\",\"4753\",\"4759\",\"4760\",\"4761\",\"4762\",\"4763\",\"4744\",\"4745\",\"4746\",\"4748\"],\"type\":\"phrases\",\"value\":\"4731, 4732, 4733, 4734, 4735, 4737, 4764, 4727, 4728, 4729, 4730, 4754, 4755, 4756, 4757, 4758, 4799, 4749, 4750, 4751, 4752, 4753, 4759, 4760, 4761, 4762, 4763, 4744, 4745, 4746, 4748\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4731\"}},{\"match_phrase\":{\"event.code\":\"4732\"}},{\"match_phrase\":{\"event.code\":\"4733\"}},{\"match_phrase\":{\"event.code\":\"4734\"}},{\"match_phrase\":{\"event.code\":\"4735\"}},{\"match_phrase\":{\"event.code\":\"4737\"}},{\"match_phrase\":{\"event.code\":\"4764\"}},{\"match_phrase\":{\"event.code\":\"4727\"}},{\"match_phrase\":{\"event.code\":\"4728\"}},{\"match_phrase\":{\"event.code\":\"4729\"}},{\"match_phrase\":{\"event.code\":\"4730\"}},{\"match_phrase\":{\"event.code\":\"4754\"}},{\"match_phrase\":{\"event.code\":\"4755\"}},{\"match_phrase\":{\"event.code\":\"4756\"}},{\"match_phrase\":{\"event.code\":\"4757\"}},{\"match_phrase\":{\"event.code\":\"4758\"}},{\"match_phrase\":{\"event.code\":\"4799\"}},{\"match_phrase\":{\"event.code\":\"4749\"}},{\"match_phrase\":{\"event.code\":\"4750\"}},{\"match_phrase\":{\"event.code\":\"4751\"}},{\"match_phrase\":{\"event.code\":\"4752\"}},{\"match_phrase\":{\"event.code\":\"4753\"}},{\"match_phrase\":{\"event.code\":\"4759\"}},{\"match_phrase\":{\"event.code\":\"4760\"}},{\"match_phrase\":{\"event.code\":\"4761\"}},{\"match_phrase\":{\"event.code\":\"4762\"}},{\"match_phrase\":{\"event.code\":\"4763\"}},{\"match_phrase\":{\"event.code\":\"4744\"}},{\"match_phrase\":{\"event.code\":\"4745\"}},{\"match_phrase\":{\"event.code\":\"4746\"}},{\"match_phrase\":{\"event.code\":\"4748\"}}]}}}],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"},\"version\":true}"},"sort":[["@timestamp","desc"]],"title":"Group Management Details - Search View [Windows System Security]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"system-9066d5b0-fef2-11e9-8405-516218e3d268","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"system-fleet-managed-default","name":"tag-ref-system-fleet-managed-default","type":"tag"},{"id":"system-fleet-pkg-system-default","name":"tag-ref-system-fleet-pkg-system-default","type":"tag"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-system-default","name":"tag-ref-fleet-pkg-system-default","type":"tag"}],"sort":[1688996741503,8342],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4NDIsMV0="}
+{"attributes":{"columns":["host.hostname","process.name","message"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlight\":{\"fields\":{\"*\":{}},\"fragment_size\":2147483647,\"post_tags\":[\"@/kibana-highlighted-field@\"],\"pre_tags\":[\"@kibana-highlighted-field@\"],\"require_field_match\":false},\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:system.syslog\"}}"},"sort":[["@timestamp","desc"]],"title":"Syslog logs [Logs System]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"system-Syslog-system-logs","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"system-fleet-managed-default","name":"tag-ref-system-fleet-managed-default","type":"tag"},{"id":"system-fleet-pkg-system-default","name":"tag-ref-system-fleet-pkg-system-default","type":"tag"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-system-default","name":"tag-ref-fleet-pkg-system-default","type":"tag"}],"sort":[1688996741503,8348],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4NDMsMV0="}
+{"attributes":{"description":"Syslog dashboard from the Logs System integration","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"version\":true}"},"optionsJSON":"{\"darkTheme\":false}","panelsJSON":"[{\"embeddableConfig\":{\"columns\":[\"host.hostname\",\"process.name\",\"message\"],\"enhancements\":{},\"sort\":[\"@timestamp\",\"desc\"]},\"gridData\":{\"h\":28,\"i\":\"3\",\"w\":48,\"x\":0,\"y\":20},\"panelIndex\":\"3\",\"panelRefName\":\"panel_3\",\"type\":\"search\",\"version\":\"8.1.0\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"4\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{}},\"description\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"[Syslog](#/dashboard/system-Logs-syslog-dashboard) | [Sudo commands](#/dashboard/system-277876d0-fa2c-11e6-bbd3-29c986c96e5a) | [SSH logins](#/dashboard/system-5517a150-f9ce-11e6-8115-a7c18106d86a) | [New users and groups](#/dashboard/system-0d3f2380-fa78-11e6-ae9b-81e5311e8cab)\"},\"title\":\"Dashboards [Logs System]\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":16,\"i\":\"1c0a80d4-cd4d-488a-a06d-e9b816e733a8\",\"w\":32,\"x\":0,\"y\":4},\"panelIndex\":\"1c0a80d4-cd4d-488a-a06d-e9b816e733a8\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"scaleMetricValues\":false,\"timeRange\":{\"from\":\"now-15m\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"used_interval\":\"30s\"},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"host.hostname\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"group\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[]}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"defaultYExtents\":false,\"detailedTooltip\":true,\"grid\":{\"categoryLines\":false},\"labels\":{\"show\":false},\"legendPosition\":\"right\",\"legendSize\":\"auto\",\"maxLegendLines\":1,\"mode\":\"stacked\",\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"radiusRatio\":0,\"scale\":\"linear\",\"seriesParams\":[{\"circlesRadius\":1,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"stacked\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"shareYAxis\":true,\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"truncateLegend\":true,\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":true,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"\"},\"type\":\"value\"}],\"yAxis\":{}},\"type\":\"histogram\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Syslog events by hostname [Logs System]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":16,\"i\":\"30ce1a8d-6460-45b6-be1a-841db5ca7c8b\",\"w\":16,\"x\":32,\"y\":4},\"panelIndex\":\"30ce1a8d-6460-45b6-be1a-841db5ca7c8b\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"host.hostname\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"process.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[]}},\"description\":\"\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"distinctColors\":true,\"emptySizeRatio\":0.3,\"isDonut\":true,\"labels\":{\"last_level\":false,\"percentDecimals\":2,\"position\":\"default\",\"show\":true,\"truncate\":100,\"values\":true,\"valuesFormat\":\"percent\"},\"legendPosition\":\"bottom\",\"legendSize\":\"auto\",\"maxLegendLines\":1,\"nestedLegend\":false,\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"shareYAxis\":true,\"truncateLegend\":true,\"type\":\"pie\"},\"type\":\"pie\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Syslog hostnames and processes [Logs System]\"}]","timeRestore":false,"title":"[Logs System] Syslog dashboard","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"system-Logs-syslog-dashboard","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"system-Syslog-system-logs","name":"3:panel_3","type":"search"},{"id":"system-Syslog-system-logs","name":"1c0a80d4-cd4d-488a-a06d-e9b816e733a8:search_0","type":"search"},{"id":"system-Syslog-system-logs","name":"30ce1a8d-6460-45b6-be1a-841db5ca7c8b:search_0","type":"search"},{"id":"system-fleet-managed-default","name":"tag-ref-system-fleet-managed-default","type":"tag"},{"id":"system-fleet-pkg-system-default","name":"tag-ref-system-fleet-pkg-system-default","type":"tag"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-system-default","name":"tag-ref-fleet-pkg-system-default","type":"tag"}],"sort":[1688996741503,8356],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4NDQsMV0="}
+{"attributes":{"description":"Overview of system metrics","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"version\":true}"},"optionsJSON":"{\"darkTheme\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":6,\"i\":\"471f7546-e704-4a38-a041-d8b11869d7cc\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"471f7546-e704-4a38-a041-d8b11869d7cc\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"# System overview\\n\\nTo view host details, select a host from the list below by clicking the respective label.\",\"openLinksInNewTab\":false},\"title\":\"\",\"type\":\"markdown\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"System Navigation [Metrics System]\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":13,\"i\":\"aa7fddcf-8146-4d85-b3d7-d37a99a5ff32\",\"w\":9,\"x\":0,\"y\":6},\"panelIndex\":\"aa7fddcf-8146-4d85-b3d7-d37a99a5ff32\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.memory\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.memory\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"gauge_color_rules\":[{\"gauge\":\"rgba(32,146,128,1)\",\"id\":\"a0d522e0-1b91-11e7-bec4-a5e9ec5cab8b\",\"operator\":\"gte\",\"value\":0},{\"gauge\":\"rgba(214,191,87,1)\",\"id\":\"b45ad8f0-1b91-11e7-bec4-a5e9ec5cab8b\",\"operator\":\"gte\",\"value\":0.7},{\"gauge\":\"rgba(204,86,66,1)\",\"id\":\"c06e9550-1b91-11e7-bec4-a5e9ec5cab8b\",\"operator\":\"gte\",\"value\":0.85},{\"gauge\":\"rgba(32,146,128,1)\",\"id\":\"4bbf6453-9bd4-4ab7-aa12-5a7ed6306651\",\"operator\":\"empty\",\"value\":null}],\"gauge_inner_width\":10,\"gauge_max\":\"1\",\"gauge_style\":\"half\",\"gauge_width\":10,\"hide_last_value_indicator\":true,\"id\":\"9f51b730-1b91-11e7-bec4-a5e9ec5cab8b\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(84,179,153,1)\",\"fill\":0.5,\"formatter\":\"percent\",\"id\":\"9f51b731-1b91-11e7-bec4-a5e9ec5cab8b\",\"label\":\"Memory Usage\",\"line_width\":1,\"metrics\":[{\"field\":\"system.memory.actual.used.pct\",\"id\":\"9f51b732-1b91-11e7-bec4-a5e9ec5cab8b\",\"type\":\"avg\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"time_range_mode\":\"entire_time_range\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"last_value\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"gauge\",\"use_kibana_indexes\":false},\"title\":\"\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":13,\"i\":\"9fc7a050-de1b-495b-8ca7-2a852ed5a28c\",\"w\":9,\"x\":9,\"y\":6},\"panelIndex\":\"9fc7a050-de1b-495b-8ca7-2a852ed5a28c\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.cpu\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.cpu\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"gauge_color_rules\":[{\"gauge\":\"rgba(32,146,128,1)\",\"id\":\"4ef2c3b0-1b91-11e7-bec4-a5e9ec5cab8b\",\"operator\":\"gte\",\"value\":0},{\"gauge\":\"rgba(214,191,87,1)\",\"id\":\"e6561ae0-1b91-11e7-bec4-a5e9ec5cab8b\",\"operator\":\"gte\",\"value\":0.7},{\"gauge\":\"rgba(204,86,66,1)\",\"id\":\"ec655040-1b91-11e7-bec4-a5e9ec5cab8b\",\"operator\":\"gte\",\"value\":0.85},{\"gauge\":\"rgba(32,146,128,1)\",\"id\":\"860f8db7-6191-4519-8d2a-c51f2a95c2bc\",\"operator\":\"empty\",\"value\":null}],\"gauge_inner_width\":10,\"gauge_max\":\"1\",\"gauge_style\":\"half\",\"gauge_width\":10,\"hide_last_value_indicator\":true,\"id\":\"4c9e2550-1b91-11e7-bec4-a5e9ec5cab8b\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"percent\",\"id\":\"4c9e2551-1b91-11e7-bec4-a5e9ec5cab8b\",\"label\":\"CPU Usage\",\"line_width\":1,\"metrics\":[{\"field\":\"system.cpu.total.norm.pct\",\"id\":\"4c9e2552-1b91-11e7-bec4-a5e9ec5cab8b\",\"type\":\"avg\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"time_range_mode\":\"entire_time_range\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"last_value\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"gauge\",\"use_kibana_indexes\":false},\"title\":\"\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":13,\"i\":\"d85621b3-cf7e-4019-83ae-3a1e06d9933f\",\"w\":30,\"x\":18,\"y\":6},\"panelIndex\":\"d85621b3-cf7e-4019-83ae-3a1e06d9933f\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.cpu\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.cpu\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"id\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"bar_color_rules\":[{\"bar_color\":\"rgba(32,146,128,1)\",\"id\":\"6131bb70-2938-11ed-a1c4-3f04ff5e1036\",\"operator\":\"gte\",\"value\":0},{\"bar_color\":\"rgba(214,191,87,1)\",\"id\":\"b048c5a0-2938-11ed-a1c4-3f04ff5e1036\",\"operator\":\"gte\",\"value\":0.7},{\"bar_color\":\"rgba(204,86,66,1)\",\"id\":\"b84aa340-2938-11ed-a1c4-3f04ff5e1036\",\"operator\":\"gte\",\"value\":0.85},{\"bar_color\":\"rgba(32,146,128,1)\",\"id\":\"c0f1c190-2938-11ed-a1c4-3f04ff5e1036\",\"operator\":\"empty\",\"value\":null}],\"drilldown_url\":\"../app/kibana#/dashboard/system-79ffd6e0-faa0-11e6-947f-177f697178b8?_a=(query:(language:kuery,query:'host.name:\\\"{{key}}\\\"'))\",\"drop_last_bucket\":1,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"id\":\"f85dd7f0-6f50-4ca3-b431-a8332b12f516\",\"index_pattern_ref_name\":\"metrics_d85621b3-cf7e-4019-83ae-3a1e06d9933f_0_index_pattern\",\"interval\":\"\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"percent\",\"id\":\"0fa4599f-6d53-4f7e-a508-b10debeae3a7\",\"line_width\":1,\"metrics\":[{\"field\":\"system.cpu.user.norm.pct\",\"id\":\"20916733-fe1d-4854-8f60-7da167023e8a\",\"type\":\"avg\"}],\"override_index_pattern\":0,\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"point_size\":1,\"separate_axis\":0,\"series_drop_last_bucket\":0,\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"host.name\",\"terms_order_by\":\"20916733-fe1d-4854-8f60-7da167023e8a\",\"time_range_mode\":\"entire_time_range\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"last_value\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"top_n\",\"use_kibana_indexes\":true},\"title\":\"\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Top Hosts by CPU\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":12,\"i\":\"f95d2a8f-0ec2-4252-b3e8-8771b9165241\",\"w\":9,\"x\":0,\"y\":19},\"panelIndex\":\"f95d2a8f-0ec2-4252-b3e8-8771b9165241\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-6a26e3ad-990f-42a2-82fd-f147b1ede3b0\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"6a26e3ad-990f-42a2-82fd-f147b1ede3b0\":{\"columnOrder\":[\"6702f512-7df6-4b95-892c-200bafa8bd0e\",\"6702f512-7df6-4b95-892c-200bafa8bd0eX0\"],\"columns\":{\"6702f512-7df6-4b95-892c-200bafa8bd0e\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Hosts\",\"operationType\":\"formula\",\"params\":{\"formula\":\"unique_count(host.name)\",\"isFormulaBroken\":false},\"references\":[\"6702f512-7df6-4b95-892c-200bafa8bd0eX0\"],\"scale\":\"ratio\"},\"6702f512-7df6-4b95-892c-200bafa8bd0eX0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Hosts\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.name\"}},\"incompleteColumns\":{}}}}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"6702f512-7df6-4b95-892c-200bafa8bd0e\",\"layerId\":\"6a26e3ad-990f-42a2-82fd-f147b1ede3b0\",\"layerType\":\"data\",\"size\":\"xl\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"4a59a56e-e5fd-4ff3-b2f0-8a1c07be572b\",\"w\":9,\"x\":9,\"y\":19},\"panelIndex\":\"4a59a56e-e5fd-4ff3-b2f0-8a1c07be572b\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.fsstat\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.fsstat\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":1,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"gauge_color_rules\":[{\"gauge\":\"rgba(32,146,128,1)\",\"id\":\"51921d10-4d1d-11e7-b5f2-2b7c1895bf32\",\"operator\":\"gte\",\"value\":0},{\"gauge\":\"rgba(214,191,87,1)\",\"id\":\"f26de750-4d54-11e7-b5f2-2b7c1895bf32\",\"operator\":\"gte\",\"value\":0.7},{\"gauge\":\"rgba(204,86,66,1)\",\"id\":\"fa31d190-4d54-11e7-b5f2-2b7c1895bf32\",\"operator\":\"gte\",\"value\":0.85},{\"gauge\":\"rgba(32,146,128,1)\",\"id\":\"79158349-1f03-4701-8ecc-c882c2b13ff3\",\"operator\":\"empty\",\"value\":null}],\"gauge_inner_width\":10,\"gauge_max\":\"1\",\"gauge_style\":\"half\",\"gauge_width\":10,\"hide_last_value_indicator\":true,\"id\":\"4e4dc780-4d1d-11e7-b5f2-2b7c1895bf32\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"percent\",\"id\":\"4e4dee90-4d1d-11e7-b5f2-2b7c1895bf32\",\"label\":\"Disk usage\",\"line_width\":1,\"metrics\":[{\"agg_with\":\"avg\",\"field\":\"system.fsstat.total_size.used\",\"id\":\"4e4dee91-4d1d-11e7-b5f2-2b7c1895bf32\",\"order\":\"desc\",\"order_by\":\"@timestamp\",\"size\":1,\"type\":\"top_hit\"},{\"agg_with\":\"avg\",\"field\":\"system.fsstat.total_size.total\",\"id\":\"57c96ee0-4d54-11e7-b5f2-2b7c1895bf32\",\"order\":\"desc\",\"order_by\":\"@timestamp\",\"size\":1,\"type\":\"top_hit\"},{\"id\":\"6304cca0-4d54-11e7-b5f2-2b7c1895bf32\",\"script\":\"params.used/params.total \",\"type\":\"math\",\"variables\":[{\"field\":\"4e4dee91-4d1d-11e7-b5f2-2b7c1895bf32\",\"id\":\"6da10430-4d54-11e7-b5f2-2b7c1895bf32\",\"name\":\"used\"},{\"field\":\"57c96ee0-4d54-11e7-b5f2-2b7c1895bf32\",\"id\":\"73b8c510-4d54-11e7-b5f2-2b7c1895bf32\",\"name\":\"total\"}]}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"time_range_mode\":\"entire_time_range\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"last_value\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"gauge\",\"use_kibana_indexes\":false},\"title\":\"\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"\"},{\"version\":\"8.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"72f0915f-db77-4d67-b92b-ed8cdd97e1aa\",\"w\":30,\"x\":18,\"y\":19},\"panelIndex\":\"72f0915f-db77-4d67-b92b-ed8cdd97e1aa\",\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.memory\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.memory\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"bar_color_rules\":[{\"bar_color\":\"rgba(32,146,128,1)\",\"id\":\"6131bb70-2938-11ed-a1c4-3f04ff5e1036\",\"operator\":\"gte\",\"value\":0},{\"bar_color\":\"rgba(214,191,87,1)\",\"id\":\"b048c5a0-2938-11ed-a1c4-3f04ff5e1036\",\"operator\":\"gte\",\"value\":0.7},{\"bar_color\":\"rgba(204,86,66,1)\",\"id\":\"b84aa340-2938-11ed-a1c4-3f04ff5e1036\",\"operator\":\"gte\",\"value\":0.85},{\"bar_color\":\"rgba(32,146,128,1)\",\"id\":\"c0f1c190-2938-11ed-a1c4-3f04ff5e1036\",\"operator\":\"empty\",\"value\":null}],\"drilldown_url\":\"../app/kibana#/dashboard/system-79ffd6e0-faa0-11e6-947f-177f697178b8?_a=(query:(language:kuery,query:'host.name:\\\"{{key}}\\\"'))\",\"drop_last_bucket\":1,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"id\":\"f85dd7f0-6f50-4ca3-b431-a8332b12f516\",\"index_pattern_ref_name\":\"metrics_72f0915f-db77-4d67-b92b-ed8cdd97e1aa_0_index_pattern\",\"interval\":\"\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"percent\",\"id\":\"0fa4599f-6d53-4f7e-a508-b10debeae3a7\",\"line_width\":1,\"metrics\":[{\"field\":\"system.memory.actual.used.pct\",\"id\":\"20916733-fe1d-4854-8f60-7da167023e8a\",\"type\":\"avg\"}],\"override_index_pattern\":0,\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"point_size\":1,\"separate_axis\":0,\"series_drop_last_bucket\":0,\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"host.name\",\"terms_order_by\":\"20916733-fe1d-4854-8f60-7da167023e8a\",\"time_range_mode\":\"entire_time_range\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"last_value\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"top_n\",\"use_kibana_indexes\":true},\"title\":\"\",\"type\":\"metrics\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Top Hosts by Memory\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":15,\"i\":\"e6f8fdab-5f7e-42b1-9093-36c017e0d26d\",\"w\":48,\"x\":0,\"y\":31},\"panelIndex\":\"e6f8fdab-5f7e-42b1-9093-36c017e0d26d\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-13084d12-8f45-4ff7-84ff-1aa82f6e91d4\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"6a4289ad-9ff1-40c9-aeff-f102d2251bba\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"13084d12-8f45-4ff7-84ff-1aa82f6e91d4\":{\"columnOrder\":[\"3a15aec4-8bda-4361-8807-6f4cf5d2246b\",\"9f4265d2-4b84-419e-a1b6-58cfcb6f6ffc\",\"ac7e5bcf-a361-44c9-ba8c-12eb2d7974bb\"],\"columns\":{\"3a15aec4-8bda-4361-8807-6f4cf5d2246b\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Hosts\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"columnId\":\"ac7e5bcf-a361-44c9-ba8c-12eb2d7974bb\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":20},\"scale\":\"ordinal\",\"sourceField\":\"host.name\"},\"9f4265d2-4b84-419e-a1b6-58cfcb6f6ffc\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"ac7e5bcf-a361-44c9-ba8c-12eb2d7974bb\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"CPU Usage\",\"operationType\":\"average\",\"params\":{\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":0}}},\"scale\":\"ratio\",\"sourceField\":\"system.cpu.user.norm.pct\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"6a4289ad-9ff1-40c9-aeff-f102d2251bba\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.cpu\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.cpu\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"gridConfig\":{\"isCellLabelVisible\":false,\"isXAxisLabelVisible\":true,\"isXAxisTitleVisible\":false,\"isYAxisLabelVisible\":true,\"isYAxisTitleVisible\":false,\"type\":\"heatmap_grid\"},\"layerId\":\"13084d12-8f45-4ff7-84ff-1aa82f6e91d4\",\"layerType\":\"data\",\"legend\":{\"isVisible\":true,\"legendSize\":\"auto\",\"position\":\"right\",\"type\":\"heatmap_legend\"},\"palette\":{\"accessor\":\"ac7e5bcf-a361-44c9-ba8c-12eb2d7974bb\",\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#d9dada\",\"stop\":0},{\"color\":\"#d6bf57\",\"stop\":0.7},{\"color\":\"#cc5642\",\"stop\":0.85}],\"continuity\":\"above\",\"name\":\"custom\",\"rangeMax\":null,\"rangeMin\":0,\"rangeType\":\"number\",\"reverse\":false,\"steps\":5,\"stops\":[{\"color\":\"#d9dada\",\"stop\":0.7},{\"color\":\"#d6bf57\",\"stop\":0.85},{\"color\":\"#cc5642\",\"stop\":1.85}]},\"type\":\"palette\"},\"shape\":\"heatmap\",\"valueAccessor\":\"ac7e5bcf-a361-44c9-ba8c-12eb2d7974bb\",\"xAccessor\":\"9f4265d2-4b84-419e-a1b6-58cfcb6f6ffc\",\"yAccessor\":\"3a15aec4-8bda-4361-8807-6f4cf5d2246b\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsHeatmap\"},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"action\":{\"config\":{\"useCurrentDateRange\":true,\"useCurrentFilters\":true},\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"Host Overview\"},\"eventId\":\"19bf22c3-97f5-4a71-8752-74cd3d5ec6f9\",\"triggers\":[\"FILTER_TRIGGER\"]}]}},\"type\":\"lens\"},\"title\":\"Top Hosts by CPU Usage over time\"},{\"version\":\"8.7.0\",\"type\":\"lens\",\"gridData\":{\"h\":16,\"i\":\"e6f6cabf-ecec-482f-b7b5-634e323e9a15\",\"w\":48,\"x\":0,\"y\":46},\"panelIndex\":\"e6f6cabf-ecec-482f-b7b5-634e323e9a15\",\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"indexpattern-datasource-layer-13084d12-8f45-4ff7-84ff-1aa82f6e91d4\",\"type\":\"index-pattern\"},{\"id\":\"metrics-*\",\"name\":\"33b2f4d6-9337-4d77-a45b-8debb9604323\",\"type\":\"index-pattern\"}],\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"13084d12-8f45-4ff7-84ff-1aa82f6e91d4\":{\"columnOrder\":[\"3a15aec4-8bda-4361-8807-6f4cf5d2246b\",\"9f4265d2-4b84-419e-a1b6-58cfcb6f6ffc\",\"ac7e5bcf-a361-44c9-ba8c-12eb2d7974bb\",\"ac7e5bcf-a361-44c9-ba8c-12eb2d7974bbX0\"],\"columns\":{\"3a15aec4-8bda-4361-8807-6f4cf5d2246b\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Hosts\",\"operationType\":\"terms\",\"params\":{\"missingBucket\":false,\"orderBy\":{\"fallback\":true,\"type\":\"alphabetical\"},\"orderDirection\":\"asc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":20},\"scale\":\"ordinal\",\"sourceField\":\"host.name\"},\"9f4265d2-4b84-419e-a1b6-58cfcb6f6ffc\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"ac7e5bcf-a361-44c9-ba8c-12eb2d7974bb\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Memory Usage\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":0}},\"formula\":\"average(system.memory.actual.used.pct)\",\"isFormulaBroken\":false},\"references\":[\"ac7e5bcf-a361-44c9-ba8c-12eb2d7974bbX0\"],\"scale\":\"ratio\"},\"ac7e5bcf-a361-44c9-ba8c-12eb2d7974bbX0\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Part of Memory Usage\",\"operationType\":\"average\",\"scale\":\"ratio\",\"sourceField\":\"system.memory.actual.used.pct\"}},\"incompleteColumns\":{}}}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"33b2f4d6-9337-4d77-a45b-8debb9604323\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"system.memory\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"system.memory\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"gridConfig\":{\"isCellLabelVisible\":false,\"isXAxisLabelVisible\":true,\"isXAxisTitleVisible\":false,\"isYAxisLabelVisible\":true,\"isYAxisTitleVisible\":false,\"type\":\"heatmap_grid\"},\"layerId\":\"13084d12-8f45-4ff7-84ff-1aa82f6e91d4\",\"layerType\":\"data\",\"legend\":{\"isVisible\":true,\"legendSize\":\"auto\",\"position\":\"right\",\"type\":\"heatmap_legend\"},\"palette\":{\"accessor\":\"ac7e5bcf-a361-44c9-ba8c-12eb2d7974bb\",\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#d9dada\",\"stop\":0},{\"color\":\"#d6bf57\",\"stop\":0.7},{\"color\":\"#cc5642\",\"stop\":0.85}],\"continuity\":\"above\",\"name\":\"custom\",\"rangeMax\":null,\"rangeMin\":0,\"rangeType\":\"number\",\"reverse\":false,\"steps\":5,\"stops\":[{\"color\":\"#d9dada\",\"stop\":0.7},{\"color\":\"#d6bf57\",\"stop\":0.85},{\"color\":\"#cc5642\",\"stop\":1.85}]},\"type\":\"palette\"},\"shape\":\"heatmap\",\"valueAccessor\":\"ac7e5bcf-a361-44c9-ba8c-12eb2d7974bb\",\"xAccessor\":\"9f4265d2-4b84-419e-a1b6-58cfcb6f6ffc\",\"yAccessor\":\"3a15aec4-8bda-4361-8807-6f4cf5d2246b\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsHeatmap\"},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"action\":{\"config\":{\"useCurrentDateRange\":true,\"useCurrentFilters\":true},\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"Host Overview\"},\"eventId\":\"cb4db4a1-91ee-41e3-9f16-4b373cb189ad\",\"triggers\":[\"FILTER_TRIGGER\"]}]}},\"type\":\"lens\"},\"title\":\"Top Hosts by Memory Usage over time\"}]","timeRestore":false,"title":"[Metrics System] Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"system-Metrics-system-overview","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"metrics-*","name":"aa7fddcf-8146-4d85-b3d7-d37a99a5ff32:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"9fc7a050-de1b-495b-8ca7-2a852ed5a28c:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"d85621b3-cf7e-4019-83ae-3a1e06d9933f:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"d85621b3-cf7e-4019-83ae-3a1e06d9933f:metrics_d85621b3-cf7e-4019-83ae-3a1e06d9933f_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"f95d2a8f-0ec2-4252-b3e8-8771b9165241:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"f95d2a8f-0ec2-4252-b3e8-8771b9165241:indexpattern-datasource-layer-6a26e3ad-990f-42a2-82fd-f147b1ede3b0","type":"index-pattern"},{"id":"metrics-*","name":"4a59a56e-e5fd-4ff3-b2f0-8a1c07be572b:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"72f0915f-db77-4d67-b92b-ed8cdd97e1aa:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"72f0915f-db77-4d67-b92b-ed8cdd97e1aa:metrics_72f0915f-db77-4d67-b92b-ed8cdd97e1aa_0_index_pattern","type":"index-pattern"},{"id":"metrics-*","name":"e6f8fdab-5f7e-42b1-9093-36c017e0d26d:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"e6f8fdab-5f7e-42b1-9093-36c017e0d26d:indexpattern-datasource-layer-13084d12-8f45-4ff7-84ff-1aa82f6e91d4","type":"index-pattern"},{"id":"metrics-*","name":"e6f8fdab-5f7e-42b1-9093-36c017e0d26d:6a4289ad-9ff1-40c9-aeff-f102d2251bba","type":"index-pattern"},{"id":"system-79ffd6e0-faa0-11e6-947f-177f697178b8","name":"e6f8fdab-5f7e-42b1-9093-36c017e0d26d:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:19bf22c3-97f5-4a71-8752-74cd3d5ec6f9:dashboardId","type":"dashboard"},{"id":"metrics-*","name":"e6f6cabf-ecec-482f-b7b5-634e323e9a15:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"e6f6cabf-ecec-482f-b7b5-634e323e9a15:indexpattern-datasource-layer-13084d12-8f45-4ff7-84ff-1aa82f6e91d4","type":"index-pattern"},{"id":"metrics-*","name":"e6f6cabf-ecec-482f-b7b5-634e323e9a15:33b2f4d6-9337-4d77-a45b-8debb9604323","type":"index-pattern"},{"id":"system-79ffd6e0-faa0-11e6-947f-177f697178b8","name":"e6f6cabf-ecec-482f-b7b5-634e323e9a15:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:cb4db4a1-91ee-41e3-9f16-4b373cb189ad:dashboardId","type":"dashboard"},{"id":"system-fleet-managed-default","name":"tag-ref-system-fleet-managed-default","type":"tag"},{"id":"system-fleet-pkg-system-default","name":"tag-ref-system-fleet-pkg-system-default","type":"tag"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-system-default","name":"tag-ref-fleet-pkg-system-default","type":"tag"}],"sort":[1688996741503,8378],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4NDUsMV0="}
+{"attributes":{"description":"Overview of all Windows Event Logs.","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"system.application\",\"system.security\",\"system.system\",\"windows.application\",\"windows.forwarded\",\"windows.powershell\",\"windows.powershell_operational\",\"windows.security\",\"windows.sysmon_operational\",\"windows.system\",\"winlog.winlog\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"system.application\"}},{\"match_phrase\":{\"data_stream.dataset\":\"system.security\"}},{\"match_phrase\":{\"data_stream.dataset\":\"system.system\"}},{\"match_phrase\":{\"data_stream.dataset\":\"windows.application\"}},{\"match_phrase\":{\"data_stream.dataset\":\"windows.forwarded\"}},{\"match_phrase\":{\"data_stream.dataset\":\"windows.powershell\"}},{\"match_phrase\":{\"data_stream.dataset\":\"windows.powershell_operational\"}},{\"match_phrase\":{\"data_stream.dataset\":\"windows.security\"}},{\"match_phrase\":{\"data_stream.dataset\":\"windows.sysmon_operational\"}},{\"match_phrase\":{\"data_stream.dataset\":\"windows.system\"}},{\"match_phrase\":{\"data_stream.dataset\":\"winlog.winlog\"}}]}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"useMargins\":true}","panelsJSON":"[{\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":10,\"markdown\":\"## **Windows Overview**\",\"openLinksInNewTab\":false},\"title\":\"User Logon Dashboard [Windows System Security]\",\"type\":\"markdown\",\"uiState\":{}}},\"gridData\":{\"h\":5,\"i\":\"a631db29-cb48-4bfb-b9c9-77ea2baff486\",\"w\":12,\"x\":0,\"y\":0},\"panelIndex\":\"a631db29-cb48-4bfb-b9c9-77ea2baff486\",\"title\":\"\",\"type\":\"visualization\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b8e30995-8308-4085-bebc-b744255d4471\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"b8e30995-8308-4085-bebc-b744255d4471\":{\"columnOrder\":[\"b76296f1-254e-44be-885c-dab598a5769a\"],\"columns\":{\"b76296f1-254e-44be-885c-dab598a5769a\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"b76296f1-254e-44be-885c-dab598a5769a\",\"layerId\":\"b8e30995-8308-4085-bebc-b744255d4471\",\"layerType\":\"data\"}},\"title\":\"Number of Events [Windows Overview]\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":20,\"i\":\"f1073adc-88c7-4213-947d-72d05705e81a\",\"w\":12,\"x\":0,\"y\":5},\"panelIndex\":\"f1073adc-88c7-4213-947d-72d05705e81a\",\"title\":\"Number of Events [Windows Overview]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"**Windows Overview** | [User Logon Information](#/dashboard/system-bae11b00-9bfc-11ea-87e4-49f31ec44891) |  [Logon Failed and Account Lockout](#/dashboard/system-d401ef40-a7d5-11e9-a422-d144027429da) | [User Management Events](#/dashboard/system-71f720f0-ff18-11e9-8405-516218e3d268) | [Group Management Events](#/dashboard/system-bb858830-f412-11e9-8405-516218e3d268)\",\"openLinksInNewTab\":false},\"title\":\"Dashboard links  [Windows System Security]\",\"type\":\"markdown\",\"uiState\":{}}},\"gridData\":{\"h\":5,\"i\":\"dadfa90b-35df-4cdb-8b7f-80b75ef8cb9b\",\"w\":36,\"x\":12,\"y\":0},\"panelIndex\":\"dadfa90b-35df-4cdb-8b7f-80b75ef8cb9b\",\"title\":\"\",\"type\":\"visualization\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-5e87aee1-99b0-42aa-8b38-30ad57feda11\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"5e87aee1-99b0-42aa-8b38-30ad57feda11\":{\"columnOrder\":[\"c3110bfa-477d-4c3d-9483-a63044c42900\",\"b3737588-4175-4ab0-b9da-23267d72fe70\",\"b1b1cc91-e400-414c-90b7-912cd62a404a\"],\"columns\":{\"b1b1cc91-e400-414c-90b7-912cd62a404a\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"b3737588-4175-4ab0-b9da-23267d72fe70\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Channel\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"b1b1cc91-e400-414c-90b7-912cd62a404a\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":6},\"scale\":\"ordinal\",\"sourceField\":\"winlog.channel\"},\"c3110bfa-477d-4c3d-9483-a63044c42900\":{\"customLabel\":true,\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":false,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"curveType\":\"LINEAR\",\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":-90},\"layers\":[{\"accessors\":[\"b1b1cc91-e400-414c-90b7-912cd62a404a\"],\"isHistogram\":true,\"layerId\":\"5e87aee1-99b0-42aa-8b38-30ad57feda11\",\"layerType\":\"data\",\"seriesType\":\"bar_stacked\",\"simpleView\":false,\"splitAccessor\":\"b3737588-4175-4ab0-b9da-23267d72fe70\",\"xAccessor\":\"c3110bfa-477d-4c3d-9483-a63044c42900\",\"xScaleType\":\"time\",\"yConfig\":[{\"axisMode\":\"left\",\"forAccessor\":\"b1b1cc91-e400-414c-90b7-912cd62a404a\"}]}],\"legend\":{\"isVisible\":true,\"legendSize\":\"auto\",\"maxLines\":1,\"position\":\"right\",\"shouldTruncate\":true,\"showSingleSeries\":true},\"preferredSeriesType\":\"bar_stacked\",\"showCurrentTimeMarker\":false,\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"valuesInLegend\":false,\"yLeftExtent\":{\"enforce\":true,\"mode\":\"full\"},\"yLeftScale\":\"linear\",\"yRightScale\":\"linear\",\"yTitle\":\"Count\"}},\"title\":\"Number of Events Over Time By Channel [Windows Overview]\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":20,\"i\":\"57c36a54-2c5c-4ca5-ae9a-b2a9b71423cc\",\"w\":36,\"x\":12,\"y\":5},\"panelIndex\":\"57c36a54-2c5c-4ca5-ae9a-b2a9b71423cc\",\"title\":\"Number of Events Over Time By Channel [Windows Overview]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-f91444b8-f989-4d50-9791-659f63b410a6\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"f91444b8-f989-4d50-9791-659f63b410a6\":{\"columnOrder\":[\"d79151d8-0464-460f-985d-7710afd65951\",\"f823b376-2c3e-4893-befa-3d99b5e4b54d\"],\"columns\":{\"d79151d8-0464-460f-985d-7710afd65951\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"winlog.provider_name: Descending\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"f823b376-2c3e-4893-befa-3d99b5e4b54d\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":7},\"scale\":\"ordinal\",\"sourceField\":\"winlog.provider_name\"},\"f823b376-2c3e-4893-befa-3d99b5e4b54d\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"hide\",\"emptySizeRatio\":0.3,\"layerId\":\"f91444b8-f989-4d50-9791-659f63b410a6\",\"layerType\":\"data\",\"legendDisplay\":\"hide\",\"legendMaxLines\":1,\"legendPosition\":\"right\",\"legendSize\":\"auto\",\"metrics\":[\"f823b376-2c3e-4893-befa-3d99b5e4b54d\"],\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"percentDecimals\":2,\"primaryGroups\":[\"d79151d8-0464-460f-985d-7710afd65951\"],\"secondaryGroups\":[],\"showValuesInLegend\":true,\"truncateLegend\":true}],\"shape\":\"pie\"}},\"title\":\"Sources (Provider Names) [Windows Overview]\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{}},\"gridData\":{\"h\":20,\"i\":\"49364a81-aad0-4123-9b41-e29cc0d20211\",\"w\":16,\"x\":0,\"y\":25},\"panelIndex\":\"49364a81-aad0-4123-9b41-e29cc0d20211\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-92b81c04-c009-42b2-a123-cbb40bacb21b\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"92b81c04-c009-42b2-a123-cbb40bacb21b\":{\"columnOrder\":[\"59206405-b932-4821-894f-0e7df0c64c49\",\"72e6c0f0-dd8b-4557-a0a1-282c3a527bff\"],\"columns\":{\"59206405-b932-4821-894f-0e7df0c64c49\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Event IDs\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"72e6c0f0-dd8b-4557-a0a1-282c3a527bff\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_id\"},\"72e6c0f0-dd8b-4557-a0a1-282c3a527bff\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"alignment\":\"left\",\"columnId\":\"72e6c0f0-dd8b-4557-a0a1-282c3a527bff\"},{\"alignment\":\"left\",\"columnId\":\"59206405-b932-4821-894f-0e7df0c64c49\"}],\"headerRowHeight\":\"single\",\"layerId\":\"92b81c04-c009-42b2-a123-cbb40bacb21b\",\"layerType\":\"data\",\"paging\":{\"enabled\":true,\"size\":10},\"rowHeight\":\"single\"}},\"title\":\"Top Event IDs [Windows Overview]\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{}},\"gridData\":{\"h\":20,\"i\":\"24dc70bf-961d-43d5-bbaf-b596523308d8\",\"w\":16,\"x\":16,\"y\":25},\"panelIndex\":\"24dc70bf-961d-43d5-bbaf-b596523308d8\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-948e4465-d614-4c5c-845c-e2cc11f14b14\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"948e4465-d614-4c5c-845c-e2cc11f14b14\":{\"columnOrder\":[\"a86889ec-ce6a-4b72-90f2-73cdcdf5af59\",\"3c6aceef-e72a-484a-a9b4-c9ccabad0da8\"],\"columns\":{\"3c6aceef-e72a-484a-a9b4-c9ccabad0da8\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"a86889ec-ce6a-4b72-90f2-73cdcdf5af59\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Log Levels\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"3c6aceef-e72a-484a-a9b4-c9ccabad0da8\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"log.level\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"alignment\":\"left\",\"columnId\":\"3c6aceef-e72a-484a-a9b4-c9ccabad0da8\"},{\"alignment\":\"left\",\"columnId\":\"a86889ec-ce6a-4b72-90f2-73cdcdf5af59\"}],\"headerRowHeight\":\"single\",\"layerId\":\"948e4465-d614-4c5c-845c-e2cc11f14b14\",\"layerType\":\"data\",\"paging\":{\"enabled\":true,\"size\":10},\"rowHeight\":\"single\"}},\"title\":\"Event Levels [Windows Overview]\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{}},\"gridData\":{\"h\":20,\"i\":\"8f939618-5923-43d4-9b23-57f7d21b4908\",\"w\":16,\"x\":32,\"y\":25},\"panelIndex\":\"8f939618-5923-43d4-9b23-57f7d21b4908\",\"type\":\"lens\",\"version\":\"8.7.0\"}]","timeRestore":false,"title":"[System] Windows Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"system-Windows-Dashboard","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"f1073adc-88c7-4213-947d-72d05705e81a:indexpattern-datasource-layer-b8e30995-8308-4085-bebc-b744255d4471","type":"index-pattern"},{"id":"logs-*","name":"57c36a54-2c5c-4ca5-ae9a-b2a9b71423cc:indexpattern-datasource-layer-5e87aee1-99b0-42aa-8b38-30ad57feda11","type":"index-pattern"},{"id":"logs-*","name":"49364a81-aad0-4123-9b41-e29cc0d20211:indexpattern-datasource-layer-f91444b8-f989-4d50-9791-659f63b410a6","type":"index-pattern"},{"id":"logs-*","name":"24dc70bf-961d-43d5-bbaf-b596523308d8:indexpattern-datasource-layer-92b81c04-c009-42b2-a123-cbb40bacb21b","type":"index-pattern"},{"id":"logs-*","name":"8f939618-5923-43d4-9b23-57f7d21b4908:indexpattern-datasource-layer-948e4465-d614-4c5c-845c-e2cc11f14b14","type":"index-pattern"},{"id":"system-fleet-managed-default","name":"tag-ref-system-fleet-managed-default","type":"tag"},{"id":"system-fleet-pkg-system-default","name":"tag-ref-system-fleet-pkg-system-default","type":"tag"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-system-default","name":"tag-ref-fleet-pkg-system-default","type":"tag"}],"sort":[1688996741503,8389],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4NDYsMV0="}
+{"attributes":{"columns":["user.name","winlog.logon.type","source.domain","source.ip","winlog.logon.id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4624\"},\"type\":\"phrase\"},\"query\":{\"match\":{\"event.code\":{\"query\":\"4624\",\"type\":\"phrase\"}}}}],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"},\"version\":true}"},"sort":[["@timestamp","desc"]],"title":"User Logons [Windows System Security]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"system-ce71c9a0-a25e-11e9-a422-d144027429da","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"system-fleet-managed-default","name":"tag-ref-system-fleet-managed-default","type":"tag"},{"id":"system-fleet-pkg-system-default","name":"tag-ref-system-fleet-pkg-system-default","type":"tag"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-system-default","name":"tag-ref-fleet-pkg-system-default","type":"tag"}],"sort":[1688996741503,8396],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4NDcsMV0="}
+{"attributes":{"description":"User logon activity dashboard.","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"system.security\",\"windows.forwarded\",\"windows.security\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"system.security\"}},{\"match_phrase\":{\"data_stream.dataset\":\"windows.forwarded\"}},{\"match_phrase\":{\"data_stream.dataset\":\"windows.security\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"winlog.provider_name\",\"negate\":false,\"params\":{\"query\":\"Microsoft-Windows-Security-Auditing\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"winlog.provider_name\":\"Microsoft-Windows-Security-Auditing\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"useMargins\":false}","panelsJSON":"[{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-0eeae7e3-4be6-439a-8d11-e248d89729c7\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"6c0aae98-74e3-48f0-bfe4-01114857e9ea\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"0eeae7e3-4be6-439a-8d11-e248d89729c7\":{\"columnOrder\":[\"6c20c34d-d053-4d81-9dc7-015ef4065cc8\",\"011f8ab2-fbac-408d-b01a-100820072975\",\"865f73fe-058f-468a-b4dc-e67be53b290b\",\"bcb7b474-2877-4665-a58e-58279b2a85a0\",\"a2383fe5-f58b-45bd-bc84-7750f113121e\"],\"columns\":{\"011f8ab2-fbac-408d-b01a-100820072975\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"user.name\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"a2383fe5-f58b-45bd-bc84-7750f113121e\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"user.name\"},\"6c20c34d-d053-4d81-9dc7-015ef4065cc8\":{\"customLabel\":true,\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"Date\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":false,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"865f73fe-058f-468a-b4dc-e67be53b290b\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":true,\"label\":\"# Thread\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"a2383fe5-f58b-45bd-bc84-7750f113121e\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.process.thread.id\"},\"a2383fe5-f58b-45bd-bc84-7750f113121e\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"bcb7b474-2877-4665-a58e-58279b2a85a0\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"LogonID\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"a2383fe5-f58b-45bd-bc84-7750f113121e\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.logon.id\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"6c0aae98-74e3-48f0-bfe4-01114857e9ea\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4672\"],\"type\":\"phrases\",\"value\":\"4672\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4672\"}}]}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"alignment\":\"left\",\"columnId\":\"a2383fe5-f58b-45bd-bc84-7750f113121e\"},{\"alignment\":\"left\",\"columnId\":\"6c20c34d-d053-4d81-9dc7-015ef4065cc8\"},{\"alignment\":\"left\",\"columnId\":\"011f8ab2-fbac-408d-b01a-100820072975\"},{\"alignment\":\"left\",\"columnId\":\"865f73fe-058f-468a-b4dc-e67be53b290b\"},{\"alignment\":\"left\",\"columnId\":\"bcb7b474-2877-4665-a58e-58279b2a85a0\"}],\"headerRowHeight\":\"single\",\"layerId\":\"0eeae7e3-4be6-439a-8d11-e248d89729c7\",\"layerType\":\"data\",\"paging\":{\"enabled\":true,\"size\":10},\"rowHeight\":\"single\"}},\"title\":\"Logged on Administrators [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{}},\"gridData\":{\"h\":28,\"i\":\"1\",\"w\":18,\"x\":0,\"y\":34},\"panelIndex\":\"1\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-7a52b543-0c01-4543-9ed6-a89dfbdd8b87\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"c92cd2bc-c3a2-40cf-8932-aa33cee31978\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"7a52b543-0c01-4543-9ed6-a89dfbdd8b87\":{\"columnOrder\":[\"c1fa9bb2-329d-452b-9aea-8019bbedf069\",\"6d33622e-b154-4aee-91af-31f692da9922\"],\"columns\":{\"6d33622e-b154-4aee-91af-31f692da9922\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique count of winlog.logon.id\",\"operationType\":\"unique_count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"winlog.logon.id\"},\"c1fa9bb2-329d-452b-9aea-8019bbedf069\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"user.name: Descending\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"6d33622e-b154-4aee-91af-31f692da9922\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"user.name\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"c92cd2bc-c3a2-40cf-8932-aa33cee31978\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4672\"},\"type\":\"phrase\"},\"query\":{\"match\":{\"event.code\":{\"query\":\"4672\",\"type\":\"phrase\"}}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"hide\",\"emptySizeRatio\":0.3,\"layerId\":\"7a52b543-0c01-4543-9ed6-a89dfbdd8b87\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"legendMaxLines\":1,\"legendPosition\":\"bottom\",\"legendSize\":\"auto\",\"metrics\":[\"6d33622e-b154-4aee-91af-31f692da9922\"],\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"percentDecimals\":2,\"primaryGroups\":[\"c1fa9bb2-329d-452b-9aea-8019bbedf069\"],\"secondaryGroups\":[],\"showValuesInLegend\":true,\"truncateLegend\":true}],\"shape\":\"pie\"}},\"title\":\"Administrator Users [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":18,\"i\":\"3\",\"w\":18,\"x\":0,\"y\":16},\"panelIndex\":\"3\",\"title\":\"Administrator Users [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":10,\"markdown\":\"## **Logon Information Dashboard**\",\"openLinksInNewTab\":false},\"title\":\"User Logon Dashboard [Windows System Security]\",\"type\":\"markdown\",\"uiState\":{}}},\"gridData\":{\"h\":6,\"i\":\"4\",\"w\":12,\"x\":0,\"y\":0},\"panelIndex\":\"4\",\"title\":\"\",\"type\":\"visualization\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":46,\"i\":\"10\",\"w\":23,\"x\":0,\"y\":62},\"panelIndex\":\"10\",\"panelRefName\":\"panel_10\",\"title\":\"Logon Details\",\"type\":\"search\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"[Windows Overview](#/dashboard/system-Windows-Dashboard) | **User Logon Information** | [Logon Failed and Account Lockout](#/dashboard/system-d401ef40-a7d5-11e9-a422-d144027429da) | [User Management Events](#/dashboard/system-71f720f0-ff18-11e9-8405-516218e3d268) | [Group Management Events](#/dashboard/system-bb858830-f412-11e9-8405-516218e3d268)\",\"openLinksInNewTab\":false},\"title\":\"Dashboard links  [Windows System Security]\",\"type\":\"markdown\",\"uiState\":{}}},\"gridData\":{\"h\":6,\"i\":\"34fc9633-8a7c-444d-8d19-06095b55fb43\",\"w\":36,\"x\":12,\"y\":0},\"panelIndex\":\"34fc9633-8a7c-444d-8d19-06095b55fb43\",\"title\":\"\",\"type\":\"visualization\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[],\"state\":{\"adHocDataViews\":{\"tsvb_ad_hoc_logs-*/@timestamp\":{\"allowNoIndex\":false,\"fieldAttrs\":{},\"fieldFormats\":{},\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"logs-*\",\"runtimeFieldMap\":{},\"sourceFilters\":[],\"timeFieldName\":\"@timestamp\",\"title\":\"logs-*\"}},\"datasourceStates\":{\"formBased\":{\"layers\":{\"3dfd861c-68d7-44e0-9755-de21ecd15ba1\":{\"columnOrder\":[\"a278011b-444a-4e01-af26-6395f2f54bf1\"],\"columns\":{\"a278011b-444a-4e01-af26-6395f2f54bf1\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"((data_stream.dataset:windows.security OR data_stream.dataset:system.security) AND event.code: \\\"4672\\\")\"},\"isBucketed\":false,\"label\":\"Administrator Logons\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[{\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"indexpattern-datasource-layer-3dfd861c-68d7-44e0-9755-de21ecd15ba1\",\"type\":\"index-pattern\"}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"a278011b-444a-4e01-af26-6395f2f54bf1\",\"layerId\":\"3dfd861c-68d7-44e0-9755-de21ecd15ba1\",\"layerType\":\"data\"}},\"title\":\"TSVB visualization\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":10,\"i\":\"f2925b5d-a820-428f-83dc-a547186bcbe6\",\"w\":9,\"x\":0,\"y\":6},\"panelIndex\":\"f2925b5d-a820-428f-83dc-a547186bcbe6\",\"title\":\"\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[],\"state\":{\"adHocDataViews\":{\"tsvb_ad_hoc_logs-*/@timestamp\":{\"allowNoIndex\":false,\"fieldAttrs\":{},\"fieldFormats\":{},\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"logs-*\",\"runtimeFieldMap\":{},\"sourceFilters\":[],\"timeFieldName\":\"@timestamp\",\"title\":\"logs-*\"}},\"datasourceStates\":{\"formBased\":{\"layers\":{\"83d20141-1b90-44a1-ac90-a024a460e2f7\":{\"columnOrder\":[\"f6e7fa4a-d41d-41e3-b8cb-112a3d34d3be\"],\"columns\":{\"f6e7fa4a-d41d-41e3-b8cb-112a3d34d3be\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"((data_stream.dataset:windows.security OR data_stream.dataset:system.security) AND event.code: \\\"4624\\\")\"},\"isBucketed\":false,\"label\":\"Logons \",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[{\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"indexpattern-datasource-layer-83d20141-1b90-44a1-ac90-a024a460e2f7\",\"type\":\"index-pattern\"}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"f6e7fa4a-d41d-41e3-b8cb-112a3d34d3be\",\"layerId\":\"83d20141-1b90-44a1-ac90-a024a460e2f7\",\"layerType\":\"data\"}},\"title\":\"TSVB visualization\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":10,\"i\":\"b6b45344-9881-4adf-ae69-4b892d976e63\",\"w\":9,\"x\":9,\"y\":6},\"panelIndex\":\"b6b45344-9881-4adf-ae69-4b892d976e63\",\"title\":\"\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[],\"state\":{\"adHocDataViews\":{\"tsvb_ad_hoc_logs-*/@timestamp\":{\"allowNoIndex\":false,\"fieldAttrs\":{},\"fieldFormats\":{},\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"logs-*\",\"runtimeFieldMap\":{},\"sourceFilters\":[],\"timeFieldName\":\"@timestamp\",\"title\":\"logs-*\"}},\"datasourceStates\":{\"formBased\":{\"layers\":{\"e6fef655-e731-4662-95d5-1d528e81aa31\":{\"columnOrder\":[\"d2c3177a-a480-4200-9cd1-e40f87f81192\",\"23784821-7b5a-4a62-ba6f-000d1600ac1f\",\"c496f94a-303f-4786-a5cf-16ffbda12881\"],\"columns\":{\"23784821-7b5a-4a62-ba6f-000d1600ac1f\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Filters\",\"operationType\":\"filters\",\"params\":{\"filters\":[{\"input\":{\"language\":\"kuery\",\"query\":\"event.code: \\\"4672\\\"\"},\"label\":\"Admin logons\"},{\"input\":{\"language\":\"kuery\",\"query\":\"event.code: \\\"4624\\\"\"},\"label\":\"Logon Events\"}]},\"scale\":\"ordinal\"},\"c496f94a-303f-4786-a5cf-16ffbda12881\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"d2c3177a-a480-4200-9cd1-e40f87f81192\":{\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":true,\"includeEmptyRows\":true,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[{\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"indexpattern-datasource-layer-e6fef655-e731-4662-95d5-1d528e81aa31\",\"type\":\"index-pattern\"}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fillOpacity\":0.5,\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"c496f94a-303f-4786-a5cf-16ffbda12881\"],\"layerId\":\"e6fef655-e731-4662-95d5-1d528e81aa31\",\"layerType\":\"data\",\"seriesType\":\"line\",\"splitAccessor\":\"23784821-7b5a-4a62-ba6f-000d1600ac1f\",\"xAccessor\":\"d2c3177a-a480-4200-9cd1-e40f87f81192\",\"yConfig\":[{\"axisMode\":\"left\",\"color\":\"#68BC00\",\"forAccessor\":\"c496f94a-303f-4786-a5cf-16ffbda12881\"}]}],\"legend\":{\"isVisible\":true,\"maxLines\":1,\"position\":\"right\",\"shouldTruncate\":true,\"showSingleSeries\":true},\"preferredSeriesType\":\"line\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yLeftScale\":\"linear\",\"yRightExtent\":{\"mode\":\"full\"},\"yRightScale\":\"linear\"}},\"title\":\"Logon Events Timeline\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":13,\"i\":\"e6bde0c0-6365-4c2a-b6d1-232e936d592e\",\"w\":30,\"x\":18,\"y\":6},\"panelIndex\":\"e6bde0c0-6365-4c2a-b6d1-232e936d592e\",\"title\":\"Logon Events Timeline\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-674fcc58-08d6-4ab5-b6cb-671d86391a1f\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"0b35b218-725a-492d-8a26-fc07ece4cefa\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"674fcc58-08d6-4ab5-b6cb-671d86391a1f\":{\"columnOrder\":[\"d3920133-e719-4f21-96b0-de104644c62d\",\"c5eeb90d-c93c-45c6-a105-cd6dd7de45c9\"],\"columns\":{\"c5eeb90d-c93c-45c6-a105-cd6dd7de45c9\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Unique count of winlog.logon.id\",\"operationType\":\"unique_count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"winlog.logon.id\"},\"d3920133-e719-4f21-96b0-de104644c62d\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"winlog.logon.type: Descending\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"c5eeb90d-c93c-45c6-a105-cd6dd7de45c9\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":20},\"scale\":\"ordinal\",\"sourceField\":\"winlog.logon.type\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"0b35b218-725a-492d-8a26-fc07ece4cefa\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4624\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.code\":\"4624\"}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"hide\",\"emptySizeRatio\":0.3,\"layerId\":\"674fcc58-08d6-4ab5-b6cb-671d86391a1f\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"legendMaxLines\":1,\"legendPosition\":\"right\",\"legendSize\":\"auto\",\"metrics\":[\"c5eeb90d-c93c-45c6-a105-cd6dd7de45c9\"],\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"percentDecimals\":2,\"primaryGroups\":[\"d3920133-e719-4f21-96b0-de104644c62d\"],\"secondaryGroups\":[],\"showValuesInLegend\":true,\"truncateLegend\":true}],\"shape\":\"pie\"}},\"title\":\"Logon Types  [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":15,\"i\":\"cf50b48e-453c-46fb-ad35-7ccfb7b03de0\",\"w\":15,\"x\":18,\"y\":19},\"panelIndex\":\"cf50b48e-453c-46fb-ad35-7ccfb7b03de0\",\"title\":\"Logon Types  [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-00652829-18f8-4bed-9423-c1b08879fa96\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"b48f02eb-a573-4758-a23f-ab02a2379751\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"00652829-18f8-4bed-9423-c1b08879fa96\":{\"columnOrder\":[\"028821e7-2e7e-4604-ac9d-25e9d90bbb0d\",\"0d65d110-92d0-42b0-a150-f5d7c154122c\"],\"columns\":{\"028821e7-2e7e-4604-ac9d-25e9d90bbb0d\":{\"customLabel\":true,\"dataType\":\"ip\",\"isBucketed\":true,\"label\":\"Logon Source IP\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0d65d110-92d0-42b0-a150-f5d7c154122c\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"source.ip\"},\"0d65d110-92d0-42b0-a150-f5d7c154122c\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"field\":\"data_stream.dataset\",\"index\":\"b48f02eb-a573-4758-a23f-ab02a2379751\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"windows.security\",\"system.security\"],\"type\":\"phrases\",\"value\":[\"windows.security\",\"system.security\"]},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"windows.security\"}},{\"match_phrase\":{\"data_stream.dataset\":\"system.security\"}}]}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"0d65d110-92d0-42b0-a150-f5d7c154122c\"],\"layerId\":\"00652829-18f8-4bed-9423-c1b08879fa96\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"xAccessor\":\"028821e7-2e7e-4604-ac9d-25e9d90bbb0d\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_horizontal\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":15,\"i\":\"2ccb4f49-c9ee-48a0-b602-f86fa0e21504\",\"w\":15,\"x\":33,\"y\":19},\"panelIndex\":\"2ccb4f49-c9ee-48a0-b602-f86fa0e21504\",\"title\":\"Logon Sources [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":28,\"i\":\"454bb008-9720-455e-8ab9-b2f47d25aa4f\",\"w\":18,\"x\":18,\"y\":34},\"panelIndex\":\"454bb008-9720-455e-8ab9-b2f47d25aa4f\",\"panelRefName\":\"panel_454bb008-9720-455e-8ab9-b2f47d25aa4f\",\"title\":\"RDP Reconnections and Desconnections\",\"type\":\"search\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-4a1aa374-6802-4ad3-aaa8-5178d0944859\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"d5b55106-1b94-4e5d-af4a-30edbe70102e\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"4a1aa374-6802-4ad3-aaa8-5178d0944859\":{\"columnOrder\":[\"8bb80378-dfd5-4dbc-bc6c-6a311530b1f0\",\"71ed13d3-5581-4cb5-a9fd-c2137e961d1e\",\"c46bc820-0dbe-4560-8250-1c4c414bbfc0\",\"8602e508-3dc5-4e7e-a87e-8fd9ddf7b1d9\",\"c8f202eb-e9fe-469f-8a65-72c55a8755f9\"],\"columns\":{\"71ed13d3-5581-4cb5-a9fd-c2137e961d1e\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"subjectUserName\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"c8f202eb-e9fe-469f-8a65-72c55a8755f9\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.SubjectUserName\"},\"8602e508-3dc5-4e7e-a87e-8fd9ddf7b1d9\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"LogonID\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"c8f202eb-e9fe-469f-8a65-72c55a8755f9\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.logon.id\"},\"8bb80378-dfd5-4dbc-bc6c-6a311530b1f0\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"user.name\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"c8f202eb-e9fe-469f-8a65-72c55a8755f9\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":200},\"scale\":\"ordinal\",\"sourceField\":\"user.name\"},\"c46bc820-0dbe-4560-8250-1c4c414bbfc0\":{\"customLabel\":true,\"dataType\":\"ip\",\"isBucketed\":true,\"label\":\"source.ip\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"c8f202eb-e9fe-469f-8a65-72c55a8755f9\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"source.ip\"},\"c8f202eb-e9fe-469f-8a65-72c55a8755f9\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"d5b55106-1b94-4e5d-af4a-30edbe70102e\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4648\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.code\":\"4648\"}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"alignment\":\"left\",\"columnId\":\"c8f202eb-e9fe-469f-8a65-72c55a8755f9\"},{\"alignment\":\"left\",\"columnId\":\"8bb80378-dfd5-4dbc-bc6c-6a311530b1f0\"},{\"alignment\":\"left\",\"columnId\":\"71ed13d3-5581-4cb5-a9fd-c2137e961d1e\"},{\"alignment\":\"left\",\"columnId\":\"c46bc820-0dbe-4560-8250-1c4c414bbfc0\"},{\"alignment\":\"left\",\"columnId\":\"8602e508-3dc5-4e7e-a87e-8fd9ddf7b1d9\"}],\"headerRowHeight\":\"single\",\"layerId\":\"4a1aa374-6802-4ad3-aaa8-5178d0944859\",\"layerType\":\"data\",\"paging\":{\"enabled\":true,\"size\":10},\"rowHeight\":\"single\"}},\"title\":\"Logon with Explicit Credentials [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":28,\"i\":\"29a0e70a-ab23-4d48-8d4e-9a39c5af47ad\",\"w\":12,\"x\":36,\"y\":34},\"panelIndex\":\"29a0e70a-ab23-4d48-8d4e-9a39c5af47ad\",\"title\":\"Logon with Explicit Credentials [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":46,\"i\":\"28115147-8399-4fcd-95ce-ed0a4f4239e3\",\"w\":25,\"x\":23,\"y\":62},\"panelIndex\":\"28115147-8399-4fcd-95ce-ed0a4f4239e3\",\"panelRefName\":\"panel_28115147-8399-4fcd-95ce-ed0a4f4239e3\",\"title\":\"Logout Details\",\"type\":\"search\",\"version\":\"8.7.0\"}]","timeRestore":false,"title":"[System Windows Security] User Logons","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"system-bae11b00-9bfc-11ea-87e4-49f31ec44891","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"logs-*","name":"1:indexpattern-datasource-layer-0eeae7e3-4be6-439a-8d11-e248d89729c7","type":"index-pattern"},{"id":"logs-*","name":"1:6c0aae98-74e3-48f0-bfe4-01114857e9ea","type":"index-pattern"},{"id":"logs-*","name":"3:indexpattern-datasource-layer-7a52b543-0c01-4543-9ed6-a89dfbdd8b87","type":"index-pattern"},{"id":"logs-*","name":"3:c92cd2bc-c3a2-40cf-8932-aa33cee31978","type":"index-pattern"},{"id":"system-ce71c9a0-a25e-11e9-a422-d144027429da","name":"10:panel_10","type":"search"},{"id":"logs-*","name":"cf50b48e-453c-46fb-ad35-7ccfb7b03de0:indexpattern-datasource-layer-674fcc58-08d6-4ab5-b6cb-671d86391a1f","type":"index-pattern"},{"id":"logs-*","name":"cf50b48e-453c-46fb-ad35-7ccfb7b03de0:0b35b218-725a-492d-8a26-fc07ece4cefa","type":"index-pattern"},{"id":"logs-*","name":"2ccb4f49-c9ee-48a0-b602-f86fa0e21504:indexpattern-datasource-layer-00652829-18f8-4bed-9423-c1b08879fa96","type":"index-pattern"},{"id":"logs-*","name":"2ccb4f49-c9ee-48a0-b602-f86fa0e21504:b48f02eb-a573-4758-a23f-ab02a2379751","type":"index-pattern"},{"id":"system-6f4071a0-7a78-11ea-bc9a-0baf2ca323a3","name":"454bb008-9720-455e-8ab9-b2f47d25aa4f:panel_454bb008-9720-455e-8ab9-b2f47d25aa4f","type":"search"},{"id":"logs-*","name":"29a0e70a-ab23-4d48-8d4e-9a39c5af47ad:indexpattern-datasource-layer-4a1aa374-6802-4ad3-aaa8-5178d0944859","type":"index-pattern"},{"id":"logs-*","name":"29a0e70a-ab23-4d48-8d4e-9a39c5af47ad:d5b55106-1b94-4e5d-af4a-30edbe70102e","type":"index-pattern"},{"id":"system-06b6b060-7a80-11ea-bc9a-0baf2ca323a3","name":"28115147-8399-4fcd-95ce-ed0a4f4239e3:panel_28115147-8399-4fcd-95ce-ed0a4f4239e3","type":"search"},{"id":"system-fleet-managed-default","name":"tag-ref-system-fleet-managed-default","type":"tag"},{"id":"system-fleet-pkg-system-default","name":"tag-ref-system-fleet-pkg-system-default","type":"tag"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-system-default","name":"tag-ref-fleet-pkg-system-default","type":"tag"}],"sort":[1688996741503,8416],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4NDgsMV0="}
+{"attributes":{"description":"Group management activity.","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"system.security\",\"windows.forwarded\",\"windows.security\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"system.security\"}},{\"match_phrase\":{\"data_stream.dataset\":\"windows.forwarded\"}},{\"match_phrase\":{\"data_stream.dataset\":\"windows.security\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"winlog.provider_name\",\"negate\":false,\"params\":{\"query\":\"Microsoft-Windows-Security-Auditing\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"winlog.provider_name\":\"Microsoft-Windows-Security-Auditing\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"useMargins\":false}","panelsJSON":"[{\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":10,\"markdown\":\"# **Group Management Events**\\n\\n#### This dashboard shows information about Group Management Events collected by the Elastic Agent Windows integrations (System, Windows, Custom Windows Event Logs).\\n\",\"openLinksInNewTab\":false},\"title\":\"Group Management Events - Description [Windows System Security]\",\"type\":\"markdown\",\"uiState\":{}}},\"gridData\":{\"h\":7,\"i\":\"22\",\"w\":16,\"x\":0,\"y\":0},\"panelIndex\":\"22\",\"title\":\"\",\"type\":\"visualization\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-bd7f857d-8824-4cfa-b6a9-85f4efdc2623\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"a19c4278-5416-4446-99a1-0c0b841ad56b\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"bd7f857d-8824-4cfa-b6a9-85f4efdc2623\":{\"columnOrder\":[\"7f1d902e-af5f-4b65-a519-9ef6003f7e44\",\"941899f1-1b0a-4ca2-9fd4-ec751ecd6ca3\",\"6aa544a5-ecf4-4401-989d-bf738652c121\",\"2d5bc858-8374-44e4-a40f-0182d750e7c9\",\"7c3baf0b-0f49-4022-b50a-c7d4f6280003\"],\"columns\":{\"2d5bc858-8374-44e4-a40f-0182d750e7c9\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performer LogonID\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"7c3baf0b-0f49-4022-b50a-c7d4f6280003\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.logon.id\"},\"6aa544a5-ecf4-4401-989d-bf738652c121\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performed by\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"7c3baf0b-0f49-4022-b50a-c7d4f6280003\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.SubjectUserName\"},\"7c3baf0b-0f49-4022-b50a-c7d4f6280003\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"7f1d902e-af5f-4b65-a519-9ef6003f7e44\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Group\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"7c3baf0b-0f49-4022-b50a-c7d4f6280003\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":20},\"scale\":\"ordinal\",\"sourceField\":\"group.name\"},\"941899f1-1b0a-4ca2-9fd4-ec751ecd6ca3\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Domain\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"7c3baf0b-0f49-4022-b50a-c7d4f6280003\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"group.domain\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"a19c4278-5416-4446-99a1-0c0b841ad56b\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4731\",\"4727\",\"4754\",\"4744\",\"4759\",\"4779\",\"4790\",\"4783\"],\"type\":\"phrases\",\"value\":\"4731, 4727, 4754, 4744, 4759, 4779, 4790, 4783\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4731\"}},{\"match_phrase\":{\"event.code\":\"4727\"}},{\"match_phrase\":{\"event.code\":\"4754\"}},{\"match_phrase\":{\"event.code\":\"4744\"}},{\"match_phrase\":{\"event.code\":\"4759\"}},{\"match_phrase\":{\"event.code\":\"4779\"}},{\"match_phrase\":{\"event.code\":\"4790\"}},{\"match_phrase\":{\"event.code\":\"4783\"}}]}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"alignment\":\"left\",\"columnId\":\"7c3baf0b-0f49-4022-b50a-c7d4f6280003\"},{\"alignment\":\"left\",\"columnId\":\"7f1d902e-af5f-4b65-a519-9ef6003f7e44\"},{\"alignment\":\"left\",\"columnId\":\"941899f1-1b0a-4ca2-9fd4-ec751ecd6ca3\"},{\"alignment\":\"left\",\"columnId\":\"6aa544a5-ecf4-4401-989d-bf738652c121\"},{\"alignment\":\"left\",\"columnId\":\"2d5bc858-8374-44e4-a40f-0182d750e7c9\"}],\"headerRowHeight\":\"single\",\"layerId\":\"bd7f857d-8824-4cfa-b6a9-85f4efdc2623\",\"layerType\":\"data\",\"paging\":{\"enabled\":true,\"size\":5},\"rowHeight\":\"single\"}},\"title\":\"Groups Created - Table [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":13,\"i\":\"36\",\"w\":9,\"x\":0,\"y\":55},\"panelIndex\":\"36\",\"title\":\"Groups Created - Table [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b600888f-707d-4333-b65c-64ccd1512086\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"c1e670c6-0a4d-4954-82f9-51dc32e07139\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"b600888f-707d-4333-b65c-64ccd1512086\":{\"columnOrder\":[\"c56afdf2-4288-4388-804c-a8d44425a564\",\"bb1a6287-e2d3-4136-9e1c-773f5b041afb\",\"054a5d8e-b121-4790-bd89-f497705b33e4\",\"8e115107-32e4-4af6-b61c-2f8d5442286d\",\"0ae4bc48-8f3e-4bbb-8a14-a47cfa5983f7\"],\"columns\":{\"054a5d8e-b121-4790-bd89-f497705b33e4\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performed by\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0ae4bc48-8f3e-4bbb-8a14-a47cfa5983f7\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.SubjectUserName\"},\"0ae4bc48-8f3e-4bbb-8a14-a47cfa5983f7\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"8e115107-32e4-4af6-b61c-2f8d5442286d\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performer LogonID\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0ae4bc48-8f3e-4bbb-8a14-a47cfa5983f7\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.logon.id\"},\"bb1a6287-e2d3-4136-9e1c-773f5b041afb\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Domain\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0ae4bc48-8f3e-4bbb-8a14-a47cfa5983f7\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"group.domain\"},\"c56afdf2-4288-4388-804c-a8d44425a564\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Group\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0ae4bc48-8f3e-4bbb-8a14-a47cfa5983f7\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":20},\"scale\":\"ordinal\",\"sourceField\":\"group.name\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"c1e670c6-0a4d-4954-82f9-51dc32e07139\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4735\",\"4737\",\"4755\",\"4750\",\"4760\",\"4745\",\"4791\",\"4784\",\"4764\"],\"type\":\"phrases\",\"value\":\"4735, 4737, 4755, 4750, 4760, 4745, 4791, 4784, 4764\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4735\"}},{\"match_phrase\":{\"event.code\":\"4737\"}},{\"match_phrase\":{\"event.code\":\"4755\"}},{\"match_phrase\":{\"event.code\":\"4750\"}},{\"match_phrase\":{\"event.code\":\"4760\"}},{\"match_phrase\":{\"event.code\":\"4745\"}},{\"match_phrase\":{\"event.code\":\"4791\"}},{\"match_phrase\":{\"event.code\":\"4784\"}},{\"match_phrase\":{\"event.code\":\"4764\"}}]}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"alignment\":\"left\",\"columnId\":\"0ae4bc48-8f3e-4bbb-8a14-a47cfa5983f7\"},{\"alignment\":\"left\",\"columnId\":\"c56afdf2-4288-4388-804c-a8d44425a564\"},{\"alignment\":\"left\",\"columnId\":\"bb1a6287-e2d3-4136-9e1c-773f5b041afb\"},{\"alignment\":\"left\",\"columnId\":\"054a5d8e-b121-4790-bd89-f497705b33e4\"},{\"alignment\":\"left\",\"columnId\":\"8e115107-32e4-4af6-b61c-2f8d5442286d\"}],\"headerRowHeight\":\"single\",\"layerId\":\"b600888f-707d-4333-b65c-64ccd1512086\",\"layerType\":\"data\",\"paging\":{\"enabled\":true,\"size\":5},\"rowHeight\":\"single\"}},\"title\":\"Group Changes - Table [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":13,\"i\":\"37\",\"w\":9,\"x\":9,\"y\":55},\"panelIndex\":\"37\",\"title\":\"Group Changes - Table [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-4f4fa0d5-5ea9-45ba-9214-d1fe2310876f\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"3d460e27-249d-4c99-831f-193ccd17f8f4\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"4f4fa0d5-5ea9-45ba-9214-d1fe2310876f\":{\"columnOrder\":[\"f91ab9f5-c2a5-4590-875c-fabf6d047e37\",\"1afb18ce-62b9-4585-9dea-0e4310a67c50\",\"6d13ad70-08bd-44d9-963f-1f8872cc7d79\",\"29662a4b-5326-4531-8996-2b95afb69ed3\",\"9b24429a-7651-4972-aed9-83971847531b\"],\"columns\":{\"1afb18ce-62b9-4585-9dea-0e4310a67c50\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Domain\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"9b24429a-7651-4972-aed9-83971847531b\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"group.domain\"},\"29662a4b-5326-4531-8996-2b95afb69ed3\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performer LogonID\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"9b24429a-7651-4972-aed9-83971847531b\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.logon.id\"},\"6d13ad70-08bd-44d9-963f-1f8872cc7d79\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performed by\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"9b24429a-7651-4972-aed9-83971847531b\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.SubjectUserName\"},\"9b24429a-7651-4972-aed9-83971847531b\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"f91ab9f5-c2a5-4590-875c-fabf6d047e37\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Group\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"9b24429a-7651-4972-aed9-83971847531b\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":20},\"scale\":\"ordinal\",\"sourceField\":\"group.name\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"3d460e27-249d-4c99-831f-193ccd17f8f4\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4734\",\"4730\",\"4758\",\"4748\",\"4763\",\"4753\",\"4792\",\"4789\"],\"type\":\"phrases\",\"value\":\"4734, 4730, 4758, 4748, 4763, 4753, 4792, 4789\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4734\"}},{\"match_phrase\":{\"event.code\":\"4730\"}},{\"match_phrase\":{\"event.code\":\"4758\"}},{\"match_phrase\":{\"event.code\":\"4748\"}},{\"match_phrase\":{\"event.code\":\"4763\"}},{\"match_phrase\":{\"event.code\":\"4753\"}},{\"match_phrase\":{\"event.code\":\"4792\"}},{\"match_phrase\":{\"event.code\":\"4789\"}}]}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"alignment\":\"left\",\"columnId\":\"9b24429a-7651-4972-aed9-83971847531b\"},{\"alignment\":\"left\",\"columnId\":\"f91ab9f5-c2a5-4590-875c-fabf6d047e37\"},{\"alignment\":\"left\",\"columnId\":\"1afb18ce-62b9-4585-9dea-0e4310a67c50\"},{\"alignment\":\"left\",\"columnId\":\"6d13ad70-08bd-44d9-963f-1f8872cc7d79\"},{\"alignment\":\"left\",\"columnId\":\"29662a4b-5326-4531-8996-2b95afb69ed3\"}],\"headerRowHeight\":\"single\",\"layerId\":\"4f4fa0d5-5ea9-45ba-9214-d1fe2310876f\",\"layerType\":\"data\",\"paging\":{\"enabled\":true,\"size\":5},\"rowHeight\":\"single\"}},\"title\":\"Groups Deleted - Table [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":13,\"i\":\"38\",\"w\":9,\"x\":18,\"y\":55},\"panelIndex\":\"38\",\"title\":\"Groups Deleted - Table [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-ec211cdc-aeae-4682-9cc8-deec18aee3d1\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"dcdfe597-2586-47d7-a08a-d204f5caebbb\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"ec211cdc-aeae-4682-9cc8-deec18aee3d1\":{\"columnOrder\":[\"2cef85a9-ce4b-4803-a11a-fb8d474d54b5\",\"a9cfc671-e843-46b8-a08b-173da51037a9\",\"e42f2fdf-510a-4da6-9839-a5678ca093e4\",\"4938a319-1510-4931-8d5f-fd64137d7bda\",\"305d7edd-b815-4333-b542-dd82ceee2ea7\",\"f6418ff7-7f4c-4b47-ada1-effc9abc019e\"],\"columns\":{\"2cef85a9-ce4b-4803-a11a-fb8d474d54b5\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"User\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"f6418ff7-7f4c-4b47-ada1-effc9abc019e\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.MemberName\"},\"305d7edd-b815-4333-b542-dd82ceee2ea7\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performed by Logon ID\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"f6418ff7-7f4c-4b47-ada1-effc9abc019e\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.logon.id\"},\"4938a319-1510-4931-8d5f-fd64137d7bda\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performed by\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"f6418ff7-7f4c-4b47-ada1-effc9abc019e\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"user.name\"},\"a9cfc671-e843-46b8-a08b-173da51037a9\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Group\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"f6418ff7-7f4c-4b47-ada1-effc9abc019e\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"group.name\"},\"e42f2fdf-510a-4da6-9839-a5678ca093e4\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Domain\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"f6418ff7-7f4c-4b47-ada1-effc9abc019e\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"group.domain\"},\"f6418ff7-7f4c-4b47-ada1-effc9abc019e\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"dcdfe597-2586-47d7-a08a-d204f5caebbb\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4732\",\"4728\",\"4756\",\"4751\",\"4761\",\"4746\",\"4785\",\"4787\"],\"type\":\"phrases\",\"value\":\"4732, 4728, 4756, 4751, 4761, 4746, 4785, 4787\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4732\"}},{\"match_phrase\":{\"event.code\":\"4728\"}},{\"match_phrase\":{\"event.code\":\"4756\"}},{\"match_phrase\":{\"event.code\":\"4751\"}},{\"match_phrase\":{\"event.code\":\"4761\"}},{\"match_phrase\":{\"event.code\":\"4746\"}},{\"match_phrase\":{\"event.code\":\"4785\"}},{\"match_phrase\":{\"event.code\":\"4787\"}}]}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"alignment\":\"left\",\"columnId\":\"f6418ff7-7f4c-4b47-ada1-effc9abc019e\"},{\"alignment\":\"left\",\"columnId\":\"2cef85a9-ce4b-4803-a11a-fb8d474d54b5\"},{\"alignment\":\"left\",\"columnId\":\"a9cfc671-e843-46b8-a08b-173da51037a9\"},{\"alignment\":\"left\",\"columnId\":\"e42f2fdf-510a-4da6-9839-a5678ca093e4\"},{\"alignment\":\"left\",\"columnId\":\"4938a319-1510-4931-8d5f-fd64137d7bda\"},{\"alignment\":\"left\",\"columnId\":\"305d7edd-b815-4333-b542-dd82ceee2ea7\"}],\"headerRowHeight\":\"single\",\"layerId\":\"ec211cdc-aeae-4682-9cc8-deec18aee3d1\",\"layerType\":\"data\",\"paging\":{\"enabled\":true,\"size\":5},\"rowHeight\":\"single\"}},\"title\":\"Users Added - Table [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":14,\"i\":\"39\",\"w\":16,\"x\":0,\"y\":75},\"panelIndex\":\"39\",\"title\":\"Users Added - Table [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-ac94b4e8-791d-42c3-923b-d871496199d8\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"ba9b962b-bc66-4c05-89c7-bbcfea69b19d\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"ac94b4e8-791d-42c3-923b-d871496199d8\":{\"columnOrder\":[\"5567fdee-554a-47ce-857f-67d88d8d0525\",\"0bbbe141-f2c1-4d1c-8c97-cdccce1645c4\",\"742898ba-a8f4-4374-8f8e-89e8c8e1d895\",\"48ce407b-3a27-45b2-81a2-c2a7777d5b6b\",\"916dfdf0-0aac-4720-ae54-fae544299b7d\",\"8270757b-487a-4232-a473-2392e043ece1\"],\"columns\":{\"0bbbe141-f2c1-4d1c-8c97-cdccce1645c4\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Group\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"8270757b-487a-4232-a473-2392e043ece1\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"group.name\"},\"48ce407b-3a27-45b2-81a2-c2a7777d5b6b\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performed by\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"8270757b-487a-4232-a473-2392e043ece1\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.SubjectUserName\"},\"5567fdee-554a-47ce-857f-67d88d8d0525\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"User\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"8270757b-487a-4232-a473-2392e043ece1\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.MemberName\"},\"742898ba-a8f4-4374-8f8e-89e8c8e1d895\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Domain\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"8270757b-487a-4232-a473-2392e043ece1\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"group.domain\"},\"8270757b-487a-4232-a473-2392e043ece1\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"916dfdf0-0aac-4720-ae54-fae544299b7d\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Performed by Logon ID\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"8270757b-487a-4232-a473-2392e043ece1\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.logon.id\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"ba9b962b-bc66-4c05-89c7-bbcfea69b19d\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4733\",\"4729\",\"4757\",\"4786\",\"4788\",\"4752\",\"4762\",\"4747\"],\"type\":\"phrases\",\"value\":\"4733, 4729, 4757, 4786, 4788, 4752, 4762, 4747\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4733\"}},{\"match_phrase\":{\"event.code\":\"4729\"}},{\"match_phrase\":{\"event.code\":\"4757\"}},{\"match_phrase\":{\"event.code\":\"4786\"}},{\"match_phrase\":{\"event.code\":\"4788\"}},{\"match_phrase\":{\"event.code\":\"4752\"}},{\"match_phrase\":{\"event.code\":\"4762\"}},{\"match_phrase\":{\"event.code\":\"4747\"}}]}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"alignment\":\"left\",\"columnId\":\"8270757b-487a-4232-a473-2392e043ece1\"},{\"alignment\":\"left\",\"columnId\":\"5567fdee-554a-47ce-857f-67d88d8d0525\"},{\"alignment\":\"left\",\"columnId\":\"0bbbe141-f2c1-4d1c-8c97-cdccce1645c4\"},{\"alignment\":\"left\",\"columnId\":\"742898ba-a8f4-4374-8f8e-89e8c8e1d895\"},{\"alignment\":\"left\",\"columnId\":\"48ce407b-3a27-45b2-81a2-c2a7777d5b6b\"},{\"alignment\":\"left\",\"columnId\":\"916dfdf0-0aac-4720-ae54-fae544299b7d\"}],\"headerRowHeight\":\"single\",\"layerId\":\"ac94b4e8-791d-42c3-923b-d871496199d8\",\"layerType\":\"data\",\"paging\":{\"enabled\":true,\"size\":5},\"rowHeight\":\"single\"}},\"title\":\"Users Removed from Group - Table [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":14,\"i\":\"40\",\"w\":17,\"x\":16,\"y\":75},\"panelIndex\":\"40\",\"title\":\"Users Removed from Group - Table [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-1b283aa0-01f0-4d69-9338-1d312aa7409a\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"5fd25934-f4ed-4561-8e83-22d8642198fe\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"1b283aa0-01f0-4d69-9338-1d312aa7409a\":{\"columnOrder\":[\"bf39160d-a5ee-43ec-8231-c228b273d0db\",\"281b8735-ca43-45ad-b6db-bd7bcfc36ba3\",\"aeac3302-fabf-4396-973b-e3129d83f10b\",\"7e13870d-43ba-4c46-a8d2-fafd4d61636e\",\"32cabe3d-6f07-4dcd-9f86-29a535239e11\"],\"columns\":{\"281b8735-ca43-45ad-b6db-bd7bcfc36ba3\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Domain\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"32cabe3d-6f07-4dcd-9f86-29a535239e11\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"group.domain\"},\"32cabe3d-6f07-4dcd-9f86-29a535239e11\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"7e13870d-43ba-4c46-a8d2-fafd4d61636e\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Creator LogonID\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"32cabe3d-6f07-4dcd-9f86-29a535239e11\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.logon.id\"},\"aeac3302-fabf-4396-973b-e3129d83f10b\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Creator\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"32cabe3d-6f07-4dcd-9f86-29a535239e11\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.SubjectUserName\"},\"bf39160d-a5ee-43ec-8231-c228b273d0db\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Group\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"32cabe3d-6f07-4dcd-9f86-29a535239e11\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":20},\"scale\":\"ordinal\",\"sourceField\":\"group.name\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"5fd25934-f4ed-4561-8e83-22d8642198fe\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4799\"],\"type\":\"phrases\",\"value\":\"4799\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4799\"}}]}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"alignment\":\"left\",\"columnId\":\"32cabe3d-6f07-4dcd-9f86-29a535239e11\"},{\"alignment\":\"left\",\"columnId\":\"bf39160d-a5ee-43ec-8231-c228b273d0db\"},{\"alignment\":\"left\",\"columnId\":\"281b8735-ca43-45ad-b6db-bd7bcfc36ba3\"},{\"alignment\":\"left\",\"columnId\":\"aeac3302-fabf-4396-973b-e3129d83f10b\"},{\"alignment\":\"left\",\"columnId\":\"7e13870d-43ba-4c46-a8d2-fafd4d61636e\"}],\"headerRowHeight\":\"single\",\"layerId\":\"1b283aa0-01f0-4d69-9338-1d312aa7409a\",\"layerType\":\"data\",\"paging\":{\"enabled\":true,\"size\":5},\"rowHeight\":\"single\"}},\"title\":\"Group Enumeration - Table [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":14,\"i\":\"42\",\"w\":15,\"x\":33,\"y\":75},\"panelIndex\":\"42\",\"title\":\"Group Enumeration - Table [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":20,\"i\":\"43\",\"w\":21,\"x\":27,\"y\":48},\"panelIndex\":\"43\",\"panelRefName\":\"panel_43\",\"title\":\"Logon Details  [Windows System Security]\",\"type\":\"search\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":22,\"i\":\"45\",\"w\":48,\"x\":0,\"y\":89},\"panelIndex\":\"45\",\"panelRefName\":\"panel_45\",\"title\":\"Group Management Operations Details [Windows System Security]\",\"type\":\"search\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"[Windows Overview](#/dashboard/system-Windows-Dashboard) | [User Logon Information](#/dashboard/system-bae11b00-9bfc-11ea-87e4-49f31ec44891) | [Logon Failed and Account Lockout](#/dashboard/system-d401ef40-a7d5-11e9-a422-d144027429da) | [User Management Events](#/dashboard/system-71f720f0-ff18-11e9-8405-516218e3d268) | **Group Management Events**\",\"openLinksInNewTab\":false},\"title\":\"Dashboard links  [Windows System Security]\",\"type\":\"markdown\",\"uiState\":{}}},\"gridData\":{\"h\":7,\"i\":\"663e0493-2070-407b-9d00-079915cce7e7\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"663e0493-2070-407b-9d00-079915cce7e7\",\"title\":\"\",\"type\":\"visualization\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-d498ce52-e422-4548-869e-12b54ca2a5de\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"042819ba-9576-492a-9bad-c3febb27fd0d\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"d498ce52-e422-4548-869e-12b54ca2a5de\":{\"columnOrder\":[\"f2f50bd0-9beb-4ed3-a1d1-39970db0d880\",\"a30cd9e9-b0dc-4aa8-871c-57b0e2bce3f5\"],\"columns\":{\"a30cd9e9-b0dc-4aa8-871c-57b0e2bce3f5\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"f2f50bd0-9beb-4ed3-a1d1-39970db0d880\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"event.action: Descending\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"a30cd9e9-b0dc-4aa8-871c-57b0e2bce3f5\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"event.action\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"042819ba-9576-492a-9bad-c3febb27fd0d\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4731\",\"4732\",\"4733\",\"4734\",\"4735\",\"4737\",\"4764\",\"4727\",\"4728\",\"4729\",\"4730\",\"4754\",\"4755\",\"4756\",\"4757\",\"4758\",\"4799\",\"4749\",\"4750\",\"4751\",\"4752\",\"4753\",\"4759\",\"4760\",\"4761\",\"4762\",\"4763\",\"4744\",\"4745\",\"4746\",\"4748\"],\"type\":\"phrases\",\"value\":\"4731, 4732, 4733, 4734, 4735, 4737, 4764, 4727, 4728, 4729, 4730, 4754, 4755, 4756, 4757, 4758, 4799, 4749, 4750, 4751, 4752, 4753, 4759, 4760, 4761, 4762, 4763, 4744, 4745, 4746, 4748\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4731\"}},{\"match_phrase\":{\"event.code\":\"4732\"}},{\"match_phrase\":{\"event.code\":\"4733\"}},{\"match_phrase\":{\"event.code\":\"4734\"}},{\"match_phrase\":{\"event.code\":\"4735\"}},{\"match_phrase\":{\"event.code\":\"4737\"}},{\"match_phrase\":{\"event.code\":\"4764\"}},{\"match_phrase\":{\"event.code\":\"4727\"}},{\"match_phrase\":{\"event.code\":\"4728\"}},{\"match_phrase\":{\"event.code\":\"4729\"}},{\"match_phrase\":{\"event.code\":\"4730\"}},{\"match_phrase\":{\"event.code\":\"4754\"}},{\"match_phrase\":{\"event.code\":\"4755\"}},{\"match_phrase\":{\"event.code\":\"4756\"}},{\"match_phrase\":{\"event.code\":\"4757\"}},{\"match_phrase\":{\"event.code\":\"4758\"}},{\"match_phrase\":{\"event.code\":\"4799\"}},{\"match_phrase\":{\"event.code\":\"4749\"}},{\"match_phrase\":{\"event.code\":\"4750\"}},{\"match_phrase\":{\"event.code\":\"4751\"}},{\"match_phrase\":{\"event.code\":\"4752\"}},{\"match_phrase\":{\"event.code\":\"4753\"}},{\"match_phrase\":{\"event.code\":\"4759\"}},{\"match_phrase\":{\"event.code\":\"4760\"}},{\"match_phrase\":{\"event.code\":\"4761\"}},{\"match_phrase\":{\"event.code\":\"4762\"}},{\"match_phrase\":{\"event.code\":\"4763\"}},{\"match_phrase\":{\"event.code\":\"4744\"}},{\"match_phrase\":{\"event.code\":\"4745\"}},{\"match_phrase\":{\"event.code\":\"4746\"}},{\"match_phrase\":{\"event.code\":\"4748\"}}]}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"hide\",\"emptySizeRatio\":0.3,\"layerId\":\"d498ce52-e422-4548-869e-12b54ca2a5de\",\"layerType\":\"data\",\"legendDisplay\":\"hide\",\"legendMaxLines\":1,\"legendPosition\":\"right\",\"legendSize\":\"auto\",\"metrics\":[\"a30cd9e9-b0dc-4aa8-871c-57b0e2bce3f5\"],\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"percentDecimals\":2,\"primaryGroups\":[\"f2f50bd0-9beb-4ed3-a1d1-39970db0d880\"],\"secondaryGroups\":[],\"showValuesInLegend\":true,\"truncateLegend\":true}],\"shape\":\"pie\"}},\"title\":\"Group Management Events - Event Actions [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":20,\"i\":\"3f7e277d-09d1-4a79-bc17-bc5da5a7e290\",\"w\":20,\"x\":0,\"y\":7},\"panelIndex\":\"3f7e277d-09d1-4a79-bc17-bc5da5a7e290\",\"title\":\"Group Management Events - Event Actions [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b1157a10-8ee7-4ce0-8fa3-3088007e12a6\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"25cdfdc0-53d7-4cf7-b982-a59694f34875\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"b1157a10-8ee7-4ce0-8fa3-3088007e12a6\":{\"columnOrder\":[\"db99025d-1f2b-4d05-8d3d-ad15bbcf252d\",\"9caf1c5b-9f00-47e7-b27e-a2b631145b7f\",\"a5c04a37-1867-4051-8eb5-848d6499a8eb\"],\"columns\":{\"9caf1c5b-9f00-47e7-b27e-a2b631145b7f\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"event.code\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"a5c04a37-1867-4051-8eb5-848d6499a8eb\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"event.code\"},\"a5c04a37-1867-4051-8eb5-848d6499a8eb\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"db99025d-1f2b-4d05-8d3d-ad15bbcf252d\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"event.action\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"a5c04a37-1867-4051-8eb5-848d6499a8eb\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":50},\"scale\":\"ordinal\",\"sourceField\":\"event.action\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"25cdfdc0-53d7-4cf7-b982-a59694f34875\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4731\",\"4732\",\"4733\",\"4734\",\"4735\",\"4737\",\"4764\",\"4727\",\"4728\",\"4729\",\"4730\",\"4754\",\"4755\",\"4756\",\"4757\",\"4758\",\"4799\",\"4749\",\"4750\",\"4751\",\"4752\",\"4753\",\"4759\",\"4760\",\"4761\",\"4762\",\"4763\",\"4744\",\"4745\",\"4746\",\"4748\"],\"type\":\"phrases\",\"value\":\"4731, 4732, 4733, 4734, 4735, 4737, 4764, 4727, 4728, 4729, 4730, 4754, 4755, 4756, 4757, 4758, 4799, 4749, 4750, 4751, 4752, 4753, 4759, 4760, 4761, 4762, 4763, 4744, 4745, 4746, 4748\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4731\"}},{\"match_phrase\":{\"event.code\":\"4732\"}},{\"match_phrase\":{\"event.code\":\"4733\"}},{\"match_phrase\":{\"event.code\":\"4734\"}},{\"match_phrase\":{\"event.code\":\"4735\"}},{\"match_phrase\":{\"event.code\":\"4737\"}},{\"match_phrase\":{\"event.code\":\"4764\"}},{\"match_phrase\":{\"event.code\":\"4727\"}},{\"match_phrase\":{\"event.code\":\"4728\"}},{\"match_phrase\":{\"event.code\":\"4729\"}},{\"match_phrase\":{\"event.code\":\"4730\"}},{\"match_phrase\":{\"event.code\":\"4754\"}},{\"match_phrase\":{\"event.code\":\"4755\"}},{\"match_phrase\":{\"event.code\":\"4756\"}},{\"match_phrase\":{\"event.code\":\"4757\"}},{\"match_phrase\":{\"event.code\":\"4758\"}},{\"match_phrase\":{\"event.code\":\"4799\"}},{\"match_phrase\":{\"event.code\":\"4749\"}},{\"match_phrase\":{\"event.code\":\"4750\"}},{\"match_phrase\":{\"event.code\":\"4751\"}},{\"match_phrase\":{\"event.code\":\"4752\"}},{\"match_phrase\":{\"event.code\":\"4753\"}},{\"match_phrase\":{\"event.code\":\"4759\"}},{\"match_phrase\":{\"event.code\":\"4760\"}},{\"match_phrase\":{\"event.code\":\"4761\"}},{\"match_phrase\":{\"event.code\":\"4762\"}},{\"match_phrase\":{\"event.code\":\"4763\"}},{\"match_phrase\":{\"event.code\":\"4744\"}},{\"match_phrase\":{\"event.code\":\"4745\"}},{\"match_phrase\":{\"event.code\":\"4746\"}},{\"match_phrase\":{\"event.code\":\"4748\"}}]}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"},\"visualization\":{\"columns\":[{\"alignment\":\"left\",\"columnId\":\"a5c04a37-1867-4051-8eb5-848d6499a8eb\"},{\"alignment\":\"left\",\"columnId\":\"db99025d-1f2b-4d05-8d3d-ad15bbcf252d\"},{\"alignment\":\"left\",\"columnId\":\"9caf1c5b-9f00-47e7-b27e-a2b631145b7f\"}],\"headerRowHeight\":\"single\",\"layerId\":\"b1157a10-8ee7-4ce0-8fa3-3088007e12a6\",\"layerType\":\"data\",\"paging\":{\"enabled\":true,\"size\":10},\"rowHeight\":\"single\"}},\"title\":\"Group Management Events - Event Actions - Table [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":20,\"i\":\"74edddd5-2dc5-41b8-b4f2-bf9c95218f1b\",\"w\":12,\"x\":20,\"y\":7},\"panelIndex\":\"74edddd5-2dc5-41b8-b4f2-bf9c95218f1b\",\"title\":\"Group Management Events - Event Actions - Table [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-066e9369-184c-4225-b244-7e8d029e52c1\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"066e9369-184c-4225-b244-7e8d029e52c1\":{\"columnOrder\":[\"08302e5a-7a5e-4352-9ff3-2ce5b44cbed8\",\"603e57fe-6201-45e9-940c-860540f0c65d\"],\"columns\":{\"08302e5a-7a5e-4352-9ff3-2ce5b44cbed8\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Target Groups\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"603e57fe-6201-45e9-940c-860540f0c65d\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"group.name\"},\"603e57fe-6201-45e9-940c-860540f0c65d\":{\"customLabel\":false,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"603e57fe-6201-45e9-940c-860540f0c65d\"],\"layerId\":\"066e9369-184c-4225-b244-7e8d029e52c1\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"xAccessor\":\"08302e5a-7a5e-4352-9ff3-2ce5b44cbed8\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_horizontal\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":20,\"i\":\"3016efc8-187d-4630-892d-af2160a584d7\",\"w\":16,\"x\":32,\"y\":7},\"panelIndex\":\"3016efc8-187d-4630-892d-af2160a584d7\",\"title\":\"Group Management Events - Target Groups  [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-d80f3769-ceeb-46ac-888d-8177bbbfa43c\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"5e7b0749-4021-4e07-a255-71965ec7f574\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"d80f3769-ceeb-46ac-888d-8177bbbfa43c\":{\"columnOrder\":[\"be908dc7-f6ac-4c18-aa16-9f95629da6f4\",\"24b9ffd8-1bb0-4c0b-a1d4-f2f8ef4083c0\",\"3189a302-09f6-44a0-9a0a-049c578c4b18\"],\"columns\":{\"24b9ffd8-1bb0-4c0b-a1d4-f2f8ef4083c0\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Actions\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"3189a302-09f6-44a0-9a0a-049c578c4b18\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"event.action\"},\"3189a302-09f6-44a0-9a0a-049c578c4b18\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"be908dc7-f6ac-4c18-aa16-9f95629da6f4\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Target Groups\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"3189a302-09f6-44a0-9a0a-049c578c4b18\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":20},\"scale\":\"ordinal\",\"sourceField\":\"group.name\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"5e7b0749-4021-4e07-a255-71965ec7f574\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4731\",\"4732\",\"4733\",\"4734\",\"4735\",\"4737\",\"4764\",\"4727\",\"4728\",\"4729\",\"4730\",\"4754\",\"4755\",\"4756\",\"4757\",\"4758\",\"4799\",\"4749\",\"4750\",\"4751\",\"4752\",\"4753\",\"4759\",\"4760\",\"4761\",\"4762\",\"4763\",\"4744\",\"4745\",\"4746\",\"4748\"],\"type\":\"phrases\",\"value\":\"4731, 4732, 4733, 4734, 4735, 4737, 4764, 4727, 4728, 4729, 4730, 4754, 4755, 4756, 4757, 4758, 4799, 4749, 4750, 4751, 4752, 4753, 4759, 4760, 4761, 4762, 4763, 4744, 4745, 4746, 4748\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4731\"}},{\"match_phrase\":{\"event.code\":\"4732\"}},{\"match_phrase\":{\"event.code\":\"4733\"}},{\"match_phrase\":{\"event.code\":\"4734\"}},{\"match_phrase\":{\"event.code\":\"4735\"}},{\"match_phrase\":{\"event.code\":\"4737\"}},{\"match_phrase\":{\"event.code\":\"4764\"}},{\"match_phrase\":{\"event.code\":\"4727\"}},{\"match_phrase\":{\"event.code\":\"4728\"}},{\"match_phrase\":{\"event.code\":\"4729\"}},{\"match_phrase\":{\"event.code\":\"4730\"}},{\"match_phrase\":{\"event.code\":\"4754\"}},{\"match_phrase\":{\"event.code\":\"4755\"}},{\"match_phrase\":{\"event.code\":\"4756\"}},{\"match_phrase\":{\"event.code\":\"4757\"}},{\"match_phrase\":{\"event.code\":\"4758\"}},{\"match_phrase\":{\"event.code\":\"4799\"}},{\"match_phrase\":{\"event.code\":\"4749\"}},{\"match_phrase\":{\"event.code\":\"4750\"}},{\"match_phrase\":{\"event.code\":\"4751\"}},{\"match_phrase\":{\"event.code\":\"4752\"}},{\"match_phrase\":{\"event.code\":\"4753\"}},{\"match_phrase\":{\"event.code\":\"4759\"}},{\"match_phrase\":{\"event.code\":\"4760\"}},{\"match_phrase\":{\"event.code\":\"4761\"}},{\"match_phrase\":{\"event.code\":\"4762\"}},{\"match_phrase\":{\"event.code\":\"4763\"}},{\"match_phrase\":{\"event.code\":\"4744\"}},{\"match_phrase\":{\"event.code\":\"4745\"}},{\"match_phrase\":{\"event.code\":\"4746\"}},{\"match_phrase\":{\"event.code\":\"4748\"}}]}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"},\"visualization\":{\"gridConfig\":{\"isCellLabelVisible\":true,\"isXAxisLabelVisible\":true,\"isXAxisTitleVisible\":true,\"isYAxisLabelVisible\":true,\"isYAxisTitleVisible\":true,\"type\":\"heatmap_grid\"},\"layerId\":\"d80f3769-ceeb-46ac-888d-8177bbbfa43c\",\"layerType\":\"data\",\"legend\":{\"position\":\"right\",\"type\":\"heatmap_legend\"},\"palette\":{\"accessor\":\"3189a302-09f6-44a0-9a0a-049c578c4b18\",\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#F7FBFF\",\"stop\":0},{\"color\":\"#C3DBEE\",\"stop\":25},{\"color\":\"#6DAED5\",\"stop\":50},{\"color\":\"#2271B3\",\"stop\":75}],\"continuity\":\"none\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":100,\"rangeMin\":0,\"rangeType\":\"percent\",\"reverse\":false,\"stops\":[{\"color\":\"#F7FBFF\",\"stop\":25},{\"color\":\"#C3DBEE\",\"stop\":50},{\"color\":\"#6DAED5\",\"stop\":75},{\"color\":\"#2271B3\",\"stop\":100}]},\"type\":\"palette\"},\"shape\":\"heatmap\",\"valueAccessor\":\"3189a302-09f6-44a0-9a0a-049c578c4b18\",\"xAccessor\":\"be908dc7-f6ac-4c18-aa16-9f95629da6f4\",\"yAccessor\":\"24b9ffd8-1bb0-4c0b-a1d4-f2f8ef4083c0\"}},\"title\":\"Group Management Events - Groups vs Actions - Heatmap [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsHeatmap\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":21,\"i\":\"33cef054-615a-49cb-bb2e-eb55fab96ae5\",\"w\":27,\"x\":0,\"y\":27},\"panelIndex\":\"33cef054-615a-49cb-bb2e-eb55fab96ae5\",\"title\":\"Group Management Events - Groups vs Actions - Heatmap [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-f3ae7a76-3702-4e40-aa81-849598fa2b3c\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"b7ec06e9-b2f3-4ec6-813b-e8cc45150c28\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"f3ae7a76-3702-4e40-aa81-849598fa2b3c\":{\"columnOrder\":[\"04168b99-2dd3-40c8-b444-bc949803664e\",\"f7b7059a-8e4d-4538-b28f-35d597944976\",\"27e21c84-c884-4a36-8e48-88d42cdc286d\"],\"columns\":{\"04168b99-2dd3-40c8-b444-bc949803664e\":{\"customLabel\":true,\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":false,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"27e21c84-c884-4a36-8e48-88d42cdc286d\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"f7b7059a-8e4d-4538-b28f-35d597944976\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"event.action: Descending\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"27e21c84-c884-4a36-8e48-88d42cdc286d\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":25},\"scale\":\"ordinal\",\"sourceField\":\"event.action\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"b7ec06e9-b2f3-4ec6-813b-e8cc45150c28\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4731\",\"4732\",\"4733\",\"4734\",\"4735\",\"4737\",\"4764\",\"4727\",\"4728\",\"4729\",\"4730\",\"4754\",\"4755\",\"4756\",\"4757\",\"4758\",\"4799\",\"4749\",\"4750\",\"4751\",\"4752\",\"4753\",\"4759\",\"4760\",\"4761\",\"4762\",\"4763\",\"4744\",\"4745\",\"4746\",\"4748\"],\"type\":\"phrases\",\"value\":\"4731, 4732, 4733, 4734, 4735, 4737, 4764, 4727, 4728, 4729, 4730, 4754, 4755, 4756, 4757, 4758, 4799, 4749, 4750, 4751, 4752, 4753, 4759, 4760, 4761, 4762, 4763, 4744, 4745, 4746, 4748\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4731\"}},{\"match_phrase\":{\"event.code\":\"4732\"}},{\"match_phrase\":{\"event.code\":\"4733\"}},{\"match_phrase\":{\"event.code\":\"4734\"}},{\"match_phrase\":{\"event.code\":\"4735\"}},{\"match_phrase\":{\"event.code\":\"4737\"}},{\"match_phrase\":{\"event.code\":\"4764\"}},{\"match_phrase\":{\"event.code\":\"4727\"}},{\"match_phrase\":{\"event.code\":\"4728\"}},{\"match_phrase\":{\"event.code\":\"4729\"}},{\"match_phrase\":{\"event.code\":\"4730\"}},{\"match_phrase\":{\"event.code\":\"4754\"}},{\"match_phrase\":{\"event.code\":\"4755\"}},{\"match_phrase\":{\"event.code\":\"4756\"}},{\"match_phrase\":{\"event.code\":\"4757\"}},{\"match_phrase\":{\"event.code\":\"4758\"}},{\"match_phrase\":{\"event.code\":\"4799\"}},{\"match_phrase\":{\"event.code\":\"4749\"}},{\"match_phrase\":{\"event.code\":\"4750\"}},{\"match_phrase\":{\"event.code\":\"4751\"}},{\"match_phrase\":{\"event.code\":\"4752\"}},{\"match_phrase\":{\"event.code\":\"4753\"}},{\"match_phrase\":{\"event.code\":\"4759\"}},{\"match_phrase\":{\"event.code\":\"4760\"}},{\"match_phrase\":{\"event.code\":\"4761\"}},{\"match_phrase\":{\"event.code\":\"4762\"}},{\"match_phrase\":{\"event.code\":\"4763\"}},{\"match_phrase\":{\"event.code\":\"4744\"}},{\"match_phrase\":{\"event.code\":\"4745\"}},{\"match_phrase\":{\"event.code\":\"4746\"}},{\"match_phrase\":{\"event.code\":\"4748\"}}]}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"curveType\":\"LINEAR\",\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":false},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":-90},\"layers\":[{\"accessors\":[\"27e21c84-c884-4a36-8e48-88d42cdc286d\"],\"isHistogram\":true,\"layerId\":\"f3ae7a76-3702-4e40-aa81-849598fa2b3c\",\"layerType\":\"data\",\"seriesType\":\"bar_stacked\",\"simpleView\":false,\"splitAccessor\":\"f7b7059a-8e4d-4538-b28f-35d597944976\",\"xAccessor\":\"04168b99-2dd3-40c8-b444-bc949803664e\",\"xScaleType\":\"time\",\"yConfig\":[{\"axisMode\":\"left\",\"forAccessor\":\"27e21c84-c884-4a36-8e48-88d42cdc286d\"}]}],\"legend\":{\"isVisible\":true,\"legendSize\":\"auto\",\"maxLines\":1,\"position\":\"right\",\"shouldTruncate\":true,\"showSingleSeries\":true},\"preferredSeriesType\":\"bar_stacked\",\"showCurrentTimeMarker\":false,\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"valuesInLegend\":false,\"yLeftExtent\":{\"enforce\":true,\"mode\":\"full\"},\"yLeftScale\":\"linear\",\"yRightScale\":\"linear\",\"yTitle\":\"Count\"}},\"title\":\"Group Management Action Distribution over Time [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":21,\"i\":\"e0d495aa-f897-403f-815b-6116fae330b7\",\"w\":21,\"x\":27,\"y\":27},\"panelIndex\":\"e0d495aa-f897-403f-815b-6116fae330b7\",\"title\":\"Group Management Action Distribution over Time [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[],\"state\":{\"adHocDataViews\":{\"tsvb_ad_hoc_logs-*/@timestamp\":{\"allowNoIndex\":false,\"fieldAttrs\":{},\"fieldFormats\":{},\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"logs-*\",\"runtimeFieldMap\":{},\"sourceFilters\":[],\"timeFieldName\":\"@timestamp\",\"title\":\"logs-*\"}},\"datasourceStates\":{\"formBased\":{\"layers\":{\"acb39e04-812e-47cc-b982-fabce6e6ec94\":{\"columnOrder\":[\"628ee1fd-9f6f-4c72-b373-49fccf7806ba\"],\"columns\":{\"628ee1fd-9f6f-4c72-b373-49fccf7806ba\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"event.code:4731 OR event.code:4727 OR event.code:\\\"4754\\\" OR event.code:\\\"4749\\\" OR event.code:\\\"4759\\\"  OR event.code:\\\"4744\\\"  OR event.code:\\\"4783\\\"  OR event.code:\\\"4790\\\"\"},\"isBucketed\":false,\"label\":\"Groups Created\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[{\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"indexpattern-datasource-layer-acb39e04-812e-47cc-b982-fabce6e6ec94\",\"type\":\"index-pattern\"}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"628ee1fd-9f6f-4c72-b373-49fccf7806ba\",\"colorMode\":\"Background\",\"layerId\":\"acb39e04-812e-47cc-b982-fabce6e6ec94\",\"layerType\":\"data\",\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#D0D0D0\",\"stop\":null},{\"color\":\"#cc5642\",\"stop\":1}],\"continuity\":\"all\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":null,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#D0D0D0\",\"stop\":1},{\"color\":\"#cc5642\",\"stop\":2}]},\"type\":\"palette\"}}},\"title\":\"TSVB visualization\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":7,\"i\":\"e861343c-a5c9-4a8f-aacf-175a2d697587\",\"w\":9,\"x\":0,\"y\":48},\"panelIndex\":\"e861343c-a5c9-4a8f-aacf-175a2d697587\",\"title\":\"\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[],\"state\":{\"adHocDataViews\":{\"tsvb_ad_hoc_logs-*/@timestamp\":{\"allowNoIndex\":false,\"fieldAttrs\":{},\"fieldFormats\":{},\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"logs-*\",\"runtimeFieldMap\":{},\"sourceFilters\":[],\"timeFieldName\":\"@timestamp\",\"title\":\"logs-*\"}},\"datasourceStates\":{\"formBased\":{\"layers\":{\"87aea4f8-5513-4348-b6e3-3f15ef52448f\":{\"columnOrder\":[\"442cce25-7692-4749-9adb-c342d5fcdecd\"],\"columns\":{\"442cce25-7692-4749-9adb-c342d5fcdecd\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"event.code:4735 OR event.code:4737 OR event.code:\\\"4755\\\" OR event.code:\\\"4764\\\"  OR event.code:\\\"4750\\\" OR event.code:\\\"4760\\\" OR event.code:\\\"4745\\\" OR event.code:\\\"4784\\\" OR event.code:\\\"4791\\\"\"},\"isBucketed\":false,\"label\":\"Groups Changed\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[{\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"indexpattern-datasource-layer-87aea4f8-5513-4348-b6e3-3f15ef52448f\",\"type\":\"index-pattern\"}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"442cce25-7692-4749-9adb-c342d5fcdecd\",\"colorMode\":\"Background\",\"layerId\":\"87aea4f8-5513-4348-b6e3-3f15ef52448f\",\"layerType\":\"data\",\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#D0D0D0\",\"stop\":null},{\"color\":\"#d6bf57\",\"stop\":1}],\"continuity\":\"all\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":null,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#D0D0D0\",\"stop\":1},{\"color\":\"#d6bf57\",\"stop\":104}]},\"type\":\"palette\"}}},\"title\":\"TSVB visualization\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":7,\"i\":\"36142fad-01b3-43eb-a7c5-1b71fa6aa3bc\",\"w\":9,\"x\":9,\"y\":48},\"panelIndex\":\"36142fad-01b3-43eb-a7c5-1b71fa6aa3bc\",\"title\":\"\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[],\"state\":{\"adHocDataViews\":{\"tsvb_ad_hoc_logs-*/@timestamp\":{\"allowNoIndex\":false,\"fieldAttrs\":{},\"fieldFormats\":{},\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"logs-*\",\"runtimeFieldMap\":{},\"sourceFilters\":[],\"timeFieldName\":\"@timestamp\",\"title\":\"logs-*\"}},\"datasourceStates\":{\"formBased\":{\"layers\":{\"52b8f6c3-23ba-42d7-94b3-b28380016e21\":{\"columnOrder\":[\"e9922ed6-8940-4348-975a-39c8a936a46c\"],\"columns\":{\"e9922ed6-8940-4348-975a-39c8a936a46c\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"event.code:4734 OR event.code:4730 OR event.code:4758 OR event.code:4753  OR event.code:4763  OR event.code:4748  OR event.code:4789  OR event.code:4792\"},\"isBucketed\":false,\"label\":\"Groups Deleted\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[{\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"indexpattern-datasource-layer-52b8f6c3-23ba-42d7-94b3-b28380016e21\",\"type\":\"index-pattern\"}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"e9922ed6-8940-4348-975a-39c8a936a46c\",\"colorMode\":\"Background\",\"layerId\":\"52b8f6c3-23ba-42d7-94b3-b28380016e21\",\"layerType\":\"data\",\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#D0D0D0\",\"stop\":null},{\"color\":\"#DA8B45\",\"stop\":1}],\"continuity\":\"all\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":null,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#D0D0D0\",\"stop\":1},{\"color\":\"#DA8B45\",\"stop\":2}]},\"type\":\"palette\"}}},\"title\":\"TSVB visualization\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":7,\"i\":\"b03662fb-926d-49e0-b543-18ae6f526395\",\"w\":9,\"x\":18,\"y\":48},\"panelIndex\":\"b03662fb-926d-49e0-b543-18ae6f526395\",\"title\":\"\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[],\"state\":{\"adHocDataViews\":{\"tsvb_ad_hoc_logs-*/@timestamp\":{\"allowNoIndex\":false,\"fieldAttrs\":{},\"fieldFormats\":{},\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"logs-*\",\"runtimeFieldMap\":{},\"sourceFilters\":[],\"timeFieldName\":\"@timestamp\",\"title\":\"logs-*\"}},\"datasourceStates\":{\"formBased\":{\"layers\":{\"914f2ede-b9f6-4cb5-8b54-f4bcd6be6466\":{\"columnOrder\":[\"f8c7d2ef-cd6e-4aa7-a912-7bebc89579f4\"],\"columns\":{\"f8c7d2ef-cd6e-4aa7-a912-7bebc89579f4\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"event.code:4731 OR event.code:4727 OR event.code:\\\"4754\\\" OR event.code:\\\"4749\\\" OR event.code:\\\"4759\\\"  OR event.code:\\\"4744\\\"  OR event.code:\\\"4783\\\"  OR event.code:\\\"4790\\\"\"},\"isBucketed\":false,\"label\":\"Users Added to Group\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[{\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"indexpattern-datasource-layer-914f2ede-b9f6-4cb5-8b54-f4bcd6be6466\",\"type\":\"index-pattern\"}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"f8c7d2ef-cd6e-4aa7-a912-7bebc89579f4\",\"colorMode\":\"Background\",\"layerId\":\"914f2ede-b9f6-4cb5-8b54-f4bcd6be6466\",\"layerType\":\"data\",\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#D0D0D0\",\"stop\":null},{\"color\":\"#AA6556\",\"stop\":0}],\"continuity\":\"all\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":null,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#D0D0D0\",\"stop\":0},{\"color\":\"#AA6556\",\"stop\":1}]},\"type\":\"palette\"}}},\"title\":\"TSVB visualization\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":7,\"i\":\"744ba653-cbed-4af4-8114-ebe20b7ce075\",\"w\":16,\"x\":0,\"y\":68},\"panelIndex\":\"744ba653-cbed-4af4-8114-ebe20b7ce075\",\"title\":\"\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[],\"state\":{\"adHocDataViews\":{\"tsvb_ad_hoc_logs-*/@timestamp\":{\"allowNoIndex\":false,\"fieldAttrs\":{},\"fieldFormats\":{},\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"logs-*\",\"runtimeFieldMap\":{},\"sourceFilters\":[],\"timeFieldName\":\"@timestamp\",\"title\":\"logs-*\"}},\"datasourceStates\":{\"formBased\":{\"layers\":{\"b646c7ff-6c54-479c-af9a-882661bac81d\":{\"columnOrder\":[\"2ecb3e68-af02-4281-9a6d-f4ca2a460626\"],\"columns\":{\"2ecb3e68-af02-4281-9a6d-f4ca2a460626\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"event.code:4733 OR  event.code:4729 OR event.code:4788 OR event.code:4786 OR event.code:4752 OR event.code:4762 OR event.code:4747\"},\"isBucketed\":false,\"label\":\"Users Removed from Group\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[{\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"indexpattern-datasource-layer-b646c7ff-6c54-479c-af9a-882661bac81d\",\"type\":\"index-pattern\"}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"2ecb3e68-af02-4281-9a6d-f4ca2a460626\",\"colorMode\":\"Background\",\"layerId\":\"b646c7ff-6c54-479c-af9a-882661bac81d\",\"layerType\":\"data\",\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#D0D0D0\",\"stop\":null},{\"color\":\"#DA8B45\",\"stop\":1}],\"continuity\":\"all\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":null,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#D0D0D0\",\"stop\":1},{\"color\":\"#DA8B45\",\"stop\":2}]},\"type\":\"palette\"}}},\"title\":\"TSVB visualization\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":7,\"i\":\"81b505b6-9694-40ed-8800-dfc5f41af3c8\",\"w\":17,\"x\":16,\"y\":68},\"panelIndex\":\"81b505b6-9694-40ed-8800-dfc5f41af3c8\",\"title\":\"\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[],\"state\":{\"adHocDataViews\":{\"tsvb_ad_hoc_logs-*/@timestamp\":{\"allowNoIndex\":false,\"fieldAttrs\":{},\"fieldFormats\":{},\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"logs-*\",\"runtimeFieldMap\":{},\"sourceFilters\":[],\"timeFieldName\":\"@timestamp\",\"title\":\"logs-*\"}},\"datasourceStates\":{\"formBased\":{\"layers\":{\"92834d49-5d90-4296-a0e8-331ac3426c63\":{\"columnOrder\":[\"e4ff5d2c-bdd4-4c47-ada1-129834297614\"],\"columns\":{\"e4ff5d2c-bdd4-4c47-ada1-129834297614\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"event.code:4799\"},\"isBucketed\":false,\"label\":\"Group Membership Enumeration\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[{\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"indexpattern-datasource-layer-92834d49-5d90-4296-a0e8-331ac3426c63\",\"type\":\"index-pattern\"}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"e4ff5d2c-bdd4-4c47-ada1-129834297614\",\"colorMode\":\"Background\",\"layerId\":\"92834d49-5d90-4296-a0e8-331ac3426c63\",\"layerType\":\"data\",\"palette\":{\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#D0D0D0\",\"stop\":null},{\"color\":\"#808080\",\"stop\":1}],\"continuity\":\"all\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":null,\"rangeMin\":null,\"rangeType\":\"number\",\"reverse\":false,\"steps\":3,\"stops\":[{\"color\":\"#D0D0D0\",\"stop\":1},{\"color\":\"#808080\",\"stop\":71658}]},\"type\":\"palette\"}}},\"title\":\"TSVB visualization\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":7,\"i\":\"2c3d475b-54d9-472a-b97a-03a37d7c944b\",\"w\":15,\"x\":33,\"y\":68},\"panelIndex\":\"2c3d475b-54d9-472a-b97a-03a37d7c944b\",\"title\":\"\",\"type\":\"lens\",\"version\":\"8.7.0\"}]","timeRestore":false,"title":"[System Windows Security] Group Management Events","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"system-bb858830-f412-11e9-8405-516218e3d268","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"logs-*","name":"36:indexpattern-datasource-layer-bd7f857d-8824-4cfa-b6a9-85f4efdc2623","type":"index-pattern"},{"id":"logs-*","name":"36:a19c4278-5416-4446-99a1-0c0b841ad56b","type":"index-pattern"},{"id":"logs-*","name":"37:indexpattern-datasource-layer-b600888f-707d-4333-b65c-64ccd1512086","type":"index-pattern"},{"id":"logs-*","name":"37:c1e670c6-0a4d-4954-82f9-51dc32e07139","type":"index-pattern"},{"id":"logs-*","name":"38:indexpattern-datasource-layer-4f4fa0d5-5ea9-45ba-9214-d1fe2310876f","type":"index-pattern"},{"id":"logs-*","name":"38:3d460e27-249d-4c99-831f-193ccd17f8f4","type":"index-pattern"},{"id":"logs-*","name":"39:indexpattern-datasource-layer-ec211cdc-aeae-4682-9cc8-deec18aee3d1","type":"index-pattern"},{"id":"logs-*","name":"39:dcdfe597-2586-47d7-a08a-d204f5caebbb","type":"index-pattern"},{"id":"logs-*","name":"40:indexpattern-datasource-layer-ac94b4e8-791d-42c3-923b-d871496199d8","type":"index-pattern"},{"id":"logs-*","name":"40:ba9b962b-bc66-4c05-89c7-bbcfea69b19d","type":"index-pattern"},{"id":"logs-*","name":"42:indexpattern-datasource-layer-1b283aa0-01f0-4d69-9338-1d312aa7409a","type":"index-pattern"},{"id":"logs-*","name":"42:5fd25934-f4ed-4561-8e83-22d8642198fe","type":"index-pattern"},{"id":"system-7e178c80-fee1-11e9-8405-516218e3d268","name":"43:panel_43","type":"search"},{"id":"system-9066d5b0-fef2-11e9-8405-516218e3d268","name":"45:panel_45","type":"search"},{"id":"logs-*","name":"3f7e277d-09d1-4a79-bc17-bc5da5a7e290:indexpattern-datasource-layer-d498ce52-e422-4548-869e-12b54ca2a5de","type":"index-pattern"},{"id":"logs-*","name":"3f7e277d-09d1-4a79-bc17-bc5da5a7e290:042819ba-9576-492a-9bad-c3febb27fd0d","type":"index-pattern"},{"id":"logs-*","name":"74edddd5-2dc5-41b8-b4f2-bf9c95218f1b:indexpattern-datasource-layer-b1157a10-8ee7-4ce0-8fa3-3088007e12a6","type":"index-pattern"},{"id":"logs-*","name":"74edddd5-2dc5-41b8-b4f2-bf9c95218f1b:25cdfdc0-53d7-4cf7-b982-a59694f34875","type":"index-pattern"},{"id":"logs-*","name":"3016efc8-187d-4630-892d-af2160a584d7:indexpattern-datasource-layer-066e9369-184c-4225-b244-7e8d029e52c1","type":"index-pattern"},{"id":"logs-*","name":"33cef054-615a-49cb-bb2e-eb55fab96ae5:indexpattern-datasource-layer-d80f3769-ceeb-46ac-888d-8177bbbfa43c","type":"index-pattern"},{"id":"logs-*","name":"33cef054-615a-49cb-bb2e-eb55fab96ae5:5e7b0749-4021-4e07-a255-71965ec7f574","type":"index-pattern"},{"id":"logs-*","name":"e0d495aa-f897-403f-815b-6116fae330b7:indexpattern-datasource-layer-f3ae7a76-3702-4e40-aa81-849598fa2b3c","type":"index-pattern"},{"id":"logs-*","name":"e0d495aa-f897-403f-815b-6116fae330b7:b7ec06e9-b2f3-4ec6-813b-e8cc45150c28","type":"index-pattern"},{"id":"system-fleet-managed-default","name":"tag-ref-system-fleet-managed-default","type":"tag"},{"id":"system-fleet-pkg-system-default","name":"tag-ref-system-fleet-pkg-system-default","type":"tag"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-system-default","name":"tag-ref-fleet-pkg-system-default","type":"tag"}],"sort":[1688996741503,8446],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4NDksMV0="}
+{"attributes":{"description":"Failed and blocked accounts.","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":[\"system.security\",\"windows.forwarded\",\"windows.security\"],\"type\":\"phrases\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"data_stream.dataset\":\"system.security\"}},{\"match_phrase\":{\"data_stream.dataset\":\"windows.forwarded\"}},{\"match_phrase\":{\"data_stream.dataset\":\"windows.security\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"winlog.provider_name\",\"negate\":false,\"params\":{\"query\":\"Microsoft-Windows-Security-Auditing\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"winlog.provider_name\":\"Microsoft-Windows-Security-Auditing\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"useMargins\":false}","panelsJSON":"[{\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":10,\"markdown\":\"### **Failed Logons and Account Lockouts**\",\"openLinksInNewTab\":false},\"title\":\"Failed Logon and Account Lockout [Windows System Security]\",\"type\":\"markdown\",\"uiState\":{}}},\"gridData\":{\"h\":7,\"i\":\"1\",\"w\":14,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"title\":\"\",\"type\":\"visualization\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-51928276-cada-4ce4-8054-672e298c095f\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"c5560265-9668-4020-acf5-2f125a50e192\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"51928276-cada-4ce4-8054-672e298c095f\":{\"columnOrder\":[\"07d2d99e-f8e9-4d2c-9361-637a3e327459\",\"1e7f30e1-cab2-4099-a7c1-6debb680be54\"],\"columns\":{\"07d2d99e-f8e9-4d2c-9361-637a3e327459\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Filters\",\"operationType\":\"filters\",\"params\":{\"filters\":[{\"input\":{\"language\":\"lucene\",\"query\":\"event.code: 4624\"},\"label\":\"Successful Logon\"},{\"input\":{\"language\":\"lucene\",\"query\":\"event.code: 4625\"},\"label\":\"Failed Logons\"}]},\"scale\":\"ordinal\"},\"1e7f30e1-cab2-4099-a7c1-6debb680be54\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"c5560265-9668-4020-acf5-2f125a50e192\",\"key\":\"winlog.provider_name\",\"negate\":false,\"params\":{\"query\":\"Microsoft-Windows-Security-Auditing\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"winlog.provider_name\":\"Microsoft-Windows-Security-Auditing\"}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"hide\",\"emptySizeRatio\":0.3,\"layerId\":\"51928276-cada-4ce4-8054-672e298c095f\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"legendMaxLines\":1,\"legendPosition\":\"bottom\",\"legendSize\":\"auto\",\"metrics\":[\"1e7f30e1-cab2-4099-a7c1-6debb680be54\"],\"nestedLegend\":false,\"numberDisplay\":\"percent\",\"percentDecimals\":2,\"primaryGroups\":[\"07d2d99e-f8e9-4d2c-9361-637a3e327459\"],\"secondaryGroups\":[],\"showValuesInLegend\":true,\"truncateLegend\":true}],\"shape\":\"pie\"}},\"title\":\"Logon Successful vs Failed [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":18,\"i\":\"2\",\"w\":12,\"x\":0,\"y\":7},\"panelIndex\":\"2\",\"title\":\"Logon Successful vs Failed [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"winlog.event_data.TargetUserName\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":20},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4740\"},\"type\":\"phrase\"},\"query\":{\"match\":{\"event.code\":{\"query\":\"4740\",\"type\":\"phrase\"}}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security \"}}},\"description\":\"\",\"params\":{\"bucket\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\",\"parsedUrl\":{\"basePath\":\"/s/siem\",\"origin\":\"https://192.168.1.72:5601\",\"pathname\":\"/s/siem/app/kibana\"}}},\"type\":\"vis_dimension\"},\"maxFontSize\":53,\"metric\":{\"accessor\":1,\"format\":{\"id\":\"string\",\"params\":{}},\"type\":\"vis_dimension\"},\"minFontSize\":18,\"orientation\":\"single\",\"scale\":\"linear\",\"showLabel\":false},\"title\":\"Blocked Accounts Tag [Windows System Security]\",\"type\":\"tagcloud\",\"uiState\":{}}},\"gridData\":{\"h\":21,\"i\":\"3\",\"w\":12,\"x\":12,\"y\":35},\"panelIndex\":\"3\",\"title\":\"Blocked Acoounts\",\"type\":\"visualization\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-892d74e5-47d2-4c42-80d9-4bc979530ef2\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"14b89fc0-8a6c-47a7-b5e3-516699233c61\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"892d74e5-47d2-4c42-80d9-4bc979530ef2\":{\"columnOrder\":[\"8b1cbfde-e270-446d-a789-2a1d26f4480a\",\"37216882-b7d2-4179-af7f-9bd64d35e0bd\",\"50c2ab55-2ea4-4bd9-a7fd-3037baaea103\"],\"columns\":{\"37216882-b7d2-4179-af7f-9bd64d35e0bd\":{\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"Filters\",\"operationType\":\"filters\",\"params\":{\"filters\":[{\"input\":{\"language\":\"lucene\",\"query\":\"event.code: 4624\"},\"label\":\"Logon Successful\"},{\"input\":{\"language\":\"lucene\",\"query\":\"event.code: 4625\"},\"label\":\"Logon Failed\"}]},\"scale\":\"ordinal\"},\"50c2ab55-2ea4-4bd9-a7fd-3037baaea103\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"8b1cbfde-e270-446d-a789-2a1d26f4480a\":{\"customLabel\":true,\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":false,\"interval\":\"auto\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"14b89fc0-8a6c-47a7-b5e3-516699233c61\",\"key\":\"winlog.provider_name\",\"negate\":false,\"params\":{\"query\":\"Microsoft-Windows-Security-Auditing\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"winlog.provider_name\":\"Microsoft-Windows-Security-Auditing\"}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"curveType\":\"LINEAR\",\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":-90},\"layers\":[{\"accessors\":[\"50c2ab55-2ea4-4bd9-a7fd-3037baaea103\"],\"isHistogram\":true,\"layerId\":\"892d74e5-47d2-4c42-80d9-4bc979530ef2\",\"layerType\":\"data\",\"seriesType\":\"bar_stacked\",\"simpleView\":false,\"splitAccessor\":\"37216882-b7d2-4179-af7f-9bd64d35e0bd\",\"xAccessor\":\"8b1cbfde-e270-446d-a789-2a1d26f4480a\",\"xScaleType\":\"time\",\"yConfig\":[{\"axisMode\":\"left\",\"forAccessor\":\"50c2ab55-2ea4-4bd9-a7fd-3037baaea103\"}]}],\"legend\":{\"isVisible\":true,\"legendSize\":\"auto\",\"maxLines\":1,\"position\":\"bottom\",\"shouldTruncate\":true,\"showSingleSeries\":true},\"preferredSeriesType\":\"bar_stacked\",\"showCurrentTimeMarker\":false,\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"valuesInLegend\":false,\"yLeftExtent\":{\"enforce\":true,\"mode\":\"full\"},\"yLeftScale\":\"linear\",\"yRightScale\":\"linear\",\"yTitle\":\"Count\"}},\"title\":\"Logon Successful - Logon Failed Timeline [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":18,\"i\":\"4\",\"w\":23,\"x\":12,\"y\":7},\"panelIndex\":\"4\",\"title\":\"Logon Successful - Logon Failed Timeline [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"user.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10},\"schema\":\"segment\",\"type\":\"terms\"}],\"searchSource\":{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4625\",\"4771\"],\"type\":\"phrases\",\"value\":\"4625, 4771\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4625\"}},{\"match_phrase\":{\"event.code\":\"4771\"}}]}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"bucket\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\",\"parsedUrl\":{\"basePath\":\"/s/siem\",\"origin\":\"https://192.168.1.72:5601\",\"pathname\":\"/s/siem/app/kibana\"}}},\"type\":\"vis_dimension\"},\"maxFontSize\":37,\"metric\":{\"accessor\":1,\"format\":{\"id\":\"string\",\"params\":{}},\"type\":\"vis_dimension\"},\"minFontSize\":15,\"orientation\":\"single\",\"scale\":\"linear\",\"showLabel\":false},\"title\":\"Logon Failed Acconts [Windows System Security]\",\"type\":\"tagcloud\",\"uiState\":{}}},\"gridData\":{\"h\":21,\"i\":\"5\",\"w\":12,\"x\":0,\"y\":35},\"panelIndex\":\"5\",\"type\":\"visualization\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-0ca1181c-9c17-4b68-9da9-e90032ba66a0\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"4a5e2651-5d45-4b6b-a761-c8cb22fb8a70\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"662ad73f-d904-4d2c-86b0-d677879a602c\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"0ca1181c-9c17-4b68-9da9-e90032ba66a0\":{\"columnOrder\":[\"891a49e8-cd86-401a-8901-911327320374\",\"176619c3-a6a7-4793-b36f-2e24a88de891\",\"ccbc2e70-16e1-45e0-841e-1b9349badf37\"],\"columns\":{\"176619c3-a6a7-4793-b36f-2e24a88de891\":{\"customLabel\":true,\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"@timestamp\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":true,\"includeEmptyRows\":true,\"interval\":\"h\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"891a49e8-cd86-401a-8901-911327320374\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"user.name: Descending\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"ccbc2e70-16e1-45e0-841e-1b9349badf37\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":15},\"scale\":\"ordinal\",\"sourceField\":\"user.name\"},\"ccbc2e70-16e1-45e0-841e-1b9349badf37\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"4a5e2651-5d45-4b6b-a761-c8cb22fb8a70\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4625\"],\"type\":\"phrases\",\"value\":\"4625\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4625\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"662ad73f-d904-4d2c-86b0-d677879a602c\",\"key\":\"winlog.provider_name\",\"negate\":false,\"params\":{\"query\":\"Microsoft-Windows-Security-Auditing\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"winlog.provider_name\":\"Microsoft-Windows-Security-Auditing\"}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"gridConfig\":{\"isCellLabelVisible\":true,\"isXAxisLabelVisible\":true,\"isXAxisTitleVisible\":true,\"isYAxisLabelVisible\":true,\"isYAxisTitleVisible\":true,\"type\":\"heatmap_grid\"},\"layerId\":\"0ca1181c-9c17-4b68-9da9-e90032ba66a0\",\"layerType\":\"data\",\"legend\":{\"isVisible\":false,\"position\":\"bottom\",\"type\":\"heatmap_legend\"},\"palette\":{\"accessor\":\"ccbc2e70-16e1-45e0-841e-1b9349badf37\",\"name\":\"custom\",\"params\":{\"colorStops\":[{\"color\":\"#FFFFCC\",\"stop\":0},{\"color\":\"#FEE187\",\"stop\":20},{\"color\":\"#FEAB4C\",\"stop\":40},{\"color\":\"#F95C2E\",\"stop\":60},{\"color\":\"#D31020\",\"stop\":80}],\"continuity\":\"none\",\"maxSteps\":5,\"name\":\"custom\",\"progression\":\"fixed\",\"rangeMax\":100,\"rangeMin\":0,\"rangeType\":\"percent\",\"reverse\":false,\"stops\":[{\"color\":\"#FFFFCC\",\"stop\":20},{\"color\":\"#FEE187\",\"stop\":40},{\"color\":\"#FEAB4C\",\"stop\":60},{\"color\":\"#F95C2E\",\"stop\":80},{\"color\":\"#D31020\",\"stop\":100}]},\"type\":\"palette\"},\"shape\":\"heatmap\",\"valueAccessor\":\"ccbc2e70-16e1-45e0-841e-1b9349badf37\",\"xAccessor\":\"891a49e8-cd86-401a-8901-911327320374\",\"yAccessor\":\"176619c3-a6a7-4793-b36f-2e24a88de891\"}},\"title\":\"Failed Logon HeatMap [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsHeatmap\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":30,\"i\":\"6\",\"w\":48,\"x\":0,\"y\":56},\"panelIndex\":\"6\",\"title\":\"Failed Logon HeatMap [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":20,\"i\":\"8\",\"w\":48,\"x\":0,\"y\":86},\"panelIndex\":\"8\",\"panelRefName\":\"panel_8\",\"title\":\"Logon Failed and Account Lockouts\",\"type\":\"search\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-b205119a-3d44-424a-b471-3adc7b233437\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"d0cc9cbc-3f24-4f1d-a33f-d6161d3e1323\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"d16c0ea3-8535-405e-a080-314609ff2eb9\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"b205119a-3d44-424a-b471-3adc7b233437\":{\"columnOrder\":[\"6c00efd4-5d72-4cb3-bd7f-805f413d6368\",\"5a76cdff-8d92-4431-967b-ead53ef7c47e\",\"6035bb34-7f8b-43b6-9a35-a286b0e42b68\",\"c6126afa-c771-4709-a1e8-ce1598a07d96\",\"b95d6baa-4b3d-4f61-ae4f-8981aed9a448\",\"d0645d98-f6dd-4f10-811e-7fef21a41c3e\",\"f0f3ac3f-402d-41e8-87b4-e3416b3b4e31\",\"6034755d-4e5f-46e8-8700-7397eca1b2c7\"],\"columns\":{\"5a76cdff-8d92-4431-967b-ead53ef7c47e\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"user.name\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"6034755d-4e5f-46e8-8700-7397eca1b2c7\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":1000},\"scale\":\"ordinal\",\"sourceField\":\"user.name\"},\"6034755d-4e5f-46e8-8700-7397eca1b2c7\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"6035bb34-7f8b-43b6-9a35-a286b0e42b68\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"source workstation\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"6034755d-4e5f-46e8-8700-7397eca1b2c7\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"source.domain\"},\"6c00efd4-5d72-4cb3-bd7f-805f413d6368\":{\"customLabel\":true,\"dataType\":\"date\",\"isBucketed\":true,\"label\":\"Time Bucket\",\"operationType\":\"date_histogram\",\"params\":{\"dropPartials\":false,\"includeEmptyRows\":false,\"interval\":\"h\"},\"scale\":\"interval\",\"sourceField\":\"@timestamp\"},\"b95d6baa-4b3d-4f61-ae4f-8981aed9a448\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"event.action\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"6034755d-4e5f-46e8-8700-7397eca1b2c7\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"event.action\"},\"c6126afa-c771-4709-a1e8-ce1598a07d96\":{\"customLabel\":true,\"dataType\":\"ip\",\"isBucketed\":true,\"label\":\"source.ip\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"6034755d-4e5f-46e8-8700-7397eca1b2c7\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"source.ip\"},\"d0645d98-f6dd-4f10-811e-7fef21a41c3e\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"winlog.logon.type\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"6034755d-4e5f-46e8-8700-7397eca1b2c7\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.logon.type\"},\"f0f3ac3f-402d-41e8-87b4-e3416b3b4e31\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"winlog.event_data.SubjectUserName\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"6034755d-4e5f-46e8-8700-7397eca1b2c7\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":5},\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.SubjectUserName\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"d0cc9cbc-3f24-4f1d-a33f-d6161d3e1323\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4625\"},\"type\":\"phrase\"},\"query\":{\"match\":{\"event.code\":{\"query\":\"4625\",\"type\":\"phrase\"}}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"d16c0ea3-8535-405e-a080-314609ff2eb9\",\"key\":\"winlog.provider_name\",\"negate\":false,\"params\":{\"query\":\"Microsoft-Windows-Security-Auditing\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"winlog.provider_name\":\"Microsoft-Windows-Security-Auditing\"}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"columns\":[{\"alignment\":\"left\",\"columnId\":\"6034755d-4e5f-46e8-8700-7397eca1b2c7\"},{\"alignment\":\"left\",\"columnId\":\"6c00efd4-5d72-4cb3-bd7f-805f413d6368\"},{\"alignment\":\"left\",\"columnId\":\"5a76cdff-8d92-4431-967b-ead53ef7c47e\"},{\"alignment\":\"left\",\"columnId\":\"6035bb34-7f8b-43b6-9a35-a286b0e42b68\"},{\"alignment\":\"left\",\"columnId\":\"c6126afa-c771-4709-a1e8-ce1598a07d96\"},{\"alignment\":\"left\",\"columnId\":\"b95d6baa-4b3d-4f61-ae4f-8981aed9a448\"},{\"alignment\":\"left\",\"columnId\":\"d0645d98-f6dd-4f10-811e-7fef21a41c3e\"},{\"alignment\":\"left\",\"columnId\":\"f0f3ac3f-402d-41e8-87b4-e3416b3b4e31\"}],\"headerRowHeight\":\"single\",\"layerId\":\"b205119a-3d44-424a-b471-3adc7b233437\",\"layerType\":\"data\",\"paging\":{\"enabled\":true,\"size\":15},\"rowHeight\":\"single\"}},\"title\":\"Logon Failed Table [Windows System Security]\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":31,\"i\":\"11\",\"w\":24,\"x\":24,\"y\":25},\"panelIndex\":\"11\",\"title\":\"Logon Failed Table [Windows System Security]\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"enhancements\":{},\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"fontSize\":12,\"markdown\":\"[Windows Overview](#/dashboard/system-Windows-Dashboard) | [User Logon Information](#/dashboard/system-bae11b00-9bfc-11ea-87e4-49f31ec44891) | **Logon Failed and Account Lockout** | [User Management Events](#/dashboard/system-71f720f0-ff18-11e9-8405-516218e3d268) | [Group Management Events](#/dashboard/system-bb858830-f412-11e9-8405-516218e3d268)\",\"openLinksInNewTab\":false},\"title\":\"Dashboard links  [Windows System Security]\",\"type\":\"markdown\",\"uiState\":{}}},\"gridData\":{\"h\":7,\"i\":\"628de26f-7b7b-457c-b811-e06161e4e7b4\",\"w\":34,\"x\":14,\"y\":0},\"panelIndex\":\"628de26f-7b7b-457c-b811-e06161e4e7b4\",\"title\":\"\",\"type\":\"visualization\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-2f8af088-1452-476f-9b74-7854a8e9d8a3\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"d192bb2b-0add-406e-8fa5-d749aa93cd68\",\"type\":\"index-pattern\"},{\"id\":\"logs-*\",\"name\":\"9ba1595f-e9a3-4987-9eb0-21d2714752ef\",\"type\":\"index-pattern\"}],\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"2f8af088-1452-476f-9b74-7854a8e9d8a3\":{\"columnOrder\":[\"70837b96-3c24-4578-9988-3e91c976bf09\",\"b2c05801-5cfa-40a5-9988-1aa4056ba903\"],\"columns\":{\"70837b96-3c24-4578-9988-3e91c976bf09\":{\"customLabel\":true,\"dataType\":\"ip\",\"isBucketed\":true,\"label\":\"Logon Source IP\",\"operationType\":\"terms\",\"params\":{\"exclude\":[],\"excludeIsRegex\":false,\"include\":[],\"includeIsRegex\":false,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"b2c05801-5cfa-40a5-9988-1aa4056ba903\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"source.ip\"},\"b2c05801-5cfa-40a5-9988-1aa4056ba903\":{\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count of records\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"field\":\"event.code\",\"index\":\"d192bb2b-0add-406e-8fa5-d749aa93cd68\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4625\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.code\":\"4625\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"field\":\"winlog.provider_name\",\"index\":\"9ba1595f-e9a3-4987-9eb0-21d2714752ef\",\"key\":\"winlog.provider_name\",\"negate\":false,\"params\":{\"query\":\"Microsoft-Windows-Security-Auditing\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"winlog.provider_name\":\"Microsoft-Windows-Security-Auditing\"}}}],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"layers\":[{\"accessors\":[\"b2c05801-5cfa-40a5-9988-1aa4056ba903\"],\"layerId\":\"2f8af088-1452-476f-9b74-7854a8e9d8a3\",\"layerType\":\"data\",\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"xAccessor\":\"70837b96-3c24-4578-9988-3e91c976bf09\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"preferredSeriesType\":\"bar_horizontal\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\"}},\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":18,\"i\":\"13f5fdc0-b503-4e37-a39e-a2365be6356d\",\"w\":13,\"x\":35,\"y\":7},\"panelIndex\":\"13f5fdc0-b503-4e37-a39e-a2365be6356d\",\"title\":\"Logon Failed Source IPs\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[],\"state\":{\"adHocDataViews\":{\"tsvb_ad_hoc_logs-*/@timestamp\":{\"allowNoIndex\":false,\"fieldAttrs\":{},\"fieldFormats\":{},\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"logs-*\",\"runtimeFieldMap\":{},\"sourceFilters\":[],\"timeFieldName\":\"@timestamp\",\"title\":\"logs-*\"}},\"datasourceStates\":{\"formBased\":{\"layers\":{\"f29083db-60ee-4050-a6fd-3c8ec6f2b86c\":{\"columnOrder\":[\"e4afb6fa-36ce-46cc-bea2-175b29605d8a\"],\"columns\":{\"e4afb6fa-36ce-46cc-bea2-175b29605d8a\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"((data_stream.dataset:windows.security OR data_stream.dataset:system.security) AND event.code: \\\"4625\\\")\"},\"isBucketed\":false,\"label\":\"Failed Logon\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[{\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"indexpattern-datasource-layer-f29083db-60ee-4050-a6fd-3c8ec6f2b86c\",\"type\":\"index-pattern\"}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"e4afb6fa-36ce-46cc-bea2-175b29605d8a\",\"layerId\":\"f29083db-60ee-4050-a6fd-3c8ec6f2b86c\",\"layerType\":\"data\"}},\"title\":\"TSVB visualization\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":10,\"i\":\"af0b27cf-3a49-4180-bd15-a399f7b349b3\",\"w\":12,\"x\":0,\"y\":25},\"panelIndex\":\"af0b27cf-3a49-4180-bd15-a399f7b349b3\",\"title\":\"\",\"type\":\"lens\",\"version\":\"8.7.0\"},{\"embeddableConfig\":{\"attributes\":{\"references\":[],\"state\":{\"adHocDataViews\":{\"tsvb_ad_hoc_logs-*/@timestamp\":{\"allowNoIndex\":false,\"fieldAttrs\":{},\"fieldFormats\":{},\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"logs-*\",\"runtimeFieldMap\":{},\"sourceFilters\":[],\"timeFieldName\":\"@timestamp\",\"title\":\"logs-*\"}},\"datasourceStates\":{\"formBased\":{\"layers\":{\"7b50ca11-6492-47c9-bb57-5d2e88f51719\":{\"columnOrder\":[\"46e6f211-0dc7-4f4f-963d-033c09854126\"],\"columns\":{\"46e6f211-0dc7-4f4f-963d-033c09854126\":{\"customLabel\":true,\"dataType\":\"number\",\"filter\":{\"language\":\"kuery\",\"query\":\"event.code: \\\"4740\\\"\"},\"isBucketed\":false,\"label\":\"Blocked Accounts\",\"operationType\":\"unique_count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"user.name\"}},\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[{\"id\":\"tsvb_ad_hoc_logs-*/@timestamp\",\"name\":\"indexpattern-datasource-layer-7b50ca11-6492-47c9-bb57-5d2e88f51719\",\"type\":\"index-pattern\"}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"accessor\":\"46e6f211-0dc7-4f4f-963d-033c09854126\",\"layerId\":\"7b50ca11-6492-47c9-bb57-5d2e88f51719\",\"layerType\":\"data\"}},\"title\":\"TSVB visualization\",\"type\":\"lens\",\"visualizationType\":\"lnsLegacyMetric\"},\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":10,\"i\":\"d69a5e0c-274d-4515-8f31-737b9ecbddba\",\"w\":12,\"x\":12,\"y\":25},\"panelIndex\":\"d69a5e0c-274d-4515-8f31-737b9ecbddba\",\"title\":\"\",\"type\":\"lens\",\"version\":\"8.7.0\"}]","timeRestore":false,"title":"[System Windows Security] Failed and Blocked Accounts","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"system-d401ef40-a7d5-11e9-a422-d144027429da","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"logs-*","name":"2:indexpattern-datasource-layer-51928276-cada-4ce4-8054-672e298c095f","type":"index-pattern"},{"id":"logs-*","name":"2:c5560265-9668-4020-acf5-2f125a50e192","type":"index-pattern"},{"id":"logs-*","name":"3:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"3:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"4:indexpattern-datasource-layer-892d74e5-47d2-4c42-80d9-4bc979530ef2","type":"index-pattern"},{"id":"logs-*","name":"4:14b89fc0-8a6c-47a7-b5e3-516699233c61","type":"index-pattern"},{"id":"logs-*","name":"5:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"5:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"6:indexpattern-datasource-layer-0ca1181c-9c17-4b68-9da9-e90032ba66a0","type":"index-pattern"},{"id":"logs-*","name":"6:4a5e2651-5d45-4b6b-a761-c8cb22fb8a70","type":"index-pattern"},{"id":"logs-*","name":"6:662ad73f-d904-4d2c-86b0-d677879a602c","type":"index-pattern"},{"id":"system-757510b0-a87f-11e9-a422-d144027429da","name":"8:panel_8","type":"search"},{"id":"logs-*","name":"11:indexpattern-datasource-layer-b205119a-3d44-424a-b471-3adc7b233437","type":"index-pattern"},{"id":"logs-*","name":"11:d0cc9cbc-3f24-4f1d-a33f-d6161d3e1323","type":"index-pattern"},{"id":"logs-*","name":"11:d16c0ea3-8535-405e-a080-314609ff2eb9","type":"index-pattern"},{"id":"logs-*","name":"13f5fdc0-b503-4e37-a39e-a2365be6356d:indexpattern-datasource-layer-2f8af088-1452-476f-9b74-7854a8e9d8a3","type":"index-pattern"},{"id":"logs-*","name":"13f5fdc0-b503-4e37-a39e-a2365be6356d:d192bb2b-0add-406e-8fa5-d749aa93cd68","type":"index-pattern"},{"id":"logs-*","name":"13f5fdc0-b503-4e37-a39e-a2365be6356d:9ba1595f-e9a3-4987-9eb0-21d2714752ef","type":"index-pattern"},{"id":"system-fleet-managed-default","name":"tag-ref-system-fleet-managed-default","type":"tag"},{"id":"system-fleet-pkg-system-default","name":"tag-ref-system-fleet-pkg-system-default","type":"tag"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-system-default","name":"tag-ref-fleet-pkg-system-default","type":"tag"}],"sort":[1688996741503,8471],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4NTAsMV0="}
+{"attributes":{"columns":["event.code","powershell.engine.version","powershell.runspace_id","process.args","powershell.command.invocation_details","powershell.file.script_block_text"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:windows.powershell OR data_stream.dataset:windows.powershell_operational)\"},\"version\":true}"},"sort":[["@timestamp","desc"]],"title":"Details [Windows powershell]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"windows-11a61760-9f27-11ea-bef1-95118e62a7c1","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-windows-default","name":"tag-ref-fleet-pkg-windows-default","type":"tag"}],"sort":[1688996741503,8475],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4NTEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:windows.powershell OR data_stream.dataset:windows.powershell_operational)\"}}"},"title":"Engine versions [Windows powershell]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Engine version\",\"field\":\"powershell.engine.version\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"addTooltip\":true,\"dimensions\":{\"metric\":{\"accessor\":0,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"label\":\"Count\",\"params\":{}}},\"isDonut\":false,\"labels\":{\"last_level\":false,\"show\":false,\"truncate\":100,\"values\":false},\"legendPosition\":\"right\",\"type\":\"pie\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Engine versions [Windows powershell]\",\"type\":\"pie\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"windows-1eeaaf70-9f23-11ea-bef1-95118e62a7c1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-windows-default","name":"tag-ref-fleet-pkg-windows-default","type":"tag"}],"sort":[1688996741503,8479],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4NTIsMV0="}
+{"attributes":{"columns":["host.name","windows.service.display_name","windows.service.state","windows.service.start_type","windows.service.uptime.ms","windows.service.pid","windows.service.exit_code"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"prefix\\\":{\\\"data_stream.dataset\\\":\\\"windows.\\\"}}\"},\"query\":{\"prefix\":{\"data_stream.dataset\":\"windows.\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"metricset.name\",\"negate\":false,\"params\":{\"query\":\"service\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"service\"},\"query\":{\"match\":{\"metricset.name\":{\"query\":\"service\",\"type\":\"phrase\"}}}}],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"version\":true}"},"sort":[["@timestamp","desc"]],"title":"Services [Metrics Windows]","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"windows-b6b7ccc0-c98d-11e7-9835-2f31fe08873b","migrationVersion":{"search":"8.0.0"},"references":[{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-windows-default","name":"tag-ref-fleet-pkg-windows-default","type":"tag"}],"sort":[1688996741503,8485],"type":"search","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4NTMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"savedSearchRefName":"search_0","title":"Hosts [Metrics Windows]","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Total Services\",\"field\":\"windows.service.id\"},\"schema\":\"metric\",\"type\":\"cardinality\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Host\",\"field\":\"host.name\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"}],\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"title\":\"Hosts [Metrics Windows]\",\"type\":\"table\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"windows-23a5fff0-c98e-11e7-9835-2f31fe08873b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"windows-b6b7ccc0-c98d-11e7-9835-2f31fe08873b","name":"search_0","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-windows-default","name":"tag-ref-fleet-pkg-windows-default","type":"tag"}],"sort":[1688996741503,8489],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4NTQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:windows.powershell OR data_stream.dataset.windows.powershell_operational)\"}}"},"title":"Unique engine versions [Windows powershell]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Unique versions\",\"field\":\"powershell.engine.version\"},\"schema\":\"metric\",\"type\":\"cardinality\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}},\"type\":\"vis_dimension\"}]},\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000,\"type\":\"range\"}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":32,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Unique engine versions [Windows powershell]\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"windows-2dbabdf0-9f29-11ea-bef1-95118e62a7c1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-windows-default","name":"tag-ref-fleet-pkg-windows-default","type":"tag"}],"sort":[1688996741503,8493],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4NTUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"savedSearchRefName":"search_0","title":"Unique Services [Metrics Windows]","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Services\",\"field\":\"windows.service.id\"},\"schema\":\"metric\",\"type\":\"cardinality\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"gauge\":{\"autoExtend\":false,\"backStyle\":\"Full\",\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"gaugeColorMode\":\"None\",\"gaugeStyle\":\"Full\",\"gaugeType\":\"Metric\",\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":false},\"orientation\":\"vertical\",\"percentageMode\":false,\"scale\":{\"color\":\"#333\",\"labels\":false,\"show\":false,\"width\":2},\"style\":{\"bgColor\":false,\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"type\":\"simple\",\"useRange\":false,\"verticalSplit\":false},\"type\":\"gauge\"},\"title\":\"Unique Services [Metrics Windows]\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"windows-35f5ad60-c996-11e7-9835-2f31fe08873b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"windows-b6b7ccc0-c98d-11e7-9835-2f31fe08873b","name":"search_0","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-windows-default","name":"tag-ref-fleet-pkg-windows-default","type":"tag"}],"sort":[1688996741503,8497],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4NTYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:windows.powershell OR data_stream.dataset.windows.powershell_operational)\"}}"},"title":"Users [Windows powershell]","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"User\",\"field\":\"user.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Host count\",\"field\":\"host.name\"},\"schema\":\"metric\",\"type\":\"cardinality\"}],\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\",\"parsedUrl\":{\"basePath\":\"\",\"origin\":\"http://192.168.1.48:5601\",\"pathname\":\"/app/kibana\"}}},\"label\":\"User\",\"params\":{}}],\"metrics\":[{\"accessor\":1,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"label\":\"Count\",\"params\":{}},{\"accessor\":2,\"aggType\":\"cardinality\",\"format\":{\"id\":\"number\"},\"label\":\"Unique count of host.name\",\"params\":{}}]},\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"title\":\"Users [Windows powershell]\",\"type\":\"table\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"windows-3e55daa0-9e8e-11ea-af6f-cfdb1ee1d6c8","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-windows-default","name":"tag-ref-fleet-pkg-windows-default","type":"tag"}],"sort":[1688996741503,8501],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4NTcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:windows.powershell OR data_stream.dataset.windows.powershell_operational)\"}}"},"title":"Total engine started [Windows powershell]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"filters\":[{\"input\":{\"language\":\"kuery\",\"query\":\"event.code: 400\"},\"label\":\"\"}]},\"schema\":\"group\",\"type\":\"filters\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"dimensions\":{\"bucket\":{\"accessor\":0,\"format\":{\"id\":\"string\",\"params\":{}},\"type\":\"vis_dimension\"},\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{}},\"type\":\"vis_dimension\"}]},\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000,\"type\":\"range\"}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":32,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Total engine started [Windows powershell]\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"windows-52543ef0-9e95-11ea-af6f-cfdb1ee1d6c8","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-windows-default","name":"tag-ref-fleet-pkg-windows-default","type":"tag"}],"sort":[1688996741503,8505],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4NTgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:windows.powershell OR data_stream.dataset.windows.powershell_operational)\"}}"},"title":"Top active hosts [Windows powershell]","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"host.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10},\"schema\":\"bucket\",\"type\":\"terms\"}],\"params\":{\"dimensions\":{\"buckets\":[],\"metrics\":[{\"accessor\":0,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"label\":\"Count\",\"params\":{}}]},\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"title\":\"Top active hosts [Windows powershell]\",\"type\":\"table\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"windows-70751050-9f33-11ea-bef1-95118e62a7c1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-windows-default","name":"tag-ref-fleet-pkg-windows-default","type":"tag"}],"sort":[1688996741503,8509],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4NTksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:windows.powershell OR data_stream.dataset:windows.powershell_operational)\"}}"},"title":"Total remote commands [Windows powershell]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"filters\":[{\"input\":{\"language\":\"kuery\",\"query\":\"process.title:\\\"ServerRemoteHost\\\" \"},\"label\":\"Remote commands\"}]},\"schema\":\"group\",\"type\":\"filters\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"dimensions\":{\"bucket\":{\"accessor\":0,\"format\":{\"id\":\"string\",\"params\":{}},\"type\":\"vis_dimension\"},\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{}},\"type\":\"vis_dimension\"}]},\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000,\"type\":\"range\"}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":32,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Total remote commands [Windows powershell]\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"windows-78874900-9f30-11ea-bef1-95118e62a7c1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-windows-default","name":"tag-ref-fleet-pkg-windows-default","type":"tag"}],"sort":[1688996741503,8513],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4NjAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:windows.powershell OR data_stream.dataset:windows.powershell_operational)\"}}"},"title":"Engine and Command started[Windows powershell]","uiStateJSON":"{\"vis\":{\"colors\":{\"*\":\"#EAB839\",\"Engine stopped\":\"#BF1B00\"}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"scaleMetricValues\":false,\"timeRange\":{\"from\":\"now-1d\",\"to\":\"now\"},\"useNormalizedEsInterval\":true},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"filters\":[{\"input\":{\"language\":\"kuery\",\"query\":\"event.code: \\\"400\\\" \"},\"label\":\"Engine started\"},{\"input\":{\"language\":\"kuery\",\"query\":\"event.code: \\\"4105\\\"  \"},\"label\":\"Command started\"}]},\"schema\":\"group\",\"type\":\"filters\"}],\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"dimensions\":{\"series\":[{\"accessor\":1,\"aggType\":\"filters\",\"format\":{},\"label\":\"filters\",\"params\":{}}],\"x\":{\"accessor\":0,\"aggType\":\"date_histogram\",\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm\"}},\"label\":\"@timestamp per 30 minutes\",\"params\":{\"bounds\":{\"max\":\"2020-05-26T09:14:29.996Z\",\"min\":\"2020-05-25T09:14:29.996Z\"},\"date\":true,\"format\":\"HH:mm\",\"interval\":\"PT30M\",\"intervalESUnit\":\"m\",\"intervalESValue\":30}},\"y\":[{\"accessor\":2,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"label\":\"Count\",\"params\":{}}]},\"grid\":{\"categoryLines\":false},\"labels\":{},\"legendPosition\":\"right\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\",\"circlesRadius\":1}],\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":true,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"defaultYExtents\":false,\"mode\":\"normal\",\"setYExtents\":false,\"type\":\"log\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"linear\",\"legendSize\":\"auto\"},\"title\":\"Engine and Command started[Windows powershell]\",\"type\":\"line\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"windows-7adbce50-9e96-11ea-af6f-cfdb1ee1d6c8","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-windows-default","name":"tag-ref-fleet-pkg-windows-default","type":"tag"}],"sort":[1688996741503,8517],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4NjEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:windows.powershell OR data_stream.dataset:windows.powershell_operational)\"}}"},"title":"Total commands [Windows powershell]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"filters\":[{\"input\":{\"language\":\"kuery\",\"query\":\"powershell.command.name: * \"},\"label\":\"Commands\"}]},\"schema\":\"group\",\"type\":\"filters\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"dimensions\":{\"bucket\":{\"accessor\":0,\"format\":{\"id\":\"string\",\"params\":{}},\"type\":\"vis_dimension\"},\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\",\"params\":{}},\"type\":\"vis_dimension\"}]},\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000,\"type\":\"range\"}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":32,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Total commands [Windows powershell]\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"windows-7f3e7710-9e94-11ea-af6f-cfdb1ee1d6c8","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-windows-default","name":"tag-ref-fleet-pkg-windows-default","type":"tag"}],"sort":[1688996741503,8521],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4NjIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"savedSearchRefName":"search_0","title":"Startup States [Metrics Windows]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Service Count\",\"field\":\"windows.service.id\"},\"schema\":\"metric\",\"type\":\"cardinality\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Startup Type\",\"field\":\"windows.service.start_type\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"State\",\"field\":\"windows.service.state\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Startup States [Metrics Windows]\",\"type\":\"pie\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"windows-830c45f0-c991-11e7-9835-2f31fe08873b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"windows-b6b7ccc0-c98d-11e7-9835-2f31fe08873b","name":"search_0","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-windows-default","name":"tag-ref-fleet-pkg-windows-default","type":"tag"}],"sort":[1688996741503,8525],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4NjMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:windows.powershell OR data_stream.dataset:windows.powershell_operational)\"}}"},"title":"Unique hosts [Windows powershell]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Unique hosts\",\"field\":\"host.name\"},\"schema\":\"metric\",\"type\":\"cardinality\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}},\"type\":\"vis_dimension\"}]},\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000,\"type\":\"range\"}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":32,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Unique hosts [Windows powershell]\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"windows-92a2a6b0-9f29-11ea-bef1-95118e62a7c1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-windows-default","name":"tag-ref-fleet-pkg-windows-default","type":"tag"}],"sort":[1688996741503,8529],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4NjQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:windows.powershell OR data_stream.dataset:windows.powershell_operational)\"}}"},"title":"Connected users [Windows powershell]","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"User\",\"field\":\"powershell.connected_user.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"4\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Host count\",\"field\":\"host.name\"},\"schema\":\"metric\",\"type\":\"cardinality\"}],\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\",\"parsedUrl\":{\"basePath\":\"\",\"origin\":\"http://192.168.1.48:5601\",\"pathname\":\"/app/kibana\"}}},\"label\":\"User\",\"params\":{}}],\"metrics\":[{\"accessor\":1,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"label\":\"Count\",\"params\":{}},{\"accessor\":2,\"aggType\":\"cardinality\",\"format\":{\"id\":\"number\"},\"label\":\"Unique count of host.name\",\"params\":{}}]},\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"title\":\"Connected users [Windows powershell]\",\"type\":\"table\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"windows-9ec52c30-9e91-11ea-af6f-cfdb1ee1d6c8","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-windows-default","name":"tag-ref-fleet-pkg-windows-default","type":"tag"}],"sort":[1688996741503,8533],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4NjUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"powershell.command.invocation_details.type\",\"negate\":false,\"params\":{\"query\":\"CommandInvocation\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"powershell.command.invocation_details.type\":\"CommandInvocation\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:windows.powershell OR data_stream.dataset:windows.powershell_operational)\"}}"},"title":"Top Invoked Commands [Windows powershell]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"powershell.command.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"addTooltip\":true,\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\",\"parsedUrl\":{\"basePath\":\"\",\"origin\":\"http://192.168.1.48:5601\",\"pathname\":\"/app/kibana\"}}},\"label\":\"powershell.command.invocation_details.related_command: Descending\",\"params\":{}}],\"metric\":{\"accessor\":1,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"label\":\"Count\",\"params\":{}}},\"isDonut\":false,\"labels\":{\"last_level\":false,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Top Invoked Commands [Windows powershell]\",\"type\":\"pie\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"windows-b0c5d570-9e7c-11ea-af6f-cfdb1ee1d6c8","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-windows-default","name":"tag-ref-fleet-pkg-windows-default","type":"tag"}],"sort":[1688996741503,8538],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4NjYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:windows.powershell OR data_stream.dataset:windows.powershell_operational)\"}}"},"title":"Started providers [Windows powershell]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"powershell.provider.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"addTooltip\":true,\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\",\"parsedUrl\":{\"basePath\":\"\",\"origin\":\"http://192.168.1.48:5601\",\"pathname\":\"/app/kibana\"}}},\"label\":\"powershell.provider.name: Descending\",\"params\":{}}],\"metric\":{\"accessor\":1,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"label\":\"Count\",\"params\":{}}},\"isDonut\":false,\"labels\":{\"last_level\":false,\"show\":false,\"truncate\":100,\"values\":false},\"legendPosition\":\"right\",\"type\":\"pie\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Started providers [Windows powershell]\",\"type\":\"pie\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"windows-c0945210-9e8b-11ea-af6f-cfdb1ee1d6c8","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-windows-default","name":"tag-ref-fleet-pkg-windows-default","type":"tag"}],"sort":[1688996741503,8542],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4NjcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"exists\":{\"field\":\"windows.service.exit_code\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"windows.service.exit_code\",\"negate\":false,\"type\":\"exists\",\"value\":\"exists\"}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"windows.service.exit_code\",\"negate\":true,\"params\":{\"query\":\"0\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"0\"},\"query\":{\"match\":{\"windows.service.exit_code\":{\"query\":\"0\",\"type\":\"phrase\"}}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\",\"key\":\"windows.service.exit_code\",\"negate\":true,\"params\":{\"query\":\"ERROR_SERVICE_NEVER_STARTED\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"ERROR_SERVICE_NEVER_STARTED\"},\"query\":{\"match\":{\"windows.service.exit_code\":{\"query\":\"ERROR_SERVICE_NEVER_STARTED\",\"type\":\"phrase\"}}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"savedSearchRefName":"search_0","title":"Non-zero Service Exit Codes [Metrics Windows]","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Non-zero Exit Codes\",\"field\":\"windows.service.id\"},\"schema\":\"metric\",\"type\":\"cardinality\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"gauge\":{\"autoExtend\":false,\"backStyle\":\"Full\",\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"gaugeColorMode\":\"None\",\"gaugeStyle\":\"Full\",\"gaugeType\":\"Metric\",\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":false},\"orientation\":\"vertical\",\"percentageMode\":false,\"scale\":{\"color\":\"#333\",\"labels\":false,\"show\":false,\"width\":2},\"style\":{\"bgColor\":false,\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"type\":\"simple\",\"useRange\":false,\"verticalSplit\":false},\"type\":\"gauge\"},\"title\":\"Non-zero Service Exit Codes [Metrics Windows]\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"windows-c36b2ba0-ca29-11e7-9835-2f31fe08873b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"windows-b6b7ccc0-c98d-11e7-9835-2f31fe08873b","name":"search_0","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-windows-default","name":"tag-ref-fleet-pkg-windows-default","type":"tag"}],"sort":[1688996741503,8549],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4NjgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:windows.powershell OR data_stream.dataset:windows.powershell_operational)\"}}"},"title":"Unique users [Windows powershell]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Unique users\",\"field\":\"related.user\"},\"schema\":\"metric\",\"type\":\"cardinality\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}},\"type\":\"vis_dimension\"}]},\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000,\"type\":\"range\"}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":32,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Unique users [Windows powershell]\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"windows-e64ff750-9f28-11ea-bef1-95118e62a7c1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-windows-default","name":"tag-ref-fleet-pkg-windows-default","type":"tag"}],"sort":[1688996741503,8553],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4NjksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:windows.powershell OR data_stream.dataset:windows.powershell_operational)\"}}"},"title":"Engine versions ran by host [Windows powershell]","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Host\",\"field\":\"host.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"3\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Version count\",\"field\":\"powershell.engine.version\"},\"schema\":\"metric\",\"type\":\"cardinality\"}],\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\",\"parsedUrl\":{\"basePath\":\"\",\"origin\":\"http://192.168.1.48:5601\",\"pathname\":\"/app/kibana\"}}},\"label\":\"Host\",\"params\":{}}],\"metrics\":[{\"accessor\":1,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"label\":\"Count\",\"params\":{}},{\"accessor\":2,\"aggType\":\"cardinality\",\"format\":{\"id\":\"number\"},\"label\":\"Version count\",\"params\":{}}]},\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"title\":\"Engine versions ran by host [Windows powershell]\",\"type\":\"table\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"windows-e20b3940-9e9a-11ea-af6f-cfdb1ee1d6c8","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-windows-default","name":"tag-ref-fleet-pkg-windows-default","type":"tag"}],"sort":[1688996741503,8557],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4NzAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:windows.powershell OR data_stream.dataset:windows.powershell_operational)\"}}"},"title":"Host processes [Windows powershell]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"process.title\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"addTooltip\":true,\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\",\"parsedUrl\":{\"basePath\":\"\",\"origin\":\"http://192.168.1.48:5601\",\"pathname\":\"/app/kibana\"}}},\"label\":\"process.title: Descending\",\"params\":{}}],\"metric\":{\"accessor\":1,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"label\":\"Count\",\"params\":{}}},\"isDonut\":false,\"labels\":{\"last_level\":false,\"show\":false,\"truncate\":100,\"values\":false},\"legendPosition\":\"right\",\"type\":\"pie\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Host processes [Windows powershell]\",\"type\":\"pie\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"windows-f9fa55f0-9f34-11ea-bef1-95118e62a7c1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-windows-default","name":"tag-ref-fleet-pkg-windows-default","type":"tag"}],"sort":[1688996741503,8561],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4NzEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:windows.powershell OR data_stream.dataset:windows.powershell_operational)\"}}"},"title":"Event type [Windows powershell]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Event type\",\"field\":\"event.code\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"addTooltip\":true,\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\",\"parsedUrl\":{\"basePath\":\"\",\"origin\":\"http://192.168.1.48:5601\",\"pathname\":\"/app/kibana\"}}},\"label\":\"event.code: Descending\",\"params\":{}}],\"metric\":{\"accessor\":1,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"label\":\"Count\",\"params\":{}}},\"isDonut\":false,\"labels\":{\"last_level\":false,\"show\":false,\"truncate\":100,\"values\":false},\"legendPosition\":\"right\",\"type\":\"pie\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Event type [Windows powershell]\",\"type\":\"pie\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"windows-d27dea70-9f32-11ea-bef1-95118e62a7c1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-windows-default","name":"tag-ref-fleet-pkg-windows-default","type":"tag"}],"sort":[1688996741503,8565],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4NzIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:windows.powershell OR data_stream.dataset:windows.powershell_operational)\"}}"},"title":"Event Levels [Windows powershell]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"log.level\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"addTooltip\":true,\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\",\"parsedUrl\":{\"basePath\":\"\",\"origin\":\"http://192.168.1.48:5601\",\"pathname\":\"/app/kibana\"}}},\"label\":\"log.level: Descending\",\"params\":{}}],\"metric\":{\"accessor\":1,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"label\":\"Count\",\"params\":{}}},\"isDonut\":false,\"labels\":{\"last_level\":false,\"show\":false,\"truncate\":100,\"values\":false},\"legendPosition\":\"right\",\"type\":\"pie\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Event Levels [Windows powershell]\",\"type\":\"pie\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"windows-fbb025e0-9e7c-11ea-af6f-cfdb1ee1d6c8","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-windows-default","name":"tag-ref-fleet-pkg-windows-default","type":"tag"}],"sort":[1688996741503,8569],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4NzMsMV0="}
+{"attributes":{"description":"Overview dashboard for powershell integration.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:windows.powershell OR data_stream.dataset:windows.powershell_operational)\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"fa41e799-b6b3-49ec-a11c-3f20231a4a79\",\"w\":13,\"x\":0,\"y\":0},\"panelIndex\":\"fa41e799-b6b3-49ec-a11c-3f20231a4a79\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_fa41e799-b6b3-49ec-a11c-3f20231a4a79\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":6,\"i\":\"65ce6b63-6ce0-4094-ab23-189126fc169f\",\"w\":7,\"x\":13,\"y\":0},\"panelIndex\":\"65ce6b63-6ce0-4094-ab23-189126fc169f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_65ce6b63-6ce0-4094-ab23-189126fc169f\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":6,\"i\":\"314e6f55-a05a-4ae3-ab76-bcae7f2074ab\",\"w\":8,\"x\":20,\"y\":0},\"panelIndex\":\"314e6f55-a05a-4ae3-ab76-bcae7f2074ab\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_314e6f55-a05a-4ae3-ab76-bcae7f2074ab\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":6,\"i\":\"a1f161f6-1abe-4177-9ede-4d1984f5a963\",\"w\":7,\"x\":28,\"y\":0},\"panelIndex\":\"a1f161f6-1abe-4177-9ede-4d1984f5a963\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a1f161f6-1abe-4177-9ede-4d1984f5a963\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":6,\"i\":\"6b7ed122-22f3-4e9d-89eb-8de92c0d2033\",\"w\":4,\"x\":35,\"y\":0},\"panelIndex\":\"6b7ed122-22f3-4e9d-89eb-8de92c0d2033\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6b7ed122-22f3-4e9d-89eb-8de92c0d2033\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":6,\"i\":\"d536f6a7-ad28-4a32-9319-9e0b983828bf\",\"w\":4,\"x\":39,\"y\":0},\"panelIndex\":\"d536f6a7-ad28-4a32-9319-9e0b983828bf\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_d536f6a7-ad28-4a32-9319-9e0b983828bf\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":6,\"i\":\"eda6d08f-b45e-448a-bf9f-afa5516d4b4b\",\"w\":4,\"x\":43,\"y\":0},\"panelIndex\":\"eda6d08f-b45e-448a-bf9f-afa5516d4b4b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_eda6d08f-b45e-448a-bf9f-afa5516d4b4b\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"56d2dd76-6fec-422b-96e9-22791b0c5f0c\",\"w\":10,\"x\":13,\"y\":6},\"panelIndex\":\"56d2dd76-6fec-422b-96e9-22791b0c5f0c\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_56d2dd76-6fec-422b-96e9-22791b0c5f0c\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"3e4a9683-fd6a-4ad7-b05f-c71bcb4d92d5\",\"w\":12,\"x\":23,\"y\":6},\"panelIndex\":\"3e4a9683-fd6a-4ad7-b05f-c71bcb4d92d5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3e4a9683-fd6a-4ad7-b05f-c71bcb4d92d5\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"a8c00572-667b-4e39-8b0c-10be56fbadd5\",\"w\":12,\"x\":35,\"y\":6},\"panelIndex\":\"a8c00572-667b-4e39-8b0c-10be56fbadd5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a8c00572-667b-4e39-8b0c-10be56fbadd5\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"e8a57cba-14d2-4cd9-a727-f5e30165f6ba\",\"w\":13,\"x\":0,\"y\":8},\"panelIndex\":\"e8a57cba-14d2-4cd9-a727-f5e30165f6ba\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e8a57cba-14d2-4cd9-a727-f5e30165f6ba\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"8ae39cfa-cb06-45eb-880e-b749c3355d61\",\"w\":12,\"x\":23,\"y\":13},\"panelIndex\":\"8ae39cfa-cb06-45eb-880e-b749c3355d61\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8ae39cfa-cb06-45eb-880e-b749c3355d61\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"ef92d192-b56d-476c-b640-e226679ed178\",\"w\":12,\"x\":35,\"y\":13},\"panelIndex\":\"ef92d192-b56d-476c-b640-e226679ed178\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_ef92d192-b56d-476c-b640-e226679ed178\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"b15dcac5-3616-4b41-8abb-cb28398b16f4\",\"w\":13,\"x\":0,\"y\":16},\"panelIndex\":\"b15dcac5-3616-4b41-8abb-cb28398b16f4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b15dcac5-3616-4b41-8abb-cb28398b16f4\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"23af61c8-6a45-4d7d-9905-8ed265328130\",\"w\":10,\"x\":13,\"y\":16},\"panelIndex\":\"23af61c8-6a45-4d7d-9905-8ed265328130\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_23af61c8-6a45-4d7d-9905-8ed265328130\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"390068ed-b7fb-4ec1-87d5-e89f7cc82e04\",\"w\":12,\"x\":23,\"y\":20},\"panelIndex\":\"390068ed-b7fb-4ec1-87d5-e89f7cc82e04\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_390068ed-b7fb-4ec1-87d5-e89f7cc82e04\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"45724dca-fea2-4f3b-af79-cf89bb12a31b\",\"w\":12,\"x\":35,\"y\":20},\"panelIndex\":\"45724dca-fea2-4f3b-af79-cf89bb12a31b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_45724dca-fea2-4f3b-af79-cf89bb12a31b\"},{\"version\":\"7.6.0\",\"type\":\"search\",\"gridData\":{\"h\":14,\"i\":\"7f0c4a51-d972-42a5-ba0a-d3de814c7440\",\"w\":47,\"x\":0,\"y\":27},\"panelIndex\":\"7f0c4a51-d972-42a5-ba0a-d3de814c7440\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7f0c4a51-d972-42a5-ba0a-d3de814c7440\"}]","timeRestore":false,"title":"[Windows powershell] Overview","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"windows-c77e06c0-9e7c-11ea-af6f-cfdb1ee1d6c8","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"windows-9ec52c30-9e91-11ea-af6f-cfdb1ee1d6c8","name":"fa41e799-b6b3-49ec-a11c-3f20231a4a79:panel_fa41e799-b6b3-49ec-a11c-3f20231a4a79","type":"visualization"},{"id":"windows-52543ef0-9e95-11ea-af6f-cfdb1ee1d6c8","name":"65ce6b63-6ce0-4094-ab23-189126fc169f:panel_65ce6b63-6ce0-4094-ab23-189126fc169f","type":"visualization"},{"id":"windows-7f3e7710-9e94-11ea-af6f-cfdb1ee1d6c8","name":"314e6f55-a05a-4ae3-ab76-bcae7f2074ab:panel_314e6f55-a05a-4ae3-ab76-bcae7f2074ab","type":"visualization"},{"id":"windows-78874900-9f30-11ea-bef1-95118e62a7c1","name":"a1f161f6-1abe-4177-9ede-4d1984f5a963:panel_a1f161f6-1abe-4177-9ede-4d1984f5a963","type":"visualization"},{"id":"windows-e64ff750-9f28-11ea-bef1-95118e62a7c1","name":"6b7ed122-22f3-4e9d-89eb-8de92c0d2033:panel_6b7ed122-22f3-4e9d-89eb-8de92c0d2033","type":"visualization"},{"id":"windows-2dbabdf0-9f29-11ea-bef1-95118e62a7c1","name":"d536f6a7-ad28-4a32-9319-9e0b983828bf:panel_d536f6a7-ad28-4a32-9319-9e0b983828bf","type":"visualization"},{"id":"windows-92a2a6b0-9f29-11ea-bef1-95118e62a7c1","name":"eda6d08f-b45e-448a-bf9f-afa5516d4b4b:panel_eda6d08f-b45e-448a-bf9f-afa5516d4b4b","type":"visualization"},{"id":"windows-e20b3940-9e9a-11ea-af6f-cfdb1ee1d6c8","name":"56d2dd76-6fec-422b-96e9-22791b0c5f0c:panel_56d2dd76-6fec-422b-96e9-22791b0c5f0c","type":"visualization"},{"id":"windows-1eeaaf70-9f23-11ea-bef1-95118e62a7c1","name":"3e4a9683-fd6a-4ad7-b05f-c71bcb4d92d5:panel_3e4a9683-fd6a-4ad7-b05f-c71bcb4d92d5","type":"visualization"},{"id":"windows-f9fa55f0-9f34-11ea-bef1-95118e62a7c1","name":"a8c00572-667b-4e39-8b0c-10be56fbadd5:panel_a8c00572-667b-4e39-8b0c-10be56fbadd5","type":"visualization"},{"id":"windows-3e55daa0-9e8e-11ea-af6f-cfdb1ee1d6c8","name":"e8a57cba-14d2-4cd9-a727-f5e30165f6ba:panel_e8a57cba-14d2-4cd9-a727-f5e30165f6ba","type":"visualization"},{"id":"windows-d27dea70-9f32-11ea-bef1-95118e62a7c1","name":"8ae39cfa-cb06-45eb-880e-b749c3355d61:panel_8ae39cfa-cb06-45eb-880e-b749c3355d61","type":"visualization"},{"id":"windows-fbb025e0-9e7c-11ea-af6f-cfdb1ee1d6c8","name":"ef92d192-b56d-476c-b640-e226679ed178:panel_ef92d192-b56d-476c-b640-e226679ed178","type":"visualization"},{"id":"windows-7adbce50-9e96-11ea-af6f-cfdb1ee1d6c8","name":"b15dcac5-3616-4b41-8abb-cb28398b16f4:panel_b15dcac5-3616-4b41-8abb-cb28398b16f4","type":"visualization"},{"id":"windows-70751050-9f33-11ea-bef1-95118e62a7c1","name":"23af61c8-6a45-4d7d-9905-8ed265328130:panel_23af61c8-6a45-4d7d-9905-8ed265328130","type":"visualization"},{"id":"windows-b0c5d570-9e7c-11ea-af6f-cfdb1ee1d6c8","name":"390068ed-b7fb-4ec1-87d5-e89f7cc82e04:panel_390068ed-b7fb-4ec1-87d5-e89f7cc82e04","type":"visualization"},{"id":"windows-c0945210-9e8b-11ea-af6f-cfdb1ee1d6c8","name":"45724dca-fea2-4f3b-af79-cf89bb12a31b:panel_45724dca-fea2-4f3b-af79-cf89bb12a31b","type":"visualization"},{"id":"windows-11a61760-9f27-11ea-bef1-95118e62a7c1","name":"7f0c4a51-d972-42a5-ba0a-d3de814c7440:panel_7f0c4a51-d972-42a5-ba0a-d3de814c7440","type":"search"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-windows-default","name":"tag-ref-fleet-pkg-windows-default","type":"tag"}],"sort":[1688996741503,8590],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4NzQsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"title":"Service States [Metrics Windows]","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"aggregate\":\"concat\",\"customLabel\":\"Latest Report\",\"field\":\"@timestamp\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\"},\"schema\":\"metric\",\"type\":\"top_hits\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Service\",\"field\":\"windows.service.display_name\",\"order\":\"asc\",\"orderBy\":\"_term\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"5\",\"params\":{\"customLabel\":\"Host\",\"field\":\"host.name\",\"order\":\"desc\",\"orderBy\":\"_term\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"State\",\"field\":\"windows.service.state\",\"order\":\"desc\",\"orderAgg\":{\"enabled\":true,\"id\":\"3-orderAgg\",\"params\":{\"field\":\"@timestamp\"},\"schema\":\"orderAgg\",\"type\":\"max\"},\"orderBy\":\"custom\",\"size\":1},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Startup Type\",\"field\":\"windows.service.start_type\",\"order\":\"desc\",\"orderAgg\":{\"enabled\":true,\"id\":\"4-orderAgg\",\"params\":{\"field\":\"@timestamp\"},\"schema\":\"orderAgg\",\"type\":\"max\"},\"orderBy\":\"custom\",\"size\":1},\"schema\":\"bucket\",\"type\":\"terms\"}],\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"title\":\"Service States [Metrics Windows]\",\"type\":\"table\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"windows-eb8277d0-c98c-11e7-9835-2f31fe08873b","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-windows-default","name":"tag-ref-fleet-pkg-windows-default","type":"tag"}],"sort":[1688996741503,8594],"type":"visualization","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4NzUsMV0="}
+{"attributes":{"description":"Overview of the Windows Service States","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.service\"},\"version\":true}"},"optionsJSON":"{\"darkTheme\":false}","panelsJSON":"[{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":20,\"i\":\"1\",\"w\":36,\"x\":12,\"y\":12},\"panelIndex\":\"1\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":20,\"i\":\"2\",\"w\":12,\"x\":0,\"y\":12},\"panelIndex\":\"2\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"3\",\"w\":16,\"x\":0,\"y\":0},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"4\",\"w\":16,\"x\":16,\"y\":0},\"panelIndex\":\"4\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}},\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"5\",\"w\":16,\"x\":32,\"y\":0},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}},\"enhancements\":{}},\"panelRefName\":\"panel_5\"}]","timeRestore":false,"title":"[Metrics Windows] Services","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-07-10T13:45:41.503Z","id":"windows-d9eba730-c991-11e7-9835-2f31fe08873b","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"windows-eb8277d0-c98c-11e7-9835-2f31fe08873b","name":"1:panel_1","type":"visualization"},{"id":"windows-23a5fff0-c98e-11e7-9835-2f31fe08873b","name":"2:panel_2","type":"visualization"},{"id":"windows-830c45f0-c991-11e7-9835-2f31fe08873b","name":"3:panel_3","type":"visualization"},{"id":"windows-35f5ad60-c996-11e7-9835-2f31fe08873b","name":"4:panel_4","type":"visualization"},{"id":"windows-c36b2ba0-ca29-11e7-9835-2f31fe08873b","name":"5:panel_5","type":"visualization"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed-default","type":"tag"},{"id":"fleet-pkg-windows-default","name":"tag-ref-fleet-pkg-windows-default","type":"tag"}],"sort":[1688996741503,8602],"type":"dashboard","updated_at":"2023-07-10T13:45:41.503Z","version":"WzQ4NzYsMV0="}
+{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":957,"missingRefCount":0,"missingReferences":[]}
\ No newline at end of file